RE: [users@httpd] Apache/Domain Controller

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Don't mean to throw a wrench in the other direction.  We have several
small clients that have a necessity for Exchange 2003 and thus we build
them a Windows 2003 server (as a PDC which is required for Exchange) and
then throw Exchange on it and then usually put Apache on top of that so
we can do a proxy to the IIS server on the same box.  Sounds insane but
it does work.  

As for putting the final product on the internet I don't advise it but
sometimes that is the circumstance.  In the case of these customers they
typically sit behind a firewall with only port 80 and 443 open.  For
other cost cutting reasons we typically run these on Dell 8400's with
2gb ram and mirrored drives.  The software usually costs more than the
server.

Can it be done?  Yes.  Would I do it?  No.  Have we done it before?
Yes.  I'll just say my PDC's are happy all by themselves way behind the
firewalls.

Just my $0.02.

Gary 


> -----Original Message-----
> From: Leasure, James [mailto:JLeasure@xxxxxxxxxxxxxx]
> Sent: Wednesday, April 20, 2005 1:24 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: RE: [users@httpd] Apache/Domain Controller
> 
> Thanks, everyone!
> 
> You've all made excellent points!
> I think I've got enough firepower to prove my point now :)
> It's much appreciated :)
> 
> James
> 
> -----Original Message-----
> From: Laura Vance [mailto:vancel@xxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, April 20, 2005 3:19 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re: [users@httpd] Apache/Domain Controller
> 
> As some other people have mentioned but not said outright.  Microsoft
> does not recommend any two servers running on the same machine.  They
> are specifically talking about PDC being on its own machine, IIS being
> on its own machine, MSSQL Server being on its own, Exchange server on
> its own... etc, etc.
> 
> The basic rule of thumb is don't have more than one major service on a
> single Microsoft server machine.  When the OS manufacturer says it,
> there must be a reason for it, so if you're looking for a reason to
> justify separating the two services (ie. trying to get a boss to
> understand), this would probably be the best route to take.
> 
> For a more specific reason, you never ever ever ever want a windows
PDC
> to sit on the Internet.  If you run a web service (Apache or IIS or
> WebSphere or whatever), that means it has some contact with the
outside
> world.... aka a direct connection to the Internet (unless it's behind
a
> port forwarding firewall, but that's a different matter and still not
a
> good thing for a PDC).  So, to satisfy the need of keeping your PDC
> isolated to your internal network, you really need to separate the PDC
> and web server functionality.
> 
> I've been a systems/network admin for both Microsoft and *nix
networks,
> and while I prefer *nix, I still know a bit about MS and their
> guidelines.
> 
> Leasure, James wrote:
> 
> >Hello All!
> >
> >I know is totally uncool to even ask, but can anyone point me to some
> >docs, or tell me why you should not run Windows Apache service on a
> >Window's primary domain controller?
> >
> >Thanks,
> >James
> >
> >
> >
> 
> --
> Thanks,
> Laura Vance
> Systems Engineer
> Winfree Academy Charter Schools
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux