Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Make SBS03 Sharepoint avail to Internet 1

Status
Not open for further replies.
dougmbti

dougmbti

IS-IT--Management
Dec 4, 2003
44
US
I have a SBS 2003 Standard network running out of my office at home that is working great. It hosts all my email, intranet site, files, etc. and it all sits behind a firewall. I am now spending more time on the road and would like to take advantage of the Sharepoint services for document management, helpdesk, etc. Sometimes it is a pain to start up the laptop, VPN in, make a change to a document or "to do" list and then fire back down, etc.

Sharepoint works great on the internal network and has all the features that I am looking for. I'd like to make it available while I am out of the office and have some questions/concerns.

1. Is it easy to make it available on the Internet?
2. Can I require a login to access it?
3. Loaded question - Are there any security risks involved?
4. Would anyone recommend this?
5. Is there another way to accomplish the same results - access to Sharepoint site while out of the office?

TIA for any help on this one.

Doug Maurer
BTI
 
Sort by date Sort by votes
Hello,

I have setup an Extranet solution which makes our sharepoint available from the Internet. There are a few different ways you can set it up.

I've tried to answer your questions below:

1. I would recommend that you use a hardened proxy server (such as Microsoft ISA) on a DMZ zone. This will allow you to have your server hosting the sharepoint app., databases on a trusted (internal) network. Look at which describes that kind of setup.

2. There are different ways of doing this dependning on how your domain/network is setup. Either you chose to create accounts that are only local to the sharepoint environment, it might not be so good to actually be able to authenticate users that comes externally with for example your internal Active Directory. I would NOT recommend using a domain memberserver and exposing it to the outside. When the server gets hacked your entire network will be at risk. If you are not able to have a separate domain on the DMZ I would suggest making it a standalone server, but in your case you are using SBS2003 so that is probably not an option if you can't setup another server.

3. There are always risks involved when making a system available from the internet. HTTPS (SSL) is a MUST have, and you will also then need a certificate (issued by a CA such as Verisign). Also planning and getting ALL the information regarding which network ports etc. that you need to open in a firewall is very important. In your case if you would expose your SBS2003 server to the internet (or DMZ zone) all the port you would have to open in the firewall would actually make your firewall obsolote (i.e. it would be as if you did not have a firewall at all).

4. If the setup is done according to all the security recommendations etc, then I have no problems recommending an external sharepoint solution.
The environment I have setup is using a stand alone server on a DMZ zone, running basic authentication over SSL (HTTPS). The only thing hosted on our internal network is the SQL databases and there we are using SQL server authentication and only one open port in the firewall to that specific SQL server. This is not the finest or most secure solution, but since we did not have the possibilities to use a hardened proxy this was the most secure way it could be setup. But I would definately recommend to use a hardened proxy on the DMZ zone.

5. Another way, is to use VPN and if you are not able to build a secure external solution this would be the most secure way of accessing your sharepoint environment from outside the office. I know that it might be a pain having to do the VPN connection etc. etc, but it would cause you even more problems if your entire network gets hacked. It is not a really a question If..it's when.

Regards,
Thomas
 
Upvote 0 Downvote
Thank you very much for all your help. I guess the limitations are with the SBS - everything runs on one machine and you can't take "pieces" like just the Sharepoint and put them on a separate machine.

I'll probably head your advice on the VPN. That is set and works just fine and is the most secure. Still would be really nice to just hop on the Internet from any machine and get access to client docs, information, etc. from the Sharepoint without have to fire up my laptop and VPN in.

Oh well ... such is life.

Thanks again for your help - I still may experiment a little with the other options.

Doug
 
Upvote 0 Downvote
Thanx to Thomas for the most complete post i have seen so far on this topic!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Erichss
  • Locked
  • Question
Sharepoint Column Formatting Assistance
Replies
0
Views
668
Erichss
Erichss
FuzzyCub
  • Locked
  • Question
SharePoint Online Multiple Views on One Page
Replies
0
Views
602
FuzzyCub
FuzzyCub
Howesjaybird
  • Locked
  • Question
Syncing file server to sharepoint
Replies
1
Views
659
James Hauge
James Hauge
BTrees
  • Locked
  • Question
SharePoint Online-Reading/Access Lists-Using SSIS -OData Connection- Error 401 Unauthorized 1
Replies
0
Views
978
BTrees
BTrees
365user
  • Locked
  • Question
Sharepoint Online Tasks List 1
Replies
1
Views
901
Maxwell454
Maxwell454

Part and Inventory Search

Sponsor

Back
Top