Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

WSS in a DMZ

  Asked By: Meagan    Date: Oct 27    Category: Sharepoint    Views: 1038

The trading department within the company I work for have come to me
with a requirement to share documents with external trading partners.

I believe Windows Sharepoint Services will meet the department
requirements however I would like to outline the scenario I envisage
here and ask you to outline any flaws in the scenario or any areas I
have not considered.

The department wants to share images and MS Office documents with an
external third party, or third parties.

The trading departments employees with have read/write permission on the
WSS site whereas external trading partners will only have read access.

I am proposing that we place a Windows 2003 Server with WSS and WMSDE in
our DMZ. The third parties would authenticate onto our domain and
Integrated Windows Authentication will be used to access the WSS site -
Anonymous access in IIS will be disabled.

I found the following quotation however - "Integrated Windows
Authentication cannot be performed through a proxy server firewall" -
can someone please elaborate on this for me? What security options are
available to me in the DMZ bearing in mind that the external parties
will be authenticated onto the company domain?

At the moment there is only a requirement to share with 1 trading
partner although there may be an additional 1 in the near future. I
believe that up to 10 large WSS sites is possible with WMSDE and this is
more than enough for our requirements in the foreseeable future. I
believe that we can migrate to SQL Server 2000 anyway if WMSDE is
restrictive in the future.

Is there a site size limit with WMSDE?

Also, in order to ensure that one trading partners documents are not
available to the other trading partners, I am proposing that we create a
WSS site for each partner. Each site should be available on a different
port (IIS Virtual Server?) so that we can limit a trading partner's
access to that particular port/virtual server. In the same way we need
to be able to limit access to the Administrative Web Site. Is this



3 Answers Found

Answer #1    Answered By: Suresh Chindarkar     Answered On: Oct 27

Everything seems fine except the network authentication for external  users. Give
the read  only access  to the anonymous users so that all the external users can
view the information and for employess can have NTLM .
Moreover I already had this scenario  in my comapny and always had the pain of
adding the external usrs in the system.

Answer #2    Answered By: Varun Mehta     Answered On: Oct 27

I was going to disable anonymous access  in IIS - is this not possible?

Answer #3    Answered By: Junior Jarvis     Answered On: Oct 27

Yes, it is possible to diable anonymous users. The "best practice" setup for
extranets is to use SSL and HTTP Basic authentication for external  users.

Didn't find what you were looking for? Find more on WSS in a DMZ Or get search suggestion and latest updates.