Clustering IIS6 in DMZ with no domain
Posted on 2009-05-08
I am to understand the following are requirements for Clustering with Windows 2003
1.) Need Enterprise Version
2.) Both servers require access to a domain (member of domain).
3.) NLB seems to be the preferred method by many over Failover Clustering.
4.) Require shared storage.
5.) Granting access to domains inside the private network is a security risk. shouldn't do it.
So with the above being said... points 2.) and 5.) is my delimma.
** How can I create a cluster in the DMZ with no domain? Is there a safe way for the cluster to be members of the domain via tight Firewall rules? What are other people doing to address this. What bothers me most is the fact that it seems everyone is clustering web servers, but how are they doing it without causing security issues?
I'm reading a lot of conflicting information on this topic and would like someone who has 1st hand experience on this and can explain what the best way... most common accepted way of creating a clustered IIS server.