Solved

Terminal Server: On DMZ or Domain - Pros and Cons

Posted on 2012-04-03
7
826 Views
Last Modified: 2012-04-03
Hello,

We want to implement Terminal Server in our organization in order to let users access one or two application from outside. Since we are very concerned with security, we would like to have some advice on where to put this server, in the DMZ zone or in the Domain.  Ideally, we would like the user to authenticate via Active Directory and run the application with those credentials. We are talking here of probably 5 users, once in a while, that will need to access the application out of town. How feasable it is to have a user connect to Terminal Server in the DMZ, authenticate thru Active directory and launch an application within the Domain?

thanks
0
Comment
Question by:Comptrib
  • 3
  • 3
7 Comments
 
LVL 36

Expert Comment

by:Carl Webster
ID: 37802625
If you do not mind making swiss cheese out of your firewall, I guess this could be done in a DMZ.  Check out this blurb from Brian Madden's TS 2003 book on Google Books:

http://tinyurl.com/czw7n77
0
 
LVL 13

Assisted Solution

by:Felix Leven
Felix Leven earned 167 total points
ID: 37802689
Place a server 2008 TS-Gateway in the DMZ that can be accessed over 443 (RDP over HTTPS) on the outside ports and
0
 

Author Comment

by:Comptrib
ID: 37802872
Hi MrGraves,

Can you continue on what you were saying after "outside ports and"

thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 36

Assisted Solution

by:Carl Webster
Carl Webster earned 333 total points
ID: 37802901
If you want to look into using a TS Gateway server:

http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

Your tags say Server 2003 so I did not originally include any info on 2008 TS.
0
 

Author Comment

by:Comptrib
ID: 37802942
Well, yes I'm on Server 2003 but according to what I understand, 2008 offfers a much better solution. I  may be interested in upgrading to 2008.
0
 
LVL 36

Accepted Solution

by:
Carl Webster earned 333 total points
ID: 37802947
2008 offers better security than 2003 and you can split roles between different servers.
0
 

Author Closing Comment

by:Comptrib
ID: 37803296
Thanks all for your input. I think I'm on a better track now.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article runs through the process of deploying a single EXE application selectively to a group of user.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now