1

We have 4 servers in a managed datacenter (including 2 local Domain Controllers) to host our web applications. Our 20 person office uses Azure AD.

Engineers/DevOps access our servers via RDP (using separate credentials). They also access SQL Server using SQL authentication which is restricted at the firewall to the office static IP address.

Would you recommend we keep the office & servers completely separate from each other and manage two sets of credentials? Or would it be wise to connect Azure AD to the on-premise AD?

Marcus
  • 400
  • 2
  • 5
  • 16
  • Your web application serve internal users or external’s one ? and with what authentication scheme. – yagmoth555 Jun 04 '18 at 10:50
  • @yagmoth555 External users - they are SaaS applications. So normally username/password for end users to access the SaaS web-app. Using Windows authentication between the IIS App Pool and SQL Server. – Marcus Jun 04 '18 at 11:13
  • Who consumes the web applications in Azure, your company or your customers? – joeqwerty Jun 04 '18 at 13:55
  • @joeqwerty No web applications in Azure. Web applications are on servers in a datacenter with a local AD. Web apps are for customers. – Marcus Jun 04 '18 at 15:50
  • So Azure is for your company and the Datacenter is for the on premises AD for the web apps which are used by customers? If so then no, I would not recommend connecting the two AD's. – joeqwerty Jun 04 '18 at 18:21
  • Thanks @joeqwerty. So you'd recommend we give Engineers/DevOps separate credentials to access the servers in the Datacenter? – Marcus Jun 05 '18 at 09:06
  • Yes. If the datacenter infrastructure serves your customers than I would keep that separate from the infrastructure that serves your company. – joeqwerty Jun 05 '18 at 12:17

0 Answers0