we've got two SP2010 Farms in two separate AD Domains/Forrests, which are connected via a firewall and there is no trust at the AD level.
Both farms consist of an App Server (Central Admin and all Service Applications) and a WFE (Content plus Query/Index role).
The Managed Metadata Service on Farm A is published through to Farm B and so we've had to open up ports through the firewall so the App Server in Farm B can talk to the SharePoint Web Services on Farm A (32843, 32844 and 32845) and that all appears to be
working properly, even to the extent that the Content Deployment from Farm A to Farm B is also working and the managed properties in the content are all being mapped/managed correctly.
However I'm now seeing requests by the the WFE in Farm B to access the topology service running on WFE in Farm A! Hold on!
As it was, I already had to allow both the App Server and the WFE in Farm B to be able to access the SharePoint Web Service ports on the App Server in Farm A, and now I have to do the same for the WFE in Farm A?!?!? That can't be right.
Isn't the whole point of having proxy services, Central Admin and an App Server (hosting all the services) that you only have to open up a single server? Why does every machine in one farm have to know about every machine in another farm?
Talk about a firewall mana
View Complete Post