Maybe reverse proxy the web access port to the sharepoint
server running on the internal network?
Either way, put some form of third party auth mechanism
(secureID for instance) in front of the Windows server and the internet so that
only authorized users actually get to submit Windows creds to the server or else
you have a great mechanism for people to lock your internal IDs
out.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Group, Russ
Sent: Tuesday, September 12, 2006 10:45 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Sharepoint in the DMZ
Hi all
I have a consultant that wants to put Sharepoint into our DMZ. Here is what he is proposing to do:
- Create a child domain and put the Sharepoint computer account in the child domain
- Put Sharepoint server in our DMZ.
- Open up the same ports for Sharepoint that we would open for Outlook Web Access
- Also open port 1433 for SQL
Since I don’t know much about Sharepoint, I was hoping someone would be to let me know if this has been done in the past and if it's safe.
Thank you
Russ
