Friday, January 13, 2006

How we set up the SSL connectivity for the Team Foundation Server

Team System is ready for Internet. It is web services based and works equally well in the local network as well as over Internet accessing the server somewhere on the other side of the Earth.

Obviously, to be really useful in the Internet, the communication with the server must be encrypted. In TFS it is done using SSL. Currently there is not too much documentation available that would help you to set up the SSL connectivity for your Team Foundation server. Some general statements are given here and some very useful detailed information on setting up the SSL connectivity is given here.

Some time ago, as we have put our TFS (Beta 3 Refresh, single standalone server configuration, outside of any domain) online, it wasn’t completely without problems. It took us some time to set it up correctly and in order to spare us some trouble next time, we have documented the procedure. (Due credit goes to Vlado Bradaska who has done most of the work.) Please beware: we don’t claim that it is error free, just that it worked in our case. Feel free to point any errors to me.

So, the description how we set SSL connectivity for our TF server up is here.  
[Update]By the way, the official documentation page on configuring SSL: Walkthrough: Setting up Team Foundation Server with Secure Socket Layer (SSL). Right now it is just an empty placeholder. :-(        


Anonymous Anonymous said...

Great information, we're just setting up a standalone server in the same way that you describe so this will help us a lot.

Do you have a backup strategy for this configuration? We would like to backup from our LAN but aren't sure what ports etc. need to be open to the LAN to enable that.

Thu Feb 16, 12:07:00 PM GMT+1  
Blogger Ognjen Bajic said...

Matt, sorry for the delay.
I guess that you've set up your backup by now, but just for the record: we're doing backup directly on the tape on the server, but if we were to setup the backup from the DMZ to the local network it would look more or less as follows:

In the Firewall on the Foundation Server (in the DMZ) „File And Printer Sharing“ should be opened only for the scope of IP Address used by the LAN and possibly for the IP subnet of the local machines from the DMZ.

In the inner ISA server (which secures the LAN, as opposed to the outer ISA that secures the DMZ), a connection between IP Address of the LAN and the IP Address of the DMZ for „File And Printer Sharing“ should be configured.

On the TFS a backup should be done in a shared folder.

On some LAN machine copying of the backup files should be scheduled.

„File And Printer Sharing“ ports are TCP: 139 and 445, UDP: 137 and 138.

Word of caution: I am not an expert in system administration. This is just the result of a short discussion with someone who (hopefully :-) ) is.

Thu Apr 06, 03:06:00 PM GMT+2  

Post a Comment

<< Home