Application team: "Let's place the service on the DMZ server, it won't need access to LAN resources"

Application team a few days later: "So, we need access to: the production TFS server, the production Domain Controllers, a few development servers and inbound access from the entire LAN"


