Planning and ConfiguringExtranets in SharePoint 2010
 Geoff Varosky   Jornata    Managing Consultant, Senior Architect, Senior Developer, Director of     Evangelism    Pre...
 Thinking   What is an Extranet?   Design    Topology    Authentication Mechanism    User Identity Storage Location ...
Controlled access from  external networks
Controlled access from EXTeRnAl NETworks
 Topology Authentication Methods User Identity Storage Location
Corporate network                                     a/k/a where you accessInternets   Perimeter network         Facebook...
Internets                       Perimeter network                                        Corporate network            Fire...
Internets              Perimeter network          Corporate networkExternal      Firewall                       Firewall U...
Corporate network  Internets              Perimeter network                                                        YAY! FA...
 Windows   NTLM   Kerberos   Basic Forms Based Authentication (FBA)*   *Claims needs to be enabled for FBA Claims B...
   Active Directory   LDAP   SQL Server   Other     Facebooks     Twitters
 What do you really need?    Who needs access?    How sensitive is the data?    How sensitive is the network?    Budg...
 Who needs access?   Internal employees only     Active Directory   Internal employees and external users     Active ...
 How sensitive is the data & internal network?   Network & SharePoint     Separate site?     Separate site collection?...
 How sensitive is the data & internal network?   Security    Secure Certificates (SSL)    Encryption    Firewall     ...
 How sensitive is the data & internal network?   Security    Secure Certificates (SSL)    Encryption    Firewall     ...
 Budget**
 REMEMBER THIS…                   You are giving a key to                   access your company’s                    data...
 Supported versions  All – Foundation up through Enterprise  Office 365    Can be used as an extranet (since that is b...
 Assumptions      Any Topology      Multi-Mode (Windows & FBA Authentication)      SQL User Database1.    Create ASP.N...
 IIS   Using your SharePoint Site = BAD     Must first change default role manager, and then membership provider each t...
 CodePlex (www.codeplex.com)   SharePoint 2010 FBA Pack     http://sharepoint2010fba.codeplex.com Third Party Solutions
 Test your configuration Review security regularly Be wary of cats
 My Blog Series   Part 1 : http://go.gvaro.net/ExtranetsP1   Part 2 : http://go.gvaro.net/ExtranetsP2   Part 3 : http:...
 SharePoint Ports, Proxies, and Protocols (Firewall Config)   http://go.gvaro.net/tblxCn Harden SQL Server for SharePoi...
 FBA Configuration in SharePoint 2010   LDAP: http://go.gvaro.net/FBALDAP ASP.NET Membership DB   http://go.gvaro.net/...
   Meets 2nd Wednesday/month   6-8PM   Microsoft N.E.R.D. (Cambridge)   BostonSharePointUG.org   Twitter: @BASPUG / #...
 Geoff Varosky   Jornata    Managing Consultant, Senior Architect, Senior Developer, Director of     Evangelism    Pre...
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon
Upcoming SlideShare
Loading in...5
×

Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon

708

Published on

Technical Class:

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
708
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
48
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Wonderful family, wife, 2 kids, love camping, hiking, backpacking, snowshoeing, and I’m also a stand-up comedian, and I love a good 80’s themed party.
  • Wonderful family, wife, 2 kids, love camping, hiking, backpacking, snowshoeing, and I’m also a stand-up comedian, and I love a good 80’s themed party.
  • Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon

