If you want to use SharePoint Portal Server on the Internet, after installing SharePoint Portal Server you must:
1. Configure the proxy setting on the SharePoint Portal Server computer.
2. Create a DNS entry.
3. Create a new Web site in Microsoft Internet Information Services (IIS).
4. Enable discussions on the new Web site.
5. Modify the security settings on the new Web site.
6. Configure the proxy server.
7. Test the extranet from your intranet.
8. Test the extranet from the Internet.
9. Specify the server Uniform Resource Locator (URL) to use in e-mail notifications.
10. Optionally, enable Secure Sockets Layer (SSL).
11. Optionally, specify an internal FQDN for the SharePoint Portal Server computer.
12. Optionally, enable SharePoint Portal Server to crawl sites on the Internet.
13. Optionally, enable SharePoint Portal Server to crawl another SharePoint Portal Server computer across the Internet.
Each section in this paper includes procedures for the major steps above. In addition, the following sections are provided:
· Troubleshooting. Includes information to assist you in diagnosing any configuration problems.
· Appendix A. Includes a table showing features of SharePoint Portal Server available when you deploy the server across an extranet or on the Internet.
· Appendix B. Includes instructions for changing the proxy settings for the SharePoint Portal Server computer at some time after installation.
· Appendix C. Includes best practices for creating Web Parts.
Configure the Proxy Setting on the SharePoint Portal Server Computer
The dashboard site uses a special server-side object called ServerXMLHTTP to make Hypertext Transfer Protocol (HTTP) requests. These requests are necessary to return the correct page to the client. The ServerXMLHTTP object has its own proxy settings. If the dashboard site is behind a proxy server, you must configure the ServerXMLHTTP object with the proxy server name to successfully access data located beyond the intranet. The proxy settings are important when the dashboard site needs to access resources on a different server, such as when you use the Content management page to import new Web Parts.
During the SharePoint Portal Server installation, the setup process automatically configures the proxy settings for ServerXMLHTTP by using the proxy settings specified for the server. If you need to change these proxy settings at some time after installation, or if you want to use SharePoint Portal Server on the Internet without a proxy server, perform the procedure that follows.
Note For more information about changing proxy settings on the server, see “Appendix B – Changing Proxy Server Settings in SharePoint Portal Server.”
To configure the proxy settings
1. On the taskbar, click Start, point to Programs, point to Accessories, and then click Command Prompt.
2. Change to the SharePoint Portal Server \Bin directory. For example, if you installed SharePoint Portal Server in the Installation directory on drive E, change to E:\Installation\Bin. If you installed SharePoint Portal Server on drive D under Program Files\SharePoint Portal Server, change to D:\Program Files\SharePoint Portal Server\Bin.
3. Type proxycfg to see the current proxy settings.
4. To configure the proxy appropriately, type proxycfg –d –p proxy_name:port_number “root_domain_name;
You can separate multiple bypass addresses with a semicolon. A bypass address is an address for which you do not want to use the specified proxy server. In the line above, root_domain_name is the bypass address. The bypass address is in the form *domain, such as *adventure-works.com.
For example, if your proxy server name is Proxy1, the port number is 80, and you want to bypass the proxy server for the SharePoint Portal Server computer in the domain adventure-works.com, type proxycfg –d –p Proxy1:80 “*adventure-works.com;
Important SharePoint Portal Server is not configured to run with direct Internet connectivity out-of–the-box. SharePoint Portal Server is initially configured for use with a proxy server.
The proxy server and bypass list must be set if the virtual directory for the workspace has NTLM enabled. The ServerXMLHTTP object attempts NTLM authentication against the virtual directory for the workspace.
If you are not using a proxy server, run one of the following:
· proxycfg –d –p fake_proxy_name:80 “
This enables NTLM on the computer and on the subnet mask.
You cannot download Web Parts from any site, including the Microsoft Web Part Gallery.
Security issues: This setting has no known security issues since all traffic is local.
· proxycfg –d –p fake_proxy_name:80 “*microsoft.com;
This enables NTLM on the computer and on the subnet mask.
You can download Web Parts from the Microsoft Web Part Gallery. You cannot download Web Parts from any other site.
Security issues: This setting may increase the security vulnerability because traffic going to www.microsoft.com may send NTLM packets. This depends on the Internet Service Provider (ISP) configuration and whether ports are enabled to allow NTLM packets to be sent and received.
· proxycfg –d –p fake_proxy_name:80 “*;
This enables NTLM on the computer and on the subnet mask.
You can download Web Parts from any Web site.
Security issues: NTLM traffic may be sent to any site on the Internet. This depends on the ISP configuration and whether ports are enabled to allow NTLM packets to be sent and received.
· proxycfg –d
This enables NTLM only on the computer. It does not enable NTLM on the subnet mask.
Some SharePoint Portal Server functionality may be disabled.
You must create a new Web site in IIS that uses Basic authentication. NTLM remains enabled on the Default Web Site in IIS. See “Create a New Web Site in IIS” in this paper.
You cannot download Web Parts from any Web site.
Security issues: Running a computer directly on the Internet with no proxy server has inherent security vulnerabilities and is not recommended. However, using Basic authentication with SSL enabled on the new Web site in IIS is the most secure SharePoint Portal Server configuration available when directly on the Internet.
5. Restart the computer.
No comments:
Post a Comment