Solved

Sharepoint in a DMZ

Posted on 2010-11-23
8
993 Views
Last Modified: 2012-06-21
i want to configure a WSS 3.0 server to run in my DMZ, people will then be able to connect from the internet to the DMZ.

the sharepoint server in the DMZ will be used to show info from our internal SQL server.
It will also need to display a live page from our internal SQL server

how should i go about creating the DMZ and the sharepoint server.

Currently WSS is configured to use both FBA and AD and works fine in the internal network. i want to keep my network as secure as possible.

we are using server 2003 for sharepoint, 2008 for domain controller and isa 2004 for DMZ
0
Comment
Question by:CaptainGiblets
  • 4
  • 4
8 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 34202534
commonly, it is not recommended to open a port (port forwarding) on the ISA2K4 firewall to allow the WSS3 server access the internal SQL server, as once the WSS3 server is compromised, the access to internal network is exposed as well.

as normally accessing from internal to DMZ is allowed, so a good practice is to publish your SQL data to the DMZ. for example, you may set up another SQL server in DMZ for receiving the published data and providing the "live" data to the WSS3 server.

additionally, the WSS3 and SQL server in DMZ should not be a member of your internal domain.

hope it helps,
bbao
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34203893
how would i go about publishing sql data? would i need a full version of sql? as i only use sql express.
0
 
LVL 37

Expert Comment

by:bbao
ID: 34204131
i think Publishing and Subscribing data is available for Express versions since 2005...

Replication in SQL Server Express
http://msdn.microsoft.com/en-US/library/ms165700%28v=SQL.90%29.aspx
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34204574
ah reading through the site you cant use sql 2005 express as a distributer or publisher for replication
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34204676
also, with sql replication, is it all or nothing? or can i choose which tables i want to replicate.
0
 
LVL 37

Expert Comment

by:bbao
ID: 34207056
yes, SQL Server Express functions only as a Subscriber. you need a full version of SQL server inside.

the basic database object for SQL replication is Article, which includes tables, views, stored procedures, and other objects of the source database, so you may choose the tables to replicate for the relevant article.

FYI - Replication Components
http://msdn.microsoft.com/en-US/library/ms165654%28v=SQL.90%29.aspx
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34207078
ok i am downloading the 180 day trail of sql 2008 and if i need to buy it then so be it.

so as a recap i should

Install new domain in the DMZ, install SQL server in DMZ and install WSS in DMZ

block all access to internal network from DMZ and allow the internal SQL server to replicate needed tables to SQL server inside DMZ, use DMZ SQL server to provide data from WSS.

is this correct?
0
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 34207148
> Install new domain in the DMZ

an AD or NT domain is not a must for servers working in DMZ.

> install SQL server in DMZ and install WSS in DMZ

as the role of Subscriber, SQL Server Express is OK for DMZ, though you do need a full version of SQL Server for your intranet.

> block all access to internal network from DMZ and allow the internal SQL server to replicate needed tables to SQL server inside DMZ

no. block all access from DMZ/Internet to internal network, and allow only SQL traffic on Port 1433 from internal to the DMZ.

> use DMZ SQL server to provide data from WSS.

use DMZ SQL Server to provide data TO WSS from internal SQL.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question