    1. 1. Planning and ConfiguringExtranets in SharePoint 2010
    2. 2.  Geoff Varosky  Jornata  Managing Consultant, Senior Architect, Senior Developer, Director of Evangelism  President & Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Recent Awards  Top 25 2012 Harmon.ie Online Community Influencer  Top 50 2012 KnowledgeLake Community Influencer  Blog – www.SharePointYankee.com  Email – geoff@varosky.com  Twitter – @gvaro
    3. 3.  Thinking  What is an Extranet?  Design  Topology  Authentication Mechanism  User Identity Storage Location  Evaluating Your Requirements  SharePoint 2010 Considerations Doing  Configuration  User and Role Management
    4. 4. Controlled access from external networks
    5. 5. Controlled access from EXTeRnAl NETworks
    6. 6.  Topology Authentication Methods User Identity Storage Location
    7. 7. Corporate network a/k/a where you accessInternets Perimeter network Facebook from every morningExternal Firewall/UAG Server Farm Users
    8. 8. Internets Perimeter network Corporate network Firewall Router A Router B Firewall /UAG /UAG LAYER 1 LAYER 2 LAYER 3 Web Servers APP & SQL DNS, Active Directory, Servers LOB Systems
    9. 9. Internets Perimeter network Corporate networkExternal Firewall Firewall Users /UAG /UAG CONSUMING SERVICES FARM FARM
    10. 10. Corporate network Internets Perimeter network YAY! FACEBOOKS! LOLS!External Firewall Firewall Users /UAG /UAG Web Servers, SQL Servers, Application Application Servers, Servers, DNS, Active DNS, Active Directory Directory
    11. 11.  Windows  NTLM  Kerberos  Basic Forms Based Authentication (FBA)*  *Claims needs to be enabled for FBA Claims Based Authentication  SAML tokens
    12. 12.  Active Directory LDAP SQL Server Other  Facebooks  Twitters
    13. 13.  What do you really need?  Who needs access?  How sensitive is the data?  How sensitive is the network?  Budget?**
    14. 14.  Who needs access?  Internal employees only  Active Directory  Internal employees and external users  Active Directory  Additional domain with restricted access  Active Directory & Forms Based Authentication  Claims Authentication  External only (rare)  Clients, partners, consultants  Active Directory or LDAP or SQL?  Forms Based Authentication or Windows auth?  Separate or together?  Hosting  Mobile Clients
    15. 15.  How sensitive is the data & internal network?  Network & SharePoint  Separate site?  Separate site collection?  Separate web application?  Multiple farms with cross-farm services & publishing?  Separate farm?  DMZ?
    16. 16.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
    17. 17.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
    18. 18.  Budget**
    19. 19.  REMEMBER THIS… You are giving a key to access your company’s data in some form or another.
    20. 20.  Supported versions  All – Foundation up through Enterprise  Office 365  Can be used as an extranet (since that is basically what it is!)
    21. 21.  Assumptions  Any Topology  Multi-Mode (Windows & FBA Authentication)  SQL User Database1. Create ASP.NET Membership Database2. Configure SharePoint3. Configure IIS4. Create and Manage Users
    22. 22.  IIS  Using your SharePoint Site = BAD  Must first change default role manager, and then membership provider each time from claims to your SQL providers  No one can log into SharePoint during this time  And then change them back when done  Each change recycles the application pool.  Create a separate IIS Virtual Web Application and Manage from there BCS  Great way to search for and manage users (passwords, email, etc.)  No way to create users without additional logic
    23. 23.  CodePlex (www.codeplex.com)  SharePoint 2010 FBA Pack  http://sharepoint2010fba.codeplex.com Third Party Solutions
    24. 24.  Test your configuration Review security regularly Be wary of cats
    25. 25.  My Blog Series  Part 1 : http://go.gvaro.net/ExtranetsP1  Part 2 : http://go.gvaro.net/ExtranetsP2  Part 3 : http://go.gvaro.net/ExtranetsP3 Phone Factor – Phone Verification  http://www.phonefactor.com Plan Security Hardening (TechNet)  http://go.gvaro.net/uSyY1Z SharePoint 2007 & 2010 Farm Ports (Firewall Config)  http://go.gvaro.net/uWQZzU Disabling SSL v2.0, PCT 1.0 +more in IIS7  http://go.gvaro.net/N5GgEa
    26. 26.  SharePoint Ports, Proxies, and Protocols (Firewall Config)  http://go.gvaro.net/tblxCn Harden SQL Server for SharePoint  http://go.gvaro.net/viVQuN Visual FBA configuration by Donal Conlon  http://go.gvaro.net/oPnAYx Extranet tested topologies for SP 2010 Model  http://go.gvaro.net/SP2010ExtTopMod ASP.NET 2.0 Membership Database Reference  Create, Add Users, etc. http://go.gvaro.net/AN2Mbr
    27. 27.  FBA Configuration in SharePoint 2010  LDAP: http://go.gvaro.net/FBALDAP ASP.NET Membership DB  http://go.gvaro.net/FBAANMDB PeoplePicker Wildcard Search  http://go.gvaro.net/FBAWildCard Helpful Resources for Troubleshooting Membership Providers  http://go.gvaro.net/TSMemProv “Sign me in automatically” in FBA  http://go.gvaro.net/pAkDQP Configuring SSL in a Development Environment  http://go.gvaro.net/uOTTlJ
    28. 28.  Meets 2nd Wednesday/month 6-8PM Microsoft N.E.R.D. (Cambridge) BostonSharePointUG.org Twitter: @BASPUG / #BASPUG SPTechCon Hosted Meeting in August!
    29. 29.  Geoff Varosky  Jornata  Managing Consultant, Senior Architect, Senior Developer, Director of Evangelism  President & Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Recent Awards  Top 25 2012 Harmon.ie Online Community Influencer  Top 50 2012 KnowledgeLake Community Influencer  Blog – www.SharePointYankee.com  Email – geoff@varosky.com  Twitter – @gvaro
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×