The original cluster consisted of a single forest, single domain and contains VM’s as well as the cluster nodes. It simplifies management however it runs the (higher) risk that if an exposed VM gets compromised it spreads to the domain controller and then would allow for compromise of the hardware nodes which may lead an attacker further down my environment…
I’ve given this some thought and in line with my current information security design I’m, going to split this environment in two domains:
- One domain for the cluster nodes named cluster.intranet
- One domain for the VM’s / GuestOS named tartarus.intranet
For the cluster to operate at its best, you need domain joined cluster nodes. As explained in the network design, the cluster nodes will be placed in the more secure C4 VLAN. As we still need a domain controller to validate and form the cluster, this is where the new DC1 will be placed as well.
By splitting the cluster nodes from the virtual environment I can (re)deploy single VM’s or an entire datacenter environment regardless of the physical cluster nodes and their operation.
It also decreases the attack vector on the host environment’s domain services as no real accounts, configurations, security settings are available to be exposed or misused. Just the VM stuff which will be periodically erased and redeployed anyway.
*Note-to-self: outline domain structure(s) with picture and further explanation