Solved

Domain Controller NLB

Posted on 2006-11-01
11
1,003 Views
Last Modified: 2012-06-27
Hi,

Please tell me if I can setup two webservers in my DMZ in a Network Load Balance group and make these servers both Domain Controllers.

The reason I'm considering this is I have several hundred FTP user accounts to setup and it could help to have Active Directory.

Thanks,
Donnie
0
Comment
Question by:Donnie4572
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 200 total points
ID: 17853746
i would put webservers as DC's, i would have a separate DC in the DMZ and load balance your webservers
0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17853783
Do you mean you would not promote the webservers to DC?
Why?
0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17853800
Sorry Jay, I do not understand. You would have three DC's in the DMZ? Two as webservers and one seperate?

Thanks
Donnie
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17853959
Thats ok, what i mean is that webservers are accessed heavily, thus i wouldnt have them as domain controllers at all for security reasons
0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17854072
Ok, so security/performance is the only reasons you wouldn't?

Here is the setup:
Both servers are Identical (HP Integrity Itanium 4640's )
4 - 1.6 9MB cache proc's
4GB ram each.
I don't think performance would be an issue here?

Active Directory will only be used by these two servers for FTP deployment.

Actually, I would perfer two additional servers to provide AD but I am having a hard time Justifying the additional cost.

Thanks for your help!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17854135
yeah i can understand costs.....your specs are fine, i just worry about having a DC as a webserver, just doesnt sit right!
0
 
LVL 11

Assisted Solution

by:AnthonyP9618
AnthonyP9618 earned 100 total points
ID: 17854653
Web servers are one of the most easily vulnerable systems on the Internet.  Putting one of those out there on the web is risk enough... but to make it a DC on top of that is just asking for trouble.  

0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 200 total points
ID: 17855552
I would recommend NOT making them DCs.  You can use the freely available ADAM (Active Directory Application Mode) instead.  This will give you credential management while not exposing more than necessary.

http://www.microsoft.com/downloads/details.aspx?FamilyID=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4&DisplayLang=en

You can't install it on Server 2003 Web Edition, but you can install it on a workstation (XP) inside the DMZ so web clients can access it.  If you use Standard 2003 then there is no issue installing it on there.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17855558
As for load balancing - this is where NLB comes into play.  Use the Help in Server 2003.  There's a ton of good stuff in there.

0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17897524
Netman
Good solution!
However, I got approval for two additional servers to use as "DMZ domain controllers"

Thanks to all
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17901695
Nice work! much more secure
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question