Best practices on Intranet & Extranet

Question

1. Should these 2 be on same farm (so that deployment is not a big issue or file share)
2. How is the security managed?
3. Is there any good article that can help me determine best practice?

Answer 1

1. Certainly can be...it's actually a very common deployment.

2. A a high level, you'd have multiple zones with the different zones having different authentication methods...or you could implement a common authentication method across the two, like LiveID: LiveID SharePoint 2010 Integration

3. Lots of articles on this and probably even some good Q&A right here, for example: Best practices for building a SharePoint Extranet. You might also want to look here: http://technet.microsoft.com/en-us/library/hh204611.aspx. It's a good high level overview of the things you need to consider with links to more detailed reference materials.

Answer 2

This is a very hard question to answer. It really depends on the ability of your support staff to manage either the infrastructure and communication between farms if you choose to do separate farms as well as the security. There is no tried and true rule that always applies in this situation. What you really need to do is determine the needs of each segment of the implementation and determine what the best scenario will be to be able to meet security standards as well as share appropriate information to the appropriate audiences.