Service Placement¶
Purpose¶
This document defines where services should run during each phase.
Phase 1 placement¶
| Service | Server | Reason |
|---|---|---|
| AD DS | HQ-DC01 | First domain controller |
| DNS | HQ-DC01 | Required for AD |
| DHCP | HQ-DC01 | Simplicity during initial phase |
| Management tools | HQ-MGMT01 | Keep admin tools off DC |
| Firewall | HQ-FW01 | Central routing and security |
Future placement¶
| Service | Future Server | Reason |
|---|---|---|
| PKI | HQ-CA01 | Separate security-sensitive role |
| NPS/RADIUS | HQ-NPS01 | Separate network access role |
| File Services | HQ-FS01 | Dedicated storage and permissions |
| Monitoring | HQ-MON01 | Separate observability stack |
| Backup | HQ-BKP01 | Dedicated backup and recovery role |
Rule¶
Domain controllers should not become general-purpose servers.