Re: Security on Extranet

Greetings Pichi,

You have two other more secure choices

1. External Partner Collaboration - Replicated
Extranet SPS solution includes web front ends in the DMZ and an External AD
for the partner accounts. The internal users are created as eanbled uses
using MIIS from the internal AD. The SPS SQL database can be moved
internally to further protect the content. Use IPSec between the DMZ SPS and
the internal SQL

2. External Partner Collaboration - Self Contained
Extranet SPS solution is self contained in the DMZ. No internal users are
replicated from the Internal AD. All data web and data sits in the DMZ on
the servers. Communication between web and database can be encrypted with
IPSec and filtered.

/Sarbjit Gill

"Pichi" <Pichi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2AE22BE0-B4C8-4545-8AF5-1C0B832CA78B@xxxxxxxxxxxxxxxx
> Hello,
>
> We are in the planning stages of publishing an extranet using Sharepoint
> Server 2003. We DO NOT have an ISA server. We have a hardware based
> firewall.
>
> Here is our plan so far:
>
> We will install two virtual servers. One for the Intranet and another for
> the Extranet. Each virtual server will have its own NIC where the Intranet
> will sit in the LAN and the Extranet will sit in the DMZ. Authentication
> for
> each virtual server will differ. We will setup Windows Authentication and
> SSL
> for the Extranet and allow Anonymous access for the Intranet. We will
> extent
> the Extranet virtual server to point to the same content and database.
>
> We have this setup and have seen it work.
>
> Our questions are:
>
> 1. Is this setup recommended?
> 2. If so, are there some lockdown procedures?
> 3. If not, what can we do better?
>
> Thanks for all your help,
>
> Pedro
>


.

Relevant Pages

  • Re: SPS2003 in an Extranet
    ... We just setup Sharepoint in the DMZ as an Extranet and use it as an Intranet ... Setup a one way trust between your external DMZ domain and your internal ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Security on Extranet
    ... All I would mention is that you probably don't want to use anonymous access ... your people on the intranet don't have to log in manually. ... > We are in the planning stages of publishing an extranet using Sharepoint ... Each virtual server will have its own NIC where the Intranet ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Configure Extranet and Intranet for SPS
    ... Is there no way we can get around this - buying a second licence. ... Basically what we want is to have an extranet and an intranet. ... Goto Central Admin and click Extend or upgrade virtual server ... Do I need to install SPS on both my machines and then I need to get 2 ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Multiple Document Upload - Explorer View - Concerns
    ... Does this article help? ... My confusion is how to setup an ... > virtual server that will be externally facing needs to use Basic ... > document that we were using: Deploying on an Extranet by Using ISA ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: extranet deployment options
    ... I am using that login in tip from Zandy on my extranet but have an issue ... I am fairly certain that the SQL server does not need to be in the DMZ. ...
    (microsoft.public.sharepoint.portalserver)