Successfully reported this slideshow.

Planning and Configuring Extranets in SharePoint 2010

1,238 views

Published on

Published in: Technology
  • Be the first to comment

Planning and Configuring Extranets in SharePoint 2010

  1. 1. Thinking SharePoint? Think Jornata. Planning and ConfiguringExtranets in SharePoint 2010 Geoff Varosky Prepared for Architect, Director of Evangelism Prepared by Jornata gvarosky@jornata.com Jornata 61-63 Chatham Street Follow me on Twitter @gvaro Fourth Floor Boston, MA 02109 Submitted on May 1, 2012
  2. 2. About Me• Geoff Varosky – Jornata • Architect, Director of Evangelism • BASPUG Co-Founder • SPS Boston Co-Organizer – Blog : www.sharepointyankee.com – Email: gvarosky@jornata.com – Twitter: @gvaro – LinkedIn & Facebook Thinking SharePoint? Think Jornata.
  3. 3. About Jornata• Boston based• SharePoint focused• MVP, MCM, and MCA on staff• SharePoint, Office 365• Hundreds of successful projects• Microsoft’s go-to partner• Community focused• We’re hiring! Thinking SharePoint? Think Jornata.
  4. 4. Agenda• Thinking – What is an Extranet? – Design • Topology • Authentication Mechanism • User Identity Storage Location – Evaluating Your Requirements – SharePoint 2010 Considerations• Doing – Configuration – User and Role Management 4 Thinking SharePoint? Think Jornata.
  5. 5. What is an extranet? 5 Thinking SharePoint? Think Jornata.
  6. 6. What is an extranet? 6 Thinking SharePoint? Think Jornata.
  7. 7. What is an extranet?Controlled access from external networks 7 Thinking SharePoint? Think Jornata.
  8. 8. What is an extranet?Controlled access from EXTeRnAl NETworks 8 Thinking SharePoint? Think Jornata.
  9. 9. Design 9Thinking SharePoint? Think Jornata.
  10. 10. Primary Design Considerations• Topology• Authentication Method• User Identity Storage Location 10 Thinking SharePoint? Think Jornata.
  11. 11. Topology 11Thinking SharePoint? Think Jornata.
  12. 12. Very Simple Extranet Example 12 Thinking SharePoint? Think Jornata.
  13. 13. Edge Firewall Corporate network a/k/a where you accessInternets Perimeter network Facebook from every morningExternal Firewall/UAG Server Farm Internal Users Users 13 Thinking SharePoint? Think Jornata.
  14. 14. Back to Back Perimeter Internets Perimeter network Corporate networkExternal Firewall Router A Router B Firewall Internal Users /UAG /UAG Users LAYER 1 LAYER 2 LAYER 3 Web Servers APP & SQL DNS, Active Directory, Servers LOB Systems 14 Thinking SharePoint? Think Jornata.
  15. 15. Back to Back Perimeter with Cross-Cross Farm Services Internets Perimeter network Corporate networkExternal Firewall Firewall Internal Users /UAG /UAG Users CONSUMING FARM SERVICES FARM 15 Thinking SharePoint? Think Jornata.
  16. 16. Split Back-to-Back Corporate network Internets Perimeter network YAY! FACEBOOKS! LOLS!External Firewall Firewall Internal Users /UAG /UAG Users Web Servers, SQL Servers, Application Servers, Application Servers, DNS, Active DNS, Active Directory Directory 16 Thinking SharePoint? Think Jornata.
  17. 17. Authentication 17Thinking SharePoint? Think Jornata.
  18. 18. Authentication Methods• Windows – NTLM – Kerberos – Basic• Forms-Based Authentication (FBA)* – *Claims needs to be enabled for FBA• Claims-Based Authentication – SAML tokens 18 Thinking SharePoint? Think Jornata.
  19. 19. User Identity Storage 19 Thinking SharePoint? Think Jornata.
  20. 20. User Identity Storage• Active Directory• LDAP• SQL Server• Other 20 Thinking SharePoint? Think Jornata.
  21. 21. Your Requirements 21Thinking SharePoint? Think Jornata.
  22. 22. Evaluating Your Requirements• What do you REALLY need? – Who needs access? – How sensitive is the data? – How sensitive is your network? – Budget?** 22 Thinking SharePoint? Think Jornata.
  23. 23. **Budget 23Thinking SharePoint? Think Jornata.
  24. 24. Plan Your Requirements• Who needs access? – Internal employees only • Active Directory – Internal employees and external users • Active Directory – Additional domain with restricted access • Active Directory & Forms Based Authentication – Claims Authentication – External only (rare) • Clients, partners, consultants – Active Directory or LDAP or SQL? – Forms Based Authentication or Windows auth? – Separate or together? – Hosting – Mobile Clients 24 Thinking SharePoint? Think Jornata.
