• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 830
  • Last Modified:

External Access to Share point, what's secure?

Hi Guys,

We have ASA 5540, ISA, WISP, SQL, Netscaler and sharepoint, what's the best secure way to architect this with one AD and single sign on?

ASA has outside, inside "LAN", and DMZ .

AD, WISP, ISA, SQL and Sharepoint are on the LAN side.

Netscaler has one leg on the DMZ and one on LAN

Your help is greatly appreciated!
0
smartnet
Asked:
smartnet
  • 2
1 Solution
 
Keith AlabasterEnterprise ArchitectCommented:
Quite straightforward as Sharepoint and SQL are inside as opposed to in the DMZ. You have not mentioned whether ISA is actually installed as the intetrnal firewall or just as a proxy server but I will assume ISA is joined to the internal domain in either case.

This link provides the TechNet article regarding publishing the majority of common applications - including Sharepoint-  securely through ISA 2006.
http://technet.microsoft.com/en-gb/library/bb794854.aspx

In summary though, using the ISA server publishing wizard is the normal, recognised approach using https bridging and certificates.

Keith
0
 
smartnetAuthor Commented:
I think ISA is working as a proxy server rather than a firewall, do you recommend putting it in the DMZ, if so what about authentication??
0
 
Keith AlabasterEnterprise ArchitectCommented:
The recommendation is always to use ISA or FTMG as a firewall/proxy rather than just a proxy and to have ISA or FTMG as a member of the domain.

if ISA/FTMG only has one nic then it can ONLY be a proxy server.

You can use the LDAP connection options though in the general confiuration if you decide to install ISA solely as a proxy server in the DMZ.
0
 
simonlimonCommented:
It is much better for isa to be a member of the domain, if not you can't really have true sso as kerberos delegation is not possible... That would be the optimal way to publish a web page.
0
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now