Cluster security in DMZ

Hi,

We are looking to put a public DNS server in our DMZ but also want it to be
on our Hyper-V cluster.

I'd like to install a standalone Windows Server 2008 virtual server on our
Hyper-V cluster, but am concerned about security. The Hyper-V host is on our
domain and has direct network links into our LAN.

Is there enough security between the Hyper-V host and Hyper-V virtual
machine to be able to run a standalone public server on a host that is in a
domain?

Thanks,

Ben

"benenglish100" <> wrote in message
news:6344422E-21B3-4B61-8C16-...
> Hi,
>
> We are looking to put a public DNS server in our DMZ but also want it to
> be
> on our Hyper-V cluster.

You have a Hyper-V cluster in your perimeter network? Is it a separate
domain from the internal domain? (hint, please say it is)

> I'd like to install a standalone Windows Server 2008 virtual server on our
> Hyper-V cluster, but am concerned about security. The Hyper-V host is on
> our
> domain and has direct network links into our LAN.

A standalone server is not an issue whether it is physical or virtual. Since
it is a DNS server, you can readily lock it down using SCW. My concern is
the host being a failover cluster since it has to be part of a domain. I am
more worried about the hosts than I would be about the VM.

> Is there enough security between the Hyper-V host and Hyper-V virtual
> machine to be able to run a standalone public server on a host that is in
> a
> domain?

The protection of the hosts can't be provided by the VM, if that is what you
are asking.

Russ Kaufmann
MVP, MCT, MCITP x7, MCTS x9, MCSE x4, CTT+
ClusterHelp.com, a Microsoft Gold Certified Partner