Terminal Server: On DMZ or Domain - Pros and Cons

Hello,

We want to implement Terminal Server in our organization in order to let users access one or two application from outside. Since we are very concerned with security, we would like to have some advice on where to put this server, in the DMZ zone or in the Domain.  Ideally, we would like the user to authenticate via Active Directory and run the application with those credentials. We are talking here of probably 5 users, once in a while, that will need to access the application out of town. How feasable it is to have a user connect to Terminal Server in the DMZ, authenticate thru Active directory and launch an application within the Domain?

thanks
ComptribAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Carl WebsterCitrix Technology Professional - FellowCommented:
If you do not mind making swiss cheese out of your firewall, I guess this could be done in a DMZ.  Check out this blurb from Brian Madden's TS 2003 book on Google Books:

http://tinyurl.com/czw7n77
Felix LevenSenior System and DatabaseadministratorCommented:
Place a server 2008 TS-Gateway in the DMZ that can be accessed over 443 (RDP over HTTPS) on the outside ports and
ComptribAuthor Commented:
Hi MrGraves,

Can you continue on what you were saying after "outside ports and"

thanks
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Carl WebsterCitrix Technology Professional - FellowCommented:
If you want to look into using a TS Gateway server:

http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

Your tags say Server 2003 so I did not originally include any info on 2008 TS.
ComptribAuthor Commented:
Well, yes I'm on Server 2003 but according to what I understand, 2008 offfers a much better solution. I  may be interested in upgrading to 2008.
Carl WebsterCitrix Technology Professional - FellowCommented:
2008 offers better security than 2003 and you can split roles between different servers.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ComptribAuthor Commented:
Thanks all for your input. I think I'm on a better track now.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.