At my work place we are doing a major re-desing of our network, and i need advice.
I know there are some good threads here about RODC but none specifically answers my questions.
Please take in account that this is a production network with criticall services:
We have an internal network with two internal domains (a.net and b.net). The domain controllers have a trusted relationship so accounts from one domain are valid on another domain and users can share resourses between domains.
Thats all for the internal network.
Our security requirements impose a DMZ with services published to the internal users and services published to external users trough internet.
We have the following problems:
The use of different accounts for the services is not acceptable: One user, one account (or credential), if the user goes away (not working here anymore, or goes to another branch, the account is deleted or disabled. The account is used to authenticate the user on his/her workstation and for the services (mail, ftp, internet, etc).
One exception are the admins , webmasters, postamasters, support etc. They hace two accounts: one for normal wotk and another one for doing administrative tasks.
Each user must be able to change the password without requiring help from administrative or support personal. Administrative and support personal ONLY creates, locks and delete accounts. No password changes. Each user do its own pass
The servers with the services on the DMZ must be able to work (authenticate) the external users if the internal network fails, and the oposite, the internal users must be able to authenticate with the dmz services if the internet connection fails or the conection with any branch office fails.
The internal users login to workstations is not a problem, the domain controllers are on the same network and the users can change password using ctrl alt del.
We will have firewalls separating the users from the dmz opening only the appropiated ports for the services and the servers will have routes pointng back to the internal network through the firewalls, so no nat between dmz and internal network.
Now here comes the real problem: FTP, mail, web services, collaboration services, our sites, all that can use active directory integrated authentication, so the users can have just one account and the servers can be joine to a domain so the admins can do their tasks using their administrative credentials. But how?
RODC solves my problems or i need another solution?
Can i place two or more RODC on the DMZ for redundancy?
The RODC needs its own dedicated server o can i install it with, for example the ftp service?
What happens if the internal firewalls fails, or the internals domain controllers? The RODC will provide authentication on the DMZ services to external users?
One more question: What if an external user whants to change his/ her password? Normally many mail or FTP servers like Mdaemon, Exchange, ServU allow the users change their own password IF you are using they own accounts, but since our services will use active directory integrated authentication, we need a solution for the external users.
If posible a web site over SSL. But again since the domain controllers on the DMZ are read only (assuming i decide to use RODC) i dont know how that will happen.
Well, thats all. This is a project yet so feel free to make sugestions. Until now we had a sepparated domain on the DMZ for the services like mail and ftp, and our web sites authenticated directly to our internal domain controllers (we have the correct ports oppened on our firewalls, personally i dont like that solution because is too depending on the internal network and the internal firewalls). And wait, our collaboration servers bassed on jabber used accounts from SQL database, an internal database, YES IT IS A MESS and its very prone to fail.
I'm waiting for sugestions to accomplish this, either usign RODC or another solution as long as it is SAFE and STABLE.
Thanks and sorry for my bad english.