Announcement

Collapse
No announcement yet.

Forest vs Child Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Forest vs Child Domain

    Hi Guys,

    I'm thinking to separate the Development/Test environments from Acceptance/Production (DTAP). For this i don't want to make the separation only on the host level but i'm also thinking whether to choose to create a separate forest for Dev/Test or a child domain.
    What are your recommendations? Child domain or different forest?

  • #2
    Re: Forest vs Child Domain

    It really (IMHO) comes down to the naming you want to have. If you are happy with domain.com and test.domain.com, use a child domain. If you would prefer to have test.com and domain.com, use separate trees in the forest.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Forest vs Child Domain

      I'm looking for more pro/cons, not only related to the domain naming convention

      Comment


      • #4
        Re: Forest vs Child Domain

        Sorry, I read it as two trees in the same forest.

        Separate forests have the advantage of security separation (you can create trusts etc) but more administration required. Will need to think of other issues
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Forest vs Child Domain

          If you've got the space/hardware, you may also want to consider a duplicate 'development' domain with the same name, but physically separate from your production system. We use such a setup, esp. since our Live system is all VMs. simply copy the VM definition and VHDX files to your separate system and turn them on. All your IP info, etc., remains unchanged.

          The only real drawback is a separate PC on your desk for each system, but a KVM can help keep the clutter down on the desk. We apply WSUS patches, new software, create MSI's for deployment, build SharePoint site collections, build new web apps, etc., all on our Dev setup. When we're happy nothing's going to break, we apply the changes to Live. To roll new things out on Live, we use USB devices to copy from one to the other to maintain separation.

          Some may say this creates an unacceptable admin overhead of 2 systems to deal with, but so would you with a child or trusted domain. At least, with the separation, the Dev system is a sacrificial lamb for developer's mistakes, dodgy WSUS updates, etc., without the Live users ever having a service outage.
          *RicklesP*
          MSCA (2003/XP), Security+, CCNA

          ** Remember: credit where credit is due, and reputation points as appropriate **

          Comment

          Working...
          X