RE: Unusual Network Topology - advice please!
From: Schoyen (Schoyen_at_discussions.microsoft.com)
Date: 02/09/05
- Next message: Pedro: "Re: RealTek vs Another Brand"
- Previous message: Andrew H: "Restrict access to particular web sites"
- In reply to: Nick: "Unusual Network Topology - advice please!"
- Next in thread: Nick: "Re: Unusual Network Topology - advice please!"
- Reply: Nick: "Re: Unusual Network Topology - advice please!"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 04:51:03 -0800
Hello.
All domain trust models will be unavailable when using sbs, and segmenting
the lan could turn out to be rather complicated. As sbs is recommended for
use with only one or two nic's, I believe other alternatives should be
considered. Why not create one domain (with sbs as pdc and the other as dc),
using ntfs security to permit/deny access to resources and gpo's to limit
access to other resources (like internet)? To comply with your scenario, you
can of course use two separate win2003 servers with one-way trust from one
domain to the other. Or you can create a xcopy script on each server to
execute file transfers to mapped drives using the other server/domain
credentials to and from (if within same subnet range). But that can turn out
complex too. As long as your resources are located within one company, why
not use one segment and gpo's/ntfs/ipsec to configure access to and from -
instead of creating special configurations that can be hard to create and
maintain.
Keep it simple - keep it safe.
br,
Baard
"Nick" wrote:
> Hi All,
>
> I have an SBS network where, for operational reasons, we need to split it in
> to two distinct and separate segments, an admin network and a 'technical
> production' network and I'm having a mental block on how to get it working
> as required...
>
> Think of the admin network as any normal SBS network (single SBS server and
> XP clients) with internet access, exchange, file & print etc. The 'technical
> production' network is a 'ring fenced' area with, for instance, no internet
> access but its own file server and XP workstations.
>
> The difficulty is that they must be linked in some limited way to allow raw
> files to be handed over from the admin network to the 'technical production'
> network, where they're then worked on. When finished, they're handed back
> from the 'technical production' network to the admin network.
>
> Would it be possible to set up the existing 'technical production' network
> Windows 2000 server as bridge between and shared storage area for the two
> segments so that it can access and be available to both but not act as a
> gateway from the 'technical production' network to the admin network? Using
> routing and remote access?
>
> To simplify 'technical production' network workstation TCP/IP setup, could
> the 'technical production' network Windows 2000 server be a DHCP and WINS
> server for the 'technical production' network without interfering with the
> SBS admin DHCP & WINS?
>
> Would it be possible to block all traffic across the 'bridge' except
> specific service ports?
>
> Or would it be better to put a cheap & cheerful router in between the two
> segments?
>
> Either way, presumably, I'd run the two segments as different & unique NT
> domains.
>
> Is this making any sense?! Feel free to point out the obvious solution(s)
> that I'm missing...
>
> Any advise or suggestions much appreciated! Thanks in advance,
>
> NickP
>
>
>
- Next message: Pedro: "Re: RealTek vs Another Brand"
- Previous message: Andrew H: "Restrict access to particular web sites"
- In reply to: Nick: "Unusual Network Topology - advice please!"
- Next in thread: Nick: "Re: Unusual Network Topology - advice please!"
- Reply: Nick: "Re: Unusual Network Topology - advice please!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
