Enterprise network setup

[grimstoner]

We currently have a DC at our offices, that hosts the domain, let's say, acme. The FQDN for this domain would then be acme.local.

We have acquired a dedicated server at a hosting provider, and we will be moving some of our services there. These services would have to be moved in phases, according to priority. Those services are :

• A website (call it Product A) (highest priority)
• Our company's website (www.acme.com)
• Our company's email (currently hosted at Afrihost)
• Team Foundation Services (lowest priority)

Product A is a website for a customer that is currently too slow on shared hosting, hence the high priority to move it. It's a Silverlight site connecting to a SQL database (which will be installed on the server).

To which Active Directory domain should the server be added? Should I set it up as a DC for acme.com, and then set up full-trust between acme.local and acme.com? Or, should it be added to the acme.local domain? If so, how will users authenticate to the acme.local domain on that machine (once we install TFS), if the PDC for acme.local is in our network, only accessible externally from a dyndns address? Or, would it be best to setup a VPN between the server and our local network?

If we want to install Exchange on the server, should it then be part of the acme.com domain (since we'll have emails like grim@acme.com)?

If we're going to host acme.com's website on that server, should I then have DNS's point acme.com to that server, and then handle the DNS ourselves?

 

[bubbatentoe]

hey Grim,

you don't want much hey?
LOL.


You really shouldn't run SQL + Sharepoint + Team Foundation + 2 web sites + Active Directory (and DHCP + DNS) + Exchange on just one server being hosted at a hosting company.
Except if it's a super HUGE server running Microsoft HyperV with separate instances for Active Directory, SQL, Exchange & Sharepoint with TFS.
The 2 websites won't consume too much resources (but again - depending on traffic)

The web server (with client web site) doesn't need to be part of an Active Directory.
Just run it on a Windows Server (with SQL) and change the website authentication method from Widows Authentication to SQL Authentication - and create/assign new usernames/password.



If it was me:

I'd rent 2 hosting packages from the hosting company.
1 for each website.
a) client website will be hosted on a dedicated Windows package offering SQL & Silverlight
b) acme website will be on a shared Linux package (www.acme.co.za will point to the hosting company web server while the MX record for acme.co.za will point to the mail server - be it at your premises or hosted)


The new server I'd place at your company premises and join the ACME domain as a domain controller.
I'd then transfer DHCP and the Active Directory FSMO roles to the new box thereby freeing up resources on the current domain controller that runs SQL/Team Foundation/Sharepoint.


Exchange 2010 is 64 bit only (runs ONLY on Windows Server 64)
So you need a separate machine for it, (if your current and new Windows servers are 32bit)
Ideally you want Exchange server on the same LAN as the clients.

Outlook clients can authenticate against Exchange 2010 over a leased line or ADSL (HTTPS) but it's not as fast.



Moral of the story:

don't host client services (web sites ect) and internal services (Active Directory, Exchange etc) on the same server.
If your server crashes BOTH you and the client are down.