Microsoft KB Archive/916845

= Limitations on access to Visual Studio Team Foundation Server over the Internet =

Article ID: 916845

Article Last Modified on 4/20/2006

-

APPLIES TO

 Microsoft Visual Studio 2005 Team Foundation, when used with:  Microsoft Visual Studio 2005 Team System Architect Edition

 Microsoft Visual Studio 2005 Team System Developer Edition

 Microsoft Visual Studio 2005 Team System Test Edition 

-

<div class="notice_section">

<div class="summary_section">

INTRODUCTION
Microsoft Visual Studio 2005 Team System client applications, such as Visual Studio Team Explorer, access Microsoft Visual Studio 2005 Team Foundation Server functionality through a collection of Web services. These Web services are hosted on Microsoft Internet Information Services (IIS) 6.0. The initial release of Visual Studio Team Foundation Server supports only Integrated Windows authentication in Microsoft Windows operating systems. Integrated Windows authentication lets clients use their Windows credentials to access Team Foundation Server functionality.

Integrated Windows authentication is a good choice for most deployment scenarios in a corporate environment. However, Integrated Windows authentication may not be the best choice in Internet scenarios. In Internet scenarios, proxy servers, firewalls, and trusted connections may create limitations on the use of Integrated Windows authentication.

For more information about Integrated Windows authentication, visit the following Microsoft TechNet Web site:

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/523ae943-5e6a-4200-9103-9808baa00157.mspx?mfr=true

Because of these limitations, Team Foundation Server does not immediately support some scenarios. For example, you may not be able to access Team Foundation Server through a proxy that does not maintain a connection between the client and the server.

<div class="moreinformation_section">

MORE INFORMATION
Currently, we only support remote connections to Team Foundation Server through a virtual private network (VPN) because of the limitations on the use of Integrated Windows authentication in an Internet scenario. (In this case, a remote connection is a connection to the server from outside the intranet.) However, we may support other kinds of remote connections in the future.

For more information about how to set up a VPN, click the following article number to view the article in the Microsoft Knowledge Base:

324747 How to provide secure point-to-point communications across a private network or the Internet in Windows Server 2003

This does not mean that you cannot access Team Foundation Server from across the Internet. You can use a VPN if you have to access Team Foundation Server from outside the local intranet.

Alternatively, and subject to your own risk analysis, you may decide to directly expose the computer that is running Team Foundation Server to the Internet and to require that clients use encrypted connections. For example, you may require clients to connect to the server through Secure Hypertext Transfer Protocol (HTTPS) by using the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) security protocol. However, proxies on the client side of the connection, such as proxies that are provided by Internet Service Providers (ISPs), may prevent this kind of connection.

<div class="references_section">