Scenario: Designing for WSS Collaboration

We recently published a couple of resources targeted to designing sites for WSS collaboration:

Based on some of our popular Microsoft Office SharePoint Server 2007 assets, the design guidance is scaled to Windows SharePoint Services 3.0.

The sample design illustrates, describes, and contrasts how to implement collaboration with three different types of collaboration sites represented:

  • Team sites

  • Self-service sites

  • Partner collaboration sites

By following the design guidance, you can soundly implement any one or all of the different types of collaboration sites.

Also, as a feature of collaboration, we expect that many of you will be accessing sites remotely or from outside of your company firewall. The article and poster for the design sample provide pointers to guidance on designing for secure external access.

Let me know if this type of "scenario" content is helpful.

Thanks, Brenda Carter, IT Pro Writer, SharePoint Products and Technologies

Comments (4)
  1. Anonymous says:

    That does make sense.

    Off the top of your head can you see a reason to place another WFE in the internal network? That is haveing 2 WFE’s one in the Internal perimeter and one in the external perimeter. Would going through the ISA server cause any slowness?  

    This new Farm that I’m working on would host everything from teamsites, mysites, intranet, public website and client portals(extranet).

  2. Hi RKoneval,

    My understanding is that you can split farm servers between domains and network zones, you just need to make sure you open the right ports and configure domain trust relationships appropriately. For more information, see the following WSS articles:

    * Design extranet farm topology–see "split back-to-back topology" (

    * Plan security hardening for extranet environments (

    However, I don’t think you need to do this to achieve the goal you articulated of implementing different URLs for internal and external access.

    The design sample assumes that the entire farm is in the perimeter network. You can achieve your goal by configuring the zones appropriately and following through by making sure that alternate access mappings are configured to match. The design sample shows how to implement both internal and external URLs. See "Zones and URLs" in the article. I know the headings on TechNet are kind of wonky and not easy to browse through. We’re working on fixing that.

  3. Anonymous says:

    Is it possible to stick another WFE in your Internal network. So that will give you a WFE in the perimeter and internal network with your SQL server in the internal network. This way if you were remote you would access your company intranet by”> but in you browsing internall you would browse to just http://intranet. The first one would route you through the WFE in the perimeter network and the second option would route you through the internal WFE. This way if you are browsing to your intranet internaly you would not have to be routed through your internal ISA server.

    Is this a valid architecture?

  4. Doron Bar-Caspi [MSFT] says:


    We recommend placing the WFE that hosts the Central Admin on the Internal Network for security reasons.

    Splitting WFE between Internal and External networks would work, as long as you remember that the AAM and Web Applications would be configured identically for all WFE, and it’s up to you to configure your ISA/Router to route the right traffic to the right box/zone.

Comments are closed.

Skip to main content