Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

Two domains within the same IP range

Hi,

We are in the process of implementing MS Dynamics AX and a requirement by our consultants is to have a test environment. We can build this environment and let it use our live AD setup however I wish to avoid this and keep the production setup only for the Live Dynamics install.

The quesiton I have is, since we are installing this test environment on virtual machines and hosting it on a virtual server (HyperV) that is on the current live domain, when we install a virtual machine and promote it to a domain controller to host the demo environment (requirement for Dynamics) will both the demo Active Directory and production Active Directory setups interfere with each other on any note?

I'm a little worried about having both domains running.

(Separate IP range can be used but would make things extremely complicate) (Restricted to only local VM to VM traffic can be used but the servers need outside access)

windows server 2012r2 (to be test domain) windows server 2008 (current live domain)

Thanks!
0
dqnet
Asked:
dqnet
2 Solutions
 
CSIPComputingCommented:
I regularly run this sort of thing to test scenarios.

The biggest problem is DNS. Your DHCP server must be configured correctly, to include DNS servers which know about both domains.

Are you happy to modify the production DNS servers to know about the test domain, or do you use DNS severs on the test domain and update dhcp to also include those DNS servers in the scope?

With DNS sorted it'll work fine :-)
0
 
MaheshArchitectCommented:
Generally production domain and test lab domain never communicates with each other unless you setup domain trust between them

If both domains used on same segment you can access \ ping both infra servers with single label name (NetBIOS) due to NetBIOS broadcast but this will not create any harm
If you have IT security department, they don't like such things as according to them this is security breach
If you don't have IT security department, you can simply start both domains in same segment. Also your test environment should have its own DC\DNS server

Also regarding external access what are you expecting ?

If this is Internet access, you can simply put DNS forwarders in your test lab DNS pointing to ISP DNS in that case
OR
If you are using Proxy server, you can put proxy server in IE settings and can use username\password from production domain to access internet if required
OR
You can simply put internet data card on test domain for internet access

According to security expert you should have complete Isolate test environment with separate internet access which some times not useful based upon your requirements and whatever infra you have.

Mahesh.
0
 
Sajid Shaik MSr. System AdminCommented:
the dynamics installation... specially u don't need any separate domain ... the Dynamics is Authenticates from the Domain controller..

that means only for authentication purpose u need AD... so install the separate Dynamics server with separate database... and assign permission with same active directory...

no issues...

if u still want to create a real time scenario... separate...   copy the server hd2vhd tool create VHD  and add it to any hyper-V server and work on it...  make it sure clients should not communicate each other...  of both domains communicate with same domain name ... the entire directory will goes corrupt...

so don't ever use the same domain name or domain copy on the same network...

all the best
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
dqnetAuthor Commented:
Totally understand.

Yes we currently use static IP addressing on our production LAN and will do so for the Demo LAN too. So DHCP broadcasts shouldnt really be a problem.

The DNS part is a good question.
Now if we add a few records in our live DNS servers that point to our Test Dynamics AX Servers would that be safe?

I mean ultimately I would love to have them on completely separate networks so there is no interference whatsoever but it would be next to impossible to route traffic easily without getting all sort of network gear in place.

Do I really have any other options?
0
 
dqnetAuthor Commented:
?
0
 
CSIPComputingCommented:
Apologies for the delay in replying. Yes DNS pointers in your production environment relating to your test domain are really all that is required, HOWEVER, if you are using static IP addresses for every device in your test environment (including your test clients) then the DNS in your test AD will deal with everything in your test domain (provided you statically assign the DNS servers for test clients to the test DNS servers) and you need make NO changes to your production environment. This is of course safest :-)
0
 
dqnetAuthor Commented:
Perfect..! Thanks a million..!

Are these cases rare? Two domains on one network?
0
 
dqnetAuthor Commented:
?
0
 
CSIPComputingCommented:
These cases are rare in production systems.

However, as a system builder/integrator, it's a regular occurrence here.

Sometimes I segregate networks with a VLAN, others I use a Router to provide internet access whilst maintaining segregation, and others I just throw a wire and hook straight up.
0
 
dqnetAuthor Commented:
Gotcha.. Thanks!!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now