Solved

Sharepoint 2007

Posted on 2014-03-12
11
386 Views
Last Modified: 2014-03-20
Hello

Windows Server 2003 which we host SharePoint 2007 for our internal users. I have been asked can we make this also an extranet?

I add in alternate access mapping https://name.com 

no luck

regards,
0
Comment
Question by:jwc1972
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 27

Expert Comment

by:Steve
ID: 39925155
Have you added the appropriate port forward through your firewall/router?
0
 
LVL 37

Assisted Solution

by:bbao
bbao earned 167 total points
ID: 39925397
1. the server must be accessible by IP address from the extranet. that can be done by enabling routing or port forwarding depending on your netowork topology and configuration.

2. the host's FQDN must be also resolvable by extranet or internet DNS servers, thus the external hosts can access your SharePoint server by name.
0
 

Author Comment

by:jwc1972
ID: 39925790
hi,

Is that Port 443? is that done in IIS SharePoint ?
At the moment I only have TCP 80 open
Do I create a new iis site or just add port 443 to sharepoint website?
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 27

Expert Comment

by:Steve
ID: 39926346
if you are using https, then you need to open port 443 through your firewall/router to the sharepoint server's internal IP (usually known as a NAT rule)

If you are using http (which isn't very secure) you can just forward port 80.
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 333 total points
ID: 39927597
Keep all the time in mind the chain....
Clinet connects to firewall, i.e. 443
Firewall has to forward to internal server (either the traffic is just passed through or the firewall initiates a new connetion on http or https....
IIS has to listen on the request of the firewall
Access mapping tells the sharepoint, that it has to take the traffic for that URL.

If you deal with https, you also have to keep certificates in your mind. IIS has a certificate, which has to be resolved by the firewall (if a new connection is made) or by the client (if the firewall passes the traffic through. If the firewall initiates a new connection to sharepoint, the firewall need also a certificate to the outside world which has to be resolved by the client.

In the first step I would first try to work without https to make sure, the traffic passes at all (more easier). In the second step, you secure the connection with SSL / HTTPS with certificates. If it should be Extranet (so for every user) you need also public certificates.
0
 

Author Comment

by:jwc1972
ID: 39937167
Excellent answers,

Is there anything else I would need to do on the central admin site ?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 39940492
In central admin only the access mapping has to be set...
This tells sharepoint, on which request to listen and how to translate the links.

All other settings are native request handling, that means you have to make sure, that the request can reach sharepoint.
0
 

Author Comment

by:jwc1972
ID: 39940526
Thanks Bembi

Another question is this safe? or do we need an isa gateway before we expose SharePoint to the world?

By opening this ports to allow SharePoint to be externally facing, this may reduce the level of security of SharePoint making the data contained in the sites less secure my boss asked? Also If we were to continue to make these SharePoint changes, this is highly likely to fail penetration tests and this would be flagged as a major risk ?
0
 
LVL 35

Accepted Solution

by:
Bembi earned 333 total points
ID: 39940674
A system can only be such safe as the users allow, which publish the content. If you make a Sharepoint available to the public, a client outside your network passes several security stages to get the content.
a.) The firewall
Basicly th firewall opens ports to access sharepoint physically.
Post 80 is unsecure, port 443 (SSL) encrypts communication.
SSL is the minimum level for public communication.
b.) Autehntication
Which user is allowed to communicate? All anonymous users or only member of the company?. Some authentication levels can secure the communication, i.e certificate based communication / authentication to keep out unwanted users. Every cleint gets a certificate from the company and the certificate is checked, before a firewall allows the communication.
c.) NAP (Network Access protection) to setup rules, which clients can connect. You can define policies for client verification.
d.) Logon condition, i.e. only domain user or basic authentication (user / password).
e.) Access permissions in sharepoint.

The basic target is, to allow only authorisized user to reach sharepoint at all. If you allow anonymous user, I would place a public sharepoint into a DMZ and seperate it from inernal content. Even sharepoint is cabable tzo protet the content, it is a question of the responsibility of the users.
A sharepoint for company members can be secured by lot of methods to keep unwanted users out.  

A huge topic by its own, but possible.

ISA is not necessarily needed, ever good firewall has a lot of possibilities to check the clients before they get access to sharepoint. But  huge topic to discuss her, as there are several stages with advantages and disadvantages.
0
 

Author Comment

by:jwc1972
ID: 39941599
I've requested that this question be closed as follows:

Accepted answer: 167 points for Bembi's comment #a39940674
Assisted answer: 167 points for totallytonto's comment #a39926346
Assisted answer: 166 points for Bembi's comment #a39927597
Assisted answer: 0 points for jwc1972's comment #a39940526

for the following reason:

Excellent answer
0
 

Author Closing Comment

by:jwc1972
ID: 39941601
Excellent Answers Very clear answers in what is need to complete this project

cheers
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Launching a report from a Sharepoint webpage is slow. 2 54
Icons on a page, side-by-side 6 54
Masterpage unexpected error 7 46
Drive mapping problem 7 55
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
When using a search centre, I'm going to show you how to configure Sharepoint's search to only return results from the current site collection. Very useful when using Office 365 with multiple site collections.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question