locked
What's the most secure way to implement an External Portal RRS feed

  • Question

  • Dear experts, I would like to have your advices regarding the following point: In our company, we have deployed SharePoint Enterprise, created a WebApplication which contains many Site Collections, each for each department Now, we would like to create an external site for our partners and public use. The idea that some of us proposed is the following: • Create a new WebApplication • Create a new domain controller for the external users • Give access to a subset of data stored in databases inside the corporate network The questions I have are: • Is it necessary to create a new domain controller for external users? Or using the same corporate AD doesn’t break the data and corporate network security? • If a new AD has to be deployed, does it mean that we have to deploy a new MOSS 2007 instance for using this new AD for authenticating users? Or a new WebApp is enough? • What’s the difference (in term of security) between creating a new WebApp and a new Site Collection? • I have read about some configurations: edge firewall, back to back and split back to back, but it’s not well explained. If someone has detailed documentation please to share it with me If you have any other information you want to know in order to propose a "great idea" :), please let me know Thanks in advance Nassimos
    Tuesday, March 8, 2011 10:14 AM

Answers

  • In MOSS, a more "normal" approach to extranet access is to use forms based authentication (FBA).  If you search for "FBA MOSS" you will find many, many sources of information.

    The idea here is that you would "extend" your intranet web application to an "extranet" web application. The extranet web application would control access via FBA.

    In my experience it is very rare to use AD to authenticate external users with AD.


    --Paul Galvin, BrightStarr
      Microsoft MVP - SharePoint
      Blogging @ http://www.mstechblogs.com/paul
      Twitter @ http://www.twitter.com/pagalvin
    • Marked as answer by Emir Liu Wednesday, March 16, 2011 3:10 AM
    Tuesday, March 8, 2011 11:56 AM