Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Terminal Server: On DMZ or Domain - Pros and Cons

Posted on 2012-04-03
7
Medium Priority
?
857 Views
Last Modified: 2012-04-03
Hello,

We want to implement Terminal Server in our organization in order to let users access one or two application from outside. Since we are very concerned with security, we would like to have some advice on where to put this server, in the DMZ zone or in the Domain.  Ideally, we would like the user to authenticate via Active Directory and run the application with those credentials. We are talking here of probably 5 users, once in a while, that will need to access the application out of town. How feasable it is to have a user connect to Terminal Server in the DMZ, authenticate thru Active directory and launch an application within the Domain?

thanks
0
Comment
Question by:Comptrib
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 37

Expert Comment

by:Carl Webster
ID: 37802625
If you do not mind making swiss cheese out of your firewall, I guess this could be done in a DMZ.  Check out this blurb from Brian Madden's TS 2003 book on Google Books:

http://tinyurl.com/czw7n77
0
 
LVL 13

Assisted Solution

by:Felix Leven
Felix Leven earned 668 total points
ID: 37802689
Place a server 2008 TS-Gateway in the DMZ that can be accessed over 443 (RDP over HTTPS) on the outside ports and
0
 

Author Comment

by:Comptrib
ID: 37802872
Hi MrGraves,

Can you continue on what you were saying after "outside ports and"

thanks
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 37

Assisted Solution

by:Carl Webster
Carl Webster earned 1332 total points
ID: 37802901
If you want to look into using a TS Gateway server:

http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

Your tags say Server 2003 so I did not originally include any info on 2008 TS.
0
 

Author Comment

by:Comptrib
ID: 37802942
Well, yes I'm on Server 2003 but according to what I understand, 2008 offfers a much better solution. I  may be interested in upgrading to 2008.
0
 
LVL 37

Accepted Solution

by:
Carl Webster earned 1332 total points
ID: 37802947
2008 offers better security than 2003 and you can split roles between different servers.
0
 

Author Closing Comment

by:Comptrib
ID: 37803296
Thanks all for your input. I think I'm on a better track now.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question