wuitsung
asked on
What is the best network design for a web hosting company that needs AD domain?
What is the best network design for a web hosting company that needs AD domain?
A web hosting company basically has no firewall implemented in their environment.
One of the company I have seen is using CISCO switchs and creating VLAN.
If I want to create a AD domain there, what's the best practice I can do?
It would be nice if you can show me a network diagram.
A web hosting company basically has no firewall implemented in their environment.
One of the company I have seen is using CISCO switchs and creating VLAN.
If I want to create a AD domain there, what's the best practice I can do?
It would be nice if you can show me a network diagram.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for the reply. your suggestions above are usually what I do with a small business environment. But now I am talking about the web hosting company environment. If I do this Internet - ISP - Firewall - Public Servers - Firewall - Internal Network
I need to open a lot of ports of the first firewall and some web application also require specific ports open. This will be a lot of work to configure ports and I think the page load speed will be slow. I don't know what's the security standard in web hosting industry. Any one familiar with that?
And why we need AD is that, we do remote desktop to each web server. What we are doing now is create local user account for the remote desktop. But we have a lot of web servers. It's not efficient tot create same user on each server. So I was thinking about AD. But if I join those web server to my AD (let say if I setup a firewall and put the AD behind, like below).
internet - cisco switchs - web servers - firewall - AD
If the web server got hacked, my AD will be in danger right? I think normally people don't join server or station in public to internal right?
Please advice. It would nice if someone here is familiar with web hosting industry environment.
I need to open a lot of ports of the first firewall and some web application also require specific ports open. This will be a lot of work to configure ports and I think the page load speed will be slow. I don't know what's the security standard in web hosting industry. Any one familiar with that?
And why we need AD is that, we do remote desktop to each web server. What we are doing now is create local user account for the remote desktop. But we have a lot of web servers. It's not efficient tot create same user on each server. So I was thinking about AD. But if I join those web server to my AD (let say if I setup a firewall and put the AD behind, like below).
internet - cisco switchs - web servers - firewall - AD
If the web server got hacked, my AD will be in danger right? I think normally people don't join server or station in public to internal right?
Please advice. It would nice if someone here is familiar with web hosting industry environment.
you can use 3leg method
http://www.firewall.cx/firewall_topologies.php
your DMZ zone will host your website, and your internal will be a AD