Solved

Sharepoint 2007

Posted on 2014-03-12
11
390 Views
Last Modified: 2014-03-20
Hello

Windows Server 2003 which we host SharePoint 2007 for our internal users. I have been asked can we make this also an extranet?

I add in alternate access mapping https://name.com 

no luck

regards,
0
Comment
Question by:jwc1972
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 27

Expert Comment

by:Steve
ID: 39925155
Have you added the appropriate port forward through your firewall/router?
0
 
LVL 37

Assisted Solution

by:bbao
bbao earned 167 total points
ID: 39925397
1. the server must be accessible by IP address from the extranet. that can be done by enabling routing or port forwarding depending on your netowork topology and configuration.

2. the host's FQDN must be also resolvable by extranet or internet DNS servers, thus the external hosts can access your SharePoint server by name.
0
 

Author Comment

by:jwc1972
ID: 39925790
hi,

Is that Port 443? is that done in IIS SharePoint ?
At the moment I only have TCP 80 open
Do I create a new iis site or just add port 443 to sharepoint website?
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 27

Expert Comment

by:Steve
ID: 39926346
if you are using https, then you need to open port 443 through your firewall/router to the sharepoint server's internal IP (usually known as a NAT rule)

If you are using http (which isn't very secure) you can just forward port 80.
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 333 total points
ID: 39927597
Keep all the time in mind the chain....
Clinet connects to firewall, i.e. 443
Firewall has to forward to internal server (either the traffic is just passed through or the firewall initiates a new connetion on http or https....
IIS has to listen on the request of the firewall
Access mapping tells the sharepoint, that it has to take the traffic for that URL.

If you deal with https, you also have to keep certificates in your mind. IIS has a certificate, which has to be resolved by the firewall (if a new connection is made) or by the client (if the firewall passes the traffic through. If the firewall initiates a new connection to sharepoint, the firewall need also a certificate to the outside world which has to be resolved by the client.

In the first step I would first try to work without https to make sure, the traffic passes at all (more easier). In the second step, you secure the connection with SSL / HTTPS with certificates. If it should be Extranet (so for every user) you need also public certificates.
0
 

Author Comment

by:jwc1972
ID: 39937167
Excellent answers,

Is there anything else I would need to do on the central admin site ?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 39940492
In central admin only the access mapping has to be set...
This tells sharepoint, on which request to listen and how to translate the links.

All other settings are native request handling, that means you have to make sure, that the request can reach sharepoint.
0
 

Author Comment

by:jwc1972
ID: 39940526
Thanks Bembi

Another question is this safe? or do we need an isa gateway before we expose SharePoint to the world?

By opening this ports to allow SharePoint to be externally facing, this may reduce the level of security of SharePoint making the data contained in the sites less secure my boss asked? Also If we were to continue to make these SharePoint changes, this is highly likely to fail penetration tests and this would be flagged as a major risk ?
0
 
LVL 35

Accepted Solution

by:
Bembi earned 333 total points
ID: 39940674
A system can only be such safe as the users allow, which publish the content. If you make a Sharepoint available to the public, a client outside your network passes several security stages to get the content.
a.) The firewall
Basicly th firewall opens ports to access sharepoint physically.
Post 80 is unsecure, port 443 (SSL) encrypts communication.
SSL is the minimum level for public communication.
b.) Autehntication
Which user is allowed to communicate? All anonymous users or only member of the company?. Some authentication levels can secure the communication, i.e certificate based communication / authentication to keep out unwanted users. Every cleint gets a certificate from the company and the certificate is checked, before a firewall allows the communication.
c.) NAP (Network Access protection) to setup rules, which clients can connect. You can define policies for client verification.
d.) Logon condition, i.e. only domain user or basic authentication (user / password).
e.) Access permissions in sharepoint.

The basic target is, to allow only authorisized user to reach sharepoint at all. If you allow anonymous user, I would place a public sharepoint into a DMZ and seperate it from inernal content. Even sharepoint is cabable tzo protet the content, it is a question of the responsibility of the users.
A sharepoint for company members can be secured by lot of methods to keep unwanted users out.  

A huge topic by its own, but possible.

ISA is not necessarily needed, ever good firewall has a lot of possibilities to check the clients before they get access to sharepoint. But  huge topic to discuss her, as there are several stages with advantages and disadvantages.
0
 

Author Comment

by:jwc1972
ID: 39941599
I've requested that this question be closed as follows:

Accepted answer: 167 points for Bembi's comment #a39940674
Assisted answer: 167 points for totallytonto's comment #a39926346
Assisted answer: 166 points for Bembi's comment #a39927597
Assisted answer: 0 points for jwc1972's comment #a39940526

for the following reason:

Excellent answer
0
 

Author Closing Comment

by:jwc1972
ID: 39941601
Excellent Answers Very clear answers in what is need to complete this project

cheers
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In case you ever have to remove a faulty web part from a page , add the following to the end of the page url ?contents=1
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question