Solved

Terminal Server: On DMZ or Domain - Pros and Cons

Posted on 2012-04-03
7
819 Views
Last Modified: 2012-04-03
Hello,

We want to implement Terminal Server in our organization in order to let users access one or two application from outside. Since we are very concerned with security, we would like to have some advice on where to put this server, in the DMZ zone or in the Domain.  Ideally, we would like the user to authenticate via Active Directory and run the application with those credentials. We are talking here of probably 5 users, once in a while, that will need to access the application out of town. How feasable it is to have a user connect to Terminal Server in the DMZ, authenticate thru Active directory and launch an application within the Domain?

thanks
0
Comment
Question by:Comptrib
  • 3
  • 3
7 Comments
 
LVL 36

Expert Comment

by:Carl Webster
ID: 37802625
If you do not mind making swiss cheese out of your firewall, I guess this could be done in a DMZ.  Check out this blurb from Brian Madden's TS 2003 book on Google Books:

http://tinyurl.com/czw7n77
0
 
LVL 13

Assisted Solution

by:Felix Leven
Felix Leven earned 167 total points
ID: 37802689
Place a server 2008 TS-Gateway in the DMZ that can be accessed over 443 (RDP over HTTPS) on the outside ports and
0
 

Author Comment

by:Comptrib
ID: 37802872
Hi MrGraves,

Can you continue on what you were saying after "outside ports and"

thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 36

Assisted Solution

by:Carl Webster
Carl Webster earned 333 total points
ID: 37802901
If you want to look into using a TS Gateway server:

http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

Your tags say Server 2003 so I did not originally include any info on 2008 TS.
0
 

Author Comment

by:Comptrib
ID: 37802942
Well, yes I'm on Server 2003 but according to what I understand, 2008 offfers a much better solution. I  may be interested in upgrading to 2008.
0
 
LVL 36

Accepted Solution

by:
Carl Webster earned 333 total points
ID: 37802947
2008 offers better security than 2003 and you can split roles between different servers.
0
 

Author Closing Comment

by:Comptrib
ID: 37803296
Thanks all for your input. I think I'm on a better track now.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now