• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 93 subscribers
  • Views 5478 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuring separate job server in DMZ

jordonez
over 7 years ago

Right now I have 2 job servers (6.1.2) in our internal network that talks to a few DC's in the internal network. I now have a requirement to bring in groups from a DC that is located in the DMZ.

Could I spin up another job server that is located in the DMZ that only talks to that DC in the DMZ? I would still be connecting to the same SQL server and using the portal so users can request groups from this DC in the DMZ.

Does anyone see any issues with this or perhaps suggest a better way to do this?

Looking forward to your responses.

  • +1 over 7 years ago
    You should be able to choose between the two followig scenarios:
    A) spin up an additional jobserver in the DMZ that talks to the D1 Database outside the DMZ for reconciling the DMZ AD
    B) you could reconcile the DMZ AS using one of existing jobservers

    For scenario A) you'd require firewall changes to get the SQL data traffic from the DMZ into the internal network while for scenario B) you'd require firewall changes to get the ADSI traffic from the jobserver on the internal network to the DMZ DC.

    Which scenario you want to use is up to your considerations. But using one of the existing jobservers should be sufficient from a technical point of view.
  • 0 over 7 years ago
    Thanks Carsten, going to go with A. Appreciate the feedback.