Solved

External Access to Share point, what's secure?

Posted on 2010-09-23
4
787 Views
Last Modified: 2016-10-25
Hi Guys,

We have ASA 5540, ISA, WISP, SQL, Netscaler and sharepoint, what's the best secure way to architect this with one AD and single sign on?

ASA has outside, inside "LAN", and DMZ .

AD, WISP, ISA, SQL and Sharepoint are on the LAN side.

Netscaler has one leg on the DMZ and one on LAN

Your help is greatly appreciated!
0
Comment
Question by:smartnet
  • 2
4 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 33752967
Quite straightforward as Sharepoint and SQL are inside as opposed to in the DMZ. You have not mentioned whether ISA is actually installed as the intetrnal firewall or just as a proxy server but I will assume ISA is joined to the internal domain in either case.

This link provides the TechNet article regarding publishing the majority of common applications - including Sharepoint-  securely through ISA 2006.
http://technet.microsoft.com/en-gb/library/bb794854.aspx

In summary though, using the ISA server publishing wizard is the normal, recognised approach using https bridging and certificates.

Keith
0
 

Author Comment

by:smartnet
ID: 33755541
I think ISA is working as a proxy server rather than a firewall, do you recommend putting it in the DMZ, if so what about authentication??
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33756400
The recommendation is always to use ISA or FTMG as a firewall/proxy rather than just a proxy and to have ISA or FTMG as a member of the domain.

if ISA/FTMG only has one nic then it can ONLY be a proxy server.

You can use the LDAP connection options though in the general confiuration if you decide to install ISA solely as a proxy server in the DMZ.
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 33761396
It is much better for isa to be a member of the domain, if not you can't really have true sso as kerberos delegation is not possible... That would be the optimal way to publish a web page.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question