|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Domain redundancyLet me start off with appologizing for cross-posting (well, kind of: I made a post regarding this on microsoft.public.win2003.general, but got no response). So, down to business. I have a need to set up a win2003/xp network (about 10 machines, where 2 are planned as serv2003, others are xp- sp2) that would have a redundant domain controller (it covers several server roles). I want it to be redundant in all respects: replicated AC (btw, do I have to do anything special, or does secondary DC replicate AC by default?), mirrored network shares, a non-conflicting policy on who takes the role of DHCP server (DNS, perhaps, too?) Planned roles for the twins: - DC - File and Print Server - Terminal Service - DHCP Server - DNS Server. I greatly appreciate your input. Please be specific - I am not a windows server guru - bear with me, please. Thank you. Alex. What mode for Terminal Services? Application Mode or Remote Administration?
Running TS in Application server mode on a multi-role machine is not recommended, especially not on a DC. As for the rest of it: In having a second DC redundancy will take care of itself, being sure you make it a global catalog. Adding the DNS service to the second DC will also take care of itself so long as you made AD DNS an AD integrated zone. Make sure you hand out both DNS server addresses via DHCP. With regards to DHCP, ensure you have non-overlapping scopes that both have enough addresses to service ALL clients. If you want redundancy in file data, I recommend that you use Windows Server 2003 R2 and use the replication included with DFS. You'll have to do some reading, but this will do what you need. If you want print server redundancy, then create all your printers on one server and back them up with PrintMig 3.0 so you can quickly bring them up on the second server in the event of a failure. Clients will have to add new printers, but they wont be out of action for long. Obviously these are all general recommendations, but I have neither the time nor anywhere near the details I'd need to do a more detailed design (besides, you aren't paying me ;-) ). So read up on the technologies I spoke of above, they are all included with Windows Server 2003 R2. Good luck. Cheers, Jeremy. Show quote "parahumanoid" <parahuman***@excite.com> wrote in message news:1179049207.232498.26390@u30g2000hsc.googlegroups.com... > Hi, > > Let me start off with appologizing for cross-posting (well, kind of: I > made a post regarding this on microsoft.public.win2003.general, but > got no response). > > So, down to business. I have a need to set up a win2003/xp network > (about 10 machines, where 2 are planned as serv2003, others are xp- > sp2) that would have a redundant domain controller (it covers several > server roles). I want it to be redundant in all respects: replicated > AC (btw, do I have to do anything special, or does secondary DC > replicate AC by default?), mirrored network shares, a non-conflicting > policy on who takes the role of DHCP server (DNS, perhaps, too?) > > Planned roles for the twins: > - DC > - File and Print Server > - Terminal Service > - DHCP Server > - DNS Server. > > I greatly appreciate your input. Please be specific - I am not a > windows server guru - bear with me, please. > > Thank you. > Alex. > Thank you for your help, Jeremy.
One more question though (although I am not paying you ;-) What exactly is the problem with TS (app mode, btw) and DC being on the same machine? Security? Stability? Performance? The net, as I said, is only about 10 PCs, servers included. The work performed is not network- or directory-intensive. Besides, we're shooting for a budget configuration. Thanks again. Alex. Hello parahumanoid,
One point is security, the other is performance. http://207.46.196.114/windowsserver/en/library/f348b35e-49ab-49c1-8a66-f72a80a265901033.mspx?mfr=true http://www.microsoft.com/technet/community/en-us/terminal/terminal_faq.mspx Question 6 Best regards Myweb Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. Show quote > Thank you for your help, Jeremy. > > One more question though (although I am not paying you ;-) > What exactly is the problem with TS (app mode, btw) and DC being on > the same machine? Security? Stability? Performance? The net, as I > said, is only about 10 PCs, servers included. The work performed is > not network- or directory-intensive. Besides, we're shooting for a > budget configuration. > Thanks again. > Alex. Security mainly. Your entire security model relies on DC security. When
you give people the ability to log on locally (which is what TS is), then it is as if you are giving them the keys to your server room. Would you let just anyone walk in and sit at the keyboard of your DC which, if you lose it, mean no one can do any work. If the answer is that budget constraints trumps security concerns this is OK. So long as you have made yourself aware of the risks and decided to accept them anyway (and so long as your manager does too). Show quote "parahumanoid" <parahuman***@excite.com> wrote in message news:1179058702.201668.151840@w5g2000hsg.googlegroups.com... > Thank you for your help, Jeremy. > > One more question though (although I am not paying you ;-) > What exactly is the problem with TS (app mode, btw) and DC being on > the same machine? Security? Stability? Performance? The net, as I > said, is only about 10 PCs, servers included. The work performed is > not network- or directory-intensive. Besides, we're shooting for a > budget configuration. > > Thanks again. > Alex. > Jeremy,
I agree with everything you've said with one exception: When configuring the DHCP you want to have overlapping scopes, but set exclusions on each to cover the active portions on the opposite server. This is referred to as the 50/50 scenario and while larger environments usually do 80/20, this is fine for an environment this size. You want to have the scopes overlap because you won't have control over which server is queried for DHCP. In the request chain, the client always checks to see if its scope is valid. If it talks to the "other" server it will get a NAK and may not query for an address again, meaning it wil lose its IP address eventually and the workstation will be down. It should also be noted that the FSMO roles will only exist in one location, but most of your services will be replicated in the scenario you are looking at. -- Show quoteRyan Hanisco MCSE, MCTS: SQL 2005, Project+ Chicago, IL "Jeremy" wrote: > What mode for Terminal Services? Application Mode or Remote Administration? > Running TS in Application