Solved

Windows Domain Creation with offsite web server

Posted on 2009-07-06
4
288 Views
Last Modified: 2012-05-07
I am going to be setting up a new domain for a company rollover. Going to start from scratch using all new Windows 2008 servers. All servers will be in house except for the web server (DC, DNS, DHCP, WINS, Exchange etc.) Management has decided to go with an offsite web development company and they insist on hosting the site on their web servers due to ease of change, complexity etc..
So what do I need to watch for or do differently since this web server is offsite while I am creating this new domain environment?  They will be only using the C Name of the domain name.
Can I still use the domainname.com and not have any issues?  I really don't want to use domainname.local for example.

Please advise.
0
Comment
Question by:BattleDogg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 20

Expert Comment

by:EndureKona
ID: 24787394
Nothing...if the server is off site it should be a standalone server.    No need to be part of the domain.     Public DNS will take care of the resolution by going to www.domainname.com.     Unless you have this domainname.com planned for your AD domain, which I would have a .local you will be fine.     Since you will be using a CNAME you already have a A record.    
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 250 total points
ID: 24787783

The external web server should not be a member of the domain. This works from several security angles:
It means the Web Hosting Company do not have access to the rest of your network.
It means you don't need a VPN connection between the hosting company and the main network.
It means your domain is secured from any sort of 'hacking' attempt from the outside by exploiting any bugs in the web server software.

You will have problems accessing your web site internally if you use domainname.com as both your internal AD domain and your external web site address. This is because domainname.com *must* resolve to the IP address(es) if your internal AD domain controller(s). If it doesn't, you have a major Active Directory DNS issue.

Using a domain name such as corp.domainname.com for the internal AD domain is much more suitable and means your public web site will still be accessible internally. As a matter of interest, Microsoft use corp.microsoft.com for the root of their forest, so there is no harm in doing so.

With a new deployment you should cure any foreseeable problem before it becomes one, rather than try to work around it afterwards.

-Matt
0
 

Author Comment

by:BattleDogg
ID: 24787983
Thanks tigermatt:

Your last two paragraphs summed up what I needed to know.  I couldn't remember but I thought there was an issue in being setup this way.  Your third paragraph summed it up.
I will be going with corp.domainname.com then for the AD environment.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24788599
Good to hear. Thanks!
0

Featured Post

Do you have a plan for Continuity?

It's inevitable. People leave organizations creating a gap in your service. That's where Percona comes in.

See how Pepper.com relies on Percona to:
-Manage their database
-Guarantee data safety and protection
-Provide database expertise that is available for any situation

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question