|
xmlparser -> CMS, VPN, Active Directory, Split- DNS and ISA server 2004 (27.May2004 7:30:00 AM)
|
I was wondering if install two ISA servers 2004 for a preimeter network ie the front-end firewall and a backend firewall, Do I need a seperate Active directory domain for the front-end? And where should I put a content management server in a DMZ on the front-end or in the back-end.
Currently I have the following set up for an Enterprise testing network.
Front-END: a DLink VPN Firewall with a DMZ and the web server.
The back-end:
ISA 2004 firewall with cacheless DNS server
Web-Application Server
Database Server
And Active Directory, DNS and DHCP server.
As a consultant, I would like to add a CMS server so that I can collaborate with clients over the internet. Should I:
A) Place the the CMS in DMZ behind the Front-end ISA server?
B) or place the the CMS in DMZ behind the Back-end SA server?
How do I validate the incoming client? VPN and/or Active Directory (A.D.)? Should I set up A.D. in a different Domain and DNS behind the Front-end ISA Server. Note: I still learning how to use A.D. and VPN.
I plan to run a split-DNS on the Front-end behind the ISA 2004 firewall server. Where do I run the advertiser- DNS in the DMZ with the Web server? Or on the private LAN leg to the back-end. Should I keep the CMS on a seperate DMZ.
Finally, with ISA 2004 would I benefit running a preimeter network running two ISA 2004 servers and the D-Link VPN Firewall. Is this sufficent or overkill?
|
|
|
|