sharepoint intranet and internet site

Posted on 2009-12-23
Last Modified: 2013-11-30
Hi Experts,

I currently have two sharepoint farms that I'd like to merge together. one's an internal itnranet that we use for Doc mgmt, BI, and other gadgets. It's a MOSS server.

The other is a WSS 3.0 server that we host off-site and use as a go to DR site.

I'd like to merge these together and host them off of the same platform. Here's my proposed plan:
- add a new webserver to the internal farm
- move my DR site to the farm and host it off of the new server
- move the new server to the DMZ and have it hosted from there
- open ports so the new server can still communicate with the internal platform

anyone got any how to's or best practices on how to accomplish this. Is this method the best way? do i need to add the server to the DMZ or could I open it up internally on specific ports? i've looked around and found some people doing something similar, but have had no joy on best practices yet.

Thanks for the help
Question by:Butterfield_Cayman
    LVL 13

    Accepted Solution

    Hey there,
    There are no technical limitations really to you, doing this.  What you do need to combat though is security and licensing.
    re: Security.  You may want to create a separate instance on your SQL Server, with a separate port, etc. so that you have a clear/dividing line between the 'data' for the in-house stuff and the Web stuff.  this means it could have separate backup plans, separate accounts, separate ports, etc. to ensure if one was compromised, the other wouldn't be
    re: Licensing. Do you have the Internet Sites license?  Legally, if you are going to expose either the WSS site or the MOSS site to the Internet, each server providing this access needs the Internet Sites License ($$$), but the benefit is it gives you access to all the Enterprise CAL functionality at your fingertips.
    But certainly, sharing the same SQL server and having different Web Front-ends is something you could consider.  Or, if Security is not a concern, you could run all from the same farm (but typically, this isn't recommended).
    Re: DMZ.  This is another security best practice, to separate internal from external, but again, you need to determine your level of risk and whether that is important to you or not.  Sometimes Security is a hindrence to success, sometimes its just plain necessary.
    Have a great holiday!
    LVL 51

    Expert Comment

    Members of a Sharepoint farm have to be in the same domain so the DMZ won't work.

    Why the merge?  Do you want the intranet features to be available on the public site?  If you want to share documents you could avoid the work and simply use Sharepoint Content Deployment Solutions to replicate internal content externally.

    Otherwise if you have a firewall between the DMZ and the intranet I'd simply setup another intranet site that it is exposed in a controlled manner through your firewall (preferably a product like ISA) which is what Microsoft recommends.

    Author Comment

    thank you both for the input. some helpful tips.
    ITGroove -
    licensing won't be an issue

    tedbilly -
    The primary reason for the merge would be to centralize the site. apart from that, I can't think of a reason but the directive is coming from above. I'm currently discussing the pros and cons between merging them and keeping seperate instances and what would be a our best plan.
    if members aren't recognised due to the server being in the DMZ, how do others accomplish this? I'm sure this is something that people have done numerous times before? any idea of MS best practices that I can take a look at?
    LVL 51

    Expert Comment

    If you want to share the features and functionality beyond document sharing the MS recommendation is to keep the farm beyond a firewall and use ISA to expose a specific Sharepoint web application via 'Alternate Access Mapping'
    LVL 19

    Assisted Solution

    Hopping in to the discussion.

    Ted, are you sure that members of a SharePoint farm have to be part of the same domain?
    If I look at the split back-to-back topology I can see my WFE's and Application Servers being part of a different domain:
    There does need to be a trust between the domains for the WFE's to be able to use their domain account to acces the SQL database, but for the rest I thought it was perfectly possible.

    Licensing wise you are exposing yourself to a big cost. I suggest you check it with Microsoft, but I'm quite sure that if your SharePoint farm contains content that is not accessible for internet users then you cannot use the Internet License for SharePoint. Which means you "would" need a CAL for all those users. Licensing on SharePoint is a bit of a mess, so make sure that you check your design licensingwise with Microsoft so that you don't have a hidden cost of x client acces licenses.
    LVL 51

    Assisted Solution

    MsShadow:  Technically you are correct, I didn't want to cloud the discussion too much.  Creating the 'Trust' relationship can be as dangerous as keeping them all in one domain.  If the server in the DMZ is penetrated it's automatically trusted by the inner domain which can lead to security issues.  Using a product like ISA you tightly control the data going in and out plus you get the caching benefits of the product.

    NOTE: I completely agree with MsShadow's point.  Microsoft is beginning to monitor licensing violations closely because their revenue is down and the quickest way to increase revenue is to make sure people are paying for their licenses.
    LVL 19

    Expert Comment

    Ok Ted, thanks for the acknowledgement, I proposed this to a customer recently and was 100% sure it was possible, but you saying that it wasn't made me a bit less sure :p We did propose it in combination with ISA though :p

    Author Closing Comment

    thanks for the help fellas. All contributions have helped. I'll be hosting the web front end from the DMZ.

    Featured Post

    Gigs: Get Your Project Delivered by an Expert

    Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

    Join & Write a Comment

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    These days socially coordinated efforts have turned into a critical requirement for enterprises.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now