Your SlideShare is downloading. ×
  • Like
  • Save
Publication de SharePoint
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Publication de SharePoint

  • 1,755 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,755
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • UAG provides services to four types of audiences (from bottom up):Employees that are roamed with their laptops and need access. There are few reasons why they need UAG and not traditional VPN:Behind firewall most IPSec VPNs doesn’t work because they are UDP.Having the portal as one entry point for all corporate resources.No need to install and configure VPN client.Strong authentication (see next slides)Business partners / sub-contractors: today companies either provide them full VPN access which is almost irresponsible thing to do or just collaborate with them over e-mail. See the study in the end-point health slides for example about the risk of open the network for partners. Hostile environments like home PC, friends PC, Kiosk. “In any home where there is a teenager, the home PC is hostile environment….”Mobile devices – they are always outside the network.UAG Supports three types of applications delivery:Web / HTTP based where it acts as a reverse proxy. Among the tens of applications that are supported are:Exchange: Outlook Web Access, Outlook Anywhere (RPCoHTTP) and Exchange ActiveSync.SharePoint (all versions including 2007)Microsoft Dynamics CRM (3.0 and 4.0)Non-Microsoft applications such as IBM Lotus, IBM Domino, SAP portals, Oracle PeopleSoft, etcFor full list of applications that are supported today with IAG 2007 look here: http://technet.microsoft.com/en-us/library/cc303258.aspxTerminal Services applications that are served via Terminal Services Gateway that is embedded within UAG. UAG supports RemoteApp and RemoteDesktopNon-Web/HTTP applications by providing ad-hoc tunneling.
  • UAG and defense in depth
  • STRONG AUTHENTICATION is a must, but very expensive (a token is around 100 Euros).Lot of companies working in this space invested in UAG.. Some of them have very strong/smart approach, and propose very affortable costs.2 examples : GridSure (use your brain + grid) and Tag Attitude (use phone)
  • http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=497

Transcript

  • 1. Publication de SharePoint à l’aide de ForeFront UAG
    Benoit HAMET
    Senior Support Engineer – SharePoint Technologies
    Microsoft
  • 2. Agenda
    Qu’est-ce que la sécurisation des données
    Microsoft ForeFrontUnified Access Gateway
    Publication d’un portail à l’aide de ForeFrontUnified Access Gateway 2010
    Mise en œuvre de la publication
    Configuration de SharePoint
  • 3. Qu´est-ce que la sécurisation des données
    La sécurité, un problème complexe
    Accès physique
    Accès aux données
    Multiplicité des moyens d´accès
    Nécessite des moyens matériels et humains
    Logiciels dédiés (AV, firewall…)
    Mises à jour logicielles
    Formations, sensibilisations
    Procédures…
  • 4. Sécurité dans le contexte Sharepoint
    Sharepoint=collaboration
    Collaboration=données (documents,…)
    Documents avec différentes $$/€€
    Exemple : document fusion/acquisiton, recherche, etc
    Méthodologie
    Identifier les données et les valeurs : risque
    Analyse de ce risque : contremesures
    Implémenter les solutions/process pour y faire face
  • 5. Data Center / Corporate Network
    SharePoint
    Exchange
    CRM, IIS based
    IBM, SAP, Oracle
    Mobile
    HTTPS / HTTP
    Home / Friend
    / Kiosk
    Layer3 VPN
    Terminal / Remote Desktop Services
    HTTPS (443)
    Internet
    DirectAccess
    Non web
    Business Partners /
    Sub-Contractors
    AD, ADFS,
    RADIUS, LDAP….
    NPS, ILM
    Employees Managed Machines
    Sécurisation et portfolio Microsoft
  • 6. Accès distants, UAG &MOSS
    Passerelle officielle pour MOSS (quid TMG?)
    Supporte 100% des scénarios
    SSO : Web, NTLM/KERB, ADFS, KCD
    Intégration office
    Politiques de sécurité : application et fonctions
    Traçabilité : réseau, et niveau « utilisateur »
    Sécurité poste de travail (attachmentwiper, …)
    Scénarios externes (mobilité) et internes (SSO)
    Supporte nombreux systèmes authentification forte
  • 7. Authentification
  • 8. Portail
  • 9. Payroll & HR
    Fournit aux employés, partenairesetclients,un accès par politiques de sécurité, aux données et applications depuisposte managéounon managé
    Kiosk
    Field Consultant
    Partner Desktop
    Logistics
    Partner
    Corporate
    Laptop
    Project Manager
    Employee
    Unmanaged Home PC
    Project Manager
    Employee
    Microsoft Unified Access Gateway
  • 10. b
    UAG
    Who can see this data?
    What are attempting?
    What can
    you Access?
    Who are You?
    Where are you coming from?
    Protected
    Hosts
    Information Security
    Application Security
    Remote User
    Authorization
    Authentication
    End Point Check
  • 11. Authentication and SingleSignOn
    Strong Authentication
    Single Sign On
  • 12. Configuration AAM
    Assistant de publication dans UAG; aussi simple que la publication ISA/TMG
    MAIS… configuration des AAM nécessaires
  • 13. Assistant de publication pour MOSSPublication à travers UAG
    Publication d’un serveur
    ou d’une ferme de serveur
    Définition des autorisations
    d‘accès à l’application dans
    le portail UAG
    Paramétrage des URL’s
    d‘accès (interne/publique)
    Sélection de la version de
    SharePoint à publier
    Configuration de la publication
    dans le portail UAG
    Définition du fournisseur
    d‘authentification
    Nommer l’application
    Définition des politiques d’accès
  • 14. Assistant de publication pour MOSSParamétrage des AAM
    Ajouter une URL interne
    Associer l’URL à la zone correspondant à l’URL public
    Sélection de la version de
    SharePoint à publier
  • 15. Demo
    Publication de SharePoint avec UAG
  • 16. Ressources additionnelles
    ForeFront Security For SharePoint Virtual Lab: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032329673&EventCategory=3&culture=en-US&CountryCode=US
    Publication de SharePoint avec UAG: http://blog.hametbenoit.info/sites/archives/Lists/Posts/Post.aspx?ID=497
    WebcastTechdays 2010: http://www.microsoft.com/france/vision/mstechdays10/Webcast.aspx?EID=7edf01c4-db8b-4c2c-91ff-bf0c10617335
    Démonstation/ labs en ligne: http://mssalesdemos.com/
    Démonstration ForeFront Protection for SharePoint:http://www.microsoft.com/forefront/serversecurity/sharepoint/en/us/demo.aspx
    Démonstration authentification forte avec UAG:http://vsa.tagattitude.fr/iag/login.aspx http://gridsure.uagdev.skynetrix.com
  • 17. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
    The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.