However, this particular risk is easily mitigated by intelligent firewall policies. In fact,  domain membership will make the firewall configuration easier and more secure.

Advantages of Domain Membership:

• Granular user/group access controls for all protocols
• Full support for user certificate authentication
• Full support for Group Policy management

Disadvantages of Domain Membership

• If your firewall is compromised, your entire domain may be at risk. However, keep in mind that if your firewall is compromised, there is little on your network that is not at risk.

Summary

While ‘security’ concerns are most often cited to keep servers (IIS servers, DB Servers, App Servers…) off domains (i.e. are NOT domain joined), these concerns are old school. With newer firewall technologies, the best practice actually involves Domain-Joining all the servers you need to. Of course, keeping your data tier in it’s own VLAN – separated from the web-tier would be part of the best practices.

The post To Domain Join or Not appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.