RE: Network diversity Software diversity

[Eric Germann <ekgermann () cctec com>]

At 12:12 AM 1/26/01 -0800, Roeland Meyer wrote:

> > From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
> > Sent: Thursday, January 25, 2001 11:48 PM
> >
> > On Thu, 25 Jan 2001 22:40:50 PST, Roeland Meyer said:
> > > Okay, how do you do security, in Win2K, without a domain 
> > controller? 
> > > How do you do a Win2K domain without active directory?
> >
> > Contrary to what many puntits would have you believe, you don't
> > need to be in a domain and be running AD just to serve up static HTML.
> > Beware such pundits - they are probably trying to sell you 
> > either a software
> > or hardware upgrade. ;)
>
> > You don't even need to be running Win2K.  I hear even NT 4.0 does
> > a passable job once you install all the IIS patches. ;)
>
> Actually, Linux does it better w/ Apache. But, IIS is a better RAD
> environment. But, that isn't the issue. The track started about DNS at MSFT.
> Windows networks have Win domain controllers ...

Windows networks don't have to have domain controllers.  Go read about the concept of member servers from NT4.  In 
reality, all Win2K serves start as member servers and are then promoted to domain controllers when the time comes to 
make them one.  They can also be demoted.  No one says you have to do that either.  How you build a network to serve 
static content and how you build a network for people to be able to log on, do file and printer sharing are radically 
different.  In fact, you don't even need domain controllers for the latter.  In that case, the onus is on you the user 
to figure out how to keep all your passwords on all your servers in sync.  Of course, people who run Unix tend to not 
have as much problem with this as people who are not that technically literate.


> > > > From: Eric Germann [mailto:ekgermann () cctec com]
> > > >
> > > > Uhh, I highly doubt they have a requirement to run DDNS on 
> > > > the front ends.  If all you're doing is serving up html pages 
> > > > without user authentication, Win2K is perfectly happy with 
> > > > its own internal account database.  DDNS is a pre-req for AD, 
> >
> > As Eric said.... you don't need bells and whistles.  And if you're
> > building a machine that *has* to work, you probably want to avoid
> > bellls and whistles, as broken bell and whistle parts get jammed in
> > the gears and cause failures....
>
> MSFT is not running static anything.


Attribution???  probably not internally, but almost certainly on the DMZ.



==========================================================================
  Eric Germann                                        Inacom Info Systems
  egermann () inacomlima com                             Lima, OH 45801
                                                      Ph:  419 331 9050
  ICQ:  41927048                                      Fax: 603 825 5893

"It is so easy to miss pretty trivial solutions to problems deemed
complicated.  The goal of a scientist is to find an interesting problem,
and live off it for a while.  The goal of an engineer is to evade
interesting problems :)"  -- Vadim Antonov <avg () kotovnik com> on NANOG