Solved

Sharepoint in a DMZ

Posted on 2010-11-23
8
981 Views
Last Modified: 2012-06-21
i want to configure a WSS 3.0 server to run in my DMZ, people will then be able to connect from the internet to the DMZ.

the sharepoint server in the DMZ will be used to show info from our internal SQL server.
It will also need to display a live page from our internal SQL server

how should i go about creating the DMZ and the sharepoint server.

Currently WSS is configured to use both FBA and AD and works fine in the internal network. i want to keep my network as secure as possible.

we are using server 2003 for sharepoint, 2008 for domain controller and isa 2004 for DMZ
0
Comment
Question by:CaptainGiblets
  • 4
  • 4
8 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 34202534
commonly, it is not recommended to open a port (port forwarding) on the ISA2K4 firewall to allow the WSS3 server access the internal SQL server, as once the WSS3 server is compromised, the access to internal network is exposed as well.

as normally accessing from internal to DMZ is allowed, so a good practice is to publish your SQL data to the DMZ. for example, you may set up another SQL server in DMZ for receiving the published data and providing the "live" data to the WSS3 server.

additionally, the WSS3 and SQL server in DMZ should not be a member of your internal domain.

hope it helps,
bbao
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34203893
how would i go about publishing sql data? would i need a full version of sql? as i only use sql express.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 34204131
i think Publishing and Subscribing data is available for Express versions since 2005...

Replication in SQL Server Express
http://msdn.microsoft.com/en-US/library/ms165700%28v=SQL.90%29.aspx
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34204574
ah reading through the site you cant use sql 2005 express as a distributer or publisher for replication
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34204676
also, with sql replication, is it all or nothing? or can i choose which tables i want to replicate.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 34207056
yes, SQL Server Express functions only as a Subscriber. you need a full version of SQL server inside.

the basic database object for SQL replication is Article, which includes tables, views, stored procedures, and other objects of the source database, so you may choose the tables to replicate for the relevant article.

FYI - Replication Components
http://msdn.microsoft.com/en-US/library/ms165654%28v=SQL.90%29.aspx
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34207078
ok i am downloading the 180 day trail of sql 2008 and if i need to buy it then so be it.

so as a recap i should

Install new domain in the DMZ, install SQL server in DMZ and install WSS in DMZ

block all access to internal network from DMZ and allow the internal SQL server to replicate needed tables to SQL server inside DMZ, use DMZ SQL server to provide data from WSS.

is this correct?
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 500 total points
ID: 34207148
> Install new domain in the DMZ

an AD or NT domain is not a must for servers working in DMZ.

> install SQL server in DMZ and install WSS in DMZ

as the role of Subscriber, SQL Server Express is OK for DMZ, though you do need a full version of SQL Server for your intranet.

> block all access to internal network from DMZ and allow the internal SQL server to replicate needed tables to SQL server inside DMZ

no. block all access from DMZ/Internet to internal network, and allow only SQL traffic on Port 1433 from internal to the DMZ.

> use DMZ SQL server to provide data from WSS.

use DMZ SQL Server to provide data TO WSS from internal SQL.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now