What's the most secure way to connect to Active Directory from a DMZ?
https://stackoverflow.com/questions/9927018
-
27-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I got a web DMZ server, that hosts an "Extranet" ASP.NET application. I want that users should authenticate to this application using the same user and password that they use on their Windows at work. (we are using Active Directory)
I want to know what the best way is -the most secure way - to connect from the DMZ web server to the Active Directory.
For now I saw two possibilities:
- RODC
- LDAP Over SSL (LDAPS)
Are there any other option you recommend? What other options should I consider? Any limitation, or potential problems with any of those solution?
해결책
It exist a Microsoft document talking about that :
Active Directory Domain Services in the Perimeter Network (Windows Server 2008)
You can also take inspiration from Microsoft consideration on installing an Exchange Front-end computer into a DMZ
Front-End and Back-End Server Topology Guide for Exchange Server 2003 and Exchange 2000 Server
