We are using Enterprise 2010 and SW 2010, and wish to allow about a dozen contractors working in a handful of companies direct access to our vault.
Two options that spring to mind are:
- allow the contractors to VPN in to our network and pretend to be "local" Enterprise users.
- expose some part of the Enterprise server infrastructure to the Internet for external access.
In either case, we would have to carefully administer the vault security to ensure people saw only what they needed, etc.
If we wished to do the second option, I imagine we would need to place a server in our DMZ. Right now we have a SQL server and a vault/archive server. We would not wish to put either one directly in our DMZ ... rather I would envision placing a new server in the DMZ whose purpose was only to provide access back into the protected network, and if this server was compromised, could be disabled without affecting the function of the vault and DB internally. Is such an architecture supported?
Has anyone provided such access, and can share lessons learned? Thanks!