Aprender a Hard Way — DMZ WFE Debe ser nun dominio

Aínda que non é literalmente certo, Como unha cuestión práctica, unha Internet dedicado a web front-end nunha DMZ debe estar nun dominio (i.e. non un servidor independente no seu propio pequeno grupo de traballo). It doesn’t need to be in the same domain as the internal WFE(s) e outros servidores (e probablemente non debería), but it needs to be a domain.

My colleagues and I spent an inordinate amount of time on a proposal which included SharePoint pre-requisites. This included a comprehensive list of firewall configurations that would enable the DMZ server to join the farm and so forth. Desafortunadamente, we failed to add a sentence somewhere that said, to the effect, "the whole bloody point of this configuration is to allow your DMZ WFE server, in a domain, to join the internal farm."

A perfect storm of events, where we basically looked left when we might have looked right, conspired to hide this problem from us until fairly late in the process, thus preventing me from invoking my "tell bad news early" rule.

Sigh.

Rexístrate para o meu blog.

Technorati Tags:

Deixe unha resposta

Enderezo de correo electrónico non será publicado. Os campos obrigatorios están marcados *