Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1023
  • Last Modified:

Domain Controller NLB

Hi,

Please tell me if I can setup two webservers in my DMZ in a Network Load Balance group and make these servers both Domain Controllers.

The reason I'm considering this is I have several hundred FTP user accounts to setup and it could help to have Active Directory.

Thanks,
Donnie
0
Donnie4572
Asked:
Donnie4572
  • 4
  • 4
  • 2
  • +1
3 Solutions
 
Jay_Jay70Commented:
i would put webservers as DC's, i would have a separate DC in the DMZ and load balance your webservers
0
 
Donnie4572Author Commented:
Do you mean you would not promote the webservers to DC?
Why?
0
 
Donnie4572Author Commented:
Sorry Jay, I do not understand. You would have three DC's in the DMZ? Two as webservers and one seperate?

Thanks
Donnie
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Jay_Jay70Commented:
Thats ok, what i mean is that webservers are accessed heavily, thus i wouldnt have them as domain controllers at all for security reasons
0
 
Donnie4572Author Commented:
Ok, so security/performance is the only reasons you wouldn't?

Here is the setup:
Both servers are Identical (HP Integrity Itanium 4640's )
4 - 1.6 9MB cache proc's
4GB ram each.
I don't think performance would be an issue here?

Active Directory will only be used by these two servers for FTP deployment.

Actually, I would perfer two additional servers to provide AD but I am having a hard time Justifying the additional cost.

Thanks for your help!
0
 
Jay_Jay70Commented:
yeah i can understand costs.....your specs are fine, i just worry about having a DC as a webserver, just doesnt sit right!
0
 
AnthonyP9618Commented:
Web servers are one of the most easily vulnerable systems on the Internet.  Putting one of those out there on the web is risk enough... but to make it a DC on top of that is just asking for trouble.  

0
 
Netman66Commented:
I would recommend NOT making them DCs.  You can use the freely available ADAM (Active Directory Application Mode) instead.  This will give you credential management while not exposing more than necessary.

http://www.microsoft.com/downloads/details.aspx?FamilyID=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4&DisplayLang=en

You can't install it on Server 2003 Web Edition, but you can install it on a workstation (XP) inside the DMZ so web clients can access it.  If you use Standard 2003 then there is no issue installing it on there.

0
 
Netman66Commented:
As for load balancing - this is where NLB comes into play.  Use the Help in Server 2003.  There's a ton of good stuff in there.

0
 
Donnie4572Author Commented:
Netman
Good solution!
However, I got approval for two additional servers to use as "DMZ domain controllers"

Thanks to all
0
 
Jay_Jay70Commented:
Nice work! much more secure
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now