Is ADAM not an option?
Thanks, Jeremy Phillips Senior Messaging Engineer | Azaleos Corporation | T: 206.926.1945 | M: 540.322.7980 You rely on Exchange. We keep it running. From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 9:18 AM To: NT System Admin Issues Subject: RE: AD in the DMZ, good idea? If you can be sure to make up the cost per customer, it's not a bad idea. From: Joe Fox [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 9:04 AM To: NT System Admin Issues Subject: Re: AD in the DMZ, good idea? Couldn't those costs be reduced by licensing SQL per processor, and buy your Windows CALs per server? Rather than a CAL per user, use concurrent connections? I'm a little rusty on my Microsoft Licensing. Regards, Joe On Thu, May 15, 2008 at 11:53 AM, Michael B. Smith <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: That's fine - but as you pointed out, that comes at a cost. A Windows Server CAL plus a SQL Server CAL for each external user. That's around $200 in today's cost. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com<http://theessentialexchange.com/> From: Martin Blackstone [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: Thursday, May 15, 2008 11:50 AM To: NT System Admin Issues Subject: RE: AD in the DMZ, good idea? Using AD, the developer doesn't have to learn it. From: Michael B. Smith [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: Thursday, May 15, 2008 8:33 AM To: NT System Admin Issues Subject: RE: AD in the DMZ, good idea? Obviously, you haven't yet thought about licensing. Why not use application authentication instead of a/d authentication? Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com<http://theessentialexchange.com/> From: Joe Heaton [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: Thursday, May 15, 2008 11:13 AM To: NT System Admin Issues Subject: RE: AD in the DMZ, good idea? It would be a single server, running all functions necessary. There would be another server that would have the actual web front end. The databases for the web apps would still be inside the firewall. As far as access for internal staffers, they would need to get to the web app itself, but I'm wondering if we could setup an internal front end for them to access, that would then access the same data that the outside contractors would be updating. I appreciate all the responses, I'm not as against the idea now, it just really seemed like a bad idea at first. Joe Heaton _____ From: Andy Shook [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: Thursday, May 15, 2008 8:03 AM To: NT System Admin Issues Subject: RE: AD in the DMZ, good idea? Joe, I've done this on a number of occasions and while a pain in the buttocks up front, its not the worst thing. Just isolate it, i.e. no 2 way trust with internal AD, and let it sit. I don't know how big of an implementation your talking about but you could start with one server for AD, DNS, WINS, DHCP, file serving and one for the web apps. My only question is what type of access with internal staffers need to this domain? Shook _____ From: Joe Heaton [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: Thursday, May 15, 2008 10:59 AM To: NT System Admin Issues Subject: AD in the DMZ, good idea? I'm thinking not, but one of our developers is wanting to setup a separate domain in the DMZ, so that we can create AD accounts for contractors that need to login to web apps. My brain, gut and every fiber of my being is saying that this is definitely NOT the way to do this. I am right here, aren't I? Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> -- Joe Fox Systems/Network Administrator Mobile# (716) 846-9308 http://www.linkedin.com/in/josephfoxjr The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient be advised that any unauthorized use, disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone at 716-846-9308 or by return e-mail. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
