SteelHead™ Deployment Guide - Protocols : Signed SMB and Encrypted MAPI Optimization : Domain Relationships
Domain Relationships
Some organizations might have more than one Windows domain in use in their environment. A SteelHead, like a Windows server, can only join a single domain. Therefore, the choice of which domain the SteelHead should join depends on the domain where the file or mail servers are located, and the type of trust relationship between the SteelHeads potential domain, the file or mail servers domain, and the domain containing a user's credentials.
Figure 3‑1 shows an example of a simple, single domain structure. All resources (clients, servers, and so on) that have joined the same domain are subject to the domain permissions and authentications, and can access the other available resources. Only a single domain controller is required in this case, although you can have more than one domain controller for resilience. The SteelHead must join the one available domain as a precursor to secure Windows protocol optimization.
Figure 3‑1. Single Domain Structure
Figure 3‑2 shows an example where clients are in one domain and servers are in a second domain. There is a trust relationship between the two domains that allow the clients and servers to access each other. The trust relationship is a one-way trust. The client domain is described as the Trusted Domain and the server domain is described as the Trusting Domain. The arrow that indicates the direction of trust is from the trusting domain to the trusted domain. Because of the one-way trust, only the resources in the client domain are allowed to access the resources in the server domain and not the other way around. Each of the two domains has its own domain controller, each with their own database for the resources in its domain.
Figure 3‑2. Two Domains and One-Way Trust Structure
Figure 3‑3 shows an example of a configuration where there are multiple domains. In a two-way trust, each of the resources in the child domains can access the other domains through the top-level (parent) domain as long as the correct permissions have been set up within the child domains.
Figure 3‑3. Multiple Domains with Two-way Trust Structure
There can be a mixture of domains with domain controllers with different Windows operating system versions and a mixture of trust types. Native mode is when all domain controllers run the same version of operating system, and Mixed mode is when there are different versions of the operating system.