The basic unit of Windows NT Server, the domain, is a group of computers that share a database and have a common security policy. A Windows NT domain contains a primary domain controller computer, which acts as the resource and user manager for the entire domain. One or more computers in the domain may be configured to act as backup domain controllers, which can take over for the primary domain controller should any problems arise. The remaining computers in the domain are either user workstations or else servers that provide resources to domain users.
Figure 4.5 Domain and subdomain model.
Within a Windows NT domain, SNA Server computers are logically grouped into subdomains. Each SNA Server subdomain can contain up to 15 SNA Server computers, and a Windows NT domain may contain an unlimited number of subdomains.
Before you deploy your SNA Server computers, you need to decide whether they should be placed in an existing Windows NT domain or in a separate domain, perhaps with trust relationships to an existing domain. In smaller environments, a single Windows NT domain may be the easiest to maintain and implement. For larger environments, multiple domains may be a better choice.
Your first priority should be to optimally organize users, not to optimally manage the various functions of different servers in the domain. Note that if you place SNA Server computers in a domain with servers performing other functions (for example, Systems Management Server computers), SNA Server performance will be only slightly affected.
Another priority in planning your Windows NT domain structure is to minimize network traffic. Windows NT authentication traffic in particular can be reduced by determining which user domains are connecting to the Windows NT Server on which SNA Server is installed. If a user domain establishes a trust relationship with the domain that contains the SNA Server computer, you should consider placing the Windows NT network Primary Domain Controller (PDC) near the SNA Server computer to reduce network traffic. If you don’t need to assign individual host resources to users, you should consider placing SNA Server computers in a separate Windows NT domain with no trust relationships to the user domain(s). In this scenario, you can allow access to the SNA Server computers by enabling guest access to the Windows NT domain.
For more information, it is recommended that you read the discussion of domains and trust relationships, and the various domain models, in the Windows NT Server Planning and Concepts Guide included with Windows NT Server.