As daft as the subject sounds we have a genuine reason for making a small web based program accessible via the web, the program uses ASP.NET and reads data from Active Directory (this is not our internal AD just a mockup), we want to make this ASP.NET site available on the web, so my question is how would you do this cheaply and securely?
PS A vpn is not an option as we don't know who will be accessing the program yet.
Can a virtual server from an ISP be installed with AD/IIS etc?
Thanks Scott
Are you saying that you just need an AD server, or you have a specific AD installation that needs to be read? And if it's just an AD server, period, why go with AD and not an SQL database of some sort?
I'd almost be tempted to suggest automating a dump of AD records to a given location at a set time and then upload the results to another server outside the network, and that way you minimize your exposure to attack as well as sanitize the data so you only get the information you need (except passwords, maybe).
Otherwise you're looking at having to open firewall ports to allow access, as the AD server would most likely need to sync with other AD servers within the network.
The part that makes this more difficult is that you're saying you can't use a vpn because you don't know who is accessing it. In that case, we'd probably have to know more about the scenario you're outlining (like why you couldn't use the database idea, why specifically AD), because that to me implies that it's not your business/corporation using it with your business/corporation's AD infrastructure, so you may be able to get away with changing how the data is getting stored. What data in particular is needed? Can it be something that can be intermediated through an automated dump to a file and transfer?
I'd be wary of any idea that has to expose an element of the internal network, especially for business logins and internal information like AD, to the Internet.
Put it in, add RRAS NAT - pointing outward, reverse map the IP and ports you use.
Result? Only the application is accessible ;) Plus remote desktop. AD is out.
But why do you want to install AD at all? I that is not a demonstration - you pretty much are close to costing you a fortune instead of using cheap SPLA licenses.
