• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Intranet website accessible from Internet?

T

techfuzz

Diamond Member
We currently mirror a copy of our corporate Intranet to our Extranet, but this has its limitations. To get around some of these limitations, I am investigating what we need to do to make our corporate Intranet directly accessible from the Internet. The only solution I have come up with is to use a sub.domain.com, SSL, and a login form that authenticates with the AD. I would like to consider more options, but I can't seem to think of any. What do you think is the best way to make it accessible from the Internet? How does your company do it (and how well does it work)?

techfuzz
 
Our users have to establish a VPN session in order to access the intranet from outside the firewall. It works fine for us.
 
Originally posted by: JDMnAR1
Our users have to establish a VPN session in order to access the intranet from outside the firewall. It works fine for us.
Click to expand...
Yeah, we already have that option, but some people cannot use VPN because they work at client sites or at home.

techfuzz
 
Originally posted by: techfuzz
Yeah, we already have that option, but some people cannot use VPN because they work at client sites or at home.

techfuzz
Click to expand...

Issue mobile broadband cards so they have access where they are at.

Also, an intranet that is accessible from the internet is a website.
 
Originally posted by: TheKub
Issue mobile broadband cards so they have access where they are at.
Click to expand...
We can't give them mobile broadband cards because of client security restrictions (i.e. federal government). These people only have web access. Any and all access to our systems must be via the web so that means email, ftp, and intranet must be web-enabled for them. We have an extranet setup so they can access our various corporate apps. What we want to do is give them access to our intranet without the limitations that our current solution imposes.

techfuzz
 
Originally posted by: techfuzz
We can't give them mobile broadband cards because of client security restrictions (i.e. federal government). These people only have web access. Any and all access to our systems must be via the web so that means email, ftp, and intranet must be web-enabled for them. We have an extranet setup so they can access our various corporate apps. What we want to do is give them access to our intranet without the limitations that our current solution imposes.

techfuzz
Click to expand...

So you're basically looking at putting your entire intranet in the DMZ then?
 
You can look at how this is done with Microsoft Windows Small Business Server 2003. We use a Proxy Server (Microsoft ISA Server) to "Publish" an internal web site (a SharePoint site in this case). It's published using SSL and requires Authentication to AD.

Since ISA Server is a Proxy, the outside client never actually "sees" the internal server. All communication is done with the ISA Server. ISA reads the inbound requests, makes the same request to the "real" web server, and then passes the result back to the external client, encrypted. ISA filters inbound web requests for known exploits.
 
Originally posted by: TheKub
So you're basically looking at putting your entire intranet in the DMZ then?
Click to expand...
No, just the intranet web server. I'm looking for other ideas to consider that may be easier to implement, more secure, or etc.

Originally posted by: RebateMongerYou can look at how this is done with Microsoft Windows Small Business Server 2003. We use a Proxy Server (Microsoft ISA Server) to "Publish" an internal web site (a SharePoint site in this case). It's published using SSL and requires Authentication to AD.
Click to expand...
This sounds very intriguing and we already have ISA in place for outbound HTTP traffic. Can you point me towards some information about this possible solution. I would very much like to look into it.

Originally posted by: spidey07SSL vpn is made exactly for this purpose.
Click to expand...
I'm not familiar with SSL VPN. How does it work?

techfuzz
 
Does SSL VPN need software loaded onto the client computer for it to work? The Juniper link seems to indicate that it doesn't which would be a good thing for our employees at client locations.

techfuzz
 
Originally posted by: techfuzz
Originally posted by: RebateMongerYou can look at how this is done with Microsoft Windows Small Business Server 2003. We use a Proxy Server (Microsoft ISA Server) to "Publish" an internal web site (a SharePoint site in this case). It's published using SSL and requires Authentication to AD.
Click to expand...
This sounds very intriguing and we already have ISA in place for outbound HTTP traffic. Can you point me towards some information about this possible solution. I would very much like to look into it.
Click to expand...
There's a built-in Wizard for doing this. The ISA Help screens will also help with configuring it, as will http://isaserver.org . Search for "Publishing".
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top