Your SlideShare is downloading. ×
  • Like
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon

  • 611 views
Published

Technical Class: …

Technical Class:

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
611
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
44
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Wonderful family, wife, 2 kids, love camping, hiking, backpacking, snowshoeing, and I’m also a stand-up comedian, and I love a good 80’s themed party.
  • Wonderful family, wife, 2 kids, love camping, hiking, backpacking, snowshoeing, and I’m also a stand-up comedian, and I love a good 80’s themed party.

Transcript

  • 1. Planning and ConfiguringExtranets in SharePoint 2010
  • 2.  Geoff Varosky  Jornata  Managing Consultant, Senior Architect, Senior Developer, Director of Evangelism  President & Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Recent Awards  Top 25 2012 Harmon.ie Online Community Influencer  Top 50 2012 KnowledgeLake Community Influencer  Blog – www.SharePointYankee.com  Email – geoff@varosky.com  Twitter – @gvaro
  • 3.  Thinking  What is an Extranet?  Design  Topology  Authentication Mechanism  User Identity Storage Location  Evaluating Your Requirements  SharePoint 2010 Considerations Doing  Configuration  User and Role Management
  • 4. Controlled access from external networks
  • 5. Controlled access from EXTeRnAl NETworks
  • 6.  Topology Authentication Methods User Identity Storage Location
  • 7. Corporate network a/k/a where you accessInternets Perimeter network Facebook from every morningExternal Firewall/UAG Server Farm Users
  • 8. Internets Perimeter network Corporate network Firewall Router A Router B Firewall /UAG /UAG LAYER 1 LAYER 2 LAYER 3 Web Servers APP & SQL DNS, Active Directory, Servers LOB Systems
  • 9. Internets Perimeter network Corporate networkExternal Firewall Firewall Users /UAG /UAG CONSUMING SERVICES FARM FARM
  • 10. Corporate network Internets Perimeter network YAY! FACEBOOKS! LOLS!External Firewall Firewall Users /UAG /UAG Web Servers, SQL Servers, Application Application Servers, Servers, DNS, Active DNS, Active Directory Directory
  • 11.  Windows  NTLM  Kerberos  Basic Forms Based Authentication (FBA)*  *Claims needs to be enabled for FBA Claims Based Authentication  SAML tokens
  • 12.  Active Directory LDAP SQL Server Other  Facebooks  Twitters
  • 13.  What do you really need?  Who needs access?  How sensitive is the data?  How sensitive is the network?  Budget?**
  • 14.  Who needs access?  Internal employees only  Active Directory  Internal employees and external users  Active Directory  Additional domain with restricted access  Active Directory & Forms Based Authentication  Claims Authentication  External only (rare)  Clients, partners, consultants  Active Directory or LDAP or SQL?  Forms Based Authentication or Windows auth?  Separate or together?  Hosting  Mobile Clients
  • 15.  How sensitive is the data & internal network?  Network & SharePoint  Separate site?  Separate site collection?  Separate web application?  Multiple farms with cross-farm services & publishing?  Separate farm?  DMZ?
  • 16.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  • 17.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  • 18.  Budget**
  • 19.  REMEMBER THIS… You are giving a key to access your company’s data in some form or another.
  • 20.  Supported versions  All – Foundation up through Enterprise  Office 365  Can be used as an extranet (since that is basically what it is!)
  • 21.  Assumptions  Any Topology  Multi-Mode (Windows & FBA Authentication)  SQL User Database1. Create ASP.NET Membership Database2. Configure SharePoint3. Configure IIS4. Create and Manage Users
  • 22.  IIS  Using your SharePoint Site = BAD  Must first change default role manager, and then membership provider each time from claims to your SQL providers  No one can log into SharePoint during this time  And then change them back when done  Each change recycles the application pool.  Create a separate IIS Virtual Web Application and Manage from there BCS  Great way to search for and manage users (passwords, email, etc.)  No way to create users without additional logic
  • 23.  CodePlex (www.codeplex.com)  SharePoint 2010 FBA Pack  http://sharepoint2010fba.codeplex.com Third Party Solutions
  • 24.  Test your configuration Review security regularly Be wary of cats
  • 25.  My Blog Series  Part 1 : http://go.gvaro.net/ExtranetsP1  Part 2 : http://go.gvaro.net/ExtranetsP2  Part 3 : http://go.gvaro.net/ExtranetsP3 Phone Factor – Phone Verification  http://www.phonefactor.com Plan Security Hardening (TechNet)  http://go.gvaro.net/uSyY1Z SharePoint 2007 & 2010 Farm Ports (Firewall Config)  http://go.gvaro.net/uWQZzU Disabling SSL v2.0, PCT 1.0 +more in IIS7  http://go.gvaro.net/N5GgEa
  • 26.  SharePoint Ports, Proxies, and Protocols (Firewall Config)  http://go.gvaro.net/tblxCn Harden SQL Server for SharePoint  http://go.gvaro.net/viVQuN Visual FBA configuration by Donal Conlon  http://go.gvaro.net/oPnAYx Extranet tested topologies for SP 2010 Model  http://go.gvaro.net/SP2010ExtTopMod ASP.NET 2.0 Membership Database Reference  Create, Add Users, etc. http://go.gvaro.net/AN2Mbr
  • 27.  FBA Configuration in SharePoint 2010  LDAP: http://go.gvaro.net/FBALDAP ASP.NET Membership DB  http://go.gvaro.net/FBAANMDB PeoplePicker Wildcard Search  http://go.gvaro.net/FBAWildCard Helpful Resources for Troubleshooting Membership Providers  http://go.gvaro.net/TSMemProv “Sign me in automatically” in FBA  http://go.gvaro.net/pAkDQP Configuring SSL in a Development Environment  http://go.gvaro.net/uOTTlJ
  • 28.  Meets 2nd Wednesday/month 6-8PM Microsoft N.E.R.D. (Cambridge) BostonSharePointUG.org Twitter: @BASPUG / #BASPUG SPTechCon Hosted Meeting in August!
  • 29.  Geoff Varosky  Jornata  Managing Consultant, Senior Architect, Senior Developer, Director of Evangelism  President & Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Recent Awards  Top 25 2012 Harmon.ie Online Community Influencer  Top 50 2012 KnowledgeLake Community Influencer  Blog – www.SharePointYankee.com  Email – geoff@varosky.com  Twitter – @gvaro