Deployment Strategy

I’m thinking about added s2s. My original thought was:

internet <—>DMZ (connection manager) <—> Lan (openfire). Our security policy states that we must have any external facing servers on the dmz.

I was hoping I could use connection manager to proxy connections, but it doesn’t look like it has s2s support

Since it authenticates against AD and is primarily used internally I don’t want to put it on the DMZ. How does everyone handle this?