RE: AD in the DMZ, good idea?

Thu, 15 May 2008 08:50:12 -0700 

Using AD, the developer doesn't have to learn it.

 

From: Michael B. Smith [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 15, 2008 8:33 AM
To: NT System Admin Issues
Subject: RE: AD in the DMZ, good idea?

 

Obviously, you haven't yet thought about licensing.

 

Why not use application authentication instead of a/d authentication?

 

Regards,

 

Michael B. Smith

MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 15, 2008 11:13 AM
To: NT System Admin Issues
Subject: RE: AD in the DMZ, good idea?

 

It would be a single server, running all functions necessary.  There would
be another server that would have the actual web front end.  The databases
for the web apps would still be inside the firewall.  As far as access for
internal staffers, they would need to get to the web app itself, but I'm
wondering if we could setup an internal front end for them to access, that
would then access the same data that the outside contractors would be
updating.

 

I appreciate all the responses, I'm not as against the idea now, it just
really seemed like a bad idea at first.

 

Joe Heaton

 

 

  _____  

From: Andy Shook [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 15, 2008 8:03 AM
To: NT System Admin Issues
Subject: RE: AD in the DMZ, good idea?

Joe,

I've done this on a number of occasions and while a pain in the buttocks up
front, its not the worst thing.  Just isolate it, i.e. no 2 way trust with
internal AD, and let it sit.  I don't know how big of an implementation your
talking about but you could start with one server for AD, DNS, WINS, DHCP,
file serving and one for the web apps.  My only question is what type of
access with internal staffers need to this domain?  

 

Shook

  _____  

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 15, 2008 10:59 AM
To: NT System Admin Issues
Subject: AD in the DMZ, good idea?

 

I'm thinking not, but one of our developers is wanting to setup a separate
domain in the DMZ, so that we can create AD accounts for contractors that
need to login to web apps.  My brain, gut and every fiber of my being is
saying that this is definitely NOT the way to do this.  I am right here,
aren't I?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 

 

 
 
 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to