It would be a single server, running all functions necessary.  There
would be another server that would have the actual web front end.  The
databases for the web apps would still be inside the firewall.  As far
as access for internal staffers, they would need to get to the web app
itself, but I'm wondering if we could setup an internal front end for
them to access, that would then access the same data that the outside
contractors would be updating.
 
I appreciate all the responses, I'm not as against the idea now, it just
really seemed like a bad idea at first.
 
Joe Heaton
 

________________________________

From: Andy Shook [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 15, 2008 8:03 AM
To: NT System Admin Issues
Subject: RE: AD in the DMZ, good idea?



Joe,

I've done this on a number of occasions and while a pain in the buttocks
up front, its not the worst thing.  Just isolate it, i.e. no 2 way trust
with internal AD, and let it sit.  I don't know how big of an
implementation your talking about but you could start with one server
for AD, DNS, WINS, DHCP, file serving and one for the web apps.  My only
question is what type of access with internal staffers need to this
domain?  

 

Shook

________________________________

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 15, 2008 10:59 AM
To: NT System Admin Issues
Subject: AD in the DMZ, good idea?

 

I'm thinking not, but one of our developers is wanting to setup a
separate domain in the DMZ, so that we can create AD accounts for
contractors that need to login to web apps.  My brain, gut and every
fiber of my being is saying that this is definitely NOT the way to do
this.  I am right here, aren't I?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 






~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to