This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Best Practice for sharePoint 2013 DMZ setup for SharePoint extranet

Question
0

Sign in to vote

Hi Team,

for SharePoint 2013 Extranet , Client is planning to setup SharePoint 2013 farm in DMZ having following specification

1. 1 WFE And 1 APP Server in DMZ Zone

2. Database server in corporate Internal Network - (Need to open Ports to communicate with SharePoint servers available in DMZ Zone. Is this best practice )

3. AD will be in corporate Internal Network ( Need to open Ports to authenticate internal users on Internal AD from DMZ. Is this best practice ?)

4.Also we are using Extradium for Form based authentication by extending extranet web Apps.( for external Partners access)

5. In above scenario how will be reverse proxy and firewall need to configure ourside DMZ , any suggestions ?

please suggest.

Thanks ,

Santosh K.

SharePoint Santosh Kanase

Thursday, December 1, 2016 12:08 PM

Answers

0

Sign in to vote
Best practice is to place SharePoint entirely within the Intranet and use a reverse proxy in the DMZ, like WAP + ADFS or mod_ssl, or similar. You'll need to open far too many ports between SharePoint and Domain Controllers which will reduce the security of the environment. A reverse proxy is a single port -- tcp/443.
Trevor Seward

Office Servers and Services MVP

Author, Deploying SharePoint 2016

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
- Proposed as answer by Linda ZLMicrosoft contingent staff Friday, December 9, 2016 6:55 AM
- Marked as answer by santosh kanase Friday, December 9, 2016 5:35 PM
Thursday, December 1, 2016 6:42 PM

All replies

0

Sign in to vote
Best practice is to place SharePoint entirely within the Intranet and use a reverse proxy in the DMZ, like WAP + ADFS or mod_ssl, or similar. You'll need to open far too many ports between SharePoint and Domain Controllers which will reduce the security of the environment. A reverse proxy is a single port -- tcp/443.
Trevor Seward

Office Servers and Services MVP

Author, Deploying SharePoint 2016

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
- Proposed as answer by Linda ZLMicrosoft contingent staff Friday, December 9, 2016 6:55 AM
- Marked as answer by santosh kanase Friday, December 9, 2016 5:35 PM
Thursday, December 1, 2016 6:42 PM
0

Sign in to vote

Thanks Trevor for reply. !

Regards,

Santosh Kanase.
SharePoint Santosh Kanase

Friday, December 9, 2016 5:35 PM