I have a remote web server (Windows 2008 Web Edition) to host some applications and company website.
We only access this server using RDP. But I'd like to access it as it was in our LAN, so I'm considering adding it to my local Windows 2008 domain using a permanent VPN.
Is it a good idea?
My concern is that this server can't be affected by eventual domain problems.
Thanks.
I personally wouldn't do this. My primary concern would be having a public facing machine connected to a private network like this. For example, if someone installed a keylogger through an IIS vulnerability, they would also have access to a domain account (if you logged in with your domain credentials).
You can have a site-to-site VPN without it needing to be on your domain. Treat the server like a DMZ - a lot of large companies have a way into it, with only the necessary services allowed through it, but also have a DC setup in the DMZ for manageability.
As you only have one server, local accounts with strong passwords are probably lower maintenance.
Whether or not the computer is a member of the Active Directory domain has little to do with how you access it.
If the proposed VPN connection allows for arbitrary traffic from the web server into the protected network I'd be frightened. If the VPN solution lets you specify traffic filters and statefully allows connections from inside the LAN to access the web server ("Don't speak unless spoken to...") it's less frightening but still vastly less compartmentalized than leaving the web server isolated.
If the convenience really justifies the risk then go for it. My guess is that you can find convenient ways to interact with the web server that don't involve giving it any type of direct communication path into the LAN, though... (WebDAV over SSL for file management, SFTP, etc).
