SharePoint Dev Center >
Configuring an Extranet Environment

Answered Configuring an Extranet Environment

  • Monday, April 16, 2012 5:28 PM
     
     
    Sign In to Vote
    0

    Hello:

    I am installing SharePoint 2010 for an Extranet environment.  In this scenario the SQL server is a member of the corporate domain but the WFE/APP servers are not.  Based on this article Microsoft labels this as "Server farm is split between the perimeter network and the corporate network".

    Since I do not require Windows authentication I plan to configure the environment using SQL Server authentication.  Which means no trust is required between the domains.

    I am unclear though as to whether or not I need to have a Domain Controller in the DMZ for the WFE/App servers.  Does anyone know whether or not the second DC is required, or is there some way around this?

    Thanks!

    Jason

    Determination conquers all things.

     

All Replies

  • Monday, April 16, 2012 5:43 PM
    Moderator
     
     Answered
    Sign In to Vote
    1

    If you have more than one SharePoint server in the farm, you'll need an Active Directory domain.

    SQL auth is also not preferred as the username/password are kept in the clear in SQL server memory.

    http://sharepoint.nauplius.net

     
  • Monday, April 16, 2012 6:17 PM
     
     
    Sign In to Vote
    0

    If I read into that then, are you saying local accounts can be used if there is only one WFE/App server?  If I choose to expand to a multi-server farm is there a path for that?

    Determination conquers all things.

     
  • Monday, April 16, 2012 6:37 PM
    Moderator
     
     Answered
    Sign In to Vote
    0
    Correct, if you only had a single SharePoint Server, you can use Local Accounts.  You can change most accounts via Central Administration -> Security.  You can change the farm admin account via http://technet.microsoft.com/en-us/library/cc262150(v=office.12).aspx.

    http://sharepoint.nauplius.net

     
  • Monday, April 16, 2012 6:39 PM
     
     Answered
    Sign In to Vote
    0

    Hi,

    If you look into the essential accounts of SharePoint 2010 in technet @

    http://technet.microsoft.com/en-us/library/ee662513.aspx

    You will see besides the SQL Account, most other accounts (most importantly Setup and Farm) shoud be domain account. But your question goes further. If I understand correctly, you are asking can WFE + App be a part of domain1.com and the database server be a part of domain2.com.

    Common scenario for SharePoint is to have database and all other server farms in the same domain although they may reside in different zones. For the extranet scenarios, Forms Based Authentication is a commom solution.

    Additional security can be provided by using UAG/ TMG.

    Thanks, Soumya | MCITP, SharePoint 2010