Knowledge Base/Space access - public vs. private

That's the word given to me in the instructions to find the answer. I would assume it means to make it outside of our firewall and not requiring an account/license to login and access.

We have not moved to the cloud yet no - but will be doing so later this year, I believe.

So you want to move the confluence to somewhere outside the firewall (but not yet into cloud) and the public spaces should sill only be accessible only for the company?

Why do you do that, doesn't make so much sense to me at first glance. 

Or should the public spaces be public to everyone? Then you can just move to a server outside your firewall to achieve that.

If it is in preparation of your cloud migration, and you don't want to license everybody in the company but want the public spaces only be accessible for your company, you can use the premium plan. There is a feature called IP Allowlisting, where you can define, which IP(ranges) can access the Confluence. 

Essentially, yes- the public spaces should be accessible to everyone in the company. The private areas would be for licensed users only.

Though if we move them to a server outside of our firewall - essentially wouldn't we have two versions of Confluence running at the same time (on two different servers)?

In this case, no. This has nothing do with preparation for cloud migration.

If you want to run two instances of confluence, you can do so, but you need a license for each one.

But why do you want to.move outside the firewall if access should be limited to the company.

I believe it's a license issue. For awhile now we had quite a few of the KBs/spaces outside of our firewall and were publicly accessible. This created a security issue with some of the documents we had out there. Thus, we moved them all behind the firewall. However, now we have hundreds of employees who could no longer access the content. I've had to add quite a few users (and many more are coming). It was suggested that there could be a way to keep part of the content available to all employees without needing additional licenses while keeping part of the content secure where users would need a license and a login to view.

I'm still not sure if I got it right, but if you just leave your confluence behind the firewall, in general only employees of your company can reach it, right?

So you can just turn on anonymous access to the public spaces.  Then everyone who can reach confluence can access this space without  license. 

Only users that should access the private spaces need a license.

If you move outside the firewall, you can do the same, but then everyone in the internet will be able to access that spaces. So you need something (like a firewall) to block access to all users that should not access the confluence. 

So I'm still not sure why you want to move outside the firewall. 

That's what I'm hoping to find out how to do (or if I can do it). I've seen the "anonymous access" help desk article, but it doesn't make any sense. If that's the solution, great - but I don't know.

Yes, anonymous access allows everyone who can access the confluence to see the pages without logging in. 

This article describes how to set it up.

https://confluence.atlassian.com/doc/setting-up-public-access-156.html

Thanks again (and I apologize for the delayed response). I figured out how to allow ANONYMOUS ACCESS. Question: does setting a space or Knowledge Base as "Anonymous Access", is that essentially the same as making it PUBLIC? 

Granted any sensitive documents would remain hidden and require a login, but at the same time - there's a concern that other content could be seen by non-employees and/or others we don't want to have access. 

What sort of protection does ANONYMOUS ACCESS provide (if any)?

Don't worry, you're welcome. 

If you give anonymous access, anyone who can access the Confluence, can access that space. There is no protection from Confluence side.

But you can use page restrictions (the lock on the top of the page) to limit access to specific pages.

But if you are behind your firewall and Confluence is only available from your internal network, anonymous access will allow only users from your company access to that space.