Solved

Publishing SharePoint 2013 in DMZ

Posted on 2016-08-14
18
169 Views
Last Modified: 2016-08-15
Dear Experts,

what is the best option to publish the SharePoint 2013 in DMZ. Please advice

Thanks
0
Comment
Question by:tabreed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
18 Comments
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41755902
At this moment there are a gazillion answers. Can you focus the questions, explain what you want to do and what you have to work with. What are the resources available and what are the limitations and expectations.

Thanks
0
 

Author Comment

by:tabreed
ID: 41755927
we would like to publish our SharePoint 2013 portal on internet
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41755930
Is this on premise of SharePoint 365?
If this is on premise, do you have the infrastructure in place, do you have a DMZ?
If this is on premise, do you have a multiple tier farm, or a single server farm?
What type of access do you expect to have for the portal? Anonymous access? Users with accounts in your AD domain? Other types of users?

Generally, you will have your web front end available to the outside world, hopefully protected by a firewall. You SQL server should be in the protected internal network as well as the SharePoint app server.

What else can you say to describe your plans?
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 

Author Comment

by:tabreed
ID: 41755944
it is on Premise and we do have DMZ in place. we have signal Farm with AD domain access.

at the monument our SharePoint servers are hosted in internal network (2 WEB front end, 2 APP and 2 DB ) . now we are paling to publish SharePoint on internet to have our users to access out side office
0
 
LVL 19

Assisted Solution

by:Walter Curtis
Walter Curtis earned 500 total points
ID: 41756275
Good information.

You can place your WFE servers in the perimeter zone. They should be able to stay in the same AD domain, however it is possible to have the WFE servers in a different DMZ based AD domain. If you need to do that, mention it and I add some information about how to do that.

Not sure if the users will have ad accounts or not, but if they do, you can publish the WFE servers in the DMZ, and set your firewall to allow windows authenticate. If by users you are referring to users without AD accounts, you will need some type of authentication providers. Be carfeul and do not enable anonymous access since from what you note above there should only be named users accessing the system.

In this scenario, there may be additional license required. You should check on that before you make SharePoint available via public network, (internet.)  

If you have not considered this, maybe use a VPN setup to allow your internal a way to access SharePoint without having to go the internet access direction.

Hope that helps...
0
 

Author Comment

by:tabreed
ID: 41756376
Thanks, I will be planning to publish the SharePoint by using TMG or WAP and it is only for AD users. Please advice.

Thanks
0
 
LVL 19

Accepted Solution

by:
Walter Curtis earned 500 total points
ID: 41756641
That is a good way to move forward. Microsoft has some very good information. Here is the URL:

https://technet.microsoft.com/en-us/library/dn280944.aspx

Keep in mind, in today's hacker wild world, nothing is safe, so even using a "secure" system could be risky.

Best of luck to you...
0
 

Author Comment

by:tabreed
ID: 41756920
WAP  is required additional configuration like ADFS  & MFA. instead of WAP can I go with TMG. Please advice.

Thanks
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41756961
Yes,  you can use TMG, but Microsoft is phasing it out soon. You may need to check the Microsoft web site for more details.
0
 

Author Comment

by:tabreed
ID: 41756974
thanks, can you please provide me the URL.

thanks
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41756981
0
 

Author Comment

by:tabreed
ID: 41756988
Thank you so much, lastly please provide me the  step by step implementation steps for TMG.

Thanks
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41756998
This process is too involved and depends on your environment so much that is it not possible to give a step by step in a forum such as this. Microsoft is going to be your best resource for such detailed instructions. I search at the Microsoft TechNet web site would be your first step. Also, often forgotten, but the help files that ship with the product are the best resource.

Good luck...
0
 

Author Comment

by:tabreed
ID: 41757011
Thanks, I can publish using TMG without any issues  am I right.

Thanks
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41757015
To be honest, that can not be answered because an environment is not something that can be described in just a few lines. You will need to dive very deeply in to your environment as well as what TMG has to offer and how to use it in your environment.
0
 

Author Comment

by:tabreed
ID: 41757017
but TMG is capable for this ?
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41757023
Yes
0
 
LVL 19

Expert Comment

by:Walter Curtis
ID: 41757034
Thanks
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pimping Sharepoint 2007 without Server-Side Code Part 1 One of my biggest frustrations with Sharepoint 2007 in the corporate world is that while good-intentioned managers lock down the more interesting capabilities of Sharepoint programming in…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question