• Save
Planning and Configuring Extranets in SharePoint 2010
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Planning and Configuring Extranets in SharePoint 2010

  • 660 views
Uploaded on

From SPTechCon Boston 2012

From SPTechCon Boston 2012

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
660
On Slideshare
602
From Embeds
58
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 58

http://estarktechnologies.wordpress.com 58

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Planning and ConfiguringExtranets in SharePoint 2010
  • 2.  Geoff Varosky  Jornata  Architect, Director of Evangelism  Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Blog – www.SharePointYankee.com  Email – gvarosky@jornata.com  Twitter – @gvaro  LinkedIn & Facebook  Visit Jornata Booth #601
  • 3.  Thinking  What is an Extranet?  Design  Topology  Authentication Mechanism  User Identity Storage Location  Evaluating Your Requirements  SharePoint 2010 Considerations Doing  Configuration  User and Role Management
  • 4. Controlled access from external networks
  • 5. Controlled access from EXTeRnAl NETworks
  • 6.  Topology Authentication Methods User Identity Storage Location
  • 7. Corporate network a/k/a where you accessInternets Perimeter network Facebook from every morningExternal Firewall/UAG Server Farm Users
  • 8. Internets Perimeter network Corporate network Firewall Router A Router B Firewall /UAG /UAG LAYER 1 LAYER 2 LAYER 3 Web Servers APP & SQL DNS, Active Directory, Servers LOB Systems
  • 9. Internets Perimeter network Corporate networkExternal Firewall Firewall Users /UAG /UAG CONSUMING SERVICES FARM FARM
  • 10. Corporate network Internets Perimeter network YAY! FACEBOOKS! LOLS!External Firewall Firewall Users /UAG /UAG Web Servers, SQL Servers, Application Application Servers, Servers, DNS, Active DNS, Active Directory Directory
  • 11.  Windows  NTLM  Kerberos  Basic Forms Based Authentication (FBA)*  *Claims needs to be enabled for FBA Claims Based Authentication  SAML tokens
  • 12.  Active Directory LDAP SQL Server Other  Facebooks  Twitters
  • 13.  What do you really need?  Who needs access?  How sensitive is the data?  How sensitive is the network?  Budget?**
  • 14.  Who needs access?  Internal employees only  Active Directory  Internal employees and external users  Active Directory  Additional domain with restricted access  Active Directory & Forms Based Authentication  Claims Authentication  External only (rare)  Clients, partners, consultants  Active Directory or LDAP or SQL?  Forms Based Authentication or Windows auth?  Separate or together?  Hosting  Mobile Clients
  • 15.  How sensitive is the data & internal network?  Network & SharePoint  Separate site?  Separate site collection?  Separate web application?  Multiple farms with cross-farm services & publishing?  Separate farm?  DMZ?
  • 16.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  • 17.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  • 18.  Budget**
  • 19.  REMEMBER THIS… You are giving a key to access your company’s data in some form or another.
  • 20.  Supported versions  All – Foundation up through Enterprise  Office 365  Can be used as an extranet (since that is basically what it is!)
  • 21.  Assumptions  Any Topology  Multi-Mode (Windows & FBA Authentication)  SQL User Database1. Create ASP.NET Membership Database2. Configure SharePoint3. Configure IIS4. Create and Manage Users
  • 22.  IIS  Using your SharePoint Site = BAD  Must first change default role manager, and then membership provider each time from claims to your SQL providers  No one can log into SharePoint during this time  And then change them back when done  Each change recycles the application pool.  Create a separate IIS Virtual Web Application and Manage from there BCS  Great way to search for and manage users (passwords, email, etc.)  No way to create users without additional logic
  • 23.  CodePlex (www.codeplex.com)  SharePoint 2010 FBA Pack  http://sharepoint2010fba.codeplex.com Third Party Solutions
  • 24.  Test your configuration Review security regularly Be wary of cats
  • 25.  My Blog Series  Part 1 : http://go.gvaro.net/ExtranetsP1  Part 2 : http://go.gvaro.net/ExtranetsP2  Part 3 : http://go.gvaro.net/ExtranetsP3 Phone Factor – Phone Verification  http://www.phonefactor.com Plan Security Hardening (TechNet)  http://go.gvaro.net/uSyY1Z SharePoint 2007 & 2010 Farm Ports (Firewall Config)  http://go.gvaro.net/uWQZzU Disabling SSL v2.0, PCT 1.0 +more in IIS7  http://go.gvaro.net/N5GgEa
  • 26.  SharePoint Ports, Proxies, and Protocols (Firewall Config)  http://go.gvaro.net/tblxCn Harden SQL Server for SharePoint  http://go.gvaro.net/viVQuN Visual FBA configuration by Donal Conlon  http://go.gvaro.net/oPnAYx Extranet tested topologies for SP 2010 Model  http://go.gvaro.net/SP2010ExtTopMod ASP.NET 2.0 Membership Database Reference  Create, Add Users, etc. http://go.gvaro.net/AN2Mbr
  • 27.  FBA Configuration in SharePoint 2010  LDAP: http://go.gvaro.net/FBALDAP ASP.NET Membership DB  http://go.gvaro.net/FBAANMDB PeoplePicker Wildcard Search  http://go.gvaro.net/FBAWildCard Helpful Resources for Troubleshooting Membership Providers  http://go.gvaro.net/TSMemProv “Sign me in automatically” in FBA  http://go.gvaro.net/pAkDQP Configuring SSL in a Development Environment  http://go.gvaro.net/uOTTlJ
  • 28.  Meets 2nd Wednesday/month 6-8PM Microsoft N.E.R.D. (Cambridge) BostonSharePointUG.org Twitter: @BASPUG / #BASPUG MEETING TONIGHT HERE! 7P-9P  Staffordshire room  Ask the experts panel!
  • 29.  Geoff Varosky  Jornata  Architect, Director of Evangelism  Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Blog – www.SharePointYankee.com  Email – gvarosky@jornata.com  Twitter – @gvaro  LinkedIn & Facebook  Visit Jornata Booth #601