I am facing problem with Active Directory DC and DMZ. I need some help here in fixing the same. There is a internal network in our company with dmz zone. There are some application configured on the same with IIS server. All the DC are placed on the internal lan and the iis server in on the server. From security point of view this can be proper. But from design point of view this looks like less secure to me. I need some help here. I want to run SQL clustering and somehow the dmz server will be the part of the same. What is the best way to configure that. It is fine to keep all the ports open or simply configure this on a single port.