Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Extending an existing Web Application on a different WFE

  Asked By: Katie    Date: Jul 06    Category: Sharepoint    Views: 7653

Bit of an admin/infrastructure bonehead… need some help on something…


· I have a v3 farm that lives within my network (not on the DMZ).

· I have a WSS site (http://internalTrustedNetwork) that uses Windows authentication and is in the Default zone

Can I take another WFE that is in the same farm (same AD, joined to the same farm above), but lives in DMZ, and extend a new Web Application (http://externalDmz) off the existing one above? (I would then configure the external one to use FBA rather than Windows authentication). The WFE’s on my trusted LAN would all have the internal site (http://internalTrustedNetwork) available (via a NLB), and my WFE’s in my DMZ would all have the external site (http://externalDmz). Is this possible?

Just not sure if (1) I can have another server in the same farm in the DMZ and (2) if I can extend an existing site outside the DMZ and (3) if different WFE’s in the same farm can “host” different sites.



4 Answers Found

Answer #1    Answered By: Katy Patton     Answered On: Jul 06

The way I understand it this should work, providing all the ports are set up correctly between your DMZ and your trusted  LAN.

Having multiple URLs serving the same content is fine. That's the problem that Alternate Access URLs try to address, and you have to create a new zone for each AAU.

Answer #2    Answered By: Ana Payne     Answered On: Jul 06

web apps are instantiated on every wfe  in the farm...but,

you can expose web  apps on an indivudual basis using firewalls,routers,etc.

Answer #3    Answered By: Hema Hegde     Answered On: Jul 06

This almost worked in v2 except when using SPS's SSO. Everything else worked. When we called in about getting it to work, it ended up that Microsoft did not support it crossing the DMZ if the DMZ used a different domain than the corporate network  (kind of the point of the DMZ?).

In this case of using WSS only, and based off experience with v2, it should work if your DMZ trusts your corporate domain. However, it may be an "unsupported" solution.

Answer #4    Answered By: Damon Garner     Answered On: Jul 06

I just read this, and I could have been clearer.

You must

1. Extend the existing  web app
2. Add alternate access URL and define zone
3. Modify the newly created IIS virtual server  with desired authent
4. Use firewall rules, etc. to direct traffic to the correct IIS Virtual Server

Didn't find what you were looking for? Find more on Extending an existing Web Application on a different WFE Or get search suggestion and latest updates.