We have a similar situation and we use RSA Secure ID for this.
Simple overview
1. Each user gets a fob
2. The fobs will be assigned to as many servers as to like.
3. When the users tries to sign in to a server, the RSA service checks the
credentials and also makes sure that the fob and user is allowed to access
that machine.
4. Then you will have a full audit trial of what user logged on to what
server and when
We use a managed RSA Ace server, so we use a hosted RSA authentication
server, so we don't have manage the Ace server. We are able to access
reports on access and setup the fobs via a web based control page.
We access all the hosted solutions via VPN. The users can authenticate to
the VPN via Radius.
I hope this gives you a starter for 10.
Regards
Jason Gregson
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of dubaisans dubai
Sent: 18 September 2006 14:25
To: focus-ms@securityfocus.com
Subject: Terminal Servers @ Datacenter
Hi,
Looking for best practices in managing windows servers in a datacenter.
We have 100 windows servers with Terminal services. There is no Active
Directory domain.Everything is workgroup. There is a set of 10 admins who
share responsibility of administering these servers. Each admin has access
to a group of 10 or 15 Servers.
For the purpose of tracking access, we would like to setup one central
gateway server in the DMZ where all admins will login first. Based on their
user-id, they can initiate connection to their authorised internal server.
It should not be possible for one server to initiate connection to another
server. All servers should accept connection only from this central gateway
server.
We are open to buying a third party product if required. It would be great
if we can also track what the admins are doing .
---------------------------------------------------------------------------
---------------------------------------------------------------------------
smime.p7s
Description: S/MIME cryptographic signature
