Sharepoint setup in dmz for external access and internal access

AC_Nova
AC_Nova used Ask the Experts™
on
Hi,

I'm looking to setup sharepoint in the dmz so internal users can access the site internally, also so users can access the sharepoint site externally via a web link.  Is this possible and what is the best way to setup?  I would like users already logged onto the domain to access the site as normal internally without username and password, but when they're at home - to still be able to access the site but using a username and password.  All sites have to be ssl.  

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Ted BouskillSenior Software Developer
Top Expert 2009

Commented:
The best way is setup Sharepoint inside your domain then expose a public site via Microsoft ISA 2006 or higher.

Author

Commented:
So you're saying place a serverpoint server on the internal network and have a web front end in the dmz? want steps would be needed to set this up?  We arent using ISA, we have cisco ASA and nokia checkpoint
Ted BouskillSenior Software Developer
Top Expert 2009

Commented:
No, I'm recommending leaving Sharepoint behind a firewall and use a product similiar to ISA to port forward a specific site from Sharepoint.  If you search http://blogs.msdn.com/Sharepoint/ there is a 3 part series of articles on "What every Administrator needs to know about Alternate Access Mapping" that shows how to expose Sharepoint through a firewall.

All servers in a Sharepoint farm have to be in the same domain and if you have it in the DMZ then you have to setup a trust relationship between the two domains which might be riskier than simple exposing via a secure firewall like ISA or similiar.

Author

Commented:
So what you're suggesting is having Sharepoint on the LAN, With the appropriate forwarding rules.  I don't think my manager will like that...  How would I setup the second option?
Senior Software Developer
Top Expert 2009
Commented:
I don't even know if the second option would work and might be more dangerous.  The firewall between the two separate Sharepoint installations would have to allow the external domain to connect to the internal domain.  As I said that would be risky.

To be honest, if the external site is only for employees I wouldn't event publicly expose it to the internet and would use a secure VPN tunnel instead.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial