I’m thinking about added s2s. My original thought was:
internet <—>DMZ (connection manager) <—> Lan (openfire). Our security policy states that we must have any external facing servers on the dmz.
I was hoping I could use connection manager to proxy connections, but it doesn’t look like it has s2s support
Since it authenticates against AD and is primarily used internally I don’t want to put it on the DMZ. How does everyone handle this?