Your SlideShare is downloading. ×
Planning and Configuring Extranets in SharePoint 2010
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Planning and Configuring Extranets in SharePoint 2010

1,111
views

Published on

Session deck from SharePoint Saturday Austin

Session deck from SharePoint Saturday Austin

Published in: Technology

1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
1,111
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
1
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Typically consists of authenticated access (sometimes the user is known to your organization).Stronger security than internet site > no anonymous access?Less security than an intranet site > allowing access from the outside
  • AdvantagesThis is the simplest solution that requires the least amount of hardware and configuration.The entire server farm is located within the corporate network.There is a single point of data:Data is located within the trusted network.Data maintenance occurs in one place. A single farm is used for both internal and external requests; this ensures that all authorized users view the same content.Internal user requests are not passed through a proxy server.UAG pre-authenticates users.DisadvantageThis configuration results in a single firewall that separates the corporate internal network from the Internet.
  • AdvantagesContent is isolated to a single farm on the extranet, simplifying sharing and maintenance of content across the intranet and the extranet.External user access is isolated to the perimeter network.If the extranet is compromised, damage is potentially limited to the affected layer or to the perimeter network.DisadvantageThe back-to-back perimeter topology requires additional network infrastructure and configuration.
  • AdvantagesServices are centrally managed inside the corporate network.Service applications that involve many contributors, such as Managed Metadata, are located where the contributor accounts are located. Special access is not required for the perimeter network.DisadvantagesSome service applications require two-way trust between domains, for example, User Profile and Secure Store Service.Note: Microsoft Project Server 2010 does not support cross-farm services.If you refer to the references of this session, the supported extranet topologies also include another layout with respect to publishingCross-farm services may be used to publish internal services out to an extranet, such as MMS, Secure store, etc.
  • Give access to remote employees, partners, communities
  • Transcript

