[lvs-users] Single-lan config?

Graeme Fowler graeme at graemef.net
Mon Oct 13 09:21:58 BST 2008


On Fri, 2008-10-10 at 21:00 +0100, Malcolm Turnbull wrote:
> Normally you wouldn't want load balanced servers to be in an anctive
> directory domain...

Well... perhaps not a "corporate" one. Especially not if you're allowing
your web editors/content people/users/customers/whoever to upload and
run arbitrary code such as CGI, ASP, ASP.NET and so on.

In my last job I was involved in developing and building a large Linux
and Windows web hosting infrastructure behind a pair of Linux directors
(which I believe have now been replaced with F5 boxes, because corporate
strategy changed and the people used to managing the LVS boxes all moved
on). Part of that infrastructure used an AD domain with the domain
controllers logically "behind" the webserver tier, and firewalled off
from a lot of the rest of the platform.

It meant that we could make use of the AD for both Windows and Linux
user management and access control, which worked pretty nicely -
especially given that the storage backend was a NetApp box which also
talked to the AD.

I've now been away from it for nearly three years so I have no idea how
well it's lasted!

Graeme





More information about the lvs-users mailing list