|
|
You're in the
iis security
group:Access to network drives for home and roaming users
iis security:
have a windows 2003 R2 network with an internal and perimeter network, the internal is fully windows 2003 and all users have access to mapped drives on the file server, we also have exchange 2007 server. In the perimeter network we have a frontend webserver hosting a public site and another box hosting the edge exchange 2007 server. I want to achieve simple remote access to user from home or roaming with laptops without the need for VPN's, Exchange is easy and has been setup for OWA or the outlook client over HTTP, the problem I have is access to the file system and specifically the network drives they have access to. I'd like to give them access to certain network drives or folders somehow without mapping them over a VPN. I've thought about ftp etc but I figure there must be plenty of need for this out there and other companies must have easily achieved it with it being pretty much a microsoft shop....... so I want to see how others do it :) can anyone assist or provide advice. Thanks
Thanks for your reply, think option 1 is the go, I'd like to leave the data
in the internal lan and not mov it to the DMZ, can you give me some mroe info on option 1? [quoted text, click to view] "Anthony" wrote:
> Mike, > All the VPN does is to add a security layer to the remote access, so if you > don't want to use VPN, the question is, what security do you want to apply? > Then by the time you add the additional security, you may be thinking that > the VPN wasn't so bad. > Questions: > - Do you want the data in a DMZ, or do you want them to come straight > through the firewall to your LAN? > - If in a DMZ, how will they authenticate to it? > - How to interact with the data: HTTP, CIFS, FTP etc.? > Options you can consider: > 1) An SSL VPN gives a simplified user access to internal resource. From a > user perspective, you could say they had direct access, as they only have to > authenticate once. In fact they are going through a VPN tunnel. > 2) Allow RDP straight through. Impractical in any but very small > environments. > 3) Use Terminal Services with remote access. For file access as distinct > from applications this is similar to the SSL VPN. > 4) Anything with the content in a DMZ gets very complicated as to how you > are going to authenticate it with LAN users. You can use IIS with WebDAV and > SSL to give file and folder access, but you need some way to authenticate > the users. You don't want to go through to the DC on the LAN, so you have to > come up with a way of synchronizing usernames to a DMZ AD. > Hope that helps, > Anthony > http://www.airdesk.co.uk > > > > > "Mike D" <MikeD@discussions.microsoft.com> wrote in message > news:6471DDBA-BA31-460B-98FF-1D5B40E15F8B@microsoft.com... > > Hello, I have a scenario I'd like to put out and see if anyone can help. I > > have a windows 2003 R2 network with an internal and perimeter network, the > > internal is fully windows 2003 and all users have access to mapped drives > > on > > the file server, we also have exchange 2007 server. In the perimeter > > network > > we have a frontend webserver hosting a public site and another box hosting > > the edge exchange 2007 server. > > > > I want to achieve simple remote access to user from home or roaming with > > laptops without the need for VPN's, Exchange is easy and has been setup > > for > > OWA or the outlook client over HTTP, the problem I have is access to the > > file > > system and specifically the network drives they have access to. I'd like > > to > > give them access to certain network drives or folders somehow without > > mapping > > them over a VPN. I've thought about ftp etc but I figure there must be > > plenty > > of need for this out there and other companies must have easily achieved > > it > > with it being pretty much a microsoft shop....... so I want to see how > > others > > do it :) can anyone assist or provide advice. > > > > Thanks > > > > > >
Mike,
All the VPN does is to add a security layer to the remote access, so if you don't want to use VPN, the question is, what security do you want to apply? Then by the time you add the additional security, you may be thinking that the VPN wasn't so bad. Questions: - Do you want the data in a DMZ, or do you want them to come straight through the firewall to your LAN? - If in a DMZ, how will they authenticate to it? - How to interact with the data: HTTP, CIFS, FTP etc.? Options you can consider: 1) An SSL VPN gives a simplified user access to internal resource. From a user perspective, you could say they had direct access, as they only have to authenticate once. In fact they are going through a VPN tunnel. 2) Allow RDP straight through. Impractical in any but very small environments. 3) Use Terminal Services with remote access. For file access as distinct from applications this is similar to the SSL VPN. 4) Anything with the content in a DMZ gets very complicated as to how you are going to authenticate it with LAN users. You can use IIS with WebDAV and SSL to give file and folder access, but you need some way to authenticate the users. You don't want to go through to the DC on the LAN, so you have to come up with a way of synchronizing usernames to a DMZ AD. Hope that helps, Anthony http://www.airdesk.co.uk [quoted text, click to view] "Mike D" <MikeD@discussions.microsoft.com> wrote in message news:6471DDBA-BA31-460B-98FF-1D5B40E15F8B@microsoft.com... > Hello, I have a scenario I'd like to put out and see if anyone can help. I > have a windows 2003 R2 network with an internal and perimeter network, the > internal is fully windows 2003 and all users have access to mapped drives > on > the file server, we also have exchange 2007 server. In the perimeter > network > we have a frontend webserver hosting a public site and another box hosting > the edge exchange 2007 server. > > I want to achieve simple remote access to user from home or roaming with > laptops without the need for VPN's, Exchange is easy and has been setup > for > OWA or the outlook client over HTTP, the problem I have is access to the > file > system and specifically the network drives they have access to. I'd like > to > give them access to certain network drives or folders somehow without > mapping > them over a VPN. I've thought about ftp etc but I figure there must be > plenty > of need for this out there and other companies must have easily achieved > it > with it being pretty much a microsoft shop....... so I want to see how > others > do it :) can anyone assist or provide advice. > > Thanks > >
Pretty well everyone sells SSL VPN these days, either appliance or software.
