entries). I've decided that
this is a line in the sand situation.
From: paul.hutchi...@mira.co.uk
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: LDAP\DC with a public IP
Date: Thu, 22 Sep 2011 18:50:56 +
Are you sure that's what they're asking, and that they aren't simply asking
'nattting' for two large healthcare vendors (whose clients also use the same
private IP scheme we use) but they gave me a address to nat my internal device
to.
From: br...@briandesmond.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: LDAP\DC with a public IP
Date: Thu, 22 Sep 2011 22:17:50
Exactly, Ben.
From: mailvor...@gmail.com
Date: Thu, 22 Sep 2011 18:50:03 -0400
Subject: Re: LDAP\DC with a public IP
To: ntsysadmin@lyris.sunbelt-software.com
On Thu, Sep 22, 2011 at 6:17 PM, Brian Desmond br...@briandesmond.com wrote:
I’m rather lost now. How is doing this double NAT
On Fri, Sep 23, 2011 at 12:16 AM, Brian Desmond br...@briandesmond.com wrote:
I'm not talking private WAN, I'm talking VPN. Using the public Internet to
carry
a secure tunnel for a private payload.
That's basically private WAN...
We're splitting hairs now, but hey, this is the Internet,
We had to do something like this for one of our products that's hosted
externally. I created a VM just for this, and made it an RODC. I just somehow
felt a little better doing that vs. a regular DC, although maybe that's a false
sense of security. And of course, ACLs restricting access solely
There's no obligation for a WAN to use dedicated circuits...50% of the
WANs of organizations that I've been associated with have used VPNs for
connectivity.
Cloud is definitely a very ambiguous term, and heavily co-opted by
marketing, but I like the NIST definition, a summary of which can be
Admin Issues
Subject: Re: LDAP\DC with a public IP
There's no obligation for a WAN to use dedicated circuits...50% of
the WANs of organizations that I've been associated with have used VPNs
for connectivity.
Cloud is definitely a very ambiguous term, and heavily co-opted by
marketing
[mailto:asbz...@gmail.com]
*Sent:* Friday, September 23, 2011 12:19 PM
*To:* NT System Admin Issues
*Subject:* Re: LDAP\DC with a public IP
** **
There's no obligation for a WAN to use dedicated circuits...50% of the
WANs of organizations that I've been associated with have used VPNs
On Thu, Sep 22, 2011 at 10:57, pdw1...@hotmail.com wrote:
We are getting a new product to report variances. It is web-based but using
LDAP to authenticate users. The way it works is that a person can log a
variance anonymously but then directors can use their AD credentials to log
in and
Out of curiosity, can you tell us the name of the product?
On Thu, Sep 22, 2011 at 1:57 PM, pdw1...@hotmail.com wrote:
We are getting a new product to report variances. It is web-based but
using LDAP to authenticate users. The way it works is that a person can log
a variance anonymously
Is the new product cloud based or internal? If internal I can't see why you
would need your DCs/LDAP servers to be available to the public internet. If
cloud based just open up to the IP of the server in the cloud to allow
authentication.
And insist on LDAP over SSL.
al
--
Al
Are you sure that's what they're asking, and that they aren't simply asking to
have ldap access from some external IP address range which you'd provide via an
inbound firewall rule with an ACL and NAT so that only their specific IP
addresses can authenticate?
Not sure I'd be too comfortable
This comes up every now and then. Before the various federation technologies
became prevalent it was a lot more common, but now not so much. Generally what
you do is publish the LDAPS or GC/S port with an ACL that restricts source IPs.
If the app can't failover between a couple of names then
Quantros
Date: Thu, 22 Sep 2011 14:18:53 -0400
Subject: Re: LDAP\DC with a public IP
From: rich...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com
Out of curiosity, can you tell us the name of the product?
On Thu, Sep 22, 2011 at 1:57 PM, pdw1...@hotmail.com wrote:
We are getting a new
Sep 2011 13:22:21 -0500
Subject: RE: LDAP\DC with a public IP
Is the “new product” cloud based or internal? If internal I can’t see why you
would need your DCs/LDAP servers to be available to the public internet. If
cloud based just open up to the IP of the server in the cloud to allow
[mailto:pdw1...@hotmail.com]
Sent: Thursday, September 22, 2011 3:01 PM
To: NT System Admin Issues
Subject: RE: LDAP\DC with a public IP
Cloud.
They explain further on that they have a lot of clients, some of whom may use
the same private IP so to prevent overlap (in their words) they want our
On Thu, Sep 22, 2011 at 6:17 PM, Brian Desmond br...@briandesmond.com wrote:
I’m rather lost now. How is doing this double NAT going to help you in a
typical cloud scenario? Usually you do this type of thing with a direct link
to a business partner/supplier.
You have an IP address on your
, September 22, 2011 5:50 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public IP
On Thu, Sep 22, 2011 at 6:17 PM, Brian Desmond br...@briandesmond.com wrote:
I'm rather lost now. How is doing this double NAT going to help you in
a typical cloud scenario? Usually you do this type of thing
On Thu, Sep 22, 2011 at 6:53 PM, Brian Desmond br...@briandesmond.com wrote:
You have an IP address on your private side that duplicates
their private net, and you're connected to them via some kind
of VPN or other secure router, so you do a one-to-one static
NAT between your private net and
Alarmist no not to me. I would tell them find or propose another way. I
would look at a way maybe using a Linux machine that sync's (more or less)
what they need and then maybe put that where it could be seen from the web.
Others may have better ways to skin the cat.
Jon
On Thu, Sep 22, 2011
- 312.731.3132
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Thursday, September 22, 2011 6:14 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public IP
On Thu, Sep 22, 2011 at 6:53 PM, Brian Desmond br...@briandesmond.com wrote:
You have an IP address on your
]
Sent: Thursday, September 22, 2011 6:14 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public IP
On Thu, Sep 22, 2011 at 6:53 PM, Brian Desmond br...@briandesmond.com
wrote:
You have an IP address on your private side that duplicates their
private net, and you're connected to them
On Thu, Sep 22, 2011 at 9:11 PM, Brian Desmond br...@briandesmond.com wrote:
... the provider gives you a VPN box to make the link ...
This certainly didn't used to be called the cloud - this is classic service
hosting. I usually
consider cloud to require Internet connection between you and
That's basically private WAN...
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Thursday, September 22, 2011 9:14 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public
24 matches
Mail list logo