RE: Web conferencing server and AD

["Worrell, Brian" <BWorrell () isdh IN gov>]

Dan,

I think I would go with the DMZ and the CSV export option.  Although,
how are users going to setup meetings with this device?  If they have to
auth as themselves, then you may have to make it a member server.

Just my thoughts. 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Dan Lynch
Sent: Wednesday, January 02, 2008 12:44 PM
To: security-basics () securityfocus com
Subject: Web conferencing server and AD

Your company has chosen to implement a web-based teleconferencing
solution for all internal users, as well as outside vendors and such.
The conferencing app runs on IIS on a "hardened" Windows server
"appliance". 

Do you:

A) install the box on the internal network
B) install the box on a DMZ network
C) install the box directly on the internet

The conferencing app allows meeting organizers to select invitees from a
list that's built from your Active Directory. Do you,

A) install the box as a member server and allow it to dynamically
populate the list
B) install the box as a standalone server and use LDAP to periodically
connect to your domain controller and sync a user list
C) install the box as a standalone server and periodically export a CSV
list from AD to manually import to the appliance

Thoughts?


Dan Lynch, CISSP
Information Technology Analyst
County of Placer