Solved

Need help designing authentication for SQL SRS in DMZ

Posted on 2009-03-30
2
799 Views
Last Modified: 2012-06-21
Hello,
We have a SQL Reporting Services server built and are prepared to put it on our DMZ which has already been prepped and readied for this function.

We're going to have customers access this SSRS via the internet to access data and run reports off of this model.  Right now though, I was wondering if anyone could help me with best practices on how to configure the user authentication piece.  Right now, we're considering just opening up ports between the SSRS server and our AD domain controllers, and using our corporate domain for both our users and customers.

We're open to suggestions..
0
Comment
Question by:cjb123
2 Comments
 
LVL 5

Accepted Solution

by:
BryanMI earned 500 total points
ID: 24021113
I did the same thing.  However, I created a second domain for the external users.

I built a new domain controller for the external users, but created a ONE WAY trust relationship from our domain to the new, external domain.  That means our corporate users can authenticate and have permission to the SQL RS, but the external users cannot authenticate back to our network.

In SQL RS, you can specify permissions in this fashion by inputting the domain name.  DOMAIN1\User or DOMAIN2\User.  It's been deployed for over a year now with good results.

I also recommend putting your external DC on the LAN and not in the DMZ.  If you have a higher end firewall, you can open the AD traffic from your DMZ to the external DC without giving it access to the IP's of  your real corporate AD.

Good luck!  Happy to answer any questions you might have.
0

Join & Write a Comment

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now