MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Publishing MOSS on the inetrnet

  Asked By: Joseph    Date: Dec 20    Category: MOSS    Views: 623

I want to extend my sharepoint implementation on the internet so that employees
can access data outside the network.

1.Which port should i open to the internet ? Can i open any port to the internet
provided my network team gives me the permission?
2. What is the security which i should use . should it be windows authentication
3.I have some sites which i do not want to expose to the internet. so should i
seperate it from the port which i am going to use to expose to the internet

Please point me to any planing or best practicses masterial/resources.



7 Answers Found

Answer #1    Answered By: Leeann Hull     Answered On: Dec 20

Best practice here is to use SSL/HTTPS which would mean opening up port
443. You'll want to use either Basic or Forms-based authentication -
NTLM won't work for outside users. As far as exposing sites, you can
either separate then by port/web app or just use the security  settings
to exclude the specific external users from having access.

Answer #2    Answered By: Vaasu Radhakrishna     Answered On: Dec 20

but i thought we could have windows  authentiation
over the internet.

Answer #3    Answered By: Brinda Bca     Answered On: Dec 20

You can use NTLM over the internet, but make sure you have HTTP1.1 turn on in
Internet Explorer Advanced options. Otherwise, proxy servers eat the auth

But I haven't seen NTLM as super reliable over
the internet. Additionally, you still need to HTTPS (imho) for NTLM to secure
the password. While FBA has advantages in speed and allowing you a dedicated
external authentication source, it does not support robust client integration.
So, your users could have a sub-optimal experience from office apps.

Lastly, you could always leverage Layer 7 (think SSL) VPN solutions. They are
generally more secure and a very elegant way for remote access. But, you still
have the single authentication source.

Your question isn't an easy one, and really isn't a SharePoint issue, outside of
authentication. I would suggest looking at the IIS web site on
technet.microsoft.com at secure, external solutions. You could also look at
these resources:

Securing Data http://go.microsoft.com/?linkid=8154486

Security, from service accounts to item-level access

Security and Protection http://technet.microsoft.com/library/cc263215.aspx

With SSL and SharePoint Server 2007, you must add an Alternate access  Mapping
for the HTTPS URL. (Central Admin à Operations à Alternate Access mappings, as
seen here:



Answer #4    Answered By: Sheryl Velez     Answered On: Dec 20

NTLM is not Windows authentication mechanism, it is a protocol. You can
use someone's Active Directory account over the Internet, you just can't
use NTLM as the protocol do that. Like Bryan said, use Basic
authentication over SSL/HTTPS or use the built in Forms Based
Authentication and point  it at your AD.

Answer #5    Answered By: Alexandra Lewis     Answered On: Dec 20

Windows Authentication is actually NTLM or Basic in the web world.
Kerberos is an optional add-on to NTLM.

There are 2 main reasons to not use NTLM:

1) In many cases it won't traverse firewalls (both outgoing and
incoming need to support HTTP/1.1 with KeepAlives)

2) The client machine will need to be joined to the same AD domain
(or a trusted domain) as the server

Answer #6    Answered By: Himanta Barthakur     Answered On: Dec 20

I'd like to clear up a few points here on NTLM that have been posted during
the course of this thread. First of all, NTLM (actually NTLMv2 in its
current state) is a proprietary Microsoft Authentication protocol. Kerberos
is a separate authentication means that is more widely used, faster and more
secure than NTLM. NTLM can certainly pass through firewalls, provided the
proper ports have been opened for it. Where it runs into trouble is with
proxy servers, since as has been mentioned, keep-alives must be enabled and
many proxys do not support this.

Didn't find what you were looking for? Find more on Publishing MOSS on the inetrnet Or get search suggestion and latest updates.