Solved

Setting up a Sharepoint Portal Server 2003, and wish to create an SECURE Extranet

Posted on 2004-08-24
5
276 Views
Last Modified: 2010-04-19
Currently we have an installation of a Sharepoint Portal Server 2003 on a local machine on the intranet working just fine, what i now wish to do is to publish this site so that it may be viewed as an Extranet but only by people with the right authorization.

What i need to now is
How do i setup a highly secure extranet publishing the information already in the Intranet SPS 2003 ?
0
Comment
Question by:mSchmidt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 11880779
Purchase an SSL Certificate for the external name - this will secure the login information over the Internet. I usually start with a FreeSSL trial certificate as proof of concept before upgrading to a full certificate.

Grant port 443 ONLY through your firewall to the SPS machine.
Disable anonymous browsing.
Diable Digest Authentication so that only basic and integrated are in use. Basic isn't a problem from a security point of view as the SSL is doing the encryption.

Control access either via NTFS or within the web site. I am presuming that you have already secured the web site for internal use - both of these options are suitable depending on your requirements.

If you are getting authentication prompts internally after setting this up - use GP to add the site URL to the trusted sites zone of IE and pass through authentication will then work. You may have to setup a split DNS environment so that the same name works internally and externally.
It will also work for laptops used outside the LAN if the internal and external names are the same.

Simon.
0
 

Author Comment

by:mSchmidt
ID: 11889817
Could i use an ISA server as the outside firewall and SSL client ?

And how would the physical setup look like, would i place on Server outside the Internal network and connect this one directly to the internet and then have let this PC connect to the Internal Server

Or do i not need an Outside server
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11891115
I don't like putting domain members outside - too many holes need to be punched through the firewall to get them to communicate with the domain. If you leave it inside then you only need port 443 to go through.

You could use ISA - that is what Microsoft would like you to do. I haven't done that personally so cannot comment on performance or ease of setup.

Personally if it is a limited number of machines (for example laptop users) then you might also want to consider VPN. Then nothing is exposed to the Internet.

Simon.
0
 

Author Comment

by:mSchmidt
ID: 11891262
So what you recommend is keeping my SPS 2003 server inside the network, not adding anything other than a SSL client to the machine and then allowing port 443 to be routed to the SPS 2003 server, right ?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 11891340
Correct. Using an SSL certificate gives you the security and is only one port open to the Internet.
You will just need to change your firewall to let 443 only to the server.
Users will have to remember that it is https://extranet.domain.com/ or whatever.

If you use split dns you can use the same address internally and externally - which means it will be SSL everywhere and one address for the users to remember.

Simon.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question