skepticals   0 pts.  |   Sep 5 2006  9:40AM GMT

Bruce,

Thank you for the reply and I am glad you asked questions. I am not sure if I need more domain levels. Should I have a different level for each server? For example mail.domain for the exchange; web.domain for the webserver or? The web server will be running a site that is open to the public, does this mean I have to have that part of the domain different than the rest? The email server needs to be accessed from outside of the LAN as well. Do I have to have my email and exchange sever end in a public .com, .net, etc?

burlyHart   0 pts.  |   Sep 5 2006  10:05AM GMT

If you have a small office I would go with one domain name. Your email server could have a name such as <a href="http://mail.domain.com" title="http://mail.domain. " target="_blank">mail.domain.com</a>. Your web server can still be private, but you will assign a public IP address to the site with a DNS entry provided by your ISP on his server.
Let the size of the business determine the sub levels. Is the compnany large enough to have separate departments such as sales, support, etc? If so then give each a sub domain name. Its easily done with active directory since you’re going to have a domain controller anyway.
Then determine if you want to have a web server or let someone host the site for you. Having a web server facing the public means security, bandwidth, management…
Hope this helps.

Bruce

skepticals   0 pts.  |   Sep 5 2006  11:45AM GMT

Bruce,

Thank you for brainstorming with me. This is very helpful. Initially, I will only setup the domain controller, then the Exchange server, and lastly the web server. I just wanted to make sure I got the ball rollng correctly.

Regarding the name of the domain, are there any practical standards? For example, I have a friend that set one up for a police station and named it something like police.cop. Can I use anything in the place of .cop? I know that .cop is not a public name, but from the sounds of it, I can register an IP that will point to my non-public server. Is this correct?

Sidzilla   0 pts.  |   Sep 5 2006  12:15PM GMT

My own company has a domain controller and an Exchange server on the ‘inside’port of our firewall. Our web server is on the ‘outside’port of the firewall with DNS and the firewall set up to NAT requests for email (port 25)to our exchange server. The web site is public and the email is routed to Exchange this way, but our internal domain remains protected via the firewall. We also have our web server set up to forward outside authenticated user requests for our intranet and Outlook Web access to the appropriate internal servers. We are a company with about 100 internal users, and this setup is fine for us. Our internal domain consists of one domain name- “archery” and our external web server hosts about 9 different web sites with 9 different company names. Setting it up this way allowed us to NAT requests from each of the different companies and web sites in our organization to the same exchange server while keeping one single domain internally.

Stephang   0 pts.  |   Sep 5 2006  1:20PM GMT

I have just finished installing a network from scratch for my company which sounds very much like what you are doing. Here’s what I did, starting from the outside in.
First get a good quality router, like Cisco. Configure it to basically allow all traffic in except non-routable addresses. Then get a good quality firewall with at least 3 ports. One port goes to the router, one to the private network and one to a DMZ. Let the firewall (not the router) be the one in charge of most security. Also, get a service contract on both and let them be updated autoamtically if possible.
The firewall should go into a switch (16 ports sounds good for your network). You can then plug servers into the switch one at a time as you bring them on-line. If you can afford it, let each server do one major thing (email, database) or several smaller things (authenticiation, DNS, WINS). Put your webserver in the DMZ. Use one non-routable address space in the private network and another one in the DMZ. Try to plan out all your IP addresses ahead of time on paper before you do anything.
Active Directory requires you to use a pseudo-domain name; that is, it looks like one but isn’t. If you have a company or other registered name, use it. It sounds like it will be confusing and it is but only a little. Give each server a distinct netbios name and that is how you will refer to them.
Finally, when you register your public DNS name, you can use one or more of your public IP addresses to match to your servers. For example, if you call your webserver WEBSRV, you can assign it a public IP address and call it <a href="http://WEBSRV.company.name" title="http://WEBSRV.company. " target="_blank">WEBSRV.company.name</a> on the outside.