[lvs-users] Single-lan config?
dd-b at dd-b.net
Mon Oct 13 21:13:11 BST 2008
On Mon, October 13, 2008 03:21, Graeme Fowler wrote:
> On Fri, 2008-10-10 at 21:00 +0100, Malcolm Turnbull wrote:
>> Normally you wouldn't want load balanced servers to be in an anctive
>> directory domain...
> Well... perhaps not a "corporate" one. Especially not if you're allowing
> your web editors/content people/users/customers/whoever to upload and
> run arbitrary code such as CGI, ASP, ASP.NET and so on.
My desktop system is part of the corporate domain. So are the desktops of
the people doing Windows development. Why would making a server part of
the domain be any more dangerous than that? And that's standard anywhere
that does Windows development.
> In my last job I was involved in developing and building a large Linux
> and Windows web hosting infrastructure behind a pair of Linux directors
> (which I believe have now been replaced with F5 boxes, because corporate
> strategy changed and the people used to managing the LVS boxes all moved
> on). Part of that infrastructure used an AD domain with the domain
> controllers logically "behind" the webserver tier, and firewalled off
> from a lot of the rest of the platform.
> It meant that we could make use of the AD for both Windows and Linux
> user management and access control, which worked pretty nicely -
> especially given that the storage backend was a NetApp box which also
> talked to the AD.
Good to know the private domain on the private LAN is workable; in case I
need to do that.
David Dyer-Bennet, dd-b at dd-b.net; http://dd-b.net/
More information about the lvs-users