  25. 25. Remember this… You are giving a key to access your company’s data in some form or another. 25Thinking SharePoint? Think Jornata.
  26. 26. Requirements• How sensitive is the data & internal network? – Network & SharePoint • DMZ • Same farm, separate web application • Separate farm • Multiple Farms – Cross-farm services, publishing 26 Thinking SharePoint? Think Jornata.
  27. 27. Requirements• How sensitive is the data & internal network? – Security • Secure Certificates (SSL) • Encryption • Firewall – Both hardware and software? – Content Filtering – ACLs • Virtual Private Network • Anti-Virus and Anti-Malware • Client-based certificates • One-time passwords (RSA tokens) • Phone verification • Biometrics – Retina, fingerprint, facial structure, hair and blood samples Thinking SharePoint? Think Jornata. 27
  28. 28. SharePoint 2010 28 Thinking SharePoint? Think Jornata.
  29. 29. SharePoint 2010• Supported version? – All Versions: Foundation up through Enterprise Server 2010 – Office 365 • Can be used as an extranet (since that’s basically what it is!) 29 Thinking SharePoint? Think Jornata.
  30. 30. DEMO!Assumptions: Any Topology; Multi-mode (Windows & FBAAuth); SQL Users:1. Create ASP.NET Membership Database2. Configure SharePoint3. Configure IIS4. Create and Manage Users 30 Thinking SharePoint? Think Jornata.
  31. 31. Managing Users• IIS – Must change default role manager and membership providers each time = DOWNTIME. – Separate IIS Virtual Web Application• BCS – Great way to manage users (passwords, emails, etc.) – No ability to create users without another layer of logic• Codeplex – SharePoint 2010 FBA Pack • http://sharepoint2010fba.codeplex.com• 3rd Party… 31 Thinking SharePoint? Think Jornata.
  32. 32. Remember this too…• Test the configuration• Review security regularly 32 Thinking SharePoint? Think Jornata.
  33. 33. Resources• My blog series – Part 1 : http://go.gvaro.net/ExtranetsP1 – Part 2 : http://go.gvaro.net/ExtranetsP2 – Part 3 : http://go.gvaro.net/ExtranetsP3 33 Thinking SharePoint? Think Jornata.
  34. 34. Resources• Phone Factor – Phone Verification – http://www.phonefactor.com• Plan Security Hardening (TechNet) – http://go.gvaro.net/uSyY1Z• SharePoint 2007 & 2010 Farm Ports (Firewall Config) – http://go.gvaro.net/uWQZzU• SharePoint Ports, Proxies, and Protocols (Firewall Config) – http://go.gvaro.net/tblxCn• Harden SQL Server for SharePoint – http://go.gvaro.net/viVQuN 34 Thinking SharePoint? Think Jornata.
  35. 35. Resources• Visual FBA configuration by Donal Conlon – http://go.gvaro.net/oPnAYx• Extranet tested topologies for SP 2010 Model – http://go.gvaro.net/SP2010ExtTopMod• ASP.NET 2.0 Membership Database Reference – Create, Add Users, etc. – http://go.gvaro.net/AN2Mbr• FBA Configuration in SharePoint 2010 – LDAP: http://go.gvaro.net/FBALDAP – ASP.NET Membership DB: http://go.gvaro.net/FBAANMDB 35 Thinking SharePoint? Think Jornata.
  36. 36. Resources• PeoplePicker Wildcard Search – http://go.gvaro.net/FBAWildCard• Helpful Resources for Troubleshooting Membership Providers – http://go.gvaro.net/TSMemProv• “Sign me in automatically” in FBA – http://go.gvaro.net/pAkDQP• Configuring SSL in a Development Environment – http://go.gvaro.net/uOTTlJ 36 Thinking SharePoint? Think Jornata.
  37. 37. Summary• Plan Your Design – Topology • Same Farm? Dedicated Farm? Back-to-Back? Etc… – Authentication Mechanism – User Identity Storage Location• Evaluate Your Requirements – Map to Technology• Do – Test! – Easy Configuration – User and Role Management 37 Thinking SharePoint? Think Jornata.
  38. 38. Q&A 39Thinking SharePoint? Think Jornata.
  39. 39. • Meets 2nd Wednesday/Month• 6P – 8PM• Microsoft N.E.R.D. Center• http://www.bostonsharepointug.org• Twitter: @BASPUG / #BASPUG Thinking SharePoint? Think Jornata.
  40. 40. About Me• Geoff Varosky – Jornata • Architect, Director of Evangelism • BASPUG Co-Founder • SPS Boston Co-Organizer – Blog : www.sharepointyankee.com – Email: gvarosky@jornata.com – Twitter: @gvaro – LinkedIn & Facebook Thinking SharePoint? Think Jornata.

×