Windows Server 2008 in Colocated Environment

We are planning a test environment running Windows Server 2008 64-bit servers
in a colocation facility. I need some advice as to domain controller and DNS
configuration as I am used to hosting these services within our own offices.
If someone can answer, it would be greatly appreciated.

The following is our goal:

1. To have a front-end server running a website via IIS, Commerce Server via
a Hyper-V vm, OCS Edge Server via a Hyper-V vm, and an Exchange Edge Server
running on the local server.

2. Have a back-end server running OCS 2007 via a Hyper-V vm, Exchange Server
2007 mail server.

1. If the colocation facility is providing DNS (external facing), how should
these servers be configured?

a. Should I create the back-end server as a primary DC creating a new
forest and domain, company.com, and have the mailboxes and SIP (OCS) accounts
located there running its own internal DNS (i.e. 10.1.1.1 - 10.1.1.x)

b. Should I configure the front-end server as a DC, part of the company.com
forest/domain above, so that it can connect to the OCS and Exchange Server
via the 10.1.1.x network and then use the external physical NICs (there are 4
physical NICs on this server) pointing to the static Public IP addresses that
the colocation provider assigns?

My confusion is that I'm not sure if we have to create the internal server
on a separate domain like corp.company.com or if it should create the
company.com forest / domain because the colocation provider will be managing
the external facing DNS.

Thanks for making this as clear as mud.


Joe

Joe,
The external DNS will only be used by external clients, not by the servers.
Ideally all the servers will be behind a firewall.
You can use NAT on the firewall to translate the external IP addresses into
the internal addresses you assign to the NICs on the front end servers.
Alternatively you can just get a bigger address range assigned to you and
use all external IP's.
You will need to create an internal AD domain and DNS zone, which will be
different from your external domain name. You could just put all servers in
this domain.
If you want to isolate the front end servers from the back end then:
- you need another firewall
- another internal address range
- only the back end servers in the domain; the front end as standalone.
Hope that helps,
Anthony,
http://www.airdesk.co.uk



"Joe" <(E-Mail Removed)> wrote in message
news:6D724B67-4763-418D-AB47-(E-Mail Removed)...
> We are planning a test environment running Windows Server 2008 64-bit
> servers
> in a colocation facility. I need some advice as to domain controller and
> DNS
> configuration as I am used to hosting these services within our own
> offices.
> If someone can answer, it would be greatly appreciated.
>
> The following is our goal:
>
> 1. To have a front-end server running a website via IIS, Commerce Server
> via
> a Hyper-V vm, OCS Edge Server via a Hyper-V vm, and an Exchange Edge
> Server
> running on the local server.
>
> 2. Have a back-end server running OCS 2007 via a Hyper-V vm, Exchange
> Server
> 2007 mail server.
>
> 1. If the colocation facility is providing DNS (external facing), how
> should
> these servers be configured?
>
> a. Should I create the back-end server as a primary DC creating a new
> forest and domain, company.com, and have the mailboxes and SIP (OCS)
> accounts
> located there running its own internal DNS (i.e. 10.1.1.1 - 10.1.1.x)
>
> b. Should I configure the front-end server as a DC, part of the
> company.com
> forest/domain above, so that it can connect to the OCS and Exchange Server
> via the 10.1.1.x network and then use the external physical NICs (there
> are 4
> physical NICs on this server) pointing to the static Public IP addresses
> that
> the colocation provider assigns?
>
> My confusion is that I'm not sure if we have to create the internal server
> on a separate domain like corp.company.com or if it should create the
> company.com forest / domain because the colocation provider will be
> managing
> the external facing DNS.
>
> Thanks for making this as clear as mud.

Thank you very much Anthony. So to further clarify one point, on my servers
I have here, I actually created a DC and DNS server for the company.com
domain, not corp.company.com as I believe you are indicating below. Do I
need to re-install and change my internal DC to corp.company.com now? If so,
how do my mail clients maintain a (E-Mail Removed) address vs. a
(E-Mail Removed) address? What harm does it cause to keep the
configuration as is with a DC as company.com with the exchange server and ocs
server running on it?

Thanks again,

Joe

"Anthony [MVP]" wrote:

> Joe,
> The external DNS will only be used by external clients, not by the servers.
> Ideally all the servers will be behind a firewall.
> You can use NAT on the firewall to translate the external IP addresses into
> the internal addresses you assign to the NICs on the front end servers.
> Alternatively you can just get a bigger address range assigned to you and
> use all external IP's.
> You will need to create an internal AD domain and DNS zone, which will be
> different from your external domain name. You could just put all servers in
> this domain.
> If you want to isolate the front end servers from the back end then:
> - you need another firewall
> - another internal address range
> - only the back end servers in the domain; the front end as standalone.
> Hope that helps,
> Anthony,
> http://www.airdesk.co.uk
>
>
>
> "Joe" <(E-Mail Removed)> wrote in message
> news:6D724B67-4763-418D-AB47-(E-Mail Removed)...
> > We are planning a test environment running Windows Server 2008 64-bit
> > servers
> > in a colocation facility. I need some advice as to domain controller and
> > DNS
> > configuration as I am used to hosting these services within our own
> > offices.
> > If someone can answer, it would be greatly appreciated.
> >
> > The following is our goal:
> >
> > 1. To have a front-end server running a website via IIS, Commerce Server
> > via
> > a Hyper-V vm, OCS Edge Server via a Hyper-V vm, and an Exchange Edge
> > Server
> > running on the local server.
> >
> > 2. Have a back-end server running OCS 2007 via a Hyper-V vm, Exchange
> > Server
> > 2007 mail server.
> >
> > 1. If the colocation facility is providing DNS (external facing), how
> > should
> > these servers be configured?
> >
> > a. Should I create the back-end server as a primary DC creating a new
> > forest and domain, company.com, and have the mailboxes and SIP (OCS)
> > accounts
> > located there running its own internal DNS (i.e. 10.1.1.1 - 10.1.1.x)
> >
> > b. Should I configure the front-end server as a DC, part of the
> > company.com
> > forest/domain above, so that it can connect to the OCS and Exchange Server
> > via the 10.1.1.x network and then use the external physical NICs (there
> > are 4
> > physical NICs on this server) pointing to the static Public IP addresses
> > that
> > the colocation provider assigns?
> >
> > My confusion is that I'm not sure if we have to create the internal server
> > on a separate domain like corp.company.com or if it should create the
> > company.com forest / domain because the colocation provider will be
> > managing
> > the external facing DNS.
> >
> > Thanks for making this as clear as mud.
>
>
>

