Link to home
Start Free TrialLog in
Avatar of Centamin-SGM
Centamin-SGM

asked on

Publishing servers best practice

Hi,
I would like to know the security best practices for publishing servers behind Firewalls.
is it recommended for the servers not to be domain members?
is it recommended to have the server installed at the a DMZ zone to be isolated from the internal network, or you can just control access through a server farm firewall?
more security recommendations will be appreciated..

Thanks.
Avatar of Mohammed Khawaja
Mohammed Khawaja
Flag of Canada image

It all depends.  As an example, if you want to allow external users access to your SharePoint then the server will be part of the domain and it will be on the business network behind the firewall (you would open on SSL port).  If you really want to secure in this example then you could install something like a UAG server which will proxy the connections (your users will only connect to the UAG which will make the connection to SharePoint on your behalf).

If you are implementing a public FTP server which does not need domain connectivity then the server should reside in the DMZ.

My recommendation to you would be to implement something like UAG or Citrix NetScaler in the DMZ which will connect to your servers in the inside network.  This way, you could control via ports, application, etc. and would be very elegant solution.
Avatar of Centamin-SGM
Centamin-SGM

ASKER

Thanks Mohammed for your explanation I agree with what you suggested, but what about the recommendation for the listed questions above?

Thanks.
ASKER CERTIFIED SOLUTION
Avatar of asavener
asavener
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I will write you a proper response later on today.
Thanks asavener good comments and great suggestions.
will be accepted as a solution.
thanks Mohammed, waiting your response.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Mohammed.

great answers.