Re: W2K3 domain in DMZ
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: Fri, 11 Jun 2004 19:22:55 -0700
IMO the private network is good idea, but you must
restrict and/or screen public interfaces fully/carefully
as each one is the gate to that entire private network.
-- Roger "John Koswalski" <email@example.com> wrote in message news:%23uu1mS%23TEHA.3988@TK2MSFTNGP10.phx.gbl... > Yes a single domain DMZ > > I'm thinking about > > Fire Wall > > Public subnet on 1st NIC > Private subnet on 2nd NIC > > This for all servers that have a need for internet connectivity, the others > would only have the private subnet configured an be used for backups, > account management etc ... perhaps extra hardend using IPSec, IP filtering > etc .... > > Main concerns is getting a DMZ that we can centrally manage and backup (one > server, from that server to tape) > > Thx for your input > > "S. Pidgorny <MVP>" <firstname.lastname@example.org> wrote in message > news:%230ixsTuTEHA.email@example.com... > > Is that a single DMZ that you need to implement AD in? If so, just create > a > > pair of domain controlers and add the hosts to the domain. Do not expose > the > > domain controllers to the Internet (matter of fact, better keep them off > the > > intranet, too). Backup? Do _not_ backup to a file that you keep on the > same > > server, or even another box - you will lose data. Make tape backups, ship > > tapes offsite. That is not that complicated, even small business can > afford > > doing that. I've been involved in a case when a business survived thanks > to > > such backup strategy. > > > > -- > > Svyatoslav Pidgorny, MVP, MCSE > > -= F1 is the key =- > > > > "John Koswalski" <firstname.lastname@example.org> wrote in message > > news:eCll3mkTEHA.1412@TK2MSFTNGP11.phx.gbl... > > > Hello, > > > > > > I'm considering setting up a seprate forrest for our DMZ in order to > > > facilitate management. I'm concerned about security and I'm looking for > > > information and best practices for this scenario. I'm also interested > in > > > backup scenario's ... I would like to backup to file on a central sever > in > > > the DMZ but I'm worried about the holes this might create in the DMZ > > domain. > > > Until now all our servers have been bastion hosts who could not even > > > communicate well with each other. Basically we nailed 'm as shut as we > > > could Si this scenario is a bit of a change for us. Thx for you input. > > > > > > > > > > > >