[TJJEEP]

We have used all our external IP addresses from our ISP. Work may want me to install a sharepoint server that is available to the internet. Sharepoint should not be installed on an server with an existing website so i am going to install a new server.

In the past i have just run multiple websites off one server or given servers their own IP addresses but best practices say not to run Sharepoint on a server with an existing website.

Any ideas to securely do this?

 

[schweeb]

NAT or reverse proxy. You'll have to reclaim one of your external IPs to do this. You might have to combine NAT and reverse proxying, if you're trying to run 2 applications off of the same port. NAT alone should work, as long as the 2 hosts you put behind a single NAT IP aren't running similar applications. Since Sharepoint is HTTP/HTTPS (afaik), I'd choose a mail server or something, as long as it's not running webmail on port 80/443.

Probably not the right site to be asking this though

:bdr2:

 

[techman]

We have used all our external IP addresses from our ISP. Work may want me to install a sharepoint server that is available to the internet. Sharepoint should not be installed on an server with an existing website so i am going to install a new server.

In the past i have just run multiple websites off one server or given servers their own IP addresses but best practices say not to run Sharepoint on a server with an existing website.

Any ideas to securely do this?

Setup a secure proxy on an existing external server, forwarding to the internal sharepoint web server. There are several Microsoft KB articles that discuss this.

 

[jonzer12]

Do you have a firewall appliance?
If so you can keep the server internal, then just reroute traffic to it using your firewall appliance in conjunction with external and internal DNS entries.

 

[TJJEEP]

there are a few other IT dorks here, i thought someone might know.

so set up the firewall with a NAT rule to direct traffic.

DNS: sharepoint.work.com points to IP of firewall then firewall looks up NAT rule and directs to correct server?

 

[Hacksaw]

ewww sharepoint

 

[techman]

there are a few other IT dorks here...

Nice. oke: At least you included yourself in that list.

 

[MrGrey]

DNS: sharepoint.work.com points to IP of firewall then firewall looks up NAT rule and directs to correct server?

yes

 

[TJJEEP]

yes

Thank you.

 

[jonzer12]

Make sure you give it a couple of hours for your External DNS entries to take effect.
I did this recently and it took a few hours. I thought I had done something wrong.

 

[schweeb]

Make sure you give it a couple of hours for your External DNS entries to take effect.
I did this recently and it took a few hours. I thought I had done something wrong.

You can preemptively set your TTL low so low-level DNS servers re-check the name quicker. Leave it this way for a while before and after you do the change, just in case you need to back out.

So:
- 24 hrs before initial change, set TTL low so name is refreshed often
- make change
- TTL is low, so it should go into effect near immediately
- If change is unsuccessful due to misconfig or anything, you can back out, and backout takes effect near immediately
- once you're sure that everything works proper, change TTL back to normal

 

[schweeb]

Another option is, if you don't need Sharepoint (or something else) accessible to the entire outside world, don't make it accessible. Dedicate one of the IPs to a VPN, and force people to use secure connections to get to internal resources... just a thought. Depends on your business needs for Sharepoint.