Plan for secure communication within a server farm (Office SharePoint Server)
Updated: April 23, 2009
Applies To: Office SharePoint Server 2007
Topic Last Modified: 2009-04-17
In this article:
Use this article to plan server farm security. This article provides guidance on securing server-to-server communication and client-server communication.
The tasks in the article are appropriate for the following security environments:
Internal IT hosted
External secure collaboration
External anonymous access
If your servers are not inside a physically secure data center where the network eavesdropping threat is considered insignificant, you need to use an encrypted communication channel to protect data sent between servers.
In Microsoft Office SharePoint Server 2007, server-to-server communication within a server farm is extensive. Securing this communication helps ensure that sensitive data is not compromised and also helps protect the servers from malicious attacks or unintentional threats.
The following figure shows several common communication transactions among servers in a farm.
Common communication transactions among servers in a farm include the following:
Configuration changes Front-end Web servers communicate with the configuration database to communicate configuration changes for farm settings.
Change requests User requests to add, delete, modify, or view content within a site are sent directly to the content database.
Search requests Front-end Web servers first communicate with the query server to generate results for search queries. Next, the front-end Web servers communicate with the content database to satisfy user requests for specific documents within the search results.
Indexing The indexing component communicates through a front-end Web server to crawl content in the content databases and build an index.
|In an Office SharePoint Server 2007 environment, search is provided by two roles: query and index. These roles can be installed on different server computers.|
Internet Protocol security (IPsec) and Secure Sockets Layer (SSL) can both be used to help protect communication between servers by encrypting traffic. Each of these methods works well. The choice of which method to use depends on the specific communication channels you are securing and the benefits and tradeoffs that are most appropriate for your organization.
IPsec is generally recommended for protecting the communication channel between two servers and restricting which computers can communicate with one another. For example, you can help protect a database server by establishing a policy that permits requests only from a trusted client computer, such as an application server or a Web server. You can also restrict communication to specific IP protocols and TCP/UDP ports.
The networking requirements and recommendations for a server farm make IPsec a good option because:
All servers are contained on one physical LAN (to improve IPsec performance).
Servers are assigned static IP addresses.
IPsec can also be used between trusted Windows Server 2003 or Windows 2000 Server domains. For example, you can use IPsec to secure communication of a Web server or application server in a perimeter network that connects to a computer running Microsoft SQL Server on an internal network. For more information, see Selecting IPSec Authentication Methods (http://go.microsoft.com/fwlink/?LinkId=76093&clcid=0x409) in the Windows Server 2003 Deployment Guide (http://go.microsoft.com/fwlink/?LinkId=76095&clcid=0x409).
For more information about recommended environments for IPsec, see Determining Your IPSec Needs (http://go.microsoft.com/fwlink/?LinkId=76094&clcid=0x409) in the Windows Server 2003 Deployment Guide (http://go.microsoft.com/fwlink/?LinkId=76095&clcid=0x409).
The general recommendations for using SSL is to use this encryption method when you need granular channel protection for a particular application instead of for all applications and services running on a computer. SSL must be implemented by individual applications. Therefore, you cannot use SSL to encrypt all communications between two hosts.
Additionally, SSL is less flexible than IPsec because it only supports authentication by means of public key certificates. SSL does provide several distinct advantages, however. Most significantly, SSL is supported by a wide variety of servers and client computers, and the maturity of the standard has practically eliminated interoperability problems.
There are several scenarios that make SSL a good option, including the following:
Administration sites The Central Administration site and Shared Services Administration sites can be secured by using SSL.
Content deployment The content deployment process copies files from one site directory on a server within an authoring or staging server farm to a matching site directory on one or more servers within a publishing server farm. In this scenario, IPsec might not be practical if server farms are in different network zones or if there is a high volume of content to deploy or a large number of servers to which to deploy the content. SSL can be used to target secure communication to these specific communication transactions.
Intrafarm Shared Services Providers (SSPs) If child farms are consuming shared services from a parent farm, sensitive data is shared between farms.
Communication to external data sources Several Office SharePoint Server 2007 features rely on connecting to servers that are external to the server farm. In these scenarios, data is shared between specific applications. While you can use IPsec to secure all of the communication among these servers, the network configuration, location of the external servers, and the platform of the external servers might make SSL a better option.
It might not be practical to secure all client-server communication. However, there are several scenarios that justify the extra configuration required to secure communication between client computers and servers within your server farm:
Secure collaboration with partners Partners access and contribute to applications in an extranet environment.
Remote employee access Employees access internal data remotely.
Customers accessing or providing sensitive data Customers log on and provide or gain access to sensitive data. For example, customers might be required to log on to an Internet news site or provide personal information to complete a business transaction.
Basic or forms authentication If you are using either of these methods of authentication, credentials are sent in the clear. At a minimum, secure the client-server communication for the logon page.
SSL is generally recommended to secure communications between users and servers when sensitive information must be secured. SSL can be configured to require server authentication or both server and client authentication.
SSL can decrease the performance of your network. There are several common guidelines that you can use to optimize pages that use SSL. First, use SSL only for pages that require it. This includes pages that contain or capture sensitive data, such as passwords or other personal data. Use SSL only if the following conditions are true:
You want to encrypt the page data.
You want to guarantee that the server to which you send the data is the server that you expect.
For pages where you must use SSL, follow these guidelines:
Make the page size as small as possible.
Avoid using graphics that have large file sizes. If you use graphics, use graphics that have smaller file sizes and resolution.
This topic is included in the following downloadable book for easier reading and printing:
See the full list of available books at Downloadable content for Office SharePoint Server 2007.