Great Lakes 4x4. The largest offroad forum in the Midwest banner

1 - 12 of 12 Posts

·
Registered
Joined
·
3,107 Posts
Discussion Starter #1
We have used all our external IP addresses from our ISP. Work may want me to install a sharepoint server that is available to the internet. Sharepoint should not be installed on an server with an existing website so i am going to install a new server.

In the past i have just run multiple websites off one server or given servers their own IP addresses but best practices say not to run Sharepoint on a server with an existing website.

Any ideas to securely do this?
 

·
spelling nazi
Joined
·
2,563 Posts
NAT or reverse proxy. You'll have to reclaim one of your external IPs to do this. You might have to combine NAT and reverse proxying, if you're trying to run 2 applications off of the same port. NAT alone should work, as long as the 2 hosts you put behind a single NAT IP aren't running similar applications. Since Sharepoint is HTTP/HTTPS (afaik), I'd choose a mail server or something, as long as it's not running webmail on port 80/443.

Probably not the right site to be asking this though

:bdr2:
 

·
Registered
Joined
·
728 Posts
We have used all our external IP addresses from our ISP. Work may want me to install a sharepoint server that is available to the internet. Sharepoint should not be installed on an server with an existing website so i am going to install a new server.

In the past i have just run multiple websites off one server or given servers their own IP addresses but best practices say not to run Sharepoint on a server with an existing website.

Any ideas to securely do this?
Setup a secure proxy on an existing external server, forwarding to the internal sharepoint web server. There are several Microsoft KB articles that discuss this.
 

·
Registered
Joined
·
312 Posts
Do you have a firewall appliance?
If so you can keep the server internal, then just reroute traffic to it using your firewall appliance in conjunction with external and internal DNS entries.
 

·
Registered
Joined
·
3,107 Posts
Discussion Starter #5
there are a few other IT dorks here, i thought someone might know.

so set up the firewall with a NAT rule to direct traffic.

DNS: sharepoint.work.com points to IP of firewall then firewall looks up NAT rule and directs to correct server?
 

·
Registered
Joined
·
312 Posts
Make sure you give it a couple of hours for your External DNS entries to take effect.
I did this recently and it took a few hours. I thought I had done something wrong.
 

·
spelling nazi
Joined
·
2,563 Posts
Make sure you give it a couple of hours for your External DNS entries to take effect.
I did this recently and it took a few hours. I thought I had done something wrong.
You can preemptively set your TTL low so low-level DNS servers re-check the name quicker. Leave it this way for a while before and after you do the change, just in case you need to back out.

So:
- 24 hrs before initial change, set TTL low so name is refreshed often
- make change
- TTL is low, so it should go into effect near immediately
- If change is unsuccessful due to misconfig or anything, you can back out, and backout takes effect near immediately
- once you're sure that everything works proper, change TTL back to normal
 

·
spelling nazi
Joined
·
2,563 Posts
Another option is, if you don't need Sharepoint (or something else) accessible to the entire outside world, don't make it accessible. Dedicate one of the IPs to a VPN, and force people to use secure connections to get to internal resources... just a thought. Depends on your business needs for Sharepoint.
 
1 - 12 of 12 Posts
Top