0 votes

I've got a few questions regarding the setup for the web interface and admin console in the DMZ found here.

  1. If we don't want the Admin Console accessible outside the network will leaving this internal affect this configuration at all?

  2. How is the Read Only Domain Controller being accessed by Adaxes in the DMZ?

  3. Would internal users also hit the RODC in the DMZ or would they use the internal DCs?

Thanks!

by (100 points)

1 Answer

0 votes
by (226k points)

Hello,

If we don't want the Admin Console accessible outside the network will leaving this internal affect this configuration at all?

No, you can only install the Web Interface component in the DMZ. There will be no effect on your internal Adaxes configuration.

How is the Read Only Domain Controller being accessed by Adaxes in the DMZ?

The RODC is required to join the computer where Adaxes Web Interface will be installed to an AD domain. Additionally, it will be used by the Web Interface to obtain service connection points (SCPs) for Adaxes service. Operations will be performed through the Adaxes service installed internally which in its turn will connect to an internal DC.

Would internal users also hit the RODC in the DMZ or would they use the internal DCs?

Adaxes service will not have access to the RODC in the DMZ and thus it will always connect to one of the internal DCs. If you want, you can predefine the DCs to be used by Adaxes as described in the following help article: https://www.adaxes.com/help/?HowDoI.ManageActiveDirectory.ManageDomains.SpecifyDCsForDomain.html.

0

why is Adaxes component such as Adaxes Service and Adaxes Web Interface has to join domain?

what will the implication, if we deploy web interface in DMZ without RODC? (join domain to internal DC)

0

Hello,

why is Adaxes component such as Adaxes Service and Adaxes Web Interface has to join domain?

This is just how Adaxes works. It is a requirement for all Adaxes components.

what will the implication, if we deploy web interface in DMZ without RODC?

The approach is not recommended as it will require opening additional ports to the internal DCs. For details about the ports used by Adaxes, see https://www.adaxes.com/questions/20/what-ports-does-adaxes-use.

Related questions

+1 vote
1 answer

When using the administration console (not the web console), we would like to be able to customize the fields that are shown on the different tabs of the user properties ... in the web interface but I don't see the same option for the administration console.

asked Jan 27, 2020 by abarker5 (80 points)
0 votes
1 answer

Hello, Currently, in LDAP browser of Administration Console, we can view only five columns in result search screen. Could you offer to view any attribute in future release? Thanks a lot for your response Yoann

asked Oct 4, 2012 by yoann.hamon (180 points)
0 votes
1 answer

Hi, We are currently still running an older version of Adaxes (2014.1) and having an issue with our 2nd server of Adaxes that is in our DMZ. I would like to resolve this ... done to the environment. I am wondering if I can get any assistance on this. Thanks,

asked Jun 6, 2017 by Kobe46 (390 points)
0 votes
1 answer

We have 4 om prem servers to setup Adaxes on, we currently have almost everything on one server but have crashed on several occassions when multiple scheduled jobs are ... way to achieve this configuration without having to buy double the licenses. Thanks' Jay

asked Sep 24, 2021 by willy-wally (3.2k points)
0 votes
1 answer

We are training our Help Desk to check for proper Office365 licensing before escalating tickets, but I cannot see where to allow "sub-licensing" views (meaning the individual ... those choices in either the Adaxes Admin Console, or the Web Portal? Thank you!

asked Jul 15, 2015 by PunkinDonuts (360 points)
2,779 questions
2,512 answers
6,576 comments
26,881 users