Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 812
  • Last Modified:

Need help designing authentication for SQL SRS in DMZ

Hello,
We have a SQL Reporting Services server built and are prepared to put it on our DMZ which has already been prepped and readied for this function.

We're going to have customers access this SSRS via the internet to access data and run reports off of this model.  Right now though, I was wondering if anyone could help me with best practices on how to configure the user authentication piece.  Right now, we're considering just opening up ports between the SSRS server and our AD domain controllers, and using our corporate domain for both our users and customers.

We're open to suggestions..
0
cjb123
Asked:
cjb123
1 Solution
 
BryanMICommented:
I did the same thing.  However, I created a second domain for the external users.

I built a new domain controller for the external users, but created a ONE WAY trust relationship from our domain to the new, external domain.  That means our corporate users can authenticate and have permission to the SQL RS, but the external users cannot authenticate back to our network.

In SQL RS, you can specify permissions in this fashion by inputting the domain name.  DOMAIN1\User or DOMAIN2\User.  It's been deployed for over a year now with good results.

I also recommend putting your external DC on the LAN and not in the DMZ.  If you have a higher end firewall, you can open the AD traffic from your DMZ to the external DC without giving it access to the IP's of  your real corporate AD.

Good luck!  Happy to answer any questions you might have.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now