Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


sharepoint intranet and internet site

Posted on 2009-12-23
Medium Priority
Last Modified: 2013-11-30
Hi Experts,

I currently have two sharepoint farms that I'd like to merge together. one's an internal itnranet that we use for Doc mgmt, BI, and other gadgets. It's a MOSS server.

The other is a WSS 3.0 server that we host off-site and use as a go to DR site.

I'd like to merge these together and host them off of the same platform. Here's my proposed plan:
- add a new webserver to the internal farm
- move my DR site to the farm and host it off of the new server
- move the new server to the DMZ and have it hosted from there
- open ports so the new server can still communicate with the internal platform

anyone got any how to's or best practices on how to accomplish this. Is this method the best way? do i need to add the server to the DMZ or could I open it up internally on specific ports? i've looked around and found some people doing something similar, but have had no joy on best practices yet.

Thanks for the help
Question by:Butterfield_Cayman
  • 3
  • 2
  • 2
  • +1
LVL 13

Accepted Solution

itgroove earned 600 total points
ID: 26117473
Hey there,
There are no technical limitations really to you, doing this.  What you do need to combat though is security and licensing.
re: Security.  You may want to create a separate instance on your SQL Server, with a separate port, etc. so that you have a clear/dividing line between the 'data' for the in-house stuff and the Web stuff.  this means it could have separate backup plans, separate accounts, separate ports, etc. to ensure if one was compromised, the other wouldn't be
re: Licensing. Do you have the Internet Sites license?  Legally, if you are going to expose either the WSS site or the MOSS site to the Internet, each server providing this access needs the Internet Sites License ($$$), but the benefit is it gives you access to all the Enterprise CAL functionality at your fingertips.
But certainly, sharing the same SQL server and having different Web Front-ends is something you could consider.  Or, if Security is not a concern, you could run all from the same farm (but typically, this isn't recommended).
Re: DMZ.  This is another security best practice, to separate internal from external, but again, you need to determine your level of risk and whether that is important to you or not.  Sometimes Security is a hindrence to success, sometimes its just plain necessary.
Have a great holiday!
LVL 51

Expert Comment

by:Ted Bouskill
ID: 26117887
Members of a Sharepoint farm have to be in the same domain so the DMZ won't work.

Why the merge?  Do you want the intranet features to be available on the public site?  If you want to share documents you could avoid the work and simply use Sharepoint Content Deployment Solutions to replicate internal content externally.

Otherwise if you have a firewall between the DMZ and the intranet I'd simply setup another intranet site that it is exposed in a controlled manner through your firewall (preferably a product like ISA) which is what Microsoft recommends.

Author Comment

ID: 26119038
thank you both for the input. some helpful tips.
ITGroove -
licensing won't be an issue

tedbilly -
The primary reason for the merge would be to centralize the site. apart from that, I can't think of a reason but the directive is coming from above. I'm currently discussing the pros and cons between merging them and keeping seperate instances and what would be a our best plan.
if members aren't recognised due to the server being in the DMZ, how do others accomplish this? I'm sure this is something that people have done numerous times before? any idea of MS best practices that I can take a look at?
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

LVL 51

Expert Comment

by:Ted Bouskill
ID: 26121082
If you want to share the features and functionality beyond document sharing the MS recommendation is to keep the farm beyond a firewall and use ISA to expose a specific Sharepoint web application via 'Alternate Access Mapping'
LVL 19

Assisted Solution

MsShadow earned 500 total points
ID: 26137838
Hopping in to the discussion.

Ted, are you sure that members of a SharePoint farm have to be part of the same domain?
If I look at the split back-to-back topology I can see my WFE's and Application Servers being part of a different domain:
There does need to be a trust between the domains for the WFE's to be able to use their domain account to acces the SQL database, but for the rest I thought it was perfectly possible.

Licensing wise you are exposing yourself to a big cost. I suggest you check it with Microsoft, but I'm quite sure that if your SharePoint farm contains content that is not accessible for internet users then you cannot use the Internet License for SharePoint. Which means you "would" need a CAL for all those users. Licensing on SharePoint is a bit of a mess, so make sure that you check your design licensingwise with Microsoft so that you don't have a hidden cost of x client acces licenses.
LVL 51

Assisted Solution

by:Ted Bouskill
Ted Bouskill earned 600 total points
ID: 26142571
MsShadow:  Technically you are correct, I didn't want to cloud the discussion too much.  Creating the 'Trust' relationship can be as dangerous as keeping them all in one domain.  If the server in the DMZ is penetrated it's automatically trusted by the inner domain which can lead to security issues.  Using a product like ISA you tightly control the data going in and out plus you get the caching benefits of the product.

NOTE: I completely agree with MsShadow's point.  Microsoft is beginning to monitor licensing violations closely because their revenue is down and the quickest way to increase revenue is to make sure people are paying for their licenses.
LVL 19

Expert Comment

ID: 26145288
Ok Ted, thanks for the acknowledgement, I proposed this to a customer recently and was 100% sure it was possible, but you saying that it wasn't made me a bit less sure :p We did propose it in combination with ISA though :p

Author Closing Comment

ID: 31669419
thanks for the help fellas. All contributions have helped. I'll be hosting the web front end from the DMZ.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question