none
SP Server 2013 site collection on extranet

    Question

  • Hi all,

    I browsed the similar topics on the forum but could not find a concise answer.

    My environment:

    1. SP Server 2013 (WFE and APP on one box) + SQL 2012 Enterprise server.

    2. Internal web application 'Portal' via SSL and numerous path-based site collections e.g. https://intranet.ourcompany.com/team_site1

    Every site collection is hosted in its dedicated content db.

    3. We use standard SP2013 claims authentication- Windows integrated NTML

    3. Wildcard SSL certificate available for "*.ourcompany.com"

    4. A domain name ‘ourcompany.com’ is a purchased domain name used on the internet

    The requirement:

    to provide a shared space on SharePoint for our remote sales employees so that they can log in to that space from wherever they are connected to the internet.

    Those remote employees are members of our Active Directory. We do not want to give access to anybody outside the company. This very same space will be accessed internally by another group of company users too, inside our network.

    We want remote users to log-in easily and internal users inside the network to log-in automatically with their domain credentials as it is now with any other site collections.

    Ideas:

    Now, I thought to create a Host-named site collection: ‘https://sales.ourcompany.com’ in a 'Portal' web application and store it in its dedicated content db.

    [I do not want to create new web applications as our ‘WFE-APP’ server is running high on memory. Scaling out the farm is on the agenda for us anyway.]

    Then I thought to extend a 'Portal' web app to an 'Extranet' zone, give it a separate application pool and provide the URL of a host-named site collection I created earlier.

    Question 1:

    Are my ideas of having a host-named site collection as an extranet site on an existing internal web application acceptable? Is such an approach good for the company security and performance-wise? What could be other approaches relevant to our scenario/topology?

    Question 2:

    What authentication should I use with either my or your recommended approach? If you could point me to a step-by-step guide on how I can configure it- it would be brilliant!

    Thanks a lot!

    Thursday, September 25, 2014 1:47 PM

Answers

  • Are my ideas of having a host-named site collection as an extranet site on an existing internal web application acceptable?

    Inder: Yes, It is ok to create host name extended web application

    Is such an approach good for the company security and performance-wise?

    Inder : Should not cause performance. but as this is exposed to internet. security is a problem

    What could be other approaches relevant to our scenario/topology?

    If you are not using same content then you can even create a new host header site collection using powershell which will be under same web application but will be using different database\content. But both sites will use same authentication mechanism

    http://technet.microsoft.com/en-us/library/cc424952%28v=office.15%29.aspx

    New-SPSite 'http://portal.contoso.com' -HostHeaderWebApplication 'http://<servername>' -Name 'Portal' -Description 'Customer root' -OwnerAlias 'contoso\administrator' -language 1033 -Template 'STS#0'

    Question 2:

    What authentication should I use with either my or your recommended approach? 

    Inder: If you extending the site, use should use 2 different methods. Internal should be NTLM but external should use some multifactor authentication.

    If you could point me to a step-by-step guide on how I can configure it-

    Hope below video should help

    http://channel9.msdn.com/Events/SharePoint-Conference/2014/SPC384

    it would be brilliant!


    If this helped you resolve your issue, please mark it Answered

    Thursday, September 25, 2014 2:05 PM
    Moderator