Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Upcoming SlideShare
Loading in...5
×
 

Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon

on

  • 943 views

Technical Class:

Technical Class:

Statistics

Views

Total Views
943
Views on SlideShare
943
Embed Views
0

Actions

Likes
2
Downloads
42
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Wonderful family, wife, 2 kids, love camping, hiking, backpacking, snowshoeing, and I’m also a stand-up comedian, and I love a good 80’s themed party.
  • Wonderful family, wife, 2 kids, love camping, hiking, backpacking, snowshoeing, and I’m also a stand-up comedian, and I love a good 80’s themed party.

Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon Presentation Transcript

  • Planning and ConfiguringExtranets in SharePoint 2010
  •  Geoff Varosky  Jornata  Managing Consultant, Senior Architect, Senior Developer, Director of Evangelism  President & Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Recent Awards  Top 25 2012 Harmon.ie Online Community Influencer  Top 50 2012 KnowledgeLake Community Influencer  Blog – www.SharePointYankee.com  Email – geoff@varosky.com  Twitter – @gvaro
  •  Thinking  What is an Extranet?  Design  Topology  Authentication Mechanism  User Identity Storage Location  Evaluating Your Requirements  SharePoint 2010 Considerations Doing  Configuration  User and Role Management
  • Controlled access from external networks
  • Controlled access from EXTeRnAl NETworks
  •  Topology Authentication Methods User Identity Storage Location
  • Corporate network a/k/a where you accessInternets Perimeter network Facebook from every morningExternal Firewall/UAG Server Farm Users
  • Internets Perimeter network Corporate network Firewall Router A Router B Firewall /UAG /UAG LAYER 1 LAYER 2 LAYER 3 Web Servers APP & SQL DNS, Active Directory, Servers LOB Systems
  • Internets Perimeter network Corporate networkExternal Firewall Firewall Users /UAG /UAG CONSUMING SERVICES FARM FARM
  • Corporate network Internets Perimeter network YAY! FACEBOOKS! LOLS!External Firewall Firewall Users /UAG /UAG Web Servers, SQL Servers, Application Application Servers, Servers, DNS, Active DNS, Active Directory Directory
  •  Windows  NTLM  Kerberos  Basic Forms Based Authentication (FBA)*  *Claims needs to be enabled for FBA Claims Based Authentication  SAML tokens
  •  Active Directory LDAP SQL Server Other  Facebooks  Twitters
  •  What do you really need?  Who needs access?  How sensitive is the data?  How sensitive is the network?  Budget?**
  •  Who needs access?  Internal employees only  Active Directory  Internal employees and external users  Active Directory  Additional domain with restricted access  Active Directory & Forms Based Authentication  Claims Authentication  External only (rare)  Clients, partners, consultants  Active Directory or LDAP or SQL?  Forms Based Authentication or Windows auth?  Separate or together?  Hosting  Mobile Clients
  •  How sensitive is the data & internal network?  Network & SharePoint  Separate site?  Separate site collection?  Separate web application?  Multiple farms with cross-farm services & publishing?  Separate farm?  DMZ?
  •  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  •  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  •  Budget**
  •  REMEMBER THIS… You are giving a key to access your company’s data in some form or another.
  •  Supported versions  All – Foundation up through Enterprise  Office 365  Can be used as an extranet (since that is basically what it is!)
  •  Assumptions  Any Topology  Multi-Mode (Windows & FBA Authentication)  SQL User Database1. Create ASP.NET Membership Database2. Configure SharePoint3. Configure IIS4. Create and Manage Users
  •  IIS  Using your SharePoint Site = BAD  Must first change default role manager, and then membership provider each time from claims to your SQL providers  No one can log into SharePoint during this time  And then change them back when done  Each change recycles the application pool.  Create a separate IIS Virtual Web Application and Manage from there BCS  Great way to search for and manage users (passwords, email, etc.)  No way to create users without additional logic
  •  CodePlex (www.codeplex.com)  SharePoint 2010 FBA Pack  http://sharepoint2010fba.codeplex.com Third Party Solutions
  •  Test your configuration Review security regularly Be wary of cats
  •  My Blog Series  Part 1 : http://go.gvaro.net/ExtranetsP1  Part 2 : http://go.gvaro.net/ExtranetsP2  Part 3 : http://go.gvaro.net/ExtranetsP3 Phone Factor – Phone Verification  http://www.phonefactor.com Plan Security Hardening (TechNet)  http://go.gvaro.net/uSyY1Z SharePoint 2007 & 2010 Farm Ports (Firewall Config)  http://go.gvaro.net/uWQZzU Disabling SSL v2.0, PCT 1.0 +more in IIS7  http://go.gvaro.net/N5GgEa
  •  SharePoint Ports, Proxies, and Protocols (Firewall Config)  http://go.gvaro.net/tblxCn Harden SQL Server for SharePoint  http://go.gvaro.net/viVQuN Visual FBA configuration by Donal Conlon  http://go.gvaro.net/oPnAYx Extranet tested topologies for SP 2010 Model  http://go.gvaro.net/SP2010ExtTopMod ASP.NET 2.0 Membership Database Reference  Create, Add Users, etc. http://go.gvaro.net/AN2Mbr
  •  FBA Configuration in SharePoint 2010  LDAP: http://go.gvaro.net/FBALDAP ASP.NET Membership DB  http://go.gvaro.net/FBAANMDB PeoplePicker Wildcard Search  http://go.gvaro.net/FBAWildCard Helpful Resources for Troubleshooting Membership Providers  http://go.gvaro.net/TSMemProv “Sign me in automatically” in FBA  http://go.gvaro.net/pAkDQP Configuring SSL in a Development Environment  http://go.gvaro.net/uOTTlJ
  •  Meets 2nd Wednesday/month 6-8PM Microsoft N.E.R.D. (Cambridge) BostonSharePointUG.org Twitter: @BASPUG / #BASPUG SPTechCon Hosted Meeting in August!
  •  Geoff Varosky  Jornata  Managing Consultant, Senior Architect, Senior Developer, Director of Evangelism  President & Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Recent Awards  Top 25 2012 Harmon.ie Online Community Influencer  Top 50 2012 KnowledgeLake Community Influencer  Blog – www.SharePointYankee.com  Email – geoff@varosky.com  Twitter – @gvaro