setup a lab/test environment and need some questions answered

[mlchris2]

I want to setup a test environment in order to test some AD/Exchange proceses.

I want to run a domain in the lab, but want to keep it seperate from my current company domain.

I also want to use exsisting network infrastructure ( switches, routers, firewalls) as a means to access some of these services in this test lab.


I have a 2003 Standard server built, ready to Promo to a DC. Should I create a stand alone Domain, with a seperate DNS server or should I create a new domain in the Forrest?



Mark C.

 

[Roadki11]

I would create a separate domain in a separate forest, you dont want anything slipping in from your lab to your production environment or vise versa. i would also isolate the lab physically from the production environment, meaning put the lab on its own switch or vlan and even separate the 2 with a router. Again this will prevent crap like netbios info and such from spilling over into your production environment yet still allows you access to resources on the production side like internet and file shares and what not. I also use VMWare a lot, gives me the ability to screw things up and quickly restore to pre-screw-up in very short order, also saves on hardware. You can get VMWare server for free and its easy to setup and use.

just my 2 cents,

RoadKi11

 

[58sniper]

Completely isolate the lab. As Roadki11 said, you don't want things from the lab side getting out, and don't want things from the production side coming in.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[mlchris2]

I did some research last night and found that I could run 2 exchange servers if I created a new domain in the forest. After I promo my lab server... I ran into alot of Global Catalog issues.

I sat down and thought this through and your all correct, this would be the best. I'd like to connect (RDC) to some of these machines... would i be able to do so in this type of environment?

Mark C.

 

[58sniper]

If you separate the two environments by a router or firewall, you'd only need to forward the correct port (3389).

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[Roadki11]

Yes you can use remote desktop to manage the servers. Just forward the ports through the router and off ya go. Doesnt even have to be a good router(Cisco), buy a cheap linksys or d-link and point and click way through it. If you are not comfortable with cisco ios that is.

RoadKi11

 

[mlchris2]

Hey, thanks guys....I had a an old switch and dlink router around. I appriciate your input, the way I was going about it was all wrong.


Mark C.

 

[TheLad]

I wouldn't say you were going about it all wrong mate. I see a lot of people who think it is acceptable to test in the live environment so at least you had the foresight to create a test environment!

--------------------------------------
"Insert funny comment in here!"
--------------------------------------

 

[mlchris2]

Alright, I've ran into a snag and I need someone else to tell me where I might be screwing up. My guess it would be a limitation of the hardware... as odd as that may sound.


Test lab:

* d-link 604 router
***WAN: 10.X.0.19 (reserved IP from the live-network)
***DNS: using ISP DNS servers
***LAN: 10.X.2.1
DHCP: disabled


* server running Server 2003
***static IP: 10.X.2.20
***subnet: 255.255.255.0
***static Gateway: 10.X.2.1
***static DNS: 10.X.2.20 (server is a DC/DNS server)


*Test lab router is connected to Live-Network switch
*Added static route in Live-Network Router to route all traffic to 10.X.2.0 to 10.X.0.19


I can ping any 10.X.0.0 ip from the test lab router and test lab server.

I can ping the 10.X.0.19 from any 10.X.0.0 ip'd device

When I do a trace route to 10.X.2.1 from 10.X.0.0 device... it hits the live-network router(10.X.0.1) then routes to 10.X.0.19 and then time-outs....

Ive tried adding the test lab server to the test lab routers DMZ... setting up various firewall routes and I still cant ping the 10.X.2.1 and 10.X.2.20 ip addresses.


any advice???




Mark C.

 

[mlchris2]

My goal....

I'm running an exchange server in this lab environment. I want to be able to send email from my live environment to the exchange server in the lab.

do I need to add a DNS Zone in the live network in order to be able to do this? I dont want the email going to testlab.com out to the public... I just want it to go internally.

help is needed, I've been trying to figure this out

Mark C.

 

[Roadki11]

I am thinking you need to add an MX record in both domains dns pointing mail for each domain to the other. So in the test domain create an MX record pointing to the production domain and in the production domain create an MX record pointing to the test domain.

RoadKi11

 

[mlchris2]

After several days of beating my head against the wall, I finally figured it out.

I have 2 DC's on my production network, 2 routers (connecting our two offices).

I added a static route for the test lab subnet in Router 1 to route to the test lab router.

I had to add a secondary DNS zone in production DC #1 and DC #2 for the test lab

Once I did this, I was talking locally and all is well. thanks for all your help

Mark C.