Студопедия

Главная страница Случайная страница

Разделы сайта

АвтомобилиАстрономияБиологияГеографияДом и садДругие языкиДругоеИнформатикаИсторияКультураЛитератураЛогикаМатематикаМедицинаМеталлургияМеханикаОбразованиеОхрана трудаПедагогикаПолитикаПравоПсихологияРелигияРиторикаСоциологияСпортСтроительствоТехнологияТуризмФизикаФилософияФинансыХимияЧерчениеЭкологияЭкономикаЭлектроника






Communication from client computers that belong to the perimeter network






This communication depends on the solution that you implement in the perimeter network. You analyze each of the solution requirements to enable the necessary traffic into the RODC from the perimeter network.

For some examples of ports for different scenarios, see the “Required communication ports” section later in this topic.

Communication from the RODC to a writeable domain controller

To enable the RODC role on a server that is designated to be an RODC, there must be communication between that server and a writeable domain controller.

For the required the ports for each functionality, see the “Required communication ports” section later in this topic.

Communication from the perimeter network to a writeable domain controller

Based on the requirements of your RODC design, you may have to allow traffic from the perimeter network client computers and servers to a writeable domain controller that resides in the corporate network. For example, you may have to allow DNS traffic for dynamic updates, LDAP referrals, or other protocols, depending on your deployment scenario.

Tools

There are several tools that you can use to monitor the communication from the perimeter network to the internal corporate network:

· Sniffing tools, such as Microsoft Network Monitor and router filtering logging

· IPsec Mon

· Resultant Set of Policy (RSoP)

· Third-party traffic-monitoring tools

Note

Many of the traffic-monitoring solutions require traffic to reach the wire in clear format. IPsec ESP encrypts the content and prevents these tools from detecting traffic that may be coming from attacks. You can check whether your traffic-monitoring solutions are compatible with IPsec AH. This protocol does not encrypt the traffic, although it still permits IPsec security to be in place.






© 2023 :: MyLektsii.ru :: Мои Лекции
Все материалы представленные на сайте исключительно с целью ознакомления читателями и не преследуют коммерческих целей или нарушение авторских прав.
Копирование текстов разрешено только с указанием индексируемой ссылки на источник.