Re: ADAM instead of setting up domain in the 'perimeter' ? Sharepoint+AD
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/14/05
- Next message: Neill Massello: "Re: best practices to secure home's network"
- Previous message: Roger Abell [MVP]: "Re: 10 freaking critical patches today!!!"
- In reply to: Marlon Brown: "ADAM instead of setting up domain in the 'perimeter' ? Sharepoint+AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 13 Oct 2005 19:34:44 -0700
Yes, and yes.
The "traditional" way, as you outlined with the AD trust, has since the
intoduction of Adam had an alternative, and, depending on the resource
access needs this Adam alternative can also be combined with a more
restrictively used AD trust so the protocol transitioning out of Adam
can also allow "gated" access to those resource using Windows principals.
The other yes is that you definitely should evaluate what ADFS v1 in
the R2 release cycle will bring as added alternatives.
"Marlon Brown" <nomail@brown.com> wrote in message
news:eVWnPW0zFHA.904@tk2msftngp13.phx.gbl...
> We are currently planning to setup an AD forest in the perimeter network
> to accomodate a number of front/back end Sharepoint servers and DC's, etc.
> The idea is that if extranet users need to access Sharepoint from the
> extranet, they could authenticate using accounts existing in such
> "Domain-Perimeter" and avoid coming "inside" my organization for future
> access. Such "Domain-Perimeter" would be setup in a separate Forest with
> an one-way trust relationship to my corporate domain.
>
> I just thought more about it:
> How about instead of setting up an entire domain infrastructure to
> accomodate such security need of account isolation, I just setup an AD/AM
> structure in a Sharepoint servers "inside" my organization. That way I
> could accomplish the same goal of providing external users with "isolated"
> accounts from my corporate domain and I could make the whole
> implementation much easier.
>
> Let me know your thoughts and whether that would work.
>
- Next message: Neill Massello: "Re: best practices to secure home's network"
- Previous message: Roger Abell [MVP]: "Re: 10 freaking critical patches today!!!"
- In reply to: Marlon Brown: "ADAM instead of setting up domain in the 'perimeter' ? Sharepoint+AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
