Intranet to Extranet RRS feed

  • Question

  • We are currently reviewing what is required for extending our web applications to the Extranet zone so that our users can access it without having to connect to the VPN and also that third party clients can access information as well that they have permissions to.

    I need to find information from start to finish on how to get this going. I currently have a 4 server farm in a virtual environment. SQL Server, APplication Server, Index Server and Web Server. I have been googling and I have found how to extend the web apps and also different possibilities of firewalls but what I need is some kind of step to step guide for the non technical! I am currently researcing it and I will have help down the line from an infrastructure professional but for now, I need to gather the options. Can anyone point me in the right direction?



    Friday, September 28, 2012 12:59 PM


  • Step-by-step details may be difficult without knowing your environment.

    The high-level technical process is to extend the web application into the Extranet zone and then direct traffic to your web front end server(s). This part is the tricky part. What type of network devices are you using and can you do this?

    Usually a reverse proxy such as Forefront UAG/TMG or ISA Server (or a third party product) is recommended instead of exposing your farm directly to the Internet and these are also usually deployed for the entire organization for other purposes (Outlook Web Access, UAG Portal) and can publish SharePoint externally (see the SharePoint Publishing Solution Guide) along with handling authentication and act as the SSL enpoint.

    Oh right, do you need to use SSL? If so (likely), you will need to purchase and install an SSL certificate from a trusted authority (or generate your own if you have your own certification authority that your end users trust, which is unlikely). How this is done depends on where your SSL endpoint is (network device/reverse proxy, WFE server)

    That's more or less the technical side. There are licensing implications as well. Each of your external users will require a SharePoint, Windows, and SQL Server user CAL (unless you are using SQL per-processor licensing) so they can access SharePoint. 

    Jason Warren
    Infrastructure Architect

    Friday, September 28, 2012 8:21 PM