My company currently has an NT4 network with 40 users. We connect to the internet via a 256k leased line. We run, and host, an intranet to which 800 external users subscribe. The users are all members of our internal domain, access to the intranet site is controlled by username and password. I have a real concern about the safety of this setup.
The time has come to upgrade the network from NT4 to Windows 2003 and implement AD. As part of the upgrade, the intranet site will be redeveloped using Microsoft Sharepoint Portal Server. What I would like to do is take this opportunity to split the extranet site (and associated external users) and our internal network. What I would like is some feedback and/or advice on the best way to do this.
My initial thought is to upgrade the NT4 domain to Windows 2003 AD so that we retain all functionality and the external users are still able to access the intranet site. I'd then create a new domain (inc AD) for the SharePoint server and migrate all the external users to it. Trust relationships would be put in place so that internal users are able to access the intranet site.
The internal domain will have at least 2xDC's, will SharePoint domain also need 2 DC's - my guess is yes.
Is this 2 domain scenario the best way to ensure the enhanced security I require? Would 1 domain and strong GPO's be a better option?
To ease congestion, the SharePoint server will be connected to the internet via a dedicated leased line (or similar) while the internal network will have a separate 2 mbit ADSL connection to take care of Exchange email and web surfing requirements.
Sorry to post such a long question.
Pauly
The time has come to upgrade the network from NT4 to Windows 2003 and implement AD. As part of the upgrade, the intranet site will be redeveloped using Microsoft Sharepoint Portal Server. What I would like to do is take this opportunity to split the extranet site (and associated external users) and our internal network. What I would like is some feedback and/or advice on the best way to do this.
My initial thought is to upgrade the NT4 domain to Windows 2003 AD so that we retain all functionality and the external users are still able to access the intranet site. I'd then create a new domain (inc AD) for the SharePoint server and migrate all the external users to it. Trust relationships would be put in place so that internal users are able to access the intranet site.
The internal domain will have at least 2xDC's, will SharePoint domain also need 2 DC's - my guess is yes.
Is this 2 domain scenario the best way to ensure the enhanced security I require? Would 1 domain and strong GPO's be a better option?
To ease congestion, the SharePoint server will be connected to the internet via a dedicated leased line (or similar) while the internal network will have a separate 2 mbit ADSL connection to take care of Exchange email and web surfing requirements.
Sorry to post such a long question.
Pauly
