Hi
I’m looking for ideas / suggestions / options for the following problem.
We run two Notes domains. One internal(/INT/AU) and one for our DMZ (/DMZ/AU). The domains are cross-certified and i’m able to replicate thru the firewall both documents and design changes. However, for security, we want to sign the designs of the databases in the DMZ with an agent signer (e.g. webagent/DMZ/AU).
The problem is, that with any design change, i need to temporarily add another machine (pc) in the DMZ to run the domino admin application so i can sign the design so the agents etc run correctly in the DMZ.
My options, as i see it, are:
-
Put the domino admin app on the domino server in the DMZ so i don’t need to plug a PC into the DMZ.
-
Put the domino admin app on another server in the DMZ so i don’t need to plug a PC into the DMZ.
-
Keep plugging a PC into the DMZ as required to sign any design changes.
-
Cross certify the webagent/DMZ/AU id and give it access to my internal servers, so i can use it to sign designs before replicating them out to the DMZ.
What would be the recommended option? Are there any other ways of geting around this little problem? What security considerations should i keep in mind? Basically, what are you guys out there doing in this situation, and what works best ?
Thanks in advance for any feedback
andy G