locked
Best Practice for sharePoint 2013 DMZ setup for SharePoint extranet RRS feed

  • Question

  • Hi Team,

    for SharePoint 2013 Extranet , Client is planning to setup SharePoint 2013 farm in DMZ having following specification 

    1. 1 WFE And 1 APP  Server in DMZ Zone 

    2. Database server in corporate Internal Network - (Need to open Ports to communicate with SharePoint servers available in DMZ Zone. Is this best practice ) 

    3. AD will be in corporate Internal Network ( Need to open Ports to authenticate internal users on Internal AD from DMZ. Is this best practice ?) 

    4.Also we are using Extradium for Form based authentication by extending extranet web Apps.( for external Partners access)

    5. In above scenario how will be reverse proxy and firewall need to configure ourside DMZ , any suggestions ?

    please suggest.

    Thanks ,

    Santosh K.


    SharePoint Santosh Kanase

    Thursday, December 1, 2016 12:08 PM

Answers

  • Best practice is to place SharePoint entirely within the Intranet and use a reverse proxy in the DMZ, like WAP + ADFS or mod_ssl, or similar. You'll need to open far too many ports between SharePoint and Domain Controllers which will reduce the security of the environment. A reverse proxy is a single port -- tcp/443.

    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, December 1, 2016 6:42 PM

All replies

  • Best practice is to place SharePoint entirely within the Intranet and use a reverse proxy in the DMZ, like WAP + ADFS or mod_ssl, or similar. You'll need to open far too many ports between SharePoint and Domain Controllers which will reduce the security of the environment. A reverse proxy is a single port -- tcp/443.

    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, December 1, 2016 6:42 PM
  • Thanks Trevor for reply. !

    Regards,

    Santosh Kanase.


    SharePoint Santosh Kanase

    Friday, December 9, 2016 5:35 PM