I don't know your circumstances so I can't say what you should do, but this
may help you decide:

------Active Directory naming------
There are several different ways to do this. The important thing is that it
is not tied to your external domain names. Your internet services will be on
exposed ports that the firewall will transfer to internal IP addresses and
then send the response back out. Outside clients don't need to know internal
names. ad.domain.com is fine, and so is ad.local. You manage the internal
namespace on your own DNS, and the registrar manages the external namespace
for you.

--------------Exchange naming---------
The Exchange AD domain is not tied to the email domain. You are just going
to associate one or more mail domains with your Exchange domain.
http://technet.microsoft.com/en-us/l...EXCHG.80).aspx

A lot of this is designed to protect internal resources from external
access. If this is an external-only service the design can be slightly
different, but you may want to get some professional advice about that.
Hope that helps,
Anthony,
http://www.airdesk.co.uk





"Joe" <(E-Mail Removed)> wrote in message
news:59AF1D61-CE91-4F18-A6A2-(E-Mail Removed)...
> Thank you very much Anthony. So to further clarify one point, on my
> servers
> I have here, I actually created a DC and DNS server for the company.com
> domain, not corp.company.com as I believe you are indicating below. Do I
> need to re-install and change my internal DC to corp.company.com now? If
> so,
> how do my mail clients maintain a (E-Mail Removed) address vs. a
> (E-Mail Removed) address? What harm does it cause to keep the
> configuration as is with a DC as company.com with the exchange server and
> ocs
> server running on it?
>
> Thanks again,
>
> Joe
>
> "Anthony [MVP]" wrote:
>
>> Joe,
>> The external DNS will only be used by external clients, not by the
>> servers.
>> Ideally all the servers will be behind a firewall.
>> You can use NAT on the firewall to translate the external IP addresses
>> into
>> the internal addresses you assign to the NICs on the front end servers.
>> Alternatively you can just get a bigger address range assigned to you and
>> use all external IP's.
>> You will need to create an internal AD domain and DNS zone, which will be
>> different from your external domain name. You could just put all servers
>> in
>> this domain.
>> If you want to isolate the front end servers from the back end then:
>> - you need another firewall
>> - another internal address range
>> - only the back end servers in the domain; the front end as standalone.
>> Hope that helps,
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>>
>> "Joe" <(E-Mail Removed)> wrote in message
>> news:6D724B67-4763-418D-AB47-(E-Mail Removed)...
>> > We are planning a test environment running Windows Server 2008 64-bit
>> > servers
>> > in a colocation facility. I need some advice as to domain controller
>> > and
>> > DNS
>> > configuration as I am used to hosting these services within our own
>> > offices.
>> > If someone can answer, it would be greatly appreciated.
>> >
>> > The following is our goal:
>> >
>> > 1. To have a front-end server running a website via IIS, Commerce
>> > Server
>> > via
>> > a Hyper-V vm, OCS Edge Server via a Hyper-V vm, and an Exchange Edge
>> > Server
>> > running on the local server.
>> >
>> > 2. Have a back-end server running OCS 2007 via a Hyper-V vm, Exchange
>> > Server
>> > 2007 mail server.
>> >
>> > 1. If the colocation facility is providing DNS (external facing), how
>> > should
>> > these servers be configured?
>> >
>> > a. Should I create the back-end server as a primary DC creating a new
>> > forest and domain, company.com, and have the mailboxes and SIP (OCS)
>> > accounts
>> > located there running its own internal DNS (i.e. 10.1.1.1 - 10.1.1.x)
>> >
>> > b. Should I configure the front-end server as a DC, part of the
>> > company.com
>> > forest/domain above, so that it can connect to the OCS and Exchange
>> > Server
>> > via the 10.1.1.x network and then use the external physical NICs (there
>> > are 4
>> > physical NICs on this server) pointing to the static Public IP
>> > addresses
>> > that
>> > the colocation provider assigns?
>> >
>> > My confusion is that I'm not sure if we have to create the internal
>> > server
>> > on a separate domain like corp.company.com or if it should create the
>> > company.com forest / domain because the colocation provider will be
>> > managing
>> > the external facing DNS.
>> >
>> > Thanks for making this as clear as mud.
>>
>>
>>