Solved

Need help designing authentication for SQL SRS in DMZ

Posted on 2009-03-30
2
805 Views
Last Modified: 2012-06-21
Hello,
We have a SQL Reporting Services server built and are prepared to put it on our DMZ which has already been prepped and readied for this function.

We're going to have customers access this SSRS via the internet to access data and run reports off of this model.  Right now though, I was wondering if anyone could help me with best practices on how to configure the user authentication piece.  Right now, we're considering just opening up ports between the SSRS server and our AD domain controllers, and using our corporate domain for both our users and customers.

We're open to suggestions..
0
Comment
Question by:cjb123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
BryanMI earned 500 total points
ID: 24021113
I did the same thing.  However, I created a second domain for the external users.

I built a new domain controller for the external users, but created a ONE WAY trust relationship from our domain to the new, external domain.  That means our corporate users can authenticate and have permission to the SQL RS, but the external users cannot authenticate back to our network.

In SQL RS, you can specify permissions in this fashion by inputting the domain name.  DOMAIN1\User or DOMAIN2\User.  It's been deployed for over a year now with good results.

I also recommend putting your external DC on the LAN and not in the DMZ.  If you have a higher end firewall, you can open the AD traffic from your DMZ to the external DC without giving it access to the IP's of  your real corporate AD.

Good luck!  Happy to answer any questions you might have.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question