Win Web Hosting

To be honest, you are 3 servers short of a best practices installation. NEVER run TS on a domain controller! That would have ordinary users logging on locally to a domain controller. That is always a HUGE security hole. You’re also looking at some potentially serious performance issues, especially given that a DC puts processing priority on background services while a TS box puts processing priority on foreground services. Adding a database to the mix makes it even worse, both from a security and performance perspective.

Ideally you need two discreet domain controllers in order for your network to be redundant. A single DC is a huge pain if it fails, and that assumes that you have a recent backup of the machine to work from.

All machines should be single-role. That means 2 domain controllers, a Terminal Server, a database server, and a web server. The web server should sit in the DMZ and NOT be a part of the AD structure. If it needs to pull data from inside the firewall, pinhole connections as needed, but don’t use the default ports. If the web server gets hacked, the last thing that you want is to have it used as a platform to attack the internal network.

If you absolutely positively cannot convince the client to purchase the additional servers, a second-best solution would be to consider server virtualization. If the box that Server 08 is being installed on supports Hyper-V that would be a major plus as you can run the virtualization at a level that lies between the BIOS and the full OS. That will allow you to performance tune each virtualized server independently without contention at the OS level. Do be sure that your hardware is highly redundant (hardware RAID, multiple NICs, redundant power supplies, etc.) so that a single failure does not bring down the entire stack. See this link for more information on virtualization with Server 08 R2: http://www.microsoft.com/windowsserver2008/en/us/hyperv-main.aspx