Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain Controller NLB

Posted on 2006-11-01
11
Medium Priority
?
1,016 Views
Last Modified: 2012-06-27
Hi,

Please tell me if I can setup two webservers in my DMZ in a Network Load Balance group and make these servers both Domain Controllers.

The reason I'm considering this is I have several hundred FTP user accounts to setup and it could help to have Active Directory.

Thanks,
Donnie
0
Comment
Question by:Donnie4572
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 800 total points
ID: 17853746
i would put webservers as DC's, i would have a separate DC in the DMZ and load balance your webservers
0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17853783
Do you mean you would not promote the webservers to DC?
Why?
0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17853800
Sorry Jay, I do not understand. You would have three DC's in the DMZ? Two as webservers and one seperate?

Thanks
Donnie
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17853959
Thats ok, what i mean is that webservers are accessed heavily, thus i wouldnt have them as domain controllers at all for security reasons
0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17854072
Ok, so security/performance is the only reasons you wouldn't?

Here is the setup:
Both servers are Identical (HP Integrity Itanium 4640's )
4 - 1.6 9MB cache proc's
4GB ram each.
I don't think performance would be an issue here?

Active Directory will only be used by these two servers for FTP deployment.

Actually, I would perfer two additional servers to provide AD but I am having a hard time Justifying the additional cost.

Thanks for your help!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17854135
yeah i can understand costs.....your specs are fine, i just worry about having a DC as a webserver, just doesnt sit right!
0
 
LVL 11

Assisted Solution

by:AnthonyP9618
AnthonyP9618 earned 400 total points
ID: 17854653
Web servers are one of the most easily vulnerable systems on the Internet.  Putting one of those out there on the web is risk enough... but to make it a DC on top of that is just asking for trouble.  

0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 800 total points
ID: 17855552
I would recommend NOT making them DCs.  You can use the freely available ADAM (Active Directory Application Mode) instead.  This will give you credential management while not exposing more than necessary.

http://www.microsoft.com/downloads/details.aspx?FamilyID=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4&DisplayLang=en

You can't install it on Server 2003 Web Edition, but you can install it on a workstation (XP) inside the DMZ so web clients can access it.  If you use Standard 2003 then there is no issue installing it on there.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 17855558
As for load balancing - this is where NLB comes into play.  Use the Help in Server 2003.  There's a ton of good stuff in there.

0
 
LVL 12

Author Comment

by:Donnie4572
ID: 17897524
Netman
Good solution!
However, I got approval for two additional servers to use as "DMZ domain controllers"

Thanks to all
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17901695
Nice work! much more secure
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Screencast - Getting to Know the Pipeline

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question