G
Guest
ihh
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
P
ptwilliams
Firstly, that's not much of a question if you don't mind me saying so.
Secondly, why? What are you trying to achieve?
Give us some more info. and I'm sure we'll be able to help.
--
Paul Williams
http://www.msresource.net
http://forums.msresource.net
ihh
Secondly, why? What are you trying to achieve?
Give us some more info. and I'm sure we'll be able to help.
--
Paul Williams
http://www.msresource.net
http://forums.msresource.net
ihh
G
Guest
Hi Paul, thanks for responding, sorry i've been gone over the holidays.
Anyway, my question is related to what is the recommended practice for
handling access to dmz servers from internal clients. Basically, I have two
requests. One is to either create a public dmz active directory with a trust
to the internal domain or allow a domain controller from the inside to reside
in the public dmz. I am uncomfortable with both and have searched high and
low for information from others as to what would be the best way to allow our
users access to servers residing in the public dmz. Do you have any
suggestions or best practices. Thanks. ih
Anyway, my question is related to what is the recommended practice for
handling access to dmz servers from internal clients. Basically, I have two
requests. One is to either create a public dmz active directory with a trust
to the internal domain or allow a domain controller from the inside to reside
in the public dmz. I am uncomfortable with both and have searched high and
low for information from others as to what would be the best way to allow our
users access to servers residing in the public dmz. Do you have any
suggestions or best practices. Thanks. ih
R
Ryan Hanisco
This does work though it is a bit labor intensive. You should also consider
securing/ signing all replication traffic if you are passing it into a DMZ.
Take a look at the following link:
http://www.microsoft.com/technet/pr.../activedirectory/deploy/confeat/adrepfir.mspx
That said, what are you trying to do? Authenticate a web page? OWA? You may
have a better option like LDAP or RADIUS (IAS).
securing/ signing all replication traffic if you are passing it into a DMZ.
Take a look at the following link:
http://www.microsoft.com/technet/pr.../activedirectory/deploy/confeat/adrepfir.mspx
That said, what are you trying to do? Authenticate a web page? OWA? You may
have a better option like LDAP or RADIUS (IAS).
K
Kieran
Alternatively,
You could have an two separate forests.
It's the best security option then do a scheduled selective replication from
internal to external for accounts - perhaps even script it.
It's what i'd do - keep your internal and external completely separate,
though this may depend on what your requirements are - what do you exactly
what to do?
How were you planning on sharing the data anyway? TS, WebDAV, OWA?
You could have an two separate forests.
It's the best security option then do a scheduled selective replication from
internal to external for accounts - perhaps even script it.
It's what i'd do - keep your internal and external completely separate,
though this may depend on what your requirements are - what do you exactly
what to do?
How were you planning on sharing the data anyway? TS, WebDAV, OWA?