Publication de SharePoint


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • UAG provides services to four types of audiences (from bottom up):Employees that are roamed with their laptops and need access. There are few reasons why they need UAG and not traditional VPN:Behind firewall most IPSec VPNs doesn’t work because they are UDP.Having the portal as one entry point for all corporate resources.No need to install and configure VPN client.Strong authentication (see next slides)Business partners / sub-contractors: today companies either provide them full VPN access which is almost irresponsible thing to do or just collaborate with them over e-mail. See the study in the end-point health slides for example about the risk of open the network for partners. Hostile environments like home PC, friends PC, Kiosk. “In any home where there is a teenager, the home PC is hostile environment….”Mobile devices – they are always outside the network.UAG Supports three types of applications delivery:Web / HTTP based where it acts as a reverse proxy. Among the tens of applications that are supported are:Exchange: Outlook Web Access, Outlook Anywhere (RPCoHTTP) and Exchange ActiveSync.SharePoint (all versions including 2007)Microsoft Dynamics CRM (3.0 and 4.0)Non-Microsoft applications such as IBM Lotus, IBM Domino, SAP portals, Oracle PeopleSoft, etcFor full list of applications that are supported today with IAG 2007 look here: Services applications that are served via Terminal Services Gateway that is embedded within UAG. UAG supports RemoteApp and RemoteDesktopNon-Web/HTTP applications by providing ad-hoc tunneling.
  • UAG and defense in depth
  • STRONG AUTHENTICATION is a must, but very expensive (a token is around 100 Euros).Lot of companies working in this space invested in UAG.. Some of them have very strong/smart approach, and propose very affortable costs.2 examples : GridSure (use your brain + grid) and Tag Attitude (use phone)
  • Publication de SharePoint

    1. 1. Publication de SharePoint à l’aide de ForeFront UAG<br />Benoit HAMET<br />Senior Support Engineer – SharePoint Technologies<br />Microsoft<br />
    2. 2. Agenda<br />Qu’est-ce que la sécurisation des données<br />Microsoft ForeFrontUnified Access Gateway<br />Publication d’un portail à l’aide de ForeFrontUnified Access Gateway 2010<br />Mise en œuvre de la publication<br />Configuration de SharePoint<br />
    3. 3. Qu´est-ce que la sécurisation des données<br />La sécurité, un problème complexe<br />Accès physique<br />Accès aux données<br />Multiplicité des moyens d´accès<br />Nécessite des moyens matériels et humains<br />Logiciels dédiés (AV, firewall…)<br />Mises à jour logicielles<br />Formations, sensibilisations<br />Procédures…<br />
    4. 4. Sécurité dans le contexte Sharepoint<br />Sharepoint=collaboration<br />Collaboration=données (documents,…)<br />Documents avec différentes $$/€€<br />Exemple : document fusion/acquisiton, recherche, etc<br />Méthodologie<br />Identifier les données et les valeurs : risque<br />Analyse de ce risque : contremesures<br />Implémenter les solutions/process pour y faire face<br />
    5. 5. Data Center / Corporate Network<br />SharePoint<br />Exchange<br />CRM, IIS based<br />IBM, SAP, Oracle<br />Mobile<br />HTTPS / HTTP<br />Home / Friend <br />/ Kiosk<br />Layer3 VPN<br />Terminal / Remote Desktop Services<br />HTTPS (443)<br />Internet<br />DirectAccess<br />Non web<br />Business Partners /<br />Sub-Contractors<br />AD, ADFS, <br />RADIUS, LDAP….<br />NPS, ILM<br />Employees Managed Machines<br />Sécurisation et portfolio Microsoft<br />
    6. 6. Accès distants, UAG &MOSS<br />Passerelle officielle pour MOSS (quid TMG?)<br />Supporte 100% des scénarios<br />SSO : Web, NTLM/KERB, ADFS, KCD<br />Intégration office<br />Politiques de sécurité : application et fonctions<br />Traçabilité : réseau, et niveau « utilisateur »<br />Sécurité poste de travail (attachmentwiper, …)<br />Scénarios externes (mobilité) et internes (SSO)<br />Supporte nombreux systèmes authentification forte<br />
    7. 7. Authentification <br />
    8. 8. Portail<br />
    9. 9. Payroll & HR<br />Fournit aux employés, partenairesetclients,un accès par politiques de sécurité, aux données et applications depuisposte managéounon managé<br />Kiosk<br />Field Consultant <br />Partner Desktop<br />Logistics<br />Partner<br />Corporate<br />Laptop<br />Project Manager<br />Employee<br />Unmanaged Home PC<br />Project Manager<br />Employee<br />Microsoft Unified Access Gateway<br />
    10. 10. b<br />UAG<br />Who can see this data?<br />What are attempting?<br />What can <br />you Access?<br />Who are You?<br />Where are you coming from?<br />Protected<br />Hosts<br />Information Security<br />Application Security<br />Remote User<br />Authorization<br />Authentication<br />End Point Check<br />
    11. 11. Authentication and SingleSignOn<br />Strong Authentication<br />Single Sign On<br />
    12. 12. Configuration AAM<br />Assistant de publication dans UAG; aussi simple que la publication ISA/TMG<br />MAIS… configuration des AAM nécessaires<br />
    13. 13. Assistant de publication pour MOSSPublication à travers UAG<br />Publication d’un serveur<br />ou d’une ferme de serveur<br />Définition des autorisations<br />d‘accès à l’application dans<br />le portail UAG<br />Paramétrage des URL’s<br />d‘accès (interne/publique)<br />Sélection de la version de<br />SharePoint à publier<br />Configuration de la publication<br />dans le portail UAG<br />Définition du fournisseur<br />d‘authentification<br />Nommer l’application<br />Définition des politiques d’accès<br />
    14. 14. Assistant de publication pour MOSSParamétrage des AAM<br />Ajouter une URL interne<br />Associer l’URL à la zone correspondant à l’URL public<br />Sélection de la version de<br />SharePoint à publier<br />
    15. 15. Demo<br />Publication de SharePoint avec UAG<br />
    16. 16. Ressources additionnelles<br />ForeFront Security For SharePoint Virtual Lab:<br />Publication de SharePoint avec UAG:<br />WebcastTechdays 2010:<br />Démonstation/ labs en ligne:<br />Démonstration ForeFront Protection for SharePoint:<br />Démonstration authentification forte avec UAG:<br />
    17. 17. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />