mr Hills
asked on
TFS 2010 access from internet
Hi,
We have Team Foundation Server 2010 environment is in place. Which is working fine. We want to open the TFS Web access to internet.
We want to follow the link- http://qa.social.msdn.microsoft.com/Forums/en-US/tfssetup/thread/6bac41e0-6600-4ef2-8006-7095fcf3d84b.
We are testing it on our test environment. The additional apptier is in the DMZ zone. But the data tier is well with in our domain. What are the port we need to open to achieve this.
Situation is very urgent, my job is in the line.
Could anybody please help.
Thanks,
We have Team Foundation Server 2010 environment is in place. Which is working fine. We want to open the TFS Web access to internet.
We want to follow the link- http://qa.social.msdn.microsoft.com/Forums/en-US/tfssetup/thread/6bac41e0-6600-4ef2-8006-7095fcf3d84b.
We are testing it on our test environment. The additional apptier is in the DMZ zone. But the data tier is well with in our domain. What are the port we need to open to achieve this.
Situation is very urgent, my job is in the line.
Could anybody please help.
Thanks,
ASKER
Hi ryanmccauley, Thanks for your response and pointers. I will tell you what we have so far step by step.
1. We were provided with a server in DMZ, where port 80/443 was opened from internet to DMZ. This server has public IP assigned to it by Network team.
2.This DMZ server had port 8080/1433/9191 opened from DMZ to Apptier in intranet.
3. We tried installing/configuring additional apptier on the server, configuration failed. We think that it happened because 1433 is not open from intranet datatier to DMZ.
4. After encountering this failure, we added DMZ server in our domain where our original TFS setup is also there.
5. We logged in to DMZ server with our Domain Admin credentials.
6. Configuration happened successfully. We were able to access the TFS WEB inside the DMZ server.
7.In DMZ server we did port forwarding for port 80 to 8080 using NETSH INTERFACE PORTPROXY .
8. Now with using public IP of DMZ appended with /tfs/web, we are able to access the TFS WEB from internet. It asks for domain credentials for authentication. We can see Work Items and Source Control only.
Please let us know how far we have reached and what else do you recommend. I understand that ssl is important. Any thing else you want add please let us know.
Once again thanks for your help.
Kind Regards.
1. We were provided with a server in DMZ, where port 80/443 was opened from internet to DMZ. This server has public IP assigned to it by Network team.
2.This DMZ server had port 8080/1433/9191 opened from DMZ to Apptier in intranet.
3. We tried installing/configuring additional apptier on the server, configuration failed. We think that it happened because 1433 is not open from intranet datatier to DMZ.
4. After encountering this failure, we added DMZ server in our domain where our original TFS setup is also there.
5. We logged in to DMZ server with our Domain Admin credentials.
6. Configuration happened successfully. We were able to access the TFS WEB inside the DMZ server.
7.In DMZ server we did port forwarding for port 80 to 8080 using NETSH INTERFACE PORTPROXY .
8. Now with using public IP of DMZ appended with /tfs/web, we are able to access the TFS WEB from internet. It asks for domain credentials for authentication. We can see Work Items and Source Control only.
Please let us know how far we have reached and what else do you recommend. I understand that ssl is important. Any thing else you want add please let us know.
Once again thanks for your help.
Kind Regards.
Below Ports are all the TCP ports we needed to configure at some stage for Visual studio to work for Internet access, note that some of them may not be needed depending on your own setup .
Port 80 TCP – Web Server (Reporting Services/SharePoint Services)
Port 443 TCP – Web SSL (Reporting Services/Share Point Services)
Port 1433 TCP – SQL Server Service
Port 1434 TCP – SQL Browser Service
Port 1444 TCP – SQL Server Monitoring
Port 2382 TCP – SQL Analysis Service Redirector
Port 2383 TCP – SQL Server Analysis Service
Port 17102 TCP – SharePoint Central Administration
Port 8080 TCP – Team Foundation Server
Port 8143 TCP – Team Foundation Server (SSL)
Port 8081 TCP – Team Foundation Server Proxy
Port 8144 TCP – Team Foundation Server Proxy (SSL)
Port 9191 TCP – Team Foundation Build Remoting
Port 80 TCP – Web Server (Reporting Services/SharePoint Services)
Port 443 TCP – Web SSL (Reporting Services/Share Point Services)
Port 1433 TCP – SQL Server Service
Port 1434 TCP – SQL Browser Service
Port 1444 TCP – SQL Server Monitoring
Port 2382 TCP – SQL Analysis Service Redirector
Port 2383 TCP – SQL Server Analysis Service
Port 17102 TCP – SharePoint Central Administration
Port 8080 TCP – Team Foundation Server
Port 8143 TCP – Team Foundation Server (SSL)
Port 8081 TCP – Team Foundation Server Proxy
Port 8144 TCP – Team Foundation Server Proxy (SSL)
Port 9191 TCP – Team Foundation Build Remoting
ASKER
Hello Admin3K,
Thanks for all the help so far...
We want to keep our "Additional Apptier Configuration only" to a server which is in DMZ(member of Workgroup).
We have the appropiate ports and firewall settings in place
When we try to provide the SQL server\instance of our TFS datatier(server in a Domain) and select available databases it follows to an error as attached.
In a nutshell:- When we try the "TFS Apptier Only" configuration by the server in same domain all works well,however if we try the same from a server in DMZ the error as said.
Is it possible to have have an Additional Apptier only configuration on a server in DMZ and get it connected to the TFS setup in a domain with minimum (only web access service) exposure?
Please let us know your inputs
Thanks again!!!
TFSwebaccesstest.docx
Thanks for all the help so far...
We want to keep our "Additional Apptier Configuration only" to a server which is in DMZ(member of Workgroup).
We have the appropiate ports and firewall settings in place
When we try to provide the SQL server\instance of our TFS datatier(server in a Domain) and select available databases it follows to an error as attached.
In a nutshell:- When we try the "TFS Apptier Only" configuration by the server in same domain all works well,however if we try the same from a server in DMZ the error as said.
Is it possible to have have an Additional Apptier only configuration on a server in DMZ and get it connected to the TFS setup in a domain with minimum (only web access service) exposure?
Please let us know your inputs
Thanks again!!!
TFSwebaccesstest.docx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can check out how Codeplex is doing their TFS hosting, since they make projects available to clients over the internet. Here's their general layout - pretty small, you'll see:
http://blogs.msdn.com/b/bharry/archive/2010/08/12/some-detail-behind-the-codeplex-move-to-tfs-2010.aspx
If you just want to enable SSL on your TFS server and configure direct port 443 access to the web tier, here's a Microsoft walk-through for that:
http://msdn.microsoft.com/en-us/library/aa833873.aspx
If those don't meet your needs or I've missed something in your requirements, please elaborate.