Solved

Need help designing authentication for SQL SRS in DMZ

Posted on 2009-03-30
2
804 Views
Last Modified: 2012-06-21
Hello,
We have a SQL Reporting Services server built and are prepared to put it on our DMZ which has already been prepped and readied for this function.

We're going to have customers access this SSRS via the internet to access data and run reports off of this model.  Right now though, I was wondering if anyone could help me with best practices on how to configure the user authentication piece.  Right now, we're considering just opening up ports between the SSRS server and our AD domain controllers, and using our corporate domain for both our users and customers.

We're open to suggestions..
0
Comment
Question by:cjb123
2 Comments
 
LVL 5

Accepted Solution

by:
BryanMI earned 500 total points
ID: 24021113
I did the same thing.  However, I created a second domain for the external users.

I built a new domain controller for the external users, but created a ONE WAY trust relationship from our domain to the new, external domain.  That means our corporate users can authenticate and have permission to the SQL RS, but the external users cannot authenticate back to our network.

In SQL RS, you can specify permissions in this fashion by inputting the domain name.  DOMAIN1\User or DOMAIN2\User.  It's been deployed for over a year now with good results.

I also recommend putting your external DC on the LAN and not in the DMZ.  If you have a higher end firewall, you can open the AD traffic from your DMZ to the external DC without giving it access to the IP's of  your real corporate AD.

Good luck!  Happy to answer any questions you might have.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question