Placement of Strong Authentication Servers

["Matt McClung, CCSA/CCSE" <mmcclung () ndwcorp com>]

I haven't seen a discussion of your Strong Authentication Server on this
list yet.  I am looking at installing a new Auth Server to provide strong
user authentication.  My question is just where do you put it?

My thought I to have a separate network off the firewall for the server
itself and nothing else.  The management could be from the internal network
and controlled by your FW policy and user authentication.

I don't think that you would want that information traversing your internal
network so that's why I would suggest the above configuration.

This works great if you are only doing Internet/Extranet type
authentication, but what do you do when you need to provide the same
services for an inside service?

Bandwidth, management and security measurements tell me the same
configuration works well in most scenarios....

Your comments are welcome...

Matt