Windows 10: Can i put Host Guardian Service domain behind the firewall

Hi - We are building a HGS domain to implement shielded hosts and VM'sAll seems pretty standard and well documented, but the question has arisen whether we can protected guardian domain behind the firewall to add a layer of security.The advise is the guardian servers sitting in their own isolated domain needs a secure tunnel to the fabric domain. No mention of any firewall protection, accepting if its not there, its not a requirement, but i wondered if this would cause an issue?Thanks

:)

 

Choosing a Web Hosting service?

So I have a simple pure HTML website hand coded by me for a small business. It's a very simple website that we do not expect to get much traffic, but will serve as a place for customers to find out the address, phone number, hours, etc. of the business. I'm looking for an affordable host and domain name that will let me use FTP to upload HTML files. There's just so many hosts out there like GoDaddy, Just Host, and so many more out there. I have never setup a website before, so I'd like some pointers and recommendations on picking a host and a company for the domain name. Any suggestions are welcome.

 

Raising the windows domain and forest issues?


hi,

I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
That went off without any problems.. Our trust relationships had no issues also.

My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
These are the features for raising the levels to 2008:

• Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
• Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
• Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
• Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

Forest Level Windows Server 2008

• Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.

My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

Domain Level Windows Server 2008 R2

• All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

Forest Level Windows Server 2008 R2

• All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:

• Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
• All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

Here is my big concerns for the next raising of domain and forest to 2012.

Forest Level Windows Server 2012:

• All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
• All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

Domain Level Windows Server 2012 R2: <=====Need to investigate more and why this post

• DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:

• Authenticate with NTLM authentication <==============(what issues may arise)
• Use DES or RC4 cipher suites in Kerberos pre-authentication
• Be delegated with unconstrained or constrained delegation
• Renew user tickets (TGTs) beyond the initial 4-hour lifetime

Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

Has anyone gone through this? what problems did you have, if any , if a lot???

Any thoughts and suggestions will be much appreciated??

thanks


- - - Updated - - -

One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
PLEASE LET ME KNOW

 

web domain, host, dreamweaver

Always keep domain and hosting separate. Don't go with a host who oversells, as this is likely to lead to issues (overselling is when they sell more resources than they have available on a server, and its a dirty advertisement trick to get people who don't know anything about hosting to buy into the numbers instead of the service).

I'd suggest going to www.webhostingtalk.com and asking your question there, they are up to date as to what the good hosts are.

In my experience (though I am unsure of your purpose/budget is with this site), I would recommend either medialayer.com (very fast servers, knowledgeable and quick to answer support; they answer within minutes but somewhat pricey), or www.downtownhost.com (who oversells a bit, but support always answers in less than an hour, and servers aren't loaded heavily, and their blog plan is just like the regular hosting plans but cheaper).

Think about how much you actually need for your site initially. I can guarantee your site will not be using more than 1GB of storage or bandwidth in the first few months, unless it becomes very popular and you are hosting large files. Don't buy fake $5 1.5TB storage 15TB bandwidth plans, there is a reason people get dedicated servers with dedicated lines for $100's monthly instead of getting a $5 hosting plan.