Two forest or single forest

Discussion in 'Server Security' started by Stephane M, May 12, 2010.

  1. Stephane M

    Stephane M Guest

    French version at the end of the message.

    I'm designing a Windows 2008 R2 architecture, this architecture have
    presented two models. The first is designed with two forest, one internal and
    one in the DMZ. The second model is composed of a single forest with many
    domain. I will tend the proposed model with two forest, but people side
    application requires only forest, which their views would simplify the
    deployment and application management of type SharePoint. In saying that
    safety is not really impacting.

    I'd like to have your opinion and impact safety rated the model or the other.

    Thank you

    Stephen Munger


    Deux forets ou une seul foret

    Je suis à concevoir une architecture Windows 2008 R2, dans cette
    architecture j’ai présenté deux modèles. Le premier est conçu avec deux
    forets, l’un à l’interne et l’autre dans la DMZ. Le second modèle est composé
    d’un seul modèle avec plusieurs forets. J’aurai tendance a proposé le modèle
    avec deux forets, mais les gens coté applicatif requière une seul foret, qui
    a leurs point de vue simplifierait le déploiement et la gestion d’application
    du type SharePoint. En disant que la sécurité ne serait pas vraiment impacter.

    J’aimerai avoir votre opinion coté sécurité et l’impact du modèle ou l’autres.


    Stéphane Munger
    Stephane M, May 12, 2010
    1. Advertisements

  2. Hello Stephane,

    If there is not really a need for a security boundary i owuld use a single
    forest model. This will save you additional work, creating and monitoring
    a trust for access the other forest.

    If you have the need for separation you can also use a perimeter network,

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], May 12, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.