Hey folks.... Just a little confused here ... nodes notes[domino????] Going back to the original post there is no mention of nodes only Lotus Notes and clustering. I am sort of wondering what people mean here? What is meant when each says nodes and what does the poster mean when they say notes?
Seems to me [and am more than happy to be put back on my box :-) ] seems that the original poster wants to have mail servers in a DMZ and utilise MS clustering services to achieve this with the servers? The advice gets a bit confusing but my interpretation and I am agreeing with this interpretation (can one do that ..??) is that 1 It is OK to create a domain in a DMZ. 2 It is not advisable to make that domain part of a forest that has its source internal to the DMZ and thus best for it to be its own forest. 3 The DC's in that forest are best not to be nodes within the clustered servers. 4 It is fine to create a domino or other email server in a cluster. 5 You need a domain and therefore an AD to institute a Cluster. 6 Normal practice applies when creating a domain/forest with respect to FSMOs, GC, DNS, service accounts, and redundancy. I am not sure if this covers an internet pages server [IIS??] but that too would apply as above and could also reside within a cluster depending on what and how the rest is planned to be put together. If I have part or all of this wrong I apologise in advance Cheers: Max Wohlgehagen ________________________________ From: [EMAIL PROTECTED] on behalf of Brian Desmond Sent: Wed 25/10/2006 1:55 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DMZ DOMAIN? Please don't make the cluster nodes DCs. It's a really bad setup and doesn't always fully work. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Williams Sent: Tuesday, October 24, 2006 4:38 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DMZ DOMAIN? If you take a look at the Windows 2000 clustering training material (I don't have it handy so my vocabulary will be scetchy) there is a setup where you make the nodes the DCs for the domain that the cluster resides in. I've never implemented such a setup though, so can't vouch for it in anyway, other than saying that it is supported to have a DC or DCs as nodes in a cluster. What isn't supported is the clustering of AD (we all know why that is a stupid idea anyway). Personally, I would add two additional servers to the DMZ as domain controllers for their own forest, also running as GC and DNS servers. The clusters, and the notes servers, and any other servers that have service accounts running on them, can then be members of this domain. You need to think long and hard before creating any trusts from the DMZ to the internal (or vice-versa). Again, this is supported and is often used (DMZ trusts internal) in a number of setups, but the true purpose of a DMZ doesn't allow such things (from a conceptual perspective --see DMZology presentation by Fred at TechEd for some good info. on this). --Paul ----- Original Message ----- From: Brian Desmond <mailto:[EMAIL PROTECTED]> To: ActiveDir@mail.activedir.org Sent: Tuesday, October 24, 2006 4:33 AM Subject: RE: [ActiveDir] DMZ DOMAIN? You need a domain to have a cluster. You can make yourself a forest for this purpose out in the DMZ. Just don't make the cluster nodes domain controllers. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, October 23, 2006 6:04 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DMZ DOMAIN? I need a little question. I have a dmz zone, where we have our firewall, and some lotus notes email servers. I want to create a Microssoft cluster with our two internet pages servers. I read in documentations that I only can have a cluster if I have a MS AD domain, Is that true? Is there any restriction in creating a Domain in Internet DMZ zone? Is that Unsafe? Thanks Adrião Ferreira Ramos CII14 (11) 33888193 [EMAIL PROTECTED] Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não pode usar, copiar ou divulgar as informações nela contidas ou tomar qualquer ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperação. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education & Training.
<<winmail.dat>>