Plan security for an external secure search environment (Search Server 2008)
Applies To: Microsoft Search Server 2008
Topic Last Modified: 2009-08-04
Note
Unless otherwise noted, the information in this article applies to both Microsoft Search Server 2008 and Microsoft Search Server 2008 Express.
In this article:
Protect back-end servers
Secure client-server communication
Secure the Central Administration site
Secure design checklist
Plan security hardening for server roles
Plan secure configurations for Search Server 2008 features
Security guidance for an external secure environment is targeted to providing access to search facilities for extranet users. This environment enables external users, such as home workers or partners, to search for content exactly as internal users do. If you set up a Search Server 2008 system for external secure access, ensure that external users also have access to the content that Search Server indexes.
There are several unique recommendations for an external secure search environment. Some of these recommendations might not be practical for all solutions. For example, Search Server 2008 Express only supports a single application server which runs the Index server and Query server roles.
Protect back-end servers
Note
The information in this section does not apply to Microsoft Search Server 2008 Express. It applies to the full version of Microsoft Search Server 2008 only.
External secure search access requires Internet-facing servers. You can limit the exposure to traffic from the Internet by protecting back-end servers:
Protecting database servers At a minimum, place a firewall between front-end Web servers and servers that host databases. Some environments dictate that database servers be hosted in an internal network instead of directly in an extranet environment.
Protect application servers At a minimum, protect application servers by requiring Internet Protocol security (IPsec) to help secure communication between server farm computers. Additionally, you can put application servers behind the firewall used to protect database servers. Or, you can introduce an additional firewall between front-end Web servers and application servers.
Protect the index role The index component communicates through a front-end Web server to crawl content in sites. To protect this communication channel, consider configuring a dedicated front-end Web server for use by the index server. This isolates crawling communication to a front-end Web server that is inaccessible to users. Additionally, configure Internet Information Services (IIS) to restrict SiteData.asmx (the crawler SOAP service) to let only the index server (or other crawlers) to access it. Providing a front-end Web server dedicated to content crawling also improves performance by reducing the load on the main front-end Web servers. This improves the user experience.
Secure client-server communication
Secure search access in an extranet environment relies on secure communication between client computers and the server farm environment. Where appropriate, use Secure Sockets Layer (SSL) to help secure communication between client computers and servers. To increase security, consider the following:
Require certificates on client computers. SSL can be implemented without requiring client certificates. You can improve the security of external search access by requiring certificates on all client computers.
Use IPsec. If client computers support IPsec, you can configure IPsec rules to achieve a greater level or granularity of security compared with SSL.
Secure the Central Administration site
Note
The information in this section does not apply to Microsoft Search Server 2008 Express. It applies to the full version of Microsoft Search Server 2008 only.
Because external users have access to the network zone, it is important to secure the Central Administration site to block external access and secure internal access. The Central Administration site includes the Search Administration pages:
Ensure that the Central Administration site is not hosted on a front-end Web server.
Block external access to the Central Administration site. This can be achieved by placing a firewall between front-end Web servers and the server that hosts the Central Administration site.
Configure the Central Administration site by using SSL. This ensures that communication from the internal network to the Central Administration site is secured.
Secure design checklist
Note
The information in this section does not apply to Microsoft Search Server 2008 Express. It applies to the full version of Microsoft Search Server 2008 only.
Use this design checklist together with the checklists in Plan server farm security (Search Server 2008).
Topology
[ ] |
Protect back-end servers by positioning at least one firewall between front-end Web servers and the application and database servers. |
[ ] |
Plan a dedicated front-end Web server for crawling content. Do not include this front-end Web server in the end-user front-end Web rotation. |
Logical architecture
[ ] |
Block access to the Central Administration site and configure SSL for this site. |
Plan security hardening for server roles
The following table describes additional hardening recommendations for an external secure search access environment.
| Component | Recommendation |
|---|---|
Ports |
Block external access to the port for the Central Administration site. |
IIS |
Restrict SiteData.asmx (the crawler SOAP service) to let only the index server (or other crawlers) to access it. |
Plan secure configurations for Search Server 2008 features
The following table describes additional recommendations for securing Microsoft Search Server 2008 features. These recommendations are appropriate for an external secure search access environment.
| Feature or area | Recommendation |
|---|---|
Authenication |
Use SSL for authenticated users. |
Authorization |
Use security policy to restrict external users’ permission (that is, create deny policies to limit what external users can do). |
See Also
Concepts
Plan environment-specific security (Search Server 2008)
Plan security for an internal team or department environment (Search Server 2008)
Plan security for an external anonymous access environment (Search Server 2008)