Scenario 4: Single Portal Site on Two Virtual Servers (Using ISA Server 2004)

Many organizations want to host the same portal content for both corporate intranet users and for users outside the external corporate firewall.

This section of the paper describes how to configure a SharePoint Portal Server deployment to host the same portal site on two virtual servers (that is, on two Web sites in IIS). In this scenario, one virtual server is used for corporate intranet access, and the other virtual server is used for extranet access. When you have completed this scenario:

  • Users connected to the corporate intranet will be able to access the portal site by using Integrated Windows authentication.
  • Users outside the external corporate firewall will be able to access the portal site by using Basic authentication with SSL.

Before performing the steps that follow, ensure that the following are true:

  • SharePoint Portal Server is installed.
  • There is one portal site hosted on the Default Web Site in IIS using Integrated Windows authentication. The Default Web Site is using TCP port 80.
  • You can access the portal site from the corporate intranet.

The steps in this section are those required to host the same portal site on a new virtual server that is created for users outside of the external corporate firewall/proxy server. To enable the scenario described in this section, you must do the following steps, each of which is explained in detail later in this section:

  1. Verify that the default URL for the portal site is correctly specified.
  2. Verify that the proxy server settings for SharePoint Portal Server search are correctly specified.
  3. Create a new Web site in IIS to host the existing portal site.
  4. Delete the SSL port designation for the Default Web Site in IIS.
  5. Configure the new Web site in IIS to use TCP port 443 for SSL.
  6. Configure Basic authentication on the new Web site in IIS.
  7. Extend the new Web site in IIS to host the existing portal site.
  8. Verify that the new Web site in IIS is correctly hosting the existing portal site.
  9. Install an SSL server certificate on the new Web site in IIS.
  10. Verify that you can access the portal site hosted on the new Web site by using an internal SSL FQDN URL.
  11. Configure IIS to require SSL for the new Web site.
  12. Create a public DNS entry.
  13. Configure the network adapters in the external ISA Server 2004 computer.
  14. Ensure that the appropriate SSL server certificates are installed on the external ISA Server 2004 computer.
  15. Configure the external ISA Server 2004 computer to allow outbound connections to the Internet.
  16. Edit the web.config file.
  17. Configure the external ISA Server 2004 computer to listen for incoming requests on the appropriate IP address.
  18. Create a secure Web server publishing rule on the external ISA Server 2004 computer.
  19. Verify that the secure Web server publishing rule properties are correct.
  20. Configure an alternate access setting that uses the public (external) FQDN URL that users will use to access the portal site.
  21. Verify that you can access the portal site through the Internet.

The following sections include procedures for the major steps above.

The examples in the following table are used in the procedures for this scenario.

Element Example used in this scenario
Extranet domain name Perimeter.Net
Intranet domain name Corp.Net
Front-end Web server internal FQDN ServerName.Perimeter.Net, where ServerName is the NetBIOS computer name of the front-end Web server
Front-end Web server internal FQDN URL (HTTP) http://ServerName.Perimeter.Net, where ServerName is the NetBIOS computer name of the front-end Web server
Front-end Web server internal FQDN URL (SSL) https://ServerName.Perimeter.Net, where ServerName is the NetBIOS computer name of the front-end Web server
Load-balancing internal FQDN Portal.Perimeter.Net (resolves to the load-balancing virtual IP address)
Load-balancing internal FQDN URL (HTTP) http://Portal.Perimeter.Net
Load-balancing internal FQDN URL (SSL) https://Portal.Perimeter.Net
External FQDN ExtranetPortal.Perimeter.Net (resolves to an IP address on the external network adapter on the external ISA Server 2004 computer)
External FQDN URL https://ExtranetPortal.Perimeter.Net
Default Web Site in IIS Hosts existing portal site, TCP port 80, no SSL port
New Web site in IIS BasicWebSite, TCP port 8080, SSL port 443 (will host the existing portal site)
 
 
Applies to:
Deployment Center 2003, SPS Admin 2003