Active Directory and DMZ design query
I am facing problem with Active Directory DC and DMZ. I need some help here in fixing the same. There is a internal network in our company with dmz zone. There are some application configured on the same with IIS server. All the DC are placed on the internal lan and the iis server in on the server. From security point of view this can be proper. But from design point of view this looks like less secure to me. I need some help here. I want to run SQL clustering and somehow the dmz server will be the part of the same. What is the best way to configure that. It is fine to keep all the ports open or simply configure this on a single port.
Re: Active Directory and DMZ design query
Using firewall on domain or forest can restrict accessibility. Here using LDAP authentication is quiet good option according to me. This can help you more in many ways. You can simply use the same to provide access to the internal users via normal windows account. There are complex solution available is ADAM and ADFS. You can also go for the same but better collect some reference before.