Re: [fw-wiz] Allowing Internet Access to MS Project Server



jdgorin@xxxxxxxxxxxx wrote:

Hi Duncan,

I have, some times ago, face the same challenge. And we have set a Citrix server
hosting the MS Project application (not the 2007 version), with a dedicated AD
forest for external users.
The Citrix server is accessed through a VPN connection.



Given the newer MS Project server supports a web access function, the
plan was to use something with less overhead than Citrix/Terminal
Services. Possible methods are:
a: Secure Proxy server with specific PWA filters, yet to be identified.
b: Generic SSL/VPN security gateway that allows for URL filtering to a
DMZ'd PWA (web) server.
c: Web application security filter (transparent proxy) to a DMZ'd PWA
(web) server.

The MS Project Server would be separated into tiers: web, application, DB.

So, an external user need :
* Credential from the security team to access the VPN.
* Credentials from the MS Project team to access the application.

The VPN credentials can be simple password, soft or hard certificate (depends of
your security policy).



So would the VPN credentials be separate from the "MS Project team"
credentials?
Right now the majority of our user vpn access is by AD credentials.

Regards,
JDG




-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx
On Behalf Of D Sharp
Sent: Tuesday, October 02, 2007 8:10 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Allowing Internet Access to MS Project Server

Hi;

A IT project Managers would like to install MS Project 2007
server and make that the central repository for all our IT
related projects. Since we have significant numbers of out
sourced contractors, the team would like external access
enabled. Also to keep costs low they would like the server
to have a Internet presence. Our server support team would
like the server(s) to be part of our internal AD domain.

We have OWA exposed to the Internet, but through a secure
proxy.

What would should be some key security areas.

Thanks,
Duncan Sharp



_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards