What server or services to put in a DMZ.

[Baxie]

I know this may seem like a silly question but i have a windows 2000 domain and i am in the middle of designing a back to back firewall which will go as follows:

internet --- sonic wall firewall --- DMZ --- ISA Server --- LAN.

My question is what services or servers do i place in the DMZ. The theory goes that 'any externally accessed server should go in' so the web server would be a no brainer, and i will probably use exchange server 2000 with a front end / back end scenario. But my problem lies with terminal server in application mode, as this has access to all internal applications, does this go in the DMZ or in the LAN.

Also can anyone confirm that all the DMZ servers are not to be members of the internal LAN domain (due to authentcation protocols need to be opened on the ISA server negating any security).

Thanks in advance for any suggestions on this as i am really uncertain where to place this server.

 

[Xemus]

Here's a link that might help some. Fairly basic knowledge, but some interesting links at the bottom.

http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci213891,00.html

Can you clarify what you're using TS for? Do you actually need it from outside the network? Can you set up a VPN through the firewall to it and leave it internal?

http://www.closedsocket.com

 

[Baxie]

Cheers for the reply.

We need to use terminal server to access a bespoke business software, which believe it or not is DOS based i have tried to run this purely over VPN and it is to slow to be of use.

Are ysou suggesting that remote users connect to the LAN by VPN and then launch the terminal server from the LAN within the VPN tunnel, thats an interesting spin, quite like that.

We will be moving to SAP in the near future, but this doesn't help me now. I know i can change the port that terminal server uses and this may help if i place this on the internal LAN.