Terminal server on DMZ ?

  • Thread starter Thread starter Michele L.
  • Start date Start date
M

Michele L.

Hi,

I have to connect to my server from everywhere (through Internet) to run
some applications as I were on my company.
What is the best way to do that ?
Put a terminal server on DMZ that let me connecting in some way (VPN ?) to
my internal server on my lan ?
Server on DMZ cannot by default make connection to server on LAN, else DMZ
is not a DMZ ...
I have no idea.
Any suggestions ?

Thanks,
Michele L.
 
It's reasonably secure to open port 3389 in your firewall directly to the TS, as RDP Traffic including logons are encrypted at 128bits. Many people do this w/o use of VPN or stationing the TS in a DMZ.

Patrick Rouse
Microsoft MVP - Terminal Server
http://www.patrickrouse.com
 
Do you mean I have to put a Terminal Server in DMZ, and connect to it from
Internet ?
And how can I run my applications that resides on my internal server ?
How can I establish a secure connection from the TS on DMZ to the
applicazion server on my LAN ?
For security reasons i don't want to put my applications and database on the
TS on DMZ.

!
!
Firewall ------- DMZ (Terminal Server)
!
!
LAN
!
!
Application Server


Thanks,
Michele L.

Patrick Rouse said:
It's reasonably secure to open port 3389 in your firewall directly to the
Click to expand...
TS, as RDP Traffic including logons are encrypted at 128bits. Many people
do this w/o use of VPN or stationing the TS in a DMZ.
 
No, what I recommended is to NOT put the TS in the DMZ, just put it on your local/private network and open port 3389 to this machine so you can access it on the LAN and via the Internet. Your data shouldn't exist on the TS anyway, but on a file or database server. The TS should be setup like a workstation, i.e. applications that connect to files/databases hosted on other machines. Just my recommendation. What is your specific reason for wanting to use the DMZ?

Patrick Rouse
Microsoft MVP - Terminal Server
www.patrickrouse.com
 
I thought that I had to put all public servers on DMZ (e.g. web server, mail
server, ...) and not to public a server on the LAN.
I am mistaking myself ?
In any case, if my TS on LAN is secure (e.g. TS over VPN, only port 3389
open on my firewall) why I have to host my files/database on another server
?

Thanks,
Michele L.

Patrick Rouse said:
No, what I recommended is to NOT put the TS in the DMZ, just put it on
Click to expand...
your local/private network and open port 3389 to this machine so you can
access it on the LAN and via the Internet. Your data shouldn't exist on the
TS anyway, but on a file or database server. The TS should be setup like a
workstation, i.e. applications that connect to files/databases hosted on
other machines. Just my recommendation. What is your specific reason for
wanting to use the DMZ?
 
Back
Top