Re: Setup question

From: Deji Akomolafe (noemail_at_akomolafe.com)
Date: 03/09/04 

Date: Tue, 9 Mar 2004 10:44:19 -0800

I read the question to mean that these servers are NOT his production
servers. So, at best, what he would be exposing is what he's already
exposing. He wants a solution for ease of management and administration.
Would I suggest he runs his "production/corporate" domain out of a colo, or
install IIS on his DC? H@#$ NO!. But this is web hosting enviroment, and I
see limitless ease of administration as a good reason to not rely on
workgroup setup.

but, that's jsut me :) 

-- 
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:O#cpZS9AEHA.2308@tk2msftngp13.phx.gbl...
> In news:404a223a$0$1168$65c69314@mercury.nildram.net,
> John <reply@tothegroup.com> posted their thoughts, then I offered mine
> >> I think it's not a good idea. AD gives you a single sign, and this
> >> means that if one machine is compromised, then all machines may be
> >> compromised too. If they are standalone machines then each one would
> >> have to be compromised individually. Of course there are pros and
> >> cons
> >> to this.
> >
> >
> > But if i want the server to communicate (for backups etc) seamlessly
> > I need accounts on each that tie up anyway.  What does MS say about
> > web server on a domain?
>
> For an external Internet webserver, not a good idea at all. It's a
security
> risk to expose a domain controller to the outside world. Better to have it
> on a stand alone. As long as you know the credentials to communicate
between
> servers thru DCOM or XML, that's all you need.
>
> For an internal corporate only intranet webserver, that would be fine, but
> really not recommended depending on the web apps and features you have
> installed. Besides, a computer promoted to a DC will slow everything down
> due to the default disabling of the write cache. For internal use, rather
> have it on a member server, not a DC.
>
> -- 
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS IS" with no warranties.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
> -- 
> =================================
>
>

Relevant Pages

  • Re: DC fails to authenticate when trusted DCs unavailable?
    ... They do use DNS servers from only their own domain, ... To complicate matters, our DCs are also our DNS servers, and the DNS ... e.g. no corporate DCs in the production site. ...
    (microsoft.public.windows.server.networking)
  • RE: SMP Performance (Was: Re: Are hardware vendors starting to bail ... )
    ... I agree with few posters that FreeBSD performance have been lacking behind. ... Personally, I've never found HT to be a performance boost, and I run 9 'production hosting servers' ... ... on a simple production server, not doing much, I doubt anyone would ever see the file system deadlocks ... ...
    (freebsd-questions)
  • PHB asks question, ignores answer
    ... A PHB (FSVO, I have not yet found out which particular pointy it ... was) decided to close out one of our offices in London. ... contained three production servers for which I am responsible, ...
    (alt.sysadmin.recovery)
  • Re: Setup question
    ... I read the question to mean that these servers are NOT his production ... So, at best, what he would be exposing is what he's already ... > For an external Internet webserver, not a good idea at all. ...
    (microsoft.public.win2000.dns)
  • Re: Setup question
    ... I read the question to mean that these servers are NOT his production ... So, at best, what he would be exposing is what he's already ... > For an external Internet webserver, not a good idea at all. ...
    (microsoft.public.inetserver.iis)