|extranets / intranets|
I need help understanding exactly what an extranet is.
I have a customer who says they have an intranet and need to set up an extranet for a few customers to be able to log in and view certain information.
I've made websites before but not extranets. From looking on the net I can see that extranets require multi user logins with ssl certificates. The extranet packages i've found on google seem to offer forums, you can post news items and you get a calendar etc.
(they also generally look kinda boring)
So if I set up a website (using my own hosting) with these features to post information, that uses ssl certificates and a login, does this count as an extranet? Or are there some other special requirements?
Thanks in advance :)
>>So if I set up a website (using my own hosting) with these features to post information, that uses ssl certificates and a login, does this count as an extranet? Or are there some other special requirements?
Yes that is basically an extranet
|An extranet is a private network that uses the Internet protocols and the public telecommunication system |
|An extranet requires security and privacy |
|A new buzzword that refers to an intranet that is partially accessible to authorized outsiders. Whereas an intranet resides behind a firewall and is accessible only to people who are members of the same company or organization, an extranet provides various levels of accessibility to outsiders. You can access an extranet only if you have a valid username and password, and your identity determines which parts of the extranet you can view. |
Thanks for your reply.
I'm wondering about the third description - 'A new buzzword that refers to an intranet that is partially accessible to authorized outsiders'.
What if my client has information on his intranet that needs to be directly accessible from the extranet? To make his server accessible it sounds like I'd have to ensure that it had a static IP, was totally secure behind a firewall with an access list on the router... and then have to alter whatever intranet he has, so that it is secure enough to allow access to certain files on that server, and not the computers networked at his company - which seems complicated and also relies on the intranet being secure as an extranet (possilby not what it was built for).
I'm wondering if I could just allow access to his server from one computer - my secure web hosting? Is it possible to draw files from his in this way, and how might I do that? Is that what you'd call tunneling? It seems like an easier solution than trying to fix whatever intranet software he probably bought years ago.
What do you think?
Use a reverse proxy server.
Or, simply, NAT from the Internet to the internal server. Require login and use SSL for anyone with an external IP address.
Sounds like a good idea. Would their server need to be an actual web server for that to work? I'm assuming it isn't a web server as all their stuff is internal at the moment.
I understand a lot more about making websites than the actual computer networking side, setting up servers etc. Would it be complicated? How much would it typically cost and what I can reasonably charge?
It just occured to me that since I already have reseller hosting in a totally secure datacenter, with power backup, 24 hour management and monitoring and everything - is there some way I could use that?
Or is the only way to buy another server to make it a reverse proxy server and setup apache on his current intranet server and cable them together?
What if his internal server needs rebooting or they have a power cut?
I'm thinking a secure website on my hosting will be very much more reliable in the event of something like that happening.
|I'm assuming it isn't a web server as all their stuff is internal at the moment. |
If it isn't a web server, what would it be, then?
"Intranet" generally refers to delivering information within an organization using an internal webserver. The only difference between that and a "regular" web server, is that the server is not exposed to the Internet.
Assuming the company has high-speed Internet access already, there are two easy approaches to extending the Intranet to an Extranet:
(1) Have them configure their router to port-forward port 80 on their public Internet IP to the internal webserver (sometimes referred-to as VIP). The web server configuration can use the source address to enforce requiring credentials for external users.
(2) Set up a reverse-proxy server on the outside of their firewall. Similar to (1) except that you have more control. Authentication and SSL would be done on the reverse-proxy server, rather than on the Intranet server. A reverse-proxy plugin is available for Apache, or there are standalone reverse-proxy servers.
Sure, you could do this on your host, but then you have to duplicate their data on a regular basis. And what if users are updating a database? Now you have to synchronize the database. And there is the issue of loss of control of data - they are going to have to give you data which may be proprietary and trust you that your site is sufficiently secure.
Sounds like you may need to get somebody more familiar with networking, and/or the company's IT people involved.
You're right, I think do need someone more familiar with networking like yourself. And ironically, they are a computer networking company, they should know this.
Would they need anyone with web design experience to change the actual pages served by their web server? I would have thought they might need something new for the people from the internet to see, which I'd feel more capable with. Especially if it is just essentially a web server that they have now. Or do most intranets store data in an obscure way?
When he initially said something about customers logging in securely, I thought great, like an eccommerce site. But it does seem much more complicated now.
I'm guessing from what you say that this would be fairly straight forward for someone who did computer networking - how much would it cost to get someone to do that?
And are there any places I can read up a bit about extranets? I feel I should know more but can't seem to find any information on them.
Oh yeah, I was also wondering when you go to the order tracking status of parcel delivery, that you see on some websites, I'm guessing that's coming from their extranet data, but how are they making it available through their website - does that mean they have to host their entire website on their own internal server? (like the server this company is using for their intranet?)
If they are a computer networking company, surely they have somebody in their IT department who can deal with the networking aspects of this.
|Would they need anyone with web design experience to change the actual pages served by their web server? |
Most likely. They are creating a new class of user. These users may or may not have access to all of the content that their internal users have access to. There may be additional content needed for the extranet users, as well. There may need to be additional help/explanation for users that do not use it as often as their internal users.
Don't get hung-up on the terms "intranet" and "extranet". They are just names. They simply refer to the accessability of a web site. An intranet is a web site that is accessible only within a physical location. An extranet extends access to the same server (or at least the same data) through the Internet.
|surely they have somebody in their IT department |
I should hope so :) it would be a bit odd if the didn't lol Makes me wonder why they are asking me. I think they will as you say, need to limit information to the new external users and have some explainations to its use etc.
I'm really only used to dealing with and making websites on server space that I rent at some London datacentres.
So no practical experience tinkering with any intranet things. I can't quite imagine how the server is going to know where to look for the login page. Not sure wether the mystery intranet they use is important, or can I kindof ignore that and just add on pages for the external users? (and the server points them to a login or something?)
What about order tracking? Is that usually relayed or use some database syncing? Any order tracking I've seen seems to run through company websites, and this particular company has its website hosted elsewhere.
I'm still a bit confused about it - I guess I'm bit worried about the security and reliability of them running part of their website on an in-house server. It would never be able to match the datacentres in london, unless they spent a fortune on it, and I don't know how they'd set that up.
Well thanks for you help so far anyway :)