Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need help designing authentication for SQL SRS in DMZ

Posted on 2009-03-30
2
Medium Priority
?
811 Views
Last Modified: 2012-06-21
Hello,
We have a SQL Reporting Services server built and are prepared to put it on our DMZ which has already been prepped and readied for this function.

We're going to have customers access this SSRS via the internet to access data and run reports off of this model.  Right now though, I was wondering if anyone could help me with best practices on how to configure the user authentication piece.  Right now, we're considering just opening up ports between the SSRS server and our AD domain controllers, and using our corporate domain for both our users and customers.

We're open to suggestions..
0
Comment
Question by:cjb123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
BryanMI earned 2000 total points
ID: 24021113
I did the same thing.  However, I created a second domain for the external users.

I built a new domain controller for the external users, but created a ONE WAY trust relationship from our domain to the new, external domain.  That means our corporate users can authenticate and have permission to the SQL RS, but the external users cannot authenticate back to our network.

In SQL RS, you can specify permissions in this fashion by inputting the domain name.  DOMAIN1\User or DOMAIN2\User.  It's been deployed for over a year now with good results.

I also recommend putting your external DC on the LAN and not in the DMZ.  If you have a higher end firewall, you can open the AD traffic from your DMZ to the external DC without giving it access to the IP's of  your real corporate AD.

Good luck!  Happy to answer any questions you might have.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question