Solved

Domain Controller NLB

Posted on 2006-11-01
11
993 Views
Last Modified: 2012-06-27
Hi,

Please tell me if I can setup two webservers in my DMZ in a Network Load Balance group and make these servers both Domain Controllers.

The reason I'm considering this is I have several hundred FTP user accounts to setup and it could help to have Active Directory.

Thanks,
Donnie
0
Comment
Question by:Donnie4572
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 200 total points
ID: 17853746
i would put webservers as DC's, i would have a separate DC in the DMZ and load balance your webservers
0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17853783
Do you mean you would not promote the webservers to DC?
Why?
0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17853800
Sorry Jay, I do not understand. You would have three DC's in the DMZ? Two as webservers and one seperate?

Thanks
Donnie
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17853959
Thats ok, what i mean is that webservers are accessed heavily, thus i wouldnt have them as domain controllers at all for security reasons
0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17854072
Ok, so security/performance is the only reasons you wouldn't?

Here is the setup:
Both servers are Identical (HP Integrity Itanium 4640's )
4 - 1.6 9MB cache proc's
4GB ram each.
I don't think performance would be an issue here?

Active Directory will only be used by these two servers for FTP deployment.

Actually, I would perfer two additional servers to provide AD but I am having a hard time Justifying the additional cost.

Thanks for your help!
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17854135
yeah i can understand costs.....your specs are fine, i just worry about having a DC as a webserver, just doesnt sit right!
0
 
LVL 11

Assisted Solution

by:AnthonyP9618
AnthonyP9618 earned 100 total points
ID: 17854653
Web servers are one of the most easily vulnerable systems on the Internet.  Putting one of those out there on the web is risk enough... but to make it a DC on top of that is just asking for trouble.  

0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 200 total points
ID: 17855552
I would recommend NOT making them DCs.  You can use the freely available ADAM (Active Directory Application Mode) instead.  This will give you credential management while not exposing more than necessary.

http://www.microsoft.com/downloads/details.aspx?FamilyID=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4&DisplayLang=en

You can't install it on Server 2003 Web Edition, but you can install it on a workstation (XP) inside the DMZ so web clients can access it.  If you use Standard 2003 then there is no issue installing it on there.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17855558
As for load balancing - this is where NLB comes into play.  Use the Help in Server 2003.  There's a ton of good stuff in there.

0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17897524
Netman
Good solution!
However, I got approval for two additional servers to use as "DMZ domain controllers"

Thanks to all
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17901695
Nice work! much more secure
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Learn about cloud computing and its benefits for small business owners.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now