Wireless Networks Thread, Having separate Domains and Subnets in Technical; Hi,
We have recently got a new Principal at our school who wants me to write a report on the ...
27th November 2008, 09:45 AM #1
Having separate Domains and Subnets
We have recently got a new Principal at our school who wants me to write a report on the pros and cons of seperating our domain into admin and curriculum, and or having sperate subnets.
We are a small independent school with around 350 students and around 200 machinesand the network was all set up when I got here.
Have read a few posts on this site on schools merging their networks but not the other way round. It is something I know very little about, I was wondering if anyone could give me a few ideas or point me in the direction of some useful info so that I can write something that will give the impression I know what I'm talking about.
27th November 2008, 09:49 AM #2
The official advice from MS is not to maintain split domains with trusts any more, but to amalgamate them and use granular permissions within the forest to control rights. Splitting them does add a lot of complexity if there are resources crossing the boundaries.
Thanks to powdarrmonkey from:
gollops (28th November 2008)
27th November 2008, 10:00 AM #3
So long as you're running Windows 2000/2003 Server or later and Windows 2000/XP on your workstations then you're safe to have one single domain. Active Directory allows you to create security groups which you then allocate to the relevant shares. This gives you control who has access to what resources.
27th November 2008, 10:06 AM #4
We are in the process of merging our networks from the same kind of setup that you are looking at going to. When I started at the school they had 2 physically seperate networks, 2 domains, 2 seperate ADs, 2 seperate usernames/password etc.... It doubles my work load having to maintain 2 seperate networks - so there is a con for you.
Like powdarrmonkey says splitting them does cause complexity there are resources crossing the boundaries. One example we have is E-Mail. Our Exchange server sits on the curriculum network. All works fine until their password expires and they can't logon to it - but they do know this has happened because they don't get the "you password is about to expire" dialog.
The reason it is why it is here was becuase of security concerns, but with proper use of permissions there is no real reason for seperation.
BTW - are you in Croydon, South London?
Thanks to adamf from:
gollops (27th November 2008)
27th November 2008, 10:43 PM #5
Many thanks for your reply
27th November 2008, 11:15 PM #6
One issue with 2 subnets is all traffic must go via a layer 3 device to be routed to the other network.
Advantage is you have control via ACLs of exactly what crosses the boundry.
Disadvantage is it is a potential bottleneck as all traffic must pass through the single point.
28th November 2008, 12:28 AM #7
Having entirely seperate networks is much more secure but its overkill for schools. As long as the permissions/security groups and group policys are in place you won't have any issues with students gaining access to areas they shouldn't.
File permissions wise I usually ensure that any staff only areas have deny acl's for students even though they don't really need them - at least then even if a student is a member of one of the groups allowed access they'll be denied because they are part of the student group.
28th November 2008, 11:04 AM #8
Many thanks, do you know where I can access the advice re. split/amalgamated domains have not found anything on the internet so far?
28th November 2008, 12:19 PM #9
Of course - the other problem is that the separation between "Admin" and "curriculum" is blurry at best - I have found that pretty much, people want to sit at a PC and be able to work, be it in the MIS system, office stuff or educational programs - not a problem for Admin staff who usually have an office - but often a problem for middle & senior management on the teaching side.
28th November 2008, 02:43 PM #10
A search on the site for 'flat network' should bring up the previously discussed threads which include links to British Standards for security on networks that can apply as well as possible alternatives.
28th November 2008, 05:37 PM #11
We're looking to merge Domains early next year. Taking up a lot of administration time have seperate Domains, when they all shared the same physical network anyway.
With SIMS now being used for Electronic Registration I've set up a trust between the Domains for the time being, and am starting to plan merging the Domains. Makes SIMS pointless being seperate now and with Learning Gateways, etc, etc in the offering I just want to keep things simple.
Get your AD structure right and permissions correct and security should never be an issue.
28th November 2008, 05:57 PM #12
Have PM'd you with details that may help
28th November 2008, 05:58 PM #13
- Rep Power
Unless you use layer 3 switches. TBH, you really don't need two entirely seperate networks, permissions on folder shares...etc will be plenty good enough I would imagine?
Originally Posted by j17sparky
There are very few advantages with having more than one domain. The only one coming to mind at the moment is that it's less easy to accidentally give everyone permissions to do something, for example. WHATEVER\domain users...etc.
As from 2008, Vista...etc, everything is more geared up towards a single domain. I don't see any reason at all why you would want to go from a single domain to multiple domains, you're just creating a lot of needless work for yourself and you will ultimately end up with two networks to administer instead of one!
28th November 2008, 05:58 PM #14
We are merging too finally a week on wednesday. For all sorts of reasons including E-registration etc. It is a pain to mange 2 physically seperate networks as you end up doing most things twice. Also I dont have to keep explaining to the staff that X is only available on admin or curric etc.
28th November 2008, 06:08 PM #15
- Rep Power
By Little-Miss in forum Hardware
Last Post: 3rd October 2008, 06:19 PM
By Sunderwood in forum Windows
Last Post: 23rd June 2008, 05:20 PM
By Ste_Harve in forum Wireless Networks
Last Post: 25th June 2007, 12:42 PM
By Gatt in forum Wireless Networks
Last Post: 2nd March 2007, 11:22 AM
By Joedetic in forum *nix
Last Post: 28th June 2006, 09:06 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)