Re: AD in the DMZ - Any thoughts on this scenario?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Trust No OneŽ (dana.scully_at_usa.net)
Date: 08/05/04

• Next message: Mike Richter: "user log on TIME"
• Previous message: mark: "Test DR procedure of a child domain"
• In reply to: ptwilliams: "Re: AD in the DMZ - Any thoughts on this scenario?"
• Next in thread: Simon Geary: "Re: AD in the DMZ - Any thoughts on this scenario?"
• Reply: Simon Geary: "Re: AD in the DMZ - Any thoughts on this scenario?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 5 Aug 2004 17:25:45 +0100

ptwilliams wrote:
> I think that Steve is talking about running AD across a firewall
> within the network and not the actual perimeter network. I can see
> no reason for having internal servers in a DMZ.
>
> I have situations whereby there are firewalls in between DCs; but
> none of our DCs reside on a DMZ. There is a secure perimeter around
> our networks, and we firewall them inside too. That's when this
> whitepaper is needed; like Simon said, perhaps ADAM is better
> suited...
>
The ADAM suggestion made by both Simon and Paul intrigues me. As I mentioned
earlier, the purpose of the proposed AD forest in the DMZ will be provision
of centralized management and administration (esp Group Policies) of the
application servers Only the datacentre support teams and a user admin team
will logon to the AD. Is ADAM suited to this particular purpose as opposed
to full blown AD?

I've had a quick Google search and I've found precious few ADAM whitepapers
around (the technical reference looks daunting) and none so far on its use
in the DMZ. I plan to do a more in-depth search later. Has anyone come
across any articles on the application of ADAM in the DMZ that I can chew
over? I have a book "Building DMZs for Enterprise Networks", but
unfortunately it predates ADAM :(

Best Wishes,

-- 
Peter <X-Files Fan>
Please Note: Emailed replies cc'd / bcc'd , containing HTML or attachments
auto-binned as spam

---

• Next message: Mike Richter: "user log on TIME"
• Previous message: mark: "Test DR procedure of a child domain"
• In reply to: ptwilliams: "Re: AD in the DMZ - Any thoughts on this scenario?"
• Next in thread: Simon Geary: "Re: AD in the DMZ - Any thoughts on this scenario?"
• Reply: Simon Geary: "Re: AD in the DMZ - Any thoughts on this scenario?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Ang: RE: Firewall and DMZ topology ... Network Engineer ... Subject: Firewall and DMZ topology ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ... (Security-Basics) Re: Lets talk about firewalls - what do we as a group think a firewall should be/have? ... part of the same network as the LAN. ... Each interface of a firewall should be distinct from ... interfaces, so a "DMZ interface" is not a requirement. ... (comp.security.firewalls) Re: Firewall and DMZ topology ... > network, Windows and Linux. ... > laptop used as a simple firewall setup. ... > machine and placing it in a DMZ. ... > internal network, one for the DMZ and one for the Internet. ... (Security-Basics) RE: Basic Network Configuration ... > IMHO the second rule is void, since no traffic should bypass the DMZ. ... that originates from your internal network. ... There is no point in implementing the same firewall ... >> really achieve this benefit if the boxes run different OS ... (Security-Basics) Re: AD in the DMZ . . . OK? ... > notion to write a .NET app that sits on a DMZ Web server but gets user ... > information from the Active Directory on the other side of the firewall.. ... Instead of this I will recommend using ADAM (AD in Application ... to facilitate one-on-one interaction with one of our expert instructors. ... (Security-Basics)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.active_directory  > 2004-08