    • 1. Thinking SharePoint? Think Jornata. Planning and ConfiguringExtranets in SharePoint 2010 Prepared for Prepared by Geoff Varosky Jornata Jornata 61-63 Chatham Street Fourth Floor Boston, MA 02109 Submitted on January 21, 2012
    • 2. Thank you for being a part of the first SharePoint Saturday Austin• Please turn off all electronic devices or set them to vibrate.• If you must take a phone call, please do so in the hall so as not to disturb others.• Open wireless access is available with no password• Feel free to “tweet and blog” during the session• Thanks to our Title Sponsors:
    • 3. About Me• Geoff Varosky – Jornata • Director, Development & Evangelism • Blogger, Speaker • BASPUG Co-Founder • SPS Boston Co-Organizer – Blog : www.sharepointyankee.com – Email: geoff.varosky@jornata.com – Twitter: @gvaro – LinkedIn & Facebook email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 3 Thinking SharePoint? Think Jornata.
    • 4. Thanks to Our Sonsors!
    • 5. Agenda• Thinking – What is an extranet? – Requirements – Authentication Mechanisms – SharePoint 2010• Doing – Configuration – User and Role Management email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 5 Thinking SharePoint? Think Jornata.
    • 6. What is an extranet? email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 6 Thinking SharePoint? Think Jornata.
    • 7. What is an extranet? email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 7 Thinking SharePoint? Think Jornata.
    • 8. What is an extranet?Controlled access from external networks email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 8 Thinking SharePoint? Think Jornata.
    • 9. What is an extranet?Controlled access from EXTeRnAl NETworks email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 9 Thinking SharePoint? Think Jornata.
    • 10. Simple Extranet Example email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 10 Thinking SharePoint? Think Jornata.
    • 11. Edge Firewall Corporate network a/k/a where you accessInternets Perimeter network Facebook from every morningExternal Firewall/UAG Server Farm Internal Users Users email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 11 Thinking SharePoint? Think Jornata.
    • 12. Back to Back Perimeter Internets Perimeter network Corporate networkExternal Firewall Router A Router B Firewall Internal Users /UAG /UAG Users LAYER 1 LAYER 2 LAYER 3 Web Servers APP & SQL DNS, Active Directory, Servers LOB Systems email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 12 Thinking SharePoint? Think Jornata.
    • 13. Back to Back Perimeter with Cross-Cross Farm Services Internets Perimeter network Corporate networkExternal Firewall Firewall Internal Users /UAG /UAG Users CONSUMING FARM SERVICES FARM email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 13 Thinking SharePoint? Think Jornata.
    • 14. Split Back-to-Back Corporate network Internets Perimeter network YAY! FACEBOOKS! LOLS!External Firewall Firewall Internal Users /UAG /UAG Users Web Servers, SQL Servers, Application Servers, Application Servers, DNS, Active DNS, Active Directory Directory email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 14 Thinking SharePoint? Think Jornata.
    • 15. Requirements• What do you REALLY need? – Who needs access? – How sensitive is the data? – How sensitive is your network? – Budget? email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 15 Thinking SharePoint? Think Jornata.
    • 16. Requirementsemail: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 16Thinking SharePoint? Think Jornata.
    • 17. Requirements• Who needs access? – Internal employees only • Active Directory – Internal employees and external users • Active Directory – Additional domain with restricted access • Active Directory & Forms Based Authentication – Claims Authentication – External • Clients, partners, consultants – Active Directory – Forms Based Authentication – Separate or together? – Hosting – Mobile Clients email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 17 Thinking SharePoint? Think Jornata.
    • 18. Remember this… You are giving a key to access your company’s data in some form or another.email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 18Thinking SharePoint? Think Jornata.
    • 19. Requirements• How sensitive is the data & internal network? – Network & SharePoint • DMZ • Separate web application • Separate farm • Multiple Farms – Cross-farm services, publishing email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 19 Thinking SharePoint? Think Jornata.
    • 20. Requirements• How sensitive is the data & internal network? – Security • Secure Certificates (SSL) • Encryption • Firewall – Both hardware and software? – Content Filtering – ACLs • Virtual Private Network • Anti-Virus and Anti-Malware • Client-based certificates • One-time passwords (RSA tokens) • Phone verification • Biometrics – Retina, fingerprint, facial structure, hair and blood samples email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 20 Thinking SharePoint? Think Jornata.
    • 21. SharePoint 2010 email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 21 Thinking SharePoint? Think Jornata.
    • 22. SharePoint 2010• Versions? – Foundation up to Enterprise Server 2010 • Claims Based Authentication – Forms Based Authentication – Office 365? – Configuration (and our Demo) • Create ASP.NET Membership Database • Configure SharePoint • Configure IIS • Create and Manage Users email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 22 Thinking SharePoint? Think Jornata.
    • 23. DEMO!email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 23Thinking SharePoint? Think Jornata.
    • 24. Managing Users• IIS – Must change default role manager and membership providers each time = DOWNTIME. – Separate IIS Virtual Web Application• BCS – Great way to manage users (passwords, emails, etc.) – No ability to create users without another layer of logic• Codeplex – SharePoint 2010 FBA Pack • http://sharepoint2010fba.codeplex.com• 3rd Party… – DevIt.EU • http://www.devit.eu/ email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 24 Thinking SharePoint? Think Jornata.
    • 25. Remember this too…• Test the configuration• Review security regularly email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 25 Thinking SharePoint? Think Jornata.
    • 26. Resources• My blog series – Part 1 : http://go.gvaro.net/ExtranetsP1 – Part 2 : http://go.gvaro.net/ExtranetsP2 – Part 3 : http://go.gvaro.net/ExtranetsP3• My Virtual Environment via CloudShare – SharePoint 2010 Information Worker image – Configured just about the same as we did here – On the desktop • Links to my information • Link to Extranet • 14 Day Trial • Use promo code GEOFF to get first month for $29! • http://go.gvaro.net/ExtranetsVM3 email: gvarosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 26 Thinking SharePoint? Think Jornata.
    • 27. Resources• Phone Factor – Phone Verification – http://www.phonefactor.com• Plan Security Hardening (TechNet) – http://go.gvaro.net/uSyY1Z• SharePoint 2007 & 2010 Farm Ports (Firewall Config) – http://go.gvaro.net/uWQZzU• SharePoint Ports, Proxies, and Protocols (Firewall Config) – http://go.gvaro.net/tblxCn• Harden SQL Server for SharePoint – http://go.gvaro.net/viVQuN email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 27 Thinking SharePoint? Think Jornata.
    • 28. Resources• Visual FBA configuration by Donal Conlon – http://go.gvaro.net/oPnAYx• Extranet tested topologies for SP 2010 Model – http://go.gvaro.net/SP2010ExtTopMod• ASP.NET 2.0 Membership Database Reference – Create, Add Users, etc. – http://go.gvaro.net/AN2Mbr• FBA Configuration in SharePoint 2010 – LDAP: http://go.gvaro.net/FBALDAP – ASP.NET Membership DB: http://go.gvaro.net/FBAANMDB email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 28 Thinking SharePoint? Think Jornata.
    • 29. Resources• PeoplePicker Wildcard Search – http://go.gvaro.net/FBAWildCard• Helpful Resources for Troubleshooting Membership Providers – http://go.gvaro.net/TSMemProv• “Sign me in automatically” in FBA – http://go.gvaro.net/pAkDQP• Configuring SSL in a Development Environment – http://go.gvaro.net/uOTTlJ email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 29 Thinking SharePoint? Think Jornata.
    • 30. email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 30Thinking SharePoint? Think Jornata.
    • 31. • Meets 2nd Wednesday/Month• 6P – 8PM• Microsoft Waltham & Cambridge• http://www.bostonsharepointug.org• Twitter: @BASPUG / #BASPUG email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 31 Thinking SharePoint? Think Jornata.
    • 32. Q&Aemail: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 32Thinking SharePoint? Think Jornata.
    • 33. About Me• Geoff Varosky – Jornata • Director, Development & Evangelism • Blogger, Speaker • BASPUG Co-Founder • SPS Boston Co-Organizer – Blog : www.sharepointyankee.com – Email: geoff.varosky@jornata.com – Twitter: @gvaro – LinkedIn & Facebook email: geoff.varosky@jornata.com | web: www.jornata.com | blog: www.sharepointyankee.com | twitter: @gvaro 33 Thinking SharePoint? Think Jornata.

    ×