Its really easy to set up. You might have a look at this: http://www.microsoft.com/presspass/events/rsa/docs/GartnerSSLVPN.pdf Hope that helps, Anthony http://www.airdesk.co.uk [quoted text, click to view] "Mike D" <MikeD@discussions.microsoft.com> wrote in message news:98373582-2034-4684-BD68-29893693306F@microsoft.com... > Thanks for your reply, think option 1 is the go, I'd like to leave the > data > in the internal lan and not mov it to the DMZ, can you give me some mroe > info > on option 1? > > "Anthony" wrote: > >> Mike, >> All the VPN does is to add a security layer to the remote access, so if >> you >> don't want to use VPN, the question is, what security do you want to >> apply? >> Then by the time you add the additional security, you may be thinking >> that >> the VPN wasn't so bad. >> Questions: >> - Do you want the data in a DMZ, or do you want them to come straight >> through the firewall to your LAN? >> - If in a DMZ, how will they authenticate to it? >> - How to interact with the data: HTTP, CIFS, FTP etc.? >> Options you can consider: >> 1) An SSL VPN gives a simplified user access to internal resource. From a >> user perspective, you could say they had direct access, as they only have >> to >> authenticate once. In fact they are going through a VPN tunnel. >> 2) Allow RDP straight through. Impractical in any but very small >> environments. >> 3) Use Terminal Services with remote access. For file access as distinct >> from applications this is similar to the SSL VPN. >> 4) Anything with the content in a DMZ gets very complicated as to how you >> are going to authenticate it with LAN users. You can use IIS with WebDAV >> and >> SSL to give file and folder access, but you need some way to authenticate >> the users. You don't want to go through to the DC on the LAN, so you have >> to >> come up with a way of synchronizing usernames to a DMZ AD. >> Hope that helps, >> Anthony >> http://www.airdesk.co.uk >> >> >> >> >> "Mike D" <MikeD@discussions.microsoft.com> wrote in message >> news:6471DDBA-BA31-460B-98FF-1D5B40E15F8B@microsoft.com... >> > Hello, I have a scenario I'd like to put out and see if anyone can >> > help. I >> > have a windows 2003 R2 network with an internal and perimeter network, >> > the >> > internal is fully windows 2003 and all users have access to mapped >> > drives >> > on >> > the file server, we also have exchange 2007 server. In the perimeter >> > network >> > we have a frontend webserver hosting a public site and another box >> > hosting >> > the edge exchange 2007 server. >> > >> > I want to achieve simple remote access to user from home or roaming >> > with >> > laptops without the need for VPN's, Exchange is easy and has been setup >> > for >> > OWA or the outlook client over HTTP, the problem I have is access to >> > the >> > file >> > system and specifically the network drives they have access to. I'd >> > like >> > to >> > give them access to certain network drives or folders somehow without >> > mapping >> > them over a VPN. I've thought about ftp etc but I figure there must be >> > plenty >> > of need for this out there and other companies must have easily >> > achieved >> > it >> > with it being pretty much a microsoft shop....... so I want to see how >> > others >> > do it :) can anyone assist or provide advice. >> > >> > Thanks >> > >> > >> >> >>
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |