Do I need multiple instances for an extranet and an intranet or can that be one unified Atlassian Confluence?

We plan to add an extranet to our Linchpin Intranet. I heard that you are using two separated instances. Is that really necessary?

At //SEIBERT/MEDIA we run our intranet based on Linchpin and Atlassian Confluence internally and the extranet in our demilitarized zone (DMZ). This is mainly because of security reasons.

With our Space Privacy add-on for Conflunence it is perfectly fine to mix internal and external content and still lock external users out from the intranet. The spaces are protected and customers can only access their own spaces and users. See this video:

To cut a long story short:

Technically you can combine intranet and extranet into one instance. We recommend two instances though.

Here are some more thoughts on two instances:

  • Two instances increase the complexity.
  • Two instances make it cristal clear where internal stuff is and where customer stuff is. This improves security.

Here are some more thoughts on one combined instance:

  • One instance is easier for users.
  • It is very easy to post something internal in the extranet so that it is available for customers. That can be awkward or even a breach of contract. This is a security thread. Especially new Confluence users are vulnerable to such mistakes.
  • If you have one instance, you should use our Linchpin Theme Plugin to significantly change the layout of each space so that users easily see which are internal and which are external areas.

Thanks for sharing - I understand the offering

So if I’ve understood the video and the scenarios you’ve described, the big issue for having a single instance is not a technical risk (by that I mean there’s a potential vulnerability as yet breached, and by that I am not criticizing your solution at all), it’s more of a end user risk by not understanding what is external and what is internal.

Would I be correct in that summary ?

Yes, that is a correct summary. However we are building software. Software rots. And there is human error. As software is built by humans it can always have bugs. We do understand our responsibility and that security is especially important for this add-on however. From a technical standpoint you should be fine with one instance.