Before publishing sharepoint 2010 to internet what should be done

we have following architecture

• one web app
• one wfe
• one database server

all are virtual machines on single server

what are the recommendations and best practice

we do have liecese of fore front protection is it enough or we have to have liecese of symantec protection of sharepoint 2010

need the best approach

Hiya, 

Heres a few considerations:

1: In regards to AV there are a few solutions:

a: Use SharePoint integrated AV only. This will scan your SP files and SP files only. No server scanning.

b: Use Server scanning only. This will scan only files on your server and not files within SharePoint. 

c: Use both.

d: Use none.

Which one you need depends on your usage pattern and users. If you already have AV scanning on your client computers are they are the only ones uploading, you should not need a or c. If you only access your servers from protected computers, you should not need b. IF you do both, there would be no problem in choosing d.

When you want to expose a solution to the internet, there are quite a few things to consider if we take everything into consideration. The network placement of your front end servers should be DMZ, with only specified ports open to and from App server and database server. App server and database server could be placed within your normal LAN. That way your minimizing your attack surface as well as minimizing the routes available if second line of defense is broken.

Now as for SharePoint, you need a FIS license, which is quite a different price tag than server + CAL licensing. 

In terms of making the solution available you need to create a route from a client to your site. That means. DNS record -> Public IP -> Public IP -> Your SharePoint server -> SP site Name(Your web server should be responding on this name)

I presume that your site is internet type of site, meaning your allowing anonymous and not Extranet type of site, in that case your site also needs to have anonymous access enabled.

If you can provide more details about your solution, it would be possible to be more specific in terms of defining the best architecture :)

let me tell you more details so that you can recommend me

we are running sharepoint 2010 server

following are virtual machines

• one web front end
• one application server
• one database server

1. our intention is to publish the portal on internet for the people who are authuntication through the domain
2. some of the users we also wants to give access who are third party company they does not have domain authuntication.
3. i have read about forefront protection but MS will stop supporting by end of dec 2015.

keeping in mind that we are planning to upgrade the envoirnment to sharepoint 2013

need recommended approach/steps for antivirus and publishing steps

i hope this clearify

Hiya,

getting closer :)

1: It is still recommended to use some sort of authentication gateway in front of your solution. This is a precaution as these gateways are purpose built to prevent flooding, DoS etc. Currently MS only offers are TMG, which as you say, will end support late 2015 and the UAG. Which is an application portal solution, built on top of IIS and TMG. You might have a look at the UAG product, which will offer you a great deal more than just an authentication gateway. It might also be overkill. As things are now, if you only need authentication gateway, I would still go for the TMG.

2: The most smooth and up to date solution would be to look at federated authentication. However that will require both sides of the federated trust to configure and setup servers and services. When in place however, it can be used for more than just this federation. So if it is the direction the companies would like to go, its a required investment.

3: See 1.

AntiVirus is addressed in the first post and same is publishing. If you have further questions regarding this, please be more specific :)