How troublesome to have our SQL server also be a DC/backup DNS server

bradlee27514
bradlee27514 used Ask the Experts™
on
I have a small network (20 users).  I'm looking at moving around what roles are on which servers.   Layout is currently (servers 1-3 are pretty beefy):

server 1 - SQL server
server 2 - terminal server
server 3 - test server / DC (not currently a test server but was)
server 4 - DC / primary DNS

server 2 was also a DC but i changed that to server 3 after reading a terminal server should not be a DC.  I know it is not ideal but is it ok to have server 1 also be a DC/secondary DNS server?  Or is this just as bad as having the terminal server a DC?  Currently I have no secondary DNS server and DHCP is being handled by our firewall.

Furthermore, if you have suggestions for re-arranging what server should host what services, I'd love to see that as well!  From what I understand we need.
Terminal Server
SQL Server
2 DCs
Primary DNS server
Secondary DNS server

We may add (roughly in order)
ACT Database
File server (external network hard drives have been fine thus far in our small network)
DHCP
test server (no current need, but always nice)

We don't currently see a need for exchange or anything else.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
My best recommendation would be for you to take server 1 and make it your backup DC / Secondary DNS and eventually backup DHCP.  I would leave server 4 the way it is and add DHCP whenever you are ready to move that off of your firewall.

You always need a test server around.  SQL Server does take up a lot of memory resources but there are ways to cap this from the SQL Manager.  I would not be too concerned if it was only your backup.

On your Primary/Backup DHCP server make sure you only assign half the scopes from each.  For example:
If you are using a 192.168.16.x subnet with a 255.255.255.0 mask then on Server 4 you would assign out 192.168.16.1-127 and on Server 1 you would server out 192.168.16.128-254.

You did not mention VPN but if you have VPN capabilities I would try to handle it at the firewall if possible.  Not sure if your firewall would be required to be your DHCP server in this case then or not (depends on configuration of firewall).

Also I don't know how your DNS is configured but if you are only forwarding to your firewall you may want to strongly consider hard coding in your ISPs Primary & Secondary DNS addresses as well just in case the firewall fails to  do this redirect for you.

I would put your ACT Database on the same server as your SQL database (to keep the DBs together) and then I would add a new server for the fileserver.  You may be get away with adding disk to Server 4 and using it as a fileserver beings the majority of your DC traffic will be at login. You will have a little DNS traffic on it but not much.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial