Solved

Sharepoint in a DMZ

Posted on 2010-11-23
8
987 Views
Last Modified: 2012-06-21
i want to configure a WSS 3.0 server to run in my DMZ, people will then be able to connect from the internet to the DMZ.

the sharepoint server in the DMZ will be used to show info from our internal SQL server.
It will also need to display a live page from our internal SQL server

how should i go about creating the DMZ and the sharepoint server.

Currently WSS is configured to use both FBA and AD and works fine in the internal network. i want to keep my network as secure as possible.

we are using server 2003 for sharepoint, 2008 for domain controller and isa 2004 for DMZ
0
Comment
Question by:CaptainGiblets
  • 4
  • 4
8 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 34202534
commonly, it is not recommended to open a port (port forwarding) on the ISA2K4 firewall to allow the WSS3 server access the internal SQL server, as once the WSS3 server is compromised, the access to internal network is exposed as well.

as normally accessing from internal to DMZ is allowed, so a good practice is to publish your SQL data to the DMZ. for example, you may set up another SQL server in DMZ for receiving the published data and providing the "live" data to the WSS3 server.

additionally, the WSS3 and SQL server in DMZ should not be a member of your internal domain.

hope it helps,
bbao
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34203893
how would i go about publishing sql data? would i need a full version of sql? as i only use sql express.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 34204131
i think Publishing and Subscribing data is available for Express versions since 2005...

Replication in SQL Server Express
http://msdn.microsoft.com/en-US/library/ms165700%28v=SQL.90%29.aspx
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34204574
ah reading through the site you cant use sql 2005 express as a distributer or publisher for replication
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34204676
also, with sql replication, is it all or nothing? or can i choose which tables i want to replicate.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 34207056
yes, SQL Server Express functions only as a Subscriber. you need a full version of SQL server inside.

the basic database object for SQL replication is Article, which includes tables, views, stored procedures, and other objects of the source database, so you may choose the tables to replicate for the relevant article.

FYI - Replication Components
http://msdn.microsoft.com/en-US/library/ms165654%28v=SQL.90%29.aspx
0
 
LVL 6

Author Comment

by:CaptainGiblets
ID: 34207078
ok i am downloading the 180 day trail of sql 2008 and if i need to buy it then so be it.

so as a recap i should

Install new domain in the DMZ, install SQL server in DMZ and install WSS in DMZ

block all access to internal network from DMZ and allow the internal SQL server to replicate needed tables to SQL server inside DMZ, use DMZ SQL server to provide data from WSS.

is this correct?
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 500 total points
ID: 34207148
> Install new domain in the DMZ

an AD or NT domain is not a must for servers working in DMZ.

> install SQL server in DMZ and install WSS in DMZ

as the role of Subscriber, SQL Server Express is OK for DMZ, though you do need a full version of SQL Server for your intranet.

> block all access to internal network from DMZ and allow the internal SQL server to replicate needed tables to SQL server inside DMZ

no. block all access from DMZ/Internet to internal network, and allow only SQL traffic on Port 1433 from internal to the DMZ.

> use DMZ SQL server to provide data from WSS.

use DMZ SQL Server to provide data TO WSS from internal SQL.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Raid 6 or Raid 10? 19 126
How to prioritize LOGONSERVER for clients? 1 30
Undo a Print Server Setup 5 70
How to reduce VM disk capacity without losing OS data ? 10 84
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now