Planning and Configuring Extranets in SharePoint 2010

5,024 views
4,975 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,024
On SlideShare
0
From Embeds
0
Number of Embeds
3,985
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Planning and Configuring Extranets in SharePoint 2010

  1. 1. Thinking SharePoint? Think Jornata. Planning and ConfiguringExtranets in SharePoint 2010 Geoff Varosky Director, Development & Evangelism Prepared for Prepared by Jornata gvarosky@jornata.com Jornata 61-63 Chatham Street Follow me on Twitter @gvaro Fourth Floor Boston, MA 02109 Submitted on April 25, 2012
  2. 2. About Me• Geoff Varosky – Jornata • Director, Development & Evangelism • BASPUG Co-Founder • SPS Boston Co-Organizer – Blog : www.sharepointyankee.com – Email: gvarosky@jornata.com – Twitter: @gvaro – LinkedIn & Facebook Thinking SharePoint? Think Jornata.
  3. 3. Agenda• Thinking – What is an Extranet? – Design • Topology • Authentication Mechanism • User Identity Storage Location – Evaluating Your Requirements – SharePoint 2010 Considerations• Doing – Configuration – User and Role Management 3 Thinking SharePoint? Think Jornata.
  4. 4. What is an extranet? 4 Thinking SharePoint? Think Jornata.
  5. 5. What is an extranet? 5 Thinking SharePoint? Think Jornata.
  6. 6. What is an extranet?Controlled access from external networks 6 Thinking SharePoint? Think Jornata.
  7. 7. What is an extranet?Controlled access from EXTeRnAl NETworks 7 Thinking SharePoint? Think Jornata.
  8. 8. Design 8Thinking SharePoint? Think Jornata.
  9. 9. Primary Design Considerations• Topology• Authentication Method• User Identity Storage Location 9 Thinking SharePoint? Think Jornata.
  10. 10. Topology 10Thinking SharePoint? Think Jornata.
  11. 11. Very Simple Extranet Example 11 Thinking SharePoint? Think Jornata.
  12. 12. Edge Firewall Corporate network a/k/a where you accessInternets Perimeter network Facebook from every morningExternal Firewall/UAG Server Farm Internal Users Users 12 Thinking SharePoint? Think Jornata.
  13. 13. Back to Back Perimeter Internets Perimeter network Corporate networkExternal Firewall Router A Router B Firewall Internal Users /UAG /UAG Users LAYER 1 LAYER 2 LAYER 3 Web Servers APP & SQL DNS, Active Directory, Servers LOB Systems 13 Thinking SharePoint? Think Jornata.
  14. 14. Back to Back Perimeter with Cross-Cross Farm Services Internets Perimeter network Corporate networkExternal Firewall Firewall Internal Users /UAG /UAG Users CONSUMING FARM SERVICES FARM 14 Thinking SharePoint? Think Jornata.
  15. 15. Split Back-to-Back Corporate network Internets Perimeter network YAY! FACEBOOKS! LOLS!External Firewall Firewall Internal Users /UAG /UAG Users Web Servers, SQL Servers, Application Servers, Application Servers, DNS, Active DNS, Active Directory Directory 15 Thinking SharePoint? Think Jornata.
  16. 16. Authentication 16Thinking SharePoint? Think Jornata.
  17. 17. Authentication Methods• Windows – NTLM – Kerberos – Basic• Forms-Based Authentication (FBA)* – *Claims needs to be enabled for FBA• Claims-Based Authentication – SAML tokens 17 Thinking SharePoint? Think Jornata.
  18. 18. User Identity Storage 18 Thinking SharePoint? Think Jornata.
  19. 19. User Identity Storage• Active Directory• LDAP• SQL Server• Other 19 Thinking SharePoint? Think Jornata.
  20. 20. Your Requirements 20Thinking SharePoint? Think Jornata.
  21. 21. Evaluating Your Requirements• What do you REALLY need? – Who needs access? – How sensitive is the data? – How sensitive is your network? – Budget?** 21 Thinking SharePoint? Think Jornata.
  22. 22. **Budget 22Thinking SharePoint? Think Jornata.
  23. 23. Plan Your Requirements• Who needs access? – Internal employees only • Active Directory – Internal employees and external users • Active Directory – Additional domain with restricted access • Active Directory & Forms Based Authentication – Claims Authentication – External only (rare) • Clients, partners, consultants – Active Directory or LDAP or SQL? – Forms Based Authentication or Windows auth? – Separate or together? – Hosting – Mobile Clients 23 Thinking SharePoint? Think Jornata.
