There are many different ways to design and build an extranet network topology. Decisions about topologies used are outside the scope of this paper. However, this section discusses the following two examples of network topologies:
- Tri-homed perimeter network. This is also known as a single-screened subnet.
- Back-to-back perimeter network. This is also known as a dual-screened subnet.
The term "perimeter network" refers to a network that lies between the corporate intranet and the Internet. It is a network that separates a trusted network (the corporate intranet) from an untrusted network (the Internet). In most cases, perimeter networks are thought of as physical networks, but in some extranet network topologies, this is not entirely accurate. Perimeter networks are also known as screened subnets.
The topologies presented here are examples only. The topology you use is dependent upon the policies and requirements of your organization.
The back-to-back perimeter network topology — the topology that is used for this white paper — is widely regarded as one of the more secure extranet topologies available. In this paper, the perimeter network domain is called Perimeter.Net, and the corporate intranet domain is called Corp.Net. These domains are configured with a forest trust relationship between the perimeter network domain (Perimeter.Net) and the corporate intranet domain (Corp.Net).