GIS Architecture Question

Discussion created by azin.sharaf on Jun 28, 2017
Latest reply on Jun 29, 2017 by Scott.Fierro

I have a question regarding the GIS architecture. I have attached our architecture diagram. Let me describe it here.
We have one internal ArcGIS Server site that has been configured with Microsoft Active Directory. Internal users connect to the GIS services via Web Adaptor (internal) based on the allowed AD groups that we have chosen for services.
We have two kinds of external users: Public users and Public-Secured users.
We have installed and configured the Web Adaptor (public) on DMZ server and has been set the security to anonymous so everybody can connect to internal GIS Server and consume the public services.
The problem is the public users who need to use some secured services. We have some specific map services that are being used by external users but they are not accessible by public. What kind of security configuration helps us to resolve the issue?
The easiest way is change the ArcGIS Server security from Win AD group to ArcGIS built -in, but we prefer to stay in Win AD group. Another solution would be building a second ArcGIS Server site on DMZ side that is not an ideal way for us.
Any idea?