monsterjta
IS-IT--Management
Hello,
I am seeking any suggestions for placement of my W2K3 Terminal Servers.
Currently, they are all placed internally behind a PIX515E. Each TS box is configured with a static route and access list for RDP. However, we would like to place these servers into a DMZ (perimeter network) for security reasons.
Now, these TS boxes access internal services very heavily for applications, redirects, MSSQL, Exchange, etc... Will placing these into a DMZ dramatically affect network performance, as these communications will then need to pass through an additional layer of security?
Or...
Another option is to configure a public NIC and a private NIC on the TS server, both on different networks. Then allowing incoming RDP port only on the public NIC, and only required services ports on the private NIC. Would this be considered secure? Or would this just maximize throughtput to internal services?
Any other methods are welcome! Thanks for the input.
I am seeking any suggestions for placement of my W2K3 Terminal Servers.
Currently, they are all placed internally behind a PIX515E. Each TS box is configured with a static route and access list for RDP. However, we would like to place these servers into a DMZ (perimeter network) for security reasons.
Now, these TS boxes access internal services very heavily for applications, redirects, MSSQL, Exchange, etc... Will placing these into a DMZ dramatically affect network performance, as these communications will then need to pass through an additional layer of security?
Or...
Another option is to configure a public NIC and a private NIC on the TS server, both on different networks. Then allowing incoming RDP port only on the public NIC, and only required services ports on the private NIC. Would this be considered secure? Or would this just maximize throughtput to internal services?
Any other methods are welcome! Thanks for the input.