RE: Web conferencing server and AD

["Depp, Dennis M." <deppdm () ornl gov>]

Dan,

I would install the app on a DMZ network.  Depending on what resources I had in the DMZ, I would either add it to the 
DMZ AD or use a standalone system configured to update info from LDAP.

Denny

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dan Lynch
Sent: Wednesday, January 02, 2008 12:44 PM
To: security-basics () securityfocus com
Subject: Web conferencing server and AD

Your company has chosen to implement a web-based teleconferencing
solution for all internal users, as well as outside vendors and such.
The conferencing app runs on IIS on a "hardened" Windows server
"appliance".

Do you:

A) install the box on the internal network
B) install the box on a DMZ network
C) install the box directly on the internet

The conferencing app allows meeting organizers to select invitees from a
list that's built from your Active Directory. Do you,

A) install the box as a member server and allow it to dynamically
populate the list
B) install the box as a standalone server and use LDAP to periodically
connect to your domain controller and sync a user list
C) install the box as a standalone server and periodically export a CSV
list from AD to manually import to the appliance

Thoughts?


Dan Lynch, CISSP
Information Technology Analyst
County of Placer