locked
SharePoint Intranet and Extranet implementation RRS feed

  • Question

  • Hi,

    we have a sharepoint 2010 environment where we have intranet and extranet setup on same servers. The intranet is just SharePoint OOTB with custom web parts and custom workflows and we have plan to implement future third party sharepoint application on this. and Extranet is a Docuemtn control managemnet project (3rd party) which sits on same sharepoint environment using same sharepoint features which intranet application shares.

    We have already noticed few global features deployed by the 3rd party document management system application which are automatically activated in intranet application and shows some concerns. Our plan is to seperate the environments but would like to know how other people have implemented intranet and extranet farms. In same or different farms.

    Also, what will be the benefits and risks we seperate out the farms.

    Thanks in advance

    Wednesday, October 30, 2013 9:30 PM

Answers

  • See here about sharing service applications between farms:

    http://technet.microsoft.com/en-us/library/ff621100(v=office.14).aspx

    You will probably want another domain or forest for extranet users (or another directory store altogether, like a SQL membership database or AD LDS).

    There are downsides to using ADFS, especially if using InfoPath Forms Services and PowerPivot.  Additionally, Visio Graphics Services, and pre-2012 versions of SQL Reporting Services have compatibility issues with Claims-based Web Applications.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, October 31, 2013 11:02 PM

All replies

  • Both methods are perfectly acceptable depending on business use case.

    If you do have a 2nd farm, that means additional management, but it also means that you can take your internal farm down without impacting the external content, which may be of benefit.

    It will also increase administration costs as well as potential licensing costs (server CALs).

    You may want to investigate sharing Service Applications and federating Search in order to unify some of the back end data on the farms.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, October 30, 2013 9:51 PM
  • Thanks for the response. When you say investigate sharepoint applications, are you talking about in different farms. Because we have configured the associations of service applications as need in the same farm. If we decide to seperate the farms and if we need to share the services across the farms, will that be an issue with SharePoint 2010 ?

    One more question though. We have implemented our Intranet with windows AD access and even the extranet is using the same AD corporte domain but with different OU. I have seen this is not a best practice in couple of blogs and people recommending to maintain other domain. What are your thoughts, is it a big risk to maintain in one AD domain with all in one farm

    Thursday, October 31, 2013 7:08 PM
  • It is possible to connect certain service applications across farms.  I think that is what he is referring to.  Search is one of them.  As far as your second question, that depends on your organization.  I can provide a scenario...how big of a deal would it be if an external user had their account compromised?  Would you want an unknown with an account that access to your corporate AD domain?  SharePoint can connect to multiple domains with at least a one-way trust in place (the domain SharePoint is in trusts the domain users are in) or you can use ADFS without worrying about domain trusts.  IMO, ADFS is the way to go.
    Thursday, October 31, 2013 7:26 PM
  • See here about sharing service applications between farms:

    http://technet.microsoft.com/en-us/library/ff621100(v=office.14).aspx

    You will probably want another domain or forest for extranet users (or another directory store altogether, like a SQL membership database or AD LDS).

    There are downsides to using ADFS, especially if using InfoPath Forms Services and PowerPivot.  Additionally, Visio Graphics Services, and pre-2012 versions of SQL Reporting Services have compatibility issues with Claims-based Web Applications.


    Trevor Seward, MCC

    Follow or contact me at...
      

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, October 31, 2013 11:02 PM
  • Thanks Everybody. Appreciate your responses.

    We are preparing a plan for setting up another farm considering above benefits/over heads. Have to see how that goes.

    Tuesday, November 5, 2013 3:39 PM