Choose the security environment (Search Server 2008)

Applies To: Microsoft Search Server 2008

Topic Last Modified: 2009-08-04

Use this article to determine the security environment that most closely matches the intended use of Microsoft Search Server 2008.

The security guidance that is recommended for your organization depends on the environment. This article describes the following three security environments:

• Internal team or department

• External secure access

• External anonymous access

Review the description for each environment and determine the one that most closely matches your environment.

Internal team or department

Security guidance for an internal team or department environment in a larger organization focuses on recommending practical security configurations and settings for a team or department that uses Search Server 2008 for search.

This environment is a one-server (for Search Server 2008 Express) or two-server deployment in which the servers are not hosted by the primary IT team within the organization. Although the guidance for this environment requires some IT knowledge, it is not necessary for server farm administrators to be IT specialists.

The guidance for the internal team or department environment relies on the security of the overall network environment. Many of the default settings are intended to be used with this environment.

This environment is not intended for multiple teams. If the team or department requires a larger number of servers, or a higher level of security than is provided by the overall network environment, use the guidance for the internal IT-hosted environment.

If the environment most closely matches the internal team or department environment, go to the article Plan secure configurations for Search Server 2008 features.

External secure access

An external secure access environment is one in which users can query Search Server from a location outside the local network, such as from home or from a customer site. This environment enables external users to search for content quickly, exactly as internal users do. This environment is only practical if external users also have access to the content that Search Server indexes.

Security guidance for this environment focuses on the following:

• Authenticating and securing communication between users and the server farm.

• Protecting database and application servers from direct user interaction and securing the server farm against risks associated with hosting Internet-facing servers.

If the environment most closely matches the external secure access environment, see Plan server farm security (Search Server 2008). The articles in this section describe designing solutions for securing server-to-server communication and client-server communication, and hardening servers for specific roles.

External anonymous access

An external anonymous access environment is one that gives users anonymous access to content and search features from the Internet while protecting the server farm from the risks associated with hosting Internet-facing servers.

Security guidance for this environment focuses on the following:

• Securing communication between servers.

• Ensuring that content caching does not expose sensitive data.

• Protecting database servers from direct user interaction and securing the server farm against risks associated with hosting Internet-facing servers in an anonymous environment.

If the environment most closely matches the external anonymous access environment, see Plan server farm security (Search Server 2008). The articles in this section describe designing solutions for security, securing server-to-server communication and client-server communication, and hardening servers for specific roles.

See Also

Concepts

Plan server farm security (Search Server 2008)
Plan secure configurations for Search Server 2008 features
Plan environment-specific security (Search Server 2008)
Plan for security roles (Search Server 2008)