Terminal Server: On DMZ or Domain - Pros and Cons

Hello,

We want to implement Terminal Server in our organization in order to let users access one or two application from outside. Since we are very concerned with security, we would like to have some advice on where to put this server, in the DMZ zone or in the Domain.  Ideally, we would like the user to authenticate via Active Directory and run the application with those credentials. We are talking here of probably 5 users, once in a while, that will need to access the application out of town. How feasable it is to have a user connect to Terminal Server in the DMZ, authenticate thru Active directory and launch an application within the Domain?

thanks
ComptribAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Carl WebsterConnect With a Mentor Commented:
2008 offers better security than 2003 and you can split roles between different servers.
0
 
Carl WebsterCommented:
If you do not mind making swiss cheese out of your firewall, I guess this could be done in a DMZ.  Check out this blurb from Brian Madden's TS 2003 book on Google Books:

http://tinyurl.com/czw7n77
0
 
Felix LevenConnect With a Mentor Senior System and DatabaseadministratorCommented:
Place a server 2008 TS-Gateway in the DMZ that can be accessed over 443 (RDP over HTTPS) on the outside ports and
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
ComptribAuthor Commented:
Hi MrGraves,

Can you continue on what you were saying after "outside ports and"

thanks
0
 
Carl WebsterConnect With a Mentor Commented:
If you want to look into using a TS Gateway server:

http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

Your tags say Server 2003 so I did not originally include any info on 2008 TS.
0
 
ComptribAuthor Commented:
Well, yes I'm on Server 2003 but according to what I understand, 2008 offfers a much better solution. I  may be interested in upgrading to 2008.
0
 
ComptribAuthor Commented:
Thanks all for your input. I think I'm on a better track now.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.