Installing MOSS in DMZ with no AD

Question

We want to install 2 WFEs in a DMZ with no AD in a workgroup environment. These WFEs will only host deployed content for anonymous users. The Index/Central Admin server will be on the internal LAN with AD. The SQL server will be on the internal LAN.

MS states you can't install MOSS without AD but this seems like it should be fairly commonplace setup although they have a link on Technet which may offer a solution.

My understanding is that using PSConfig to install MOSS on all 3 servers using SQL Authentication is the way to tackle this issue.

Comments or better ideas/solutions out there would be appreciated. Anyone used this method and is there good documentation to be found. We've found this article on a blog as well.

Answer 1

Why not put the whole farm in the DMZ? What's the added value of having the index server and database server in the corporate LAN? Are there any other WFE's in your farm that are in the corporate LAN as well?

From personal experience I'd recommend having an external DMZ farm and an internal farm and use ContentDeployment to replicate the designated data from the one to the other.

You can install MOSS without an AD, since my dev boxes are like that for instance. But that's always just one box setup (SharePoint + SQL on the same box).

Answer 2

You can install SharePoint without Active Directory, but only for a standalone farm (one machine). When using multiple servers as in your case, things like the webservices used by the Shared Services Provider will not work due to the lack of an authentication mechanism. So if you need more than 1 server, you'll need an Active Directory.

Answer 3

you are on the right way. it's possible to use SQL authentication with sharpoint 2010. it's necessary to create the whole farm over powershell or psconfig. check the link and you see step by step guide for psconfig: http://blogs.technet.com/b/patrick_heyde/archive/2010/07/04/install-sharepoint-2010-with-sql-authentication.aspx

regards

patrick