Is ADAM not an option?


Thanks,



Jeremy Phillips

Senior Messaging Engineer | Azaleos Corporation | T: 206.926.1945 | M: 
540.322.7980

You rely on Exchange. We keep it running.



From: Martin Blackstone [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 15, 2008 9:18 AM
To: NT System Admin Issues
Subject: RE: AD in the DMZ, good idea?



If you can be sure to make up the cost per customer, it's not a bad idea.





From: Joe Fox [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 15, 2008 9:04 AM
To: NT System Admin Issues
Subject: Re: AD in the DMZ, good idea?



Couldn't those costs be reduced by licensing SQL per processor, and buy your 
Windows CALs per server?  Rather than a CAL per user, use concurrent 
connections?



I'm a little rusty on my Microsoft Licensing.



Regards,

Joe

On Thu, May 15, 2008 at 11:53 AM, Michael B. Smith <[EMAIL 
PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote:

That's fine - but as you pointed out, that comes at a cost. A Windows Server 
CAL plus a SQL Server CAL for each external user. That's around $200 in today's 
cost.



Regards,



Michael B. Smith

MCSE/Exchange MVP

http://TheEssentialExchange.com<http://theessentialexchange.com/>



From: Martin Blackstone [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: Thursday, May 15, 2008 11:50 AM


To: NT System Admin Issues
Subject: RE: AD in the DMZ, good idea?



Using AD, the developer doesn't have to learn it.



From: Michael B. Smith [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: Thursday, May 15, 2008 8:33 AM
To: NT System Admin Issues
Subject: RE: AD in the DMZ, good idea?



Obviously, you haven't yet thought about licensing.



Why not use application authentication instead of a/d authentication?



Regards,



Michael B. Smith

MCSE/Exchange MVP

http://TheEssentialExchange.com<http://theessentialexchange.com/>



From: Joe Heaton [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: Thursday, May 15, 2008 11:13 AM
To: NT System Admin Issues
Subject: RE: AD in the DMZ, good idea?



It would be a single server, running all functions necessary.  There would be 
another server that would have the actual web front end.  The databases for the 
web apps would still be inside the firewall.  As far as access for internal 
staffers, they would need to get to the web app itself, but I'm wondering if we 
could setup an internal front end for them to access, that would then access 
the same data that the outside contractors would be updating.



I appreciate all the responses, I'm not as against the idea now, it just really 
seemed like a bad idea at first.



Joe Heaton





  _____

From: Andy Shook [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: Thursday, May 15, 2008 8:03 AM
To: NT System Admin Issues
Subject: RE: AD in the DMZ, good idea?

Joe,

I've done this on a number of occasions and while a pain in the buttocks up 
front, its not the worst thing.  Just isolate it, i.e. no 2 way trust with 
internal AD, and let it sit.  I don't know how big of an implementation your 
talking about but you could start with one server for AD, DNS, WINS, DHCP, file 
serving and one for the web apps.  My only question is what type of access with 
internal staffers need to this domain?



Shook

  _____

From: Joe Heaton [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: Thursday, May 15, 2008 10:59 AM
To: NT System Admin Issues
Subject: AD in the DMZ, good idea?



I'm thinking not, but one of our developers is wanting to setup a separate 
domain in the DMZ, so that we can create AD accounts for contractors that need 
to login to web apps.  My brain, gut and every fiber of my being is saying that 
this is definitely NOT the way to do this.  I am right here, aren't I?



Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>






























--
Joe Fox
Systems/Network Administrator

Mobile# (716) 846-9308
http://www.linkedin.com/in/josephfoxjr

The information contained in this e-mail message, including any attached files, 
is intended only for the personal and confidential use of the recipient(s) 
named above. If you are not the intended recipient be advised that any 
unauthorized use, disclosure, copying, distribution or the taking of any action 
in reliance on the contents of this information is strictly prohibited. If you 
have received this email in error, please immediately notify the sender via 
telephone at 716-846-9308 or by return e-mail.





~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to