We have a similar situation and we use RSA Secure ID for
this.
Simple overview
1. Each user gets a fob
2. The fobs will be assigned to as many servers as to like.
3. When the users tries to sign in to a server, the RSA
service checks the
credentials and also makes sure that the fob and user is
allowed to access
that machine.
4. Then you will have a full audit trial of what user logged
on to what
server and when
We use a managed RSA Ace server, so we use a hosted RSA
authentication
server, so we don't have manage the Ace server. We are able
to access
reports on access and setup the fobs via a web based control
page.
We access all the hosted solutions via VPN. The users can
authenticate to
the VPN via Radius.
I hope this gives you a starter for 10.
Regards
Jason Gregson
-----Original Message-----
From: listbounce securityfocus.com [mailto:listbouncesecurityfocus.com] On
Behalf Of dubaisans dubai
Sent: 18 September 2006 14:25
To: focus-mssecurityfocus.com
Subject: Terminal Servers Datacenter
Hi,
Looking for best practices in managing windows servers in a
datacenter.
We have 100 windows servers with Terminal services. There is
no Active
Directory domain.Everything is workgroup. There is a set of
10 admins who
share responsibility of administering these servers. Each
admin has access
to a group of 10 or 15 Servers.
For the purpose of tracking access, we would like to setup
one central
gateway server in the DMZ where all admins will login first.
Based on their
user-id, they can initiate connection to their authorised
internal server.
It should not be possible for one server to initiate
connection to another
server. All servers should accept connection only from this
central gateway
server.
We are open to buying a third party product if required. It
would be great
if we can also track what the admins are doing .
------------------------------------------------------------
---------------
------------------------------------------------------------
---------------
|