Hi all. Need some help here with trying to come up with a solution for this problem. I will try and give as much detail as possible.
I manage a domain, lets call it MidCorp of around 100 staff. We share a WAN link with a larger company called BigCorp. They manage/host our email..but that's it...totally separate Domains. They look after theirs, I look after mine and we have no interest in integrating with their full AD structure. I believe there is a one-way domain trust in place that allows us access to our email. They would have duplicate AD accounts for each of our staff which are disabled and only active for Exchange.
My dilemma: we are bringing in some new staff in our office to be a separate company, a joint venture between both firms, let's call it NewCorp. These guys are going to use hardware/software provided by BigCorp, plugging in to my switches and therefore will get instant access to BigCorp's WAN. They won't be part of or joined to my domain. I've tested and they get NAS shares, printers, applications...everything they need from BigCorp.
Now, I've been asked to see if we can give these NewCorp guys access to the following things at MidCorp:
- our Sharepoint site - I think I can do this ok by creating a login for them in our AD, give them the IP of our Sharepoint box (as can't resolve from their DNS) and they can log on to the site for the duration of each logon session. Ok it's an additonal login but & it's not perfect but keeps them off our domain proper.
- Printer(s) - having a bit more difficulty with this one. I tried something similar/adding printer manually via IP as above but it always requires a reconnection and would be problematic during busy times for staff trying to print. My preference is that BigCorp provide a printer on our site and it is centrally managed by them. We can handle physical support on site. I welcome any other suggestions on this one. I've heard some things about allowing guest/anonymous access to one of our printers but not convinced about this or using Internet Printing which I don't know much about.
- A SQL Server with a client side Practice Management Software application - my preference is that they use BigCorps PMS. It's more scalable and better suited to this kind of work. Lately I've been getting pressure to see if I can give NewCorp access to MidCorp's (our site) smaller PMS. I'm not keen on this as it smacks of joining domains/intergration which we are dead set against for many reasons. I've been advised that I could get this working by putting a Terminal Server in on our site and allowing the NewCorp staff to RDP to it for this application. However that means hardware/software/licensing spend which I am trying to avoid. The PMS application is a "fat client", not web based so I also want to avoid trying to install software on BigCorps hardware which I know nothing about.
That about covers it. I welcome all suggestions from any of you IT Pros out there. Point 3 is the one that's causing me the most problem. I wish to avoid any solution that involves further domain integration between BigCorp and MidCorp. I also have limited resources to throw at this. I need a solution that is scalable if NewCorp grows so I wish to avoid short-term workarounds with NewCorp staff sharing desktop PCs on our LAN.
Other valid info: we are a mostly Windows 2003 Server Domain, with a couple of 2008 Servers in non-DC roles. Network is mostly staff on 100mb LAN and WAN/web access is 100mb speed so NewCorp bandwidth not a major concern until staff numbers ramp up.
Thanks in advance!