If security is the issue use ipsec to connect the office infrastructure (cross pollinating ipsec/windows is not that hard if you know what you're doing). Use X509 certs to unsure authentication; complement it with a good firewall setup. Use standard security guidelines to secure public services (email, http, etc.) and Bob's your uncle...Whether you want to collapse all services in one box is irrelevant, it all depends on how good you are at setting your security policies and how well you enforce it. As a practical matter, having physical segregation is a double edged sword: More work on one hand, but more redundancy on the other....My take is to make all the services (if possible) Linux-based and let the client side sort itself out. As far as Enterprise Applications are concerned, the client side is OS-Agnostic...
Travis Rousseau wrote: > On 4/15/05, Kin C Wong <[EMAIL PROTECTED]> wrote: > > The office is planning to go virtual to reduce cost so everyone (some > > people are in different cities as well). Currently there is a webserver > > and ftp server, a mailserver, firewall (all linux) and a file server using > > Citrix and a domain server (Microsoft). > > > > Going forward, I want to change everything to Linux. We will eliminate the > > domain server and the file server will use Samba instead. Currently > > everything except the webserver is behind a firewall (even the email > > server). Any advice on how one should configure this to be effective. > I'd put everything behind the firewall and set it up with a IDS to > provide a bit more security but thats not always possible > > > > My initial thoughts are that the mail server does not need to be behind the > > firewall and can be easily co-located with the webserver and ftp server. > Yes it does not have to be, I would do this for costs and less > physical servers to maintain > > > > I know it is popular to store files using Samba, but if the office is > > virtual, would you configure ftp to point to the shared files? Would you > > use a different box and ip than mail, web and ftp server? > You could put it all on the same box but... Security will suffer I > find ftp and samba are not very secure with passwords and such. I > would put them on separate servers OR setup ftp to only allow sftp and > no samba > > Seeing this is a business i would go for the more secure way but i > probably see it different than it is. > > > > BTW, unfortunately on the client side, we still need to be on Windows if > > that makes a difference. > > > Oh thats it scrap your whole plan linux does not let you use windows > on the client side ***joke*** > > Travis R. > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= --oo0oo-- Juan Alberto Cirez - Software Developer --oo0oo-- =========== [EMAIL PROTECTED] ============= C, C++, Java, Perl & .NET Enterprise Solutions Supporting Windows & Linux Environments =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Sunny and Beautiful Vancouver, Canada. =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
