We have a similar situation and we use RSA Secure ID for this. Simple overview 1. Each user gets a fob 2. The fobs will be assigned to as many servers as to like. 3. When the users tries to sign in to a server, the RSA service checks the credentials and also makes sure that the fob and user is allowed to access that machine. 4. Then you will have a full audit trial of what user logged on to what server and when
We use a managed RSA Ace server, so we use a hosted RSA authentication server, so we don't have manage the Ace server. We are able to access reports on access and setup the fobs via a web based control page. We access all the hosted solutions via VPN. The users can authenticate to the VPN via Radius. I hope this gives you a starter for 10. Regards Jason Gregson -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of dubaisans dubai Sent: 18 September 2006 14:25 To: [email protected] Subject: Terminal Servers @ Datacenter Hi, Looking for best practices in managing windows servers in a datacenter. We have 100 windows servers with Terminal services. There is no Active Directory domain.Everything is workgroup. There is a set of 10 admins who share responsibility of administering these servers. Each admin has access to a group of 10 or 15 Servers. For the purpose of tracking access, we would like to setup one central gateway server in the DMZ where all admins will login first. Based on their user-id, they can initiate connection to their authorised internal server. It should not be possible for one server to initiate connection to another server. All servers should accept connection only from this central gateway server. We are open to buying a third party product if required. It would be great if we can also track what the admins are doing . --------------------------------------------------------------------------- ---------------------------------------------------------------------------
smime.p7s
Description: S/MIME cryptographic signature
