I'm currently designing a network for a small/medium business. Without me typing up the whole brief I've come up with a rough outline of my intended design. Now this is slightly bigger than I normally deal with so any feedback on anything obvious I'm missing would be great. Don't forget this is just rough atm.
ClioSport.net
Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
-
When you purchase through links on our site, we may earn an affiliate commission. Read more here.
FAO: Network Designers
- Thread starter Longy
- Start date
Fibre Link.
There will be (I'm guessing) comments of putting ISA in to the DMZ to publish Exchange etc but on the whole it looks sane to me
Fibre Link.
There will be (I'm guessing) comments of putting ISA in to the DMZ to publish Exchange etc but on the whole it looks sane to me
Well yeah here's the thing, is it better practice to put the exchange server into the DMZ?
Also as the backup site is on the same switch I could put the DC2 into the backup site thinking about it? and use the backup server for everything else?
As you have fibre between your main office and the backup site, you could potentially look at moving a DC to there for a bit of redundancy. You could also look at doing things with Exchange for multi site redundancy.
What does the backup site do currently? And how big is the fibre link? Do you have to utilise current hardware?
What does the backup site do currently? And how big is the fibre link? Do you have to utilise current hardware?
Haha, see my post above.
As for Exchange in DMZ - some people say yes, some people say no.
I guess it depends on the rest of the topology. I did have a massive article once on why Exchange shouldn't be in the DMZ.. I'll try to find it, heh.
IMO the ideal solution is, using an ISA server in the DMZ with firewall pinholes from the ISA box to the internal domain is a better solution... some people agree, some people don't. You'll never get a definitive answer
It's going to be a total new install (new site, new servers etc), I'm gonna use the current server they have (which is half decent) for the backup site. I'm going to try and use as much old stuff as I can but this new site needs to be up and running and pass our testing way before we migrate from the old system.
Just as a randomm quote
That's specific for Exchange 2007 and from an Exchange forum.. but Microsoft don't recommend using the main roles in a DMZ.
I guess they trust their services to be internal..
At the end of the day, if you put an Exchange box into the DMZ, you'll have to open certain ports up on the firewall anyway from that server to your network.. (for AD etc) so it largely removes the DMZ advantage.
That's specific for Exchange 2007 and from an Exchange forum.. but Microsoft don't recommend using the main roles in a DMZ.
I guess they trust their services to be internal..
At the end of the day, if you put an Exchange box into the DMZ, you'll have to open certain ports up on the firewall anyway from that server to your network.. (for AD etc) so it largely removes the DMZ advantage.
Better than yours. C*nt.
Just having a poo and a ponder on this, seems good to me, although as has been suggested if it's your backup site you may wish to put servers there also - SQL replication/secondary DC/Exchange dependant on link. Also, as far as putting Exchange into the DMZ, I wouldn't. Maybe use Squid in the DMZ, to get access to OWA etc. Other than that, I'd just use the MS firewalls on the servers allowing access only to what you need on them, and the firewall appliances NATing to the boxes as needs be, dependant on available IP pool.
Similar threads
