Hey folks....

Just a little confused here ... nodes  notes[domino????] Going back to the 
original post there is no mention of nodes only Lotus Notes and clustering.
I am sort of wondering what people mean here?
What is meant when each says nodes and what does the poster mean when they say 

Seems to me [and am more than happy to be put back on my box :-) ] seems that 
the original poster wants to have mail servers in a DMZ and utilise MS 
clustering services to achieve this with the servers? The advice gets a bit 
confusing but my interpretation and I am agreeing with this interpretation (can 
one do that ..??) is that
1 It is OK to create a domain in a DMZ.
2 It is not advisable to make that domain part of a forest that has its source 
internal to the DMZ and thus best for it to be its own forest.
3 The DC's in that forest are best not to be nodes within the clustered servers.
4 It is fine to create a domino or other email server in a cluster.
5 You need a domain and therefore an AD to institute a Cluster.
6 Normal practice applies when creating a domain/forest with respect to FSMOs, 
GC, DNS, service accounts, and redundancy.

I am not sure if this covers an internet pages server [IIS??] but that too 
would apply as above and could also reside within a cluster depending on what 
and how the rest is planned to be put together.

If I have part or all of this wrong I apologise in advance
Max Wohlgehagen


From: [EMAIL PROTECTED] on behalf of Brian Desmond
Sent: Wed 25/10/2006 1:55 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] DMZ DOMAIN?

Please don't make the cluster nodes DCs. It's a really bad setup and doesn't 
always fully work.


Brian Desmond


c - 312.731.3132

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Williams
Sent: Tuesday, October 24, 2006 4:38 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DMZ DOMAIN?

If you take a look at the Windows 2000 clustering training material (I don't 
have it handy so my vocabulary will be scetchy) there is a setup where you make 
the nodes the DCs for the domain that the cluster resides in.  I've never 
implemented such a setup though, so can't vouch for it in anyway, other than 
saying that it is supported to have a DC or DCs as nodes in a cluster.  What 
isn't supported is the clustering of AD (we all know why that is a stupid idea 

Personally, I would add two additional servers to the DMZ as domain controllers 
for their own forest, also running as GC and DNS servers.  The clusters, and 
the notes servers, and any other servers that have service accounts running on 
them, can then be members of this domain.

You need to think long and hard before creating any trusts from the DMZ to the 
internal (or vice-versa).  Again, this is supported and is often used (DMZ 
trusts internal) in a number of setups, but the true purpose of a DMZ doesn't 
allow such things (from a conceptual perspective --see DMZology presentation by 
Fred at TechEd for some good info. on this).


        ----- Original Message -----

        From: Brian Desmond <mailto:[EMAIL PROTECTED]>

        To: ActiveDir@mail.activedir.org

        Sent: Tuesday, October 24, 2006 4:33 AM

        Subject: RE: [ActiveDir] DMZ DOMAIN?

        You need a domain to have a cluster. You can make yourself a forest for 
this purpose out in the DMZ. Just don't make the cluster nodes domain 


        Brian Desmond


        c - 312.731.3132

        From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL 
        Sent: Monday, October 23, 2006 6:04 PM
        To: ActiveDir@mail.activedir.org
        Subject: [ActiveDir] DMZ DOMAIN?

        I need a little question.

                I have a dmz zone, where we have our firewall, and some lotus 
notes email servers.
                I want to create a Microssoft cluster with our two internet 
pages servers. I read in documentations that I only can have a cluster if I 
have a MS AD domain, Is that true? Is there any restriction in creating a 
Domain in Internet DMZ zone? Is that Unsafe?


        Adrião Ferreira Ramos
        (11) 33888193
        Esta mensagem pode conter informação confidencial e/ou privilegiada. Se 
você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não 
pode usar, copiar ou divulgar as informações nela contidas ou tomar qualquer 
ação baseada nessas informações. Se você recebeu esta mensagem por engano, por 
favor avise imediatamente o remetente, respondendo o e-mail e em seguida 
apague-o. Agradecemos sua cooperação.

        This message may contain confidential and/or privileged information. If 
you are not the addressee or authorized to receive this for the addressee, you 
must not use, copy, disclose or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

Important -
This email and any attachments may be confidential. If received in error, 
please contact us and delete all copies. Before opening or using attachments 
check them for viruses and defects. Regardless of any loss, damage or 
consequence, whether caused by the negligence of the sender or not, resulting 
directly or indirectly from the use of any attached files our liability is 
limited to resupplying any affected attachments. Any representations or 
opinions expressed are those of the individual sender, and not necessarily 
those of the Department of Education & Training.


Reply via email to