Re: Windows Server Roles
- From: Ansgar Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
- Date: Mon, 13 Dec 2010 19:26:35 +0100
On 2010-12-13 Alberto Medina wrote:
I'm planning in migrating some servers to VM's for separate some roles
and for and replace some old servers. Currently we have 2 domain
controllers, one on Windows 2000 and other in Windows 2003. Windows
2000 is the primary domain controller and W2K3 is Domain Controller,
Terminal Services, and DHCP (and of course DNS for AD), and I want add
VPN server for remote access. I have found that is not recommended to
run DHCP or Terminal services in a Domain controller, so I want
separate those roles to VM's but I want to know which of this roles
can I run together in a VM without affecting security.
First and foremost: replace your PDC with something more recent than
Windows 2000. Now. Windows 2000 reached End-of-Life this past July. You
do *not* want to run this in a production environment anymore.
That said, I don't see anything wrong in running DHCP on a DC, provided
you follow the suggestions in [1] (allow only secure dynamic updates and
create a dedicated account for DHCP DDNS updates). As for the rest, I'd
separate infrastructure services (AD, DNS, DHCP) from application
services like RDS in application mode. VPN endpoints I'd separate from
everything else.
If you intend to virtualize your DCs as well, read [2,3] before making
your final decision.
[1] http://support.microsoft.com/kb/255134
[2] http://support.microsoft.com/kb/888794
[3] http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv.aspx
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
- References:
- Windows Server Roles
- From: Alberto Medina
- Windows Server Roles
- Prev by Date: RE: Windows Server Roles
- Next by Date: RE: Windows Server Roles
- Previous by thread: RE: Windows Server Roles
- Next by thread: RE: Windows Server Roles
- Index(es):
Relevant Pages
|
