Re: Dedicated AD forest for external users?
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Wed, 17 Oct 2007 01:56:28 +0100
Is up to you to decide what best suits in your scenario.
If you plan to have client accounts in the AD Database and use these
accounts and/or security groups to provide access to your FTP server then
the answer is yes, the FTP server should be member of that domain.
However if you plan to use Local databse accounts to provide access to these
users, then the answer is no, the FTP server doesn't need to be member of
the Internal Domain.
--
===================================
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
===================================
"Gabriel/TFI" <GabrielTFI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DD71082C-F5AF-47BB-AEC1-5D737F89E123@xxxxxxxxxxxxxxxx
I am not sure I did understand well.
Does the machine that hosts the FTP service in the DMZ have to be joined
to
my internal domain?
Thanks,
Gabriele
"Jorge Silva" wrote:
My point was that you could use your internal AD for account a
centralized
account management but place the FTP server at DMZ and secure the
communications between DMZ and internal network, for external users give
them only access to the ports needed on the FTP, the same can be applied
to
internal users when accessing to the FTP in the DMZ.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Gabriel/TFI" <GabrielTFI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D9C9F769-6674-4D5E-8910-463FFC0B1A45@xxxxxxxxxxxxxxxx
And what about identity? A separate AD forest for external users?
"Jorge Silva" wrote:
Hi
At first look, all I can think is that your external customers
shouldn't
have direct access to your internal network especially if you're
talking
about FTP.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Gabriel/TFI" <GabrielTFI@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9D465B68-829E-4459-9735-078A9E42B0E4@xxxxxxxxxxxxxxxx
Hi all,
I started a thread in microsoft.public.security called "FTP for
internal
users and external customers".
http://groups.google.it/group/microsoft.public.security/browse_thread/thread/40dc233a2b482e/d2b4842e4f0f71c6?hl=it&lnk=st&q=%22FTP+for+internal+users+and+external+customers%22&rnum=1#d2b4842e4f0f71c6
One of the points of the discussion is to have or not a separate AD
forest
for external users, expecially the ones who access from the
Internet.
What is your idea from an AD security perspective?
Thanks in advance,
Gabriele
.
- References:
- Re: Dedicated AD forest for external users?
- From: Jorge Silva
- Re: Dedicated AD forest for external users?
- From: Gabriel/TFI
- Re: Dedicated AD forest for external users?
- Prev by Date: RE: Provide feedback to DC promotion/replacement
- Next by Date: Re: "Empty" Roaming profile? But not really.
- Previous by thread: Re: Dedicated AD forest for external users?
- Next by thread: Re: Ultimate Domain Controller Best-Practice-Setup-Checklist?
- Index(es):
Relevant Pages
|
