Extending SharePoint 2010 to your customers and partners

  • 1,620 views
Uploaded on

Slides for the talk I gave at SPC11 about Extranets.

Slides for the talk I gave at SPC11 about Extranets.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,620
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
37
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Demo checklistDeactivate Content OrganizerRemove spcuser, anna.stevensonVisual Studio OpenC:\\inetpub\\wwwroot\\wss\\VirtualDirectories\\8202\\web.configC:\\inetpub\\wwwroot\\wss\\VirtualDirectories\\45610\\web.configC:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\WebServices\\SecurityToken\\web.configC:\\inetpub\\wwwroot\\wss\\VirtualDirectories\\8201\\web.configWindows Explorer OpenC:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727Internet Explorer Openhttp://sp2010:8100/default.aspxhttp://sp2010:8202https://www.nothingbutsharepoint.com/Pages/default.aspxSQL Server OpenRun as administrator accountDelete aspnetdbVerifyVerify 8202 loginVerify 8201 loginVerify CA can find usersInternet ConnectivityBrowsers at 150%
  • Open talk with how why e-mailing is not the best choice for distributing documents with partners
  • Open talk with how why e-mailing is not the best choice for distributing documents with partners
  • Intro slide which will set up the rest of the talk. These questions will get answered with this session.
  • New slide introducing scenariosOld text from issues slideVersioningE-mail copiesRetention / ExpirationLegalLoss of productivity
  • New slide introducing scenariosOld text from issues slideVersioningE-mail copiesRetention / ExpirationLegalLoss of productivity
  • Explain the SharePoint extranet scenario
  • Explain useful SharePoint Features in an extranet<Insert SharePoint document library picture or perhaps search>
  • <Should we show this
  • Explain different farm configurations for SharePoint extranetsSame farm / same web applicationSame farm / different web applicationDifferent farm
  • Explain different common Extranet Network topologies <separate slides for each below with diagram>Edge FirewallBack-to-back perimeterSplit back-to-back<SharePoint Extranet Diagram>The goal is to describe network topologies but not focus on them, but focus on SharePoint instead.Content from OIT2010_Model_ExtranetTopologies.xps
  • Functions as a reverse proxy serverDiagram with advantages / disadvantagesAdvantagesThis is the simplest solution that requires the least amount of hardware and configuration.The entire server farm is located within the corporate network.There is a single point of data: Data is located within the trusted network. Data maintenance occurs in one place. A single farm is used for both internal and external requests; this ensures that all authorized users view the same content. Internal user requests are not passed through a proxy server.UAG pre-authenticates users.DisadvantagesThis configuration results in a single firewall that separates the corporate internal network from the Internet.
  • Isolates server farm in a separate perimeter network (including SQL / AD)Description, advantages, and disadvantages with Network DiagramAdvantagesContent is isolated to a single farm on the extranet, simplifying sharing and maintenance of content across the intranet and the extranet.External user access is isolated to the perimeter network.If the extranet is compromised, damage is potentially limited to the affected layer or to the perimeter network.DisadvantagesThe back-to-back perimeter topology requires additional network infrastructure and configuration.
  • Web Servers, AD, and DNS inside the perimeter networkApplication Servers can be in perimeter or corporate networkSQL Server inside corporate networkAdvantagesComputers running SQL Server are not hosted inside the perimeter network.Farm components within both the corporate network and the perimeter network can share the same databases.Content can be isolated to a single farm inside the corporate network, which simplifies sharing and maintaining content across the corporate network and the perimeter network.DisadvantagesThe complexity of the solution is greatly increased.Intruders who compromise perimeter network resources might gain access to farm content stored in the corporate network by using the server farm accounts.Inter-farm communication is split across two domains.
  • Intro slide which will set up the rest of the talk. These questions will get answered with this session.
  • Overview of common types of authentication then detailed slides of each
  • Describe Active Directory Negotiate (Windows Authentication)Advantages and disadvantagesApplication Firewall recommendation
  • Explain how to set up ASP.NET Membership provider <multiple slides may be required>Aspnet_regsql.exeWeb.config settingsClaims Based Authentication / Membership provider in Web ApplicationManaging Users – Open Source Tools (http://sharepoint2010fba.codeplex.com/)http://blogs.technet.com/b/mahesm/archive/2010/04/07/configure-forms-based-authentication-fba-with-sharepoint-2010.aspx
