Re: To tri-homed, or not to tri-homed... that is the question
From: Phillip Windell (_at_.)
Date: 02/01/05
- Next message: Jalexander01: "Login script mapped drvs show up disconnected"
- Previous message: Susan: "Re: OWA time-out"
- In reply to: Hugh G. Johnson: "Re: To tri-homed, or not to tri-homed... that is the question"
- Next in thread: Hugh G. Johnson: "Re: To tri-homed, or not to tri-homed... that is the question"
- Reply: Hugh G. Johnson: "Re: To tri-homed, or not to tri-homed... that is the question"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Feb 2005 10:39:23 -0600
"Hugh G. Johnson" <hughgjohnsonNOT@comcast.net> wrote in message
news:nI2dnRiTlJT8XWPcRVn-qQ@comcast.com...
> and this "developement" host the same info we have on the live server, so
> our jewels are exposed 24/7 already. Maybe I should of said Staging
Server?
> It's just the site we test prior to pushing content to the live server.
Ok, I see. No problem then
> We actually paid Microsoft $200 to help set this up. I guess we should of
> gotten our money back. We told them basically what we're saying here.
I have no context to know what that would mean. I cannot see your system and
have no idea what you curretly have based on the small amount of information
I have unless I was physically there. Your post implies that you are simply
considering doing something rather than something that is already "done" so
I would not know what you paid MS $200 for. I suppose it was a "support"
call to pick thier brain?
> Given we want internal users to be able to publish to this server and we
> want external users to be able to publish to this server, what would you
> suggest we do?
It sounded like you already have a Back-to-Back DMZ. With that, it really
doesn't matter what you do because you can get the same results whether it
is fully in the LAN, in the B2B DMZ, or outside the DMZ. And it is going to
be equally a pain in the rear-end to do because that is always what DMZs of
any type cause.
One thing I would need to know is how do users "publish" to this server?
"Publish" can mean almost anything. It is important to know exactly how they
get the data to and from the machine from a technical perspective. There is
a big difference between using FTP, and using FrontPage Server Extensions.
BTW - If it is FrontPage Server Extensions then I can not help you. Someone
else will have to do that. In fact, if it is anything other than FTP,
someone else will have to help you with that.
Assuming FTP,...you would put the server in the DMZ and publish the FTP
Service using the "outer" firewall. The outside users would use this. The
inside "LAN" users would have to use FTP from behind ISA which requires the
Firewall Client to be installed and the proper permissions/rules setup to
allow the FTP access.
Since FTP passes the passwords in Clear Text you don't want the outside
users to use an account that exist also in the LAN,..you want to create a
new account *locally* on the Web Server itself for them to use. Create a new
group *locally* on the Web Server as well ("FTP Users" maybe?). Add this
account to this group and make that its "default group" then remove the
account from the regular "Users" group. This causes the account to have
virtually nothing for permissions other that what little bit you give it.
Users from both sides can use this account if you wish, but its main purpose
is for the outside users. You can also make multiple accounts if you need to
but put them in the FTP Group and remove them from the other as with the
first account.
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com
- Next message: Jalexander01: "Login script mapped drvs show up disconnected"
- Previous message: Susan: "Re: OWA time-out"
- In reply to: Hugh G. Johnson: "Re: To tri-homed, or not to tri-homed... that is the question"
- Next in thread: Hugh G. Johnson: "Re: To tri-homed, or not to tri-homed... that is the question"
- Reply: Hugh G. Johnson: "Re: To tri-homed, or not to tri-homed... that is the question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