  24. 24. Remember this… You are giving a key to access your company’s data in some form or another. 24Thinking SharePoint? Think Jornata.
  25. 25. Requirements• How sensitive is the data & internal network? – Network & SharePoint • DMZ • Same farm, separate web application • Separate farm • Multiple Farms – Cross-farm services, publishing 25 Thinking SharePoint? Think Jornata.
  26. 26. Requirements• How sensitive is the data & internal network? – Security • Secure Certificates (SSL) • Encryption • Firewall – Both hardware and software? – Content Filtering – ACLs • Virtual Private Network • Anti-Virus and Anti-Malware • Client-based certificates • One-time passwords (RSA tokens) • Phone verification • Biometrics – Retina, fingerprint, facial structure, hair and blood samples Thinking SharePoint? Think Jornata. 26
  27. 27. SharePoint 2010 27 Thinking SharePoint? Think Jornata.
  28. 28. SharePoint 2010• Supported version? – All Versions: Foundation up through Enterprise Server 2010 – Office 365 • Can be used as an extranet (since that’s basically what it is!) 28 Thinking SharePoint? Think Jornata.
  29. 29. DEMO!Assumptions: Any Topology; Multi-mode (Windows & FBAAuth); SQL Users:1. Create ASP.NET Membership Database2. Configure SharePoint3. Configure IIS4. Create and Manage Users 29 Thinking SharePoint? Think Jornata.
  30. 30. Managing Users• IIS – Must change default role manager and membership providers each time = DOWNTIME. – Separate IIS Virtual Web Application• BCS – Great way to manage users (passwords, emails, etc.) – No ability to create users without another layer of logic• Codeplex – SharePoint 2010 FBA Pack • http://sharepoint2010fba.codeplex.com• 3rd Party… 30 Thinking SharePoint? Think Jornata.
  31. 31. Remember this too…• Test the configuration• Review security regularly 31 Thinking SharePoint? Think Jornata.
  32. 32. Resources• My blog series – Part 1 : http://go.gvaro.net/ExtranetsP1 – Part 2 : http://go.gvaro.net/ExtranetsP2 – Part 3 : http://go.gvaro.net/ExtranetsP3 32 Thinking SharePoint? Think Jornata.
  33. 33. Resources• Phone Factor – Phone Verification – http://www.phonefactor.com• Plan Security Hardening (TechNet) – http://go.gvaro.net/uSyY1Z• SharePoint 2007 & 2010 Farm Ports (Firewall Config) – http://go.gvaro.net/uWQZzU• SharePoint Ports, Proxies, and Protocols (Firewall Config) – http://go.gvaro.net/tblxCn• Harden SQL Server for SharePoint – http://go.gvaro.net/viVQuN 33 Thinking SharePoint? Think Jornata.
  34. 34. Resources• Visual FBA configuration by Donal Conlon – http://go.gvaro.net/oPnAYx• Extranet tested topologies for SP 2010 Model – http://go.gvaro.net/SP2010ExtTopMod• ASP.NET 2.0 Membership Database Reference – Create, Add Users, etc. – http://go.gvaro.net/AN2Mbr• FBA Configuration in SharePoint 2010 – LDAP: http://go.gvaro.net/FBALDAP – ASP.NET Membership DB: http://go.gvaro.net/FBAANMDB 34 Thinking SharePoint? Think Jornata.
  35. 35. Resources• PeoplePicker Wildcard Search – http://go.gvaro.net/FBAWildCard• Helpful Resources for Troubleshooting Membership Providers – http://go.gvaro.net/TSMemProv• “Sign me in automatically” in FBA – http://go.gvaro.net/pAkDQP• Configuring SSL in a Development Environment – http://go.gvaro.net/uOTTlJ 35 Thinking SharePoint? Think Jornata.
  36. 36. Summary• Plan Your Design – Topology • Same Farm? Dedicated Farm? Back-to-Back? Etc… – Authentication Mechanism – User Identity Storage Location• Evaluate Your Requirements – Map to Technology• Do – Test! – Easy Configuration – User and Role Management 36 Thinking SharePoint? Think Jornata.
  37. 37. Q&A 38Thinking SharePoint? Think Jornata.
  38. 38. • Meets 2nd Wednesday/Month• 6P – 8PM• Microsoft N.E.R.D. Center• http://www.bostonsharepointug.org• Twitter: @BASPUG / #BASPUG Thinking SharePoint? Think Jornata.
  39. 39. • April 28th• Waltham, MA• http://biy.ly/SPSBos• Twitter: @SPSBoston / #SPSBos Thinking SharePoint? Think Jornata.
  40. 40. About Me• Geoff Varosky – Jornata • Director, Development & Evangelism • BASPUG Co-Founder • SPS Boston Co-Organizer – Blog : www.sharepointyankee.com – Email: gvarosky@jornata.com – Twitter: @gvaro – LinkedIn & Facebook Thinking SharePoint? Think Jornata.

×