Trust or ADFS using Sharepoint 2013 in the DMZ

We would like to install a sharepoint server 2013 in the DMZ to work togehter with our clients. Our SP Consultant has provided us 2 Scenarios:

1. Trust between the DC in DMZ and  internal DC in our network

2. Using ADFS

So that internal employees can use their windows login, we don't have to define the user again on the DC in the DMZ

I need information,  Scenario 1 against Scenario 2, I would like to have Scenario 1, but I need argument to convince the security admin at the company.

Thank you

Yi

August 1st, 2013 4:11pm

With scenario 1, keep in mind that there are numerous ports that need to be open between the DCs to make the trust.  Also, SharePoint will need port access to the internal DMZ to leverage People Picker (see http://blogs.technet.com/b/wbaer/archive/2009/01/21/people-picker-port-protocol-requirements.aspx). But you could use IPSec tunnels and only have to punch a single hole through the firewall.

On the other hand, ADFS has a learning curve for end users.  It is a tough concept, as I found, for users to understand that anything the put in the Entity Picker would be resolved.

Free Windows Admin Tool Kit Click here and download it now
August 1st, 2013 4:26pm

I'd considering the 2nd approach to utilize tons of things from AD FS. This would be more secure than the 1st approach especially when you have access from the Internet. The use of AD FS is more flexible in the future when you need to scale out your ap
August 3rd, 2013 5:35am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics