Tech Off Thread

3 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Call a internal web service from DMZ

Back to Forum: Tech Off
  • User profile image

    I want to perform with the help of an internal Web service, the AD authentication and put in DMZ available.

    As I've read from the thread are three different options possible for call an internal web service from the DMZ.

    Can someone confirm me if it's not possible to put a mapping in firewall so that DMZ request is able to call the web service internal. (Dyanmic Routing / Static Routing)

    I can not use the VPN option Sad

  • User profile image

    Few options spring instantly to mind:

    1) Configure IPSec and authenticated pass-through on the firewall and respective machines. Quick,easy and about as secure as you can get (assuming you're using an IPSec aware firewall).

    2) Multi-home the server so that it has a secondary network that can be used solely for communication with the webservice providers. Messy and a little tricky to configure securely.

    3) DirectAccess could be used to provide a VPN-like solution without a VPN. Bit heavyweight if you don't really have reason for external clients to have access into the network (for remote working etc). Also has a big dependency on IPv6, which can still be something of a stumbling block.

  • User profile image

    There's also service bus - have a service bus connection tunneling through to the secure service, then ADFS to auth it (which is what I've ended up doing for a couple of things)

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.