1

I have two infrastructure both are using same DC as well as at same location.

  1. Corporate infrastructure
  2. Web Application Hosting Infrastructure

Now I am going to separate them, also would be at different location. But same people need access to both infrastructure, but very limited number of people need access to 2

What would be the best way to setup DC? Also considering security as well

  1. just replicate DC at both location?

  2. Some kind of forest setup?(I am not sysadmin so not sure how to explain this or how it could play)

  3. Having completely separate DC?

Any input into what is preferred way to implement this?

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
mamu
  • 342
  • 1
  • 7
  • 18

2 Answers2

3

If web application hosting infra is accessed internally only (no internet) then just extend the current domain structure by promoting a new DC in new location (assuming there is proper network connectivity between them)

If web application hosting infra is accessed over Internet then for security purpose I would go with separate forest in new location (i.e. new DC promotion, in new domain), and provide access to few people who require it. If users have to access these apps from internal network then you can think of creating one way trust between domains.

KAPes
  • 994
  • 4
  • 12
1

Well if you have a DC running then you already have a forest set up. If you're just looking to spread them out geographically, say for redundancy, then all you would have to do is join another server as a memeber server to your domain and then dcpromo it. I wouldn't create another separate forest or domain, unless you need those security boundaries. It won't give you complete redundancy, if one area goes down you'll have to move FSMO roles. Replication will take care of itself once you dcpromo the new server (its part of the process).

Tatas
  • 2,081
  • 1
  • 13
  • 19