1 of 1 people found this helpful
If I understand correctly, you will have an Additional Web Server (AWS) place in the DMZ while the rest of NPM is on the internal network. The overal process is pretty straight forward as an AWS is easy to setup. The biggest issue is going to be configurnig the firewall to allow the AWS to communicate with the rest of the NPM system. Still not that big of a deal. The use of a valid SSL cert on the AWS would be a good idea as well. This is effectively the model that I have setup at my company and it works pretty good. The one odd setup to it is that our DMZ does not have access to our AD servers, so we use local NPM accounts for customers. If we need to log in to the AWS, we have to setup a local NPM account in addition to our AD account. You could take it a step further and have a three tier model where you have a Web, Application, and Internal layers. You would then put a proxy in the Web portion for customers to access and then the AWS in the Application layer and the the remain portions of NPM in the Internal layer. Some say this is a bit overkill and some say it is a security standard.