Your company is a hosting provider that provides cloud-based services to multiple customers.
Each customer has its own Active Directory forest located in your company’s datacenter.
You plan to provide VPN access to each customer. The VPN solution will use RADIUS for authentication services and accounting services.
You need to recommend a solution to forward authentication and accounting messages from the perimeter network to the Active Directory forest of each customer.
What should you recommend?
More than one answer choice may achieve the goal. Select the BEST answer.
A.
One RADIUS proxy for each customer and Active Directory Federation Services (AD FS)
B.
A RADIUS server for each customer and one RADIUS proxy
C.
One RADIUS proxy and one Active Directory Lightweight Directory Services (AD LDS) instance for each customer
D.
A RADIUS server for each customer and a RADIUS proxy for each customer
Explanation:
RADIUS proxy
You want to provide RADIUS authentication and authorization for outsourced service providers and minimize intranet firewall configuration. An intranet firewall is
between your perimeter network (the network between your intranet and the Internet) and intranet. By placing an NPS server on your perimeter network, the firewall
between your perimeter network and intranet must allow traffic to flow between the NPS server and multiple domain controllers. By replacing the NPS server with an
NPS proxy, the firewall must allow only RADIUS traffic to flow between the NPS proxy and one or multiple NPS servers within your intranet.