RE: Terminal Servers @ Datacenter



We have a similar situation and we use RSA Secure ID for this.
Simple overview
1. Each user gets a fob
2. The fobs will be assigned to as many servers as to like.
3. When the users tries to sign in to a server, the RSA service checks the
credentials and also makes sure that the fob and user is allowed to access
that machine.
4. Then you will have a full audit trial of what user logged on to what
server and when


We use a managed RSA Ace server, so we use a hosted RSA authentication
server, so we don't have manage the Ace server. We are able to access
reports on access and setup the fobs via a web based control page.

We access all the hosted solutions via VPN. The users can authenticate to
the VPN via Radius.

I hope this gives you a starter for 10.


Regards

Jason Gregson

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of dubaisans dubai
Sent: 18 September 2006 14:25
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Terminal Servers @ Datacenter

Hi,

Looking for best practices in managing windows servers in a datacenter.

We have 100 windows servers with Terminal services. There is no Active
Directory domain.Everything is workgroup. There is a set of 10 admins who
share responsibility of administering these servers. Each admin has access
to a group of 10 or 15 Servers.

For the purpose of tracking access, we would like to setup one central
gateway server in the DMZ where all admins will login first. Based on their
user-id, they can initiate connection to their authorised internal server.

It should not be possible for one server to initiate connection to another
server. All servers should accept connection only from this central gateway
server.

We are open to buying a third party product if required. It would be great
if we can also track what the admins are doing .

---------------------------------------------------------------------------
---------------------------------------------------------------------------


Attachment: smime.p7s
Description: S/MIME cryptographic signature



Relevant Pages

  • RE: OWA Publishing problem for ISA 2006- using SecurID
    ... nodesecret in the registry and then cleared it on the RSA Admin server I ... The reason, from what I can gather, is that SDTEST write the securid file to ... a different location and the nodesecet is just set between the ACE and ISA ... ACE server doesn't think it's supposed to. ...
    (microsoft.public.isa.publishing)
  • RE: OWA Publishing problem for ISA 2006- using SecurID
    ... source other than the ISA Server? ... nodesecret in the registry and then cleared it on the RSA Admin server I ... The publishing rule is set for Basic Authentication on the Auth Delegation ... They are getting this when connecting from an ISA Server labeled page: ...
    (microsoft.public.isa.publishing)
  • RE: OWA Publishing problem for ISA 2006- using SecurID
    ... on the phone with RSA doing that repeatedly. ... The reason, from what I can gather, is that SDTEST write the securid file to ... a different location and the nodesecet is just set between the ACE and ISA ... ACE server doesn't think it's supposed to. ...
    (microsoft.public.isa.publishing)
  • RE: rsa encrtyption
    ... It seems to work for her now and all we did was apply some Sql Server updates. ... My only guess was that the MS dll she used to apply the RSA encryption was ... According to the RSA encryption reference, I've performed some local tests, ... Export the machine-level RSA key container: ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: OWA Publishing problem for ISA 2006- using SecurID
    ... nodesecret in the registry and then cleared it on the RSA Admin server I ... The reason, from what I can gather, is that SDTEST write the securid file to ... a different location and the nodesecet is just set between the ACE and ISA ... ACE server doesn't think it's supposed to. ...
    (microsoft.public.isa.publishing)