We would like to synchronize AD to eDirectory (both ways) through a
firewall. One of the requirements by the network administrators, since
this is a high security zone, is that traffic only is initiated from the
inside of the secure zone. Once the initiation has been done, it's
acceptable that data is sent back from the non-secure zone.

We have AD in the non-secure zone, and eDir in the secure zone.

Is there any way to guarantee that traffic is always initiated from the
secure zone when a synchronization occurs?

Would placing the remote loader for AD on a DC in the non-secure zone,
solve this for example? (E.g.: Does the IDM engine always have to
open a connection to the remote loader SW before the driver shim
can send data, or can the remote loader SW open a connection with the
engine on it's own?)

Toralf Lote