  • Explain how to set up ASP.NET Membership provider <multiple slides may be required>Aspnet_regsql.exeWeb.config settingsClaims Based Authentication / Membership provider in Web ApplicationManaging Users – Open Source Tools (http://sharepoint2010fba.codeplex.com/)http://blogs.technet.com/b/mahesm/archive/2010/04/07/configure-forms-based-authentication-fba-with-sharepoint-2010.aspx
  • $App = get-spwebapplication “URL”$app.useclaimsauthentication = “True”$app.Update()
  • C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\aspnet_regsql.exe
  • C:\\Windows\\Micrsooft .Net\\Framework64\\v2.0.50727\\aspnet_regsql.exe
  • Highlight name of Role Manager
  • Highlight name of membership provider
  • Demonstrate from start to finish all web.config modifications [5 – 7 minutes]Demonstrate logging in with FBA accountCreate a New Web ApplicationEnable FBASQL-MembershipProviderSQL-RoleManagerShow Existing FBA Application – Authentication ProviderC:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\aspnet_regsql.exeGrant SQL PermissionsWeb.config (8202)Web.config (CA)Web.config (STS)Membership Seeder - C:\\Downloads\\MembershipSeeder\\Bin\\Debug\\MembershipSeeder.exeWeb Applications -> User Policy -> DefaultSearch for user, grant accessDemo loginDemo FBA pack -> FBA User ManagementConsider demonstrating tools to manage FBA users
  • Configuration Settings for configuring Authentication using FBA with the ActiveDirectoryMembership Provider <multiple slides>Web.config settings <connectionStrings>, <membership>, <httpModules><connectionStrings>    <add name=“ActiveDirectoryConnectionString"         connectionString="LDAP://domain.local/DC=domain,DC=local" /> </connectionStrings><membership defaultProvider=“ActiveDirectoryMembership">    <providers>       <add name="ActiveDirectoryMembership"            type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"            connectionStringName=“ActiveDirectoryConnectionString"            enableSearchMethods="true"            attributeMapUsername="sAMAccountName" />    </providers> </membership>STS Application Web.configSet up claims authenticationMembership Provider namehttp://blogs.msdn.com/b/sridhara/archive/2010/01/07/setting-up-fba-claims-in-sharepoint-2010-with-active-directory-membership-provider.aspx
  • Demonstrate logging in with Active Directory using FBAShow Web Application SettingsShow difference between logging in with Windows Authentication and FBAWeb.configC:\\inetpub\\wwwroot\\wss\\VirtualDirectories\\8201\\web.configCentral AdminWeb Application -> Select -> User Policy -> search for chris.white (must be exact)Log in with chris.white
  • Overview of steps involved in setting up the trusted identity providerRegistered the siteInstalling the certificateConfiguring the Provider in PowerShellhttp://technet.microsoft.com/en-us/library/ff973117.aspxhttp://blog.fpweb.net/claims-authentication-windows-live-id-for-sharepoint-2010/
  • Overview of steps involved in setting up the trusted identity providerRegistered the siteInstalling the certificateConfiguring the Provider in PowerShellhttp://technet.microsoft.com/en-us/library/ff973117.aspxhttp://blog.fpweb.net/claims-authentication-windows-live-id-for-sharepoint-2010/
  • Overview of steps involved in setting up the trusted identity providerRegistered the siteInstalling the certificateConfiguring the Provider in PowerShellhttp://technet.microsoft.com/en-us/library/ff973117.aspxhttp://blog.fpweb.net/claims-authentication-windows-live-id-for-sharepoint-2010/
  • <Scrapped configuration demo for time purposes>Demonstrate logging in with Windows Live at NothingButSharePoint.com
  • Intro slide which will set up the rest of the talk. These questions will get answered with this session.
  • Managing content on the extranet is a concernTalk about considerations such as how to deploy content, document duplicationDiscuss techniques for deploying content to the extranet site, publishing, send to connections, custom workflows.
  • http://sp2010:8202/Fabrikam/Confirm Content Organizer is on Central AdminGeneral Application Settings -> Send to ConnectionsCreate new connectionhttp://sp2010:8202/Fabrikam/_vti_bin/officialfile.asmxGo to target web application (user / wxx2007;)Content Organizer -> New Rule -> Content Type: DocumentGo to test document library - http://sp2010/procurement/SitePages/Home.aspxUse Send to connectionShow Document

Transcript

  • 1.  What is an extranet?
  • 2.  How will users get to the extranet?
  • 3.  How will users authenticate?
  • 4. http://sharepoint2010fba.codeplex.comhttp://cks.codeplex.com/releases/view/7450
  • 5. http://sharepoint2010fba.codeplex.comhttp://cks.codeplex.com/releases/view/7450
  • 6. https://msm.live.com/ http://yourdomain/_trust/default.aspx
  • 7.  How do I populate content on the extranet?
  • 8. http://technet.microsoft.com/en-us/library/cc263513.aspxhttp://technet.microsoft.com/en-us/library/ff973117.aspxhttp://blogs.msdn.com/b/sridhara/archive/2010/01/07/setting-up-fba-claims-in-sharepoint-2010-with-active-directory-membership-provider.aspxsharepoint2010fba.codeplex.comhttp://cks.codeplex.com/releases/view/7450
  • 9. SPC Session Name Day Time Type Locatio Code nSPC3997 TITUS: Using Claims for Weds 5:00p Partner Authentication in SharePoint 2010 10/5SPC411 Security Design with Claims Based Thurs 12:00 Microsoft Authentication 10/6 p