DMZ Forest to Internal Forest Trust - Contractor UK Bulletin Board

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

gables started a topic DMZ Forest to Internal Forest Trust

21 June 2012, 08:30
DMZ Forest to Internal Forest Trust

Hi Collective,

We're looking to implement a forest with one domain in our DMZ into which there will be a number of applications, initially MS EPM with others to follow. Anyway there is a requirement for external partners and internal users (hence the trust) to access these resources.

To enable this we proposed a one way forest to forest trust with the DMZ trusting the internal forest, external partner accounts will be in the DMZ forest\domain. Only the required ports on the firewall would be opened to enable the trust and ldap.

This is a design option in an MS whitepaper and I also know of one large corporate doing the same.

Our security policy chap here is saying this is a no no and goes against good practice.... given the coporate I referred to generally adhere to good practice, I'm beginning to wonder...

So my question is, from your experiences have you seen this implemenatation before? does it really go against good practice?

Cheers,
Tags: None

Working...

X