server mode on a multi-role machine is not > recommended, especially not on a DC. > > As for the rest of it: > > In having a second DC redundancy will take care of itself, being sure you > make it a global catalog. > Adding the DNS service to the second DC will also take care of itself so > long as you made AD DNS an AD integrated zone. > Make sure you hand out both DNS server addresses via DHCP. > With regards to DHCP, ensure you have non-overlapping scopes that both have > enough addresses to service ALL clients. > If you want redundancy in file data, I recommend that you use Windows Server > 2003 R2 and use the replication included with DFS. You'll have to do some > reading, but this will do what you need. > If you want print server redundancy, then create all your printers on one > server and back them up with PrintMig 3.0 so you can quickly bring them up > on the second server in the event of a failure. Clients will have to add > new printers, but they wont be out of action for long. > > Obviously these are all general recommendations, but I have neither the time > nor anywhere near the details I'd need to do a more detailed design > (besides, you aren't paying me ;-) ). > > So read up on the technologies I spoke of above, they are all included with > Windows Server 2003 R2. > > Good luck. > > Cheers, > Jeremy. > > "parahumanoid" <parahuman***@excite.com> wrote in message > news:1179049207.232498.26390@u30g2000hsc.googlegroups.com... > > Hi, > > > > Let me start off with appologizing for cross-posting (well, kind of: I > > made a post regarding this on microsoft.public.win2003.general, but > > got no response). > > > > So, down to business. I have a need to set up a win2003/xp network > > (about 10 machines, where 2 are planned as serv2003, others are xp- > > sp2) that would have a redundant domain controller (it covers several > > server roles). I want it to be redundant in all respects: replicated > > AC (btw, do I have to do anything special, or does secondary DC > > replicate AC by default?), mirrored network shares, a non-conflicting > > policy on who takes the role of DHCP server (DNS, perhaps, too?) > > > > Planned roles for the twins: > > - DC > > - File and Print Server > > - Terminal Service > > - DHCP Server > > - DNS Server. > > > > I greatly appreciate your input. Please be specific - I am not a > > windows server guru - bear with me, please. > > > > Thank you. > > Alex. > > > I don't quite understand that. Since it is only when the workstation
requests an address that it broadcasts, once it has an address it talks in unicast to the DHCP server to renew etc. So are you saying that it is in the DHCPDISCOVER process that this happens? Either way, even in an overlapping 50/50 or 80/20 scope situation, you want to ensure that each DHCP server can service the whole environment on its own. Show quote "Ryan Hanisco" <RyanHani***@discussions.microsoft.com> wrote in message news:4D410383-18C5-4D40-8D00-0376C8EA5C2B@microsoft.com... > Jeremy, > > I agree with everything you've said with one exception: When configuring > the DHCP you want to have overlapping scopes, but set exclusions on each > to > cover the active portions on the opposite server. This is referred to as > the > 50/50 scenario and while larger environments usually do 80/20, this is > fine > for an environment this size. You want to have the scopes overlap because > you won't have control over which server is queried for DHCP. In the > request > chain, the client always checks to see if its scope is valid. If it talks > to > the "other" server it will get a NAK and may not query for an address > again, > meaning it wil lose its IP address eventually and the workstation will be > down. > > > It should also be noted that the FSMO roles will only exist in one > location, > but most of your services will be replicated in the scenario you are > looking > at. > -- > Ryan Hanisco > MCSE, MCTS: SQL 2005, Project+ > Chicago, IL > > > "Jeremy" wrote: > >> What mode for Terminal Services? Application Mode or Remote >> Administration? >> Running TS in Application server mode on a multi-role machine is not >> recommended, especially not on a DC. >> >> As for the rest of it: >> >> In having a second DC redundancy will take care of itself, being sure you >> make it a global catalog. >> Adding the DNS service to the second DC will also take care of itself so >> long as you made AD DNS an AD integrated zone. >> Make sure you hand out both DNS server addresses via DHCP. >> With regards to DHCP, ensure you have non-overlapping scopes that both >> have >> enough addresses to service ALL clients. >> If you want redundancy in file data, I recommend that you use Windows >> Server >> 2003 R2 and use the replication included with DFS. You'll have to do >> some >> reading, but this will do what you need. >> If you want print server redundancy, then create all your printers on one >> server and back them up with PrintMig 3.0 so you can quickly bring them >> up >> on the second server in the event of a failure. Clients will have to add >> new printers, but they wont be out of action for long. >> >> Obviously these are all general recommendations, but I have neither the >> time >> nor anywhere near the details I'd need to do a more detailed design >> (besides, you aren't paying me ;-) ). >> >> So read up on the technologies I spoke of above, they are all included >> with >> Windows Server 2003 R2. >> >> Good luck. >> >> Cheers, >> Jeremy. >> >> "parahumanoid" <parahuman***@excite.com> wrote in message >> news:1179049207.232498.26390@u30g2000hsc.googlegroups.com... >> > Hi, >> > >> > Let me start off with appologizing for cross-posting (well, kind of: I >> > made a post regarding this on microsoft.public.win2003.general, but >> > got no response). >> > >> > So, down to business. I have a need to set up a win2003/xp network >> > (about 10 machines, where 2 are planned as serv2003, others are xp- >> > sp2) that would have a redundant domain controller (it covers several >> > server roles). I want it to be redundant in all respects: replicated >> > AC (btw, do I have to do anything special, or does secondary DC >> > replicate AC by default?), mirrored network shares, a non-conflicting >> > policy on who takes the role of DHCP server (DNS, perhaps, too?) >> > >> > Planned roles for the twins: >> > - DC >> > - File and Print Server >> > - Terminal Service >> > - DHCP Server >> > - DNS Server. >> > >> > I greatly appreciate your input. Please be specific - I am not a >> > windows server guru - bear with me, please. >> > >> > Thank you. >> > Alex. >> > >>  |
|||||||||||||||||||||||
Other interesting topics