Your Web Machine is most likely outside your Firewall and then it is not good security to access via AD.
3 of 3 people found this helpful
My question here is , Both servers ( DMZ and Internal ) needs active directory access when the user access through web direct , FM Client , iOS FM Go ?.
No, only the master machine needs access to the AD. The machine where the files live, where the database engine is.
Thanks Wim for your comment.
What about security in this case as web server is DMZ network?
Don't know where to begin answering that. Security is always a concern when you place a machine in the DMZ; on many different levels.
What is the main reason to have the machine in the DMZ? If DMZ is a common practice for this company then I would assume they have the necessary security people on staff to set up the DMZ machine while keeping it in compliance with all their security policies.
Often DMZ machines will be set up so that they have no connection whatsoever to the non-DMZ machines. If data needs to be exchanged it would be a non-DMZ machine reaching out to the DMZ machine but never the DMZ machine talking to a non-DMZ machine. That would rule out a traditional 2-machine FMS setup with the worker in the DMZ. But again; the security folks that wanted the DMZ should have a handle on this.
The main aim for putting web server in DMZ , We need to publish our filemaker web direct solution to outside network as well ( Currently working with Internal Corporate Network ). Some of people , they will access same solution (Hosted in Internal Server) from outside when they are out of office.
The main aim for putting web server in DMZ , We need to publish our filemaker web direct solution to outside network as well (
Understood; but using a DMZ is just one of the ways to solve that.
You were asking a very generic question about security in a DMZ scenario so I wanted to get a feeling for why a DMZ was chosen as the way to go forward and what the level of comfort is in supporting that.