Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sharepoint in a DMZ

Posted on 2010-11-23
8
Medium Priority
?
1,011 Views
Last Modified: 2012-06-21
i want to configure a WSS 3.0 server to run in my DMZ, people will then be able to connect from the internet to the DMZ.

the sharepoint server in the DMZ will be used to show info from our internal SQL server.
It will also need to display a live page from our internal SQL server

how should i go about creating the DMZ and the sharepoint server.

Currently WSS is configured to use both FBA and AD and works fine in the internal network. i want to keep my network as secure as possible.

we are using server 2003 for sharepoint, 2008 for domain controller and isa 2004 for DMZ
0
Comment
Question by:CaptainGiblets
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 34202534
commonly, it is not recommended to open a port (port forwarding) on the ISA2K4 firewall to allow the WSS3 server access the internal SQL server, as once the WSS3 server is compromised, the access to internal network is exposed as well.

as normally accessing from internal to DMZ is allowed, so a good practice is to publish your SQL data to the DMZ. for example, you may set up another SQL server in DMZ for receiving the published data and providing the "live" data to the WSS3 server.

additionally, the WSS3 and SQL server in DMZ should not be a member of your internal domain.

hope it helps,
bbao
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34203893
how would i go about publishing sql data? would i need a full version of sql? as i only use sql express.
0
 
LVL 37

Expert Comment

by:bbao
ID: 34204131
i think Publishing and Subscribing data is available for Express versions since 2005...

Replication in SQL Server Express
http://msdn.microsoft.com/en-US/library/ms165700%28v=SQL.90%29.aspx
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34204574
ah reading through the site you cant use sql 2005 express as a distributer or publisher for replication
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34204676
also, with sql replication, is it all or nothing? or can i choose which tables i want to replicate.
0
 
LVL 37

Expert Comment

by:bbao
ID: 34207056
yes, SQL Server Express functions only as a Subscriber. you need a full version of SQL server inside.

the basic database object for SQL replication is Article, which includes tables, views, stored procedures, and other objects of the source database, so you may choose the tables to replicate for the relevant article.

FYI - Replication Components
http://msdn.microsoft.com/en-US/library/ms165654%28v=SQL.90%29.aspx
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34207078
ok i am downloading the 180 day trail of sql 2008 and if i need to buy it then so be it.

so as a recap i should

Install new domain in the DMZ, install SQL server in DMZ and install WSS in DMZ

block all access to internal network from DMZ and allow the internal SQL server to replicate needed tables to SQL server inside DMZ, use DMZ SQL server to provide data from WSS.

is this correct?
0
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 34207148
> Install new domain in the DMZ

an AD or NT domain is not a must for servers working in DMZ.

> install SQL server in DMZ and install WSS in DMZ

as the role of Subscriber, SQL Server Express is OK for DMZ, though you do need a full version of SQL Server for your intranet.

> block all access to internal network from DMZ and allow the internal SQL server to replicate needed tables to SQL server inside DMZ

no. block all access from DMZ/Internet to internal network, and allow only SQL traffic on Port 1433 from internal to the DMZ.

> use DMZ SQL server to provide data from WSS.

use DMZ SQL Server to provide data TO WSS from internal SQL.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When using a search centre, I'm going to show you how to configure Sharepoint's search to only return results from the current site collection. Very useful when using Office 365 with multiple site collections.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question