Hi,
We have the cloud based authentication service provider for two-factor authentication. For VPN connectivity, client machine connects to the VPN gateway in corporate DMZ and VPN gateway contacts cloud authentication provider to verify the One time password. The VPN gateway to cloud happens on RADIUS over internet. Considering security issues in RADIUS, the plan is to have a RADIUS server hosted on-premise which in turn may connect to cloud for authentication. Should we have the NPS server installed in DMZ or internal network? The NPS will not authenticate users against AD but connects to cloud provider to validate the OTP. What is recommended in this case? NPS (RADIUS server) in DMZ or NPS in internal network?