WSS 3.0/Sharepoint2007 Domain Authentication Architecture Query.
I’m currently building a WSS 3.0 system for the use of providing Extranet services to clients. I have read the MS Document: Planning an Extranet Environment for Windows SharePoint Services.
Using this material, i decided i would like to use a simple “split back to back topology” for the system architecture.
This would be mean the SQL server is within the Corporate network and the DC and Web Front end would be in a DMZ.
The system will be based on a following setup.
DMZ server – VMWare ESXi server, hosting the DC and Web Front End, running W2K3 R2 os.
SQL Server – Within the Corp Network, running SQL 2005 x64, 2003 r2 os.
A new child domain within the forest would be created to allow for external authentication.
My question(s) are:
1. Is there a specific reasons, if anyone knows, why the DC has to be within the DMZ ? as shown in the MS documentation. A domain controller in a DMZ is security risk, and whilst this DC would only have a 1 way trust and be hardended and access restricted by the Firewall(s), it would still be a candidate for attack.
2. Has anyone kept the DC within the corporate network and configured the architecture to reflect this and expericenced any issue/problems?
Many Thanks for all responses.
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.