Need Help: Want to place W2k3 Cluster in DMZ BUT needs a DC connec

From: Samir Soliman (Soliman_at_discussions.microsoft.com)
Date: 01/11/05

• Next message: Peter Bauer: "Active Service Database"
• Previous message: EdT: "SecEdit INF format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 11 Jan 2005 04:47:05 -0800

Hi to All,

we have the need to place a hardened W2k3 SQL Cluster system in our
DMZ.
This system will only be contacted from a hardened IIS.
As you know, to install a cluster you need a domain / AD.
The firewall rules only allow internal systems to connect to systems
in the DMZ but no traffic initiated from a system in the DMZ is
allowed to the internal network.

So the question is:

How do we place a W2k3 SQL Cluster system in the DMZ with a connection
to the domain.

Putting 2x hardend DC´s in the DMZ seems to be no option either,
because they then need to replicate with the other DC behind the
firewall.
Even if we use IPSEC to have only one port open on the firewall for
the replication.
I know replication via SMTP is possible, but is this a usefull way?

So any ideas, hints or best practice are appriciated

Thanks in advance

Samir Soliman

---

• Next message: Peter Bauer: "Active Service Database"
• Previous message: EdT: "SecEdit INF format"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)