Team Foundation Server Security Planning

  • Article

To plan for Team Foundation Server security, you must first understand the interactions between the Team Foundation application tier, the Team Foundation data tier, and the Team Foundation client tier. You must know what Web services, databases, and object models are used. You must also know what network ports and protocols are used by default, and which ones are customizable. You can then plan for a secure Team Foundation Server deployment that both meets your business needs and minimizes security risk.

Security Planning Concepts

Team Foundation Server security concepts include planning a secure topology and understanding how Team Foundation Server authenticates and authorizes users and groups. All this requires an understanding of the Team Foundation Server architecture. For more information about Team Foundation Server architecture, see Team Foundation Server Security Architecture and Team Foundation Server Security Concepts.

Considerations for Team Foundation Server Planning

You must decide whether the security of Team Foundation Server architecture is sufficient for your business needs, and if so, whether you want to configure Team Foundation Server for extra security. When planning for Team Foundation Server security, ask yourself the following questions:

  • Are the Team Foundation Server default network port settings sufficiently secure for my business needs?   By default, Team Foundation Server uses a set of network ports for communication between the data tier, application tier, and client tier. Some of these ports are configurable; others are not. You can choose to configure some ports to better meet your business needs. You can also choose to configure some or all the tiers on the same computer, as necessary.

  • Should I deploy Team Foundation Server in an Active Directory domain or in a workgroup?   You can deploy Team Foundation Server in an Active Directory domain or in a workgroup. Active Directory provides more built-in security features than workgroups that you can use to help secure your Team Foundation Server deployment.

Besides these questions, you should consider what users and groups you want to add to your Team Foundation Server deployment, and what permissions you want to give each of these users and groups. For more information about users, permissions, and groups, see Team Foundation Server Permissions.

See Also

Other Resources

Team Foundation Server Topologies
Customizing Team Foundation Server for Your Business