Planning and ConfiguringExtranets in SharePoint 2010
 Geoff Varosky   Jornata      Architect, Director of Evangelism      Co-Founder Boston Area SharePoint Users Group    ...
 Thinking   What is an Extranet?   Design    Topology    Authentication Mechanism    User Identity Storage Location ...
Controlled access from  external networks
Controlled access from EXTeRnAl NETworks
 Topology Authentication Methods User Identity Storage Location
Corporate network                                     a/k/a where you accessInternets   Perimeter network         Facebook...
Internets                       Perimeter network                                        Corporate network            Fire...
Internets              Perimeter network          Corporate networkExternal      Firewall                       Firewall U...
Corporate network  Internets              Perimeter network                                                        YAY! FA...
 Windows   NTLM   Kerberos   Basic Forms Based Authentication (FBA)*   *Claims needs to be enabled for FBA Claims B...
   Active Directory   LDAP   SQL Server   Other     Facebooks     Twitters
 What do you really need?    Who needs access?    How sensitive is the data?    How sensitive is the network?    Budg...
 Who needs access?   Internal employees only     Active Directory   Internal employees and external users     Active ...
 How sensitive is the data & internal network?   Network & SharePoint     Separate site?     Separate site collection?...
 How sensitive is the data & internal network?   Security    Secure Certificates (SSL)    Encryption    Firewall     ...
 How sensitive is the data & internal network?   Security    Secure Certificates (SSL)    Encryption    Firewall     ...
 Budget**
 REMEMBER THIS…                   You are giving a key to                   access your company’s                    data...
 Supported versions  All – Foundation up through Enterprise  Office 365    Can be used as an extranet (since that is b...
 Assumptions      Any Topology      Multi-Mode (Windows & FBA Authentication)      SQL User Database1.    Create ASP.N...
 IIS   Using your SharePoint Site = BAD     Must first change default role manager, and then membership provider each t...
 CodePlex (www.codeplex.com)   SharePoint 2010 FBA Pack     http://sharepoint2010fba.codeplex.com Third Party Solutions
 Test your configuration Review security regularly Be wary of cats
 My Blog Series   Part 1 : http://go.gvaro.net/ExtranetsP1   Part 2 : http://go.gvaro.net/ExtranetsP2   Part 3 : http:...
 SharePoint Ports, Proxies, and Protocols (Firewall Config)   http://go.gvaro.net/tblxCn Harden SQL Server for SharePoi...
 FBA Configuration in SharePoint 2010   LDAP: http://go.gvaro.net/FBALDAP ASP.NET Membership DB   http://go.gvaro.net/...
   Meets 2nd Wednesday/month   6-8PM   Microsoft N.E.R.D. (Cambridge)   BostonSharePointUG.org   Twitter: @BASPUG / #...
 Geoff Varosky   Jornata      Architect, Director of Evangelism      Co-Founder Boston Area SharePoint Users Group    ...
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Planning and Configuring Extranets in SharePoint 2010
Upcoming SlideShare
Loading in …5
×

Planning and Configuring Extranets in SharePoint 2010

766 views

Published on

From SPTechCon Boston 2012

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
766
On SlideShare
0
From Embeds
0
Number of Embeds
59
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Planning and Configuring Extranets in SharePoint 2010

  1. 1. Planning and ConfiguringExtranets in SharePoint 2010
  2. 2.  Geoff Varosky  Jornata  Architect, Director of Evangelism  Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Blog – www.SharePointYankee.com  Email – gvarosky@jornata.com  Twitter – @gvaro  LinkedIn & Facebook  Visit Jornata Booth #601
  3. 3.  Thinking  What is an Extranet?  Design  Topology  Authentication Mechanism  User Identity Storage Location  Evaluating Your Requirements  SharePoint 2010 Considerations Doing  Configuration  User and Role Management
  4. 4. Controlled access from external networks
  5. 5. Controlled access from EXTeRnAl NETworks
  6. 6.  Topology Authentication Methods User Identity Storage Location
  7. 7. Corporate network a/k/a where you accessInternets Perimeter network Facebook from every morningExternal Firewall/UAG Server Farm Users
  8. 8. Internets Perimeter network Corporate network Firewall Router A Router B Firewall /UAG /UAG LAYER 1 LAYER 2 LAYER 3 Web Servers APP & SQL DNS, Active Directory, Servers LOB Systems
  9. 9. Internets Perimeter network Corporate networkExternal Firewall Firewall Users /UAG /UAG CONSUMING SERVICES FARM FARM
  10. 10. Corporate network Internets Perimeter network YAY! FACEBOOKS! LOLS!External Firewall Firewall Users /UAG /UAG Web Servers, SQL Servers, Application Application Servers, Servers, DNS, Active DNS, Active Directory Directory
  11. 11.  Windows  NTLM  Kerberos  Basic Forms Based Authentication (FBA)*  *Claims needs to be enabled for FBA Claims Based Authentication  SAML tokens
  12. 12.  Active Directory LDAP SQL Server Other  Facebooks  Twitters
  13. 13.  What do you really need?  Who needs access?  How sensitive is the data?  How sensitive is the network?  Budget?**
  14. 14.  Who needs access?  Internal employees only  Active Directory  Internal employees and external users  Active Directory  Additional domain with restricted access  Active Directory & Forms Based Authentication  Claims Authentication  External only (rare)  Clients, partners, consultants  Active Directory or LDAP or SQL?  Forms Based Authentication or Windows auth?  Separate or together?  Hosting  Mobile Clients
  15. 15.  How sensitive is the data & internal network?  Network & SharePoint  Separate site?  Separate site collection?  Separate web application?  Multiple farms with cross-farm services & publishing?  Separate farm?  DMZ?
  16. 16.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  17. 17.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  18. 18.  Budget**
  19. 19.  REMEMBER THIS… You are giving a key to access your company’s data in some form or another.
  20. 20.  Supported versions  All – Foundation up through Enterprise  Office 365  Can be used as an extranet (since that is basically what it is!)
  21. 21.  Assumptions  Any Topology  Multi-Mode (Windows & FBA Authentication)  SQL User Database1. Create ASP.NET Membership Database2. Configure SharePoint3. Configure IIS4. Create and Manage Users
  22. 22.  IIS  Using your SharePoint Site = BAD  Must first change default role manager, and then membership provider each time from claims to your SQL providers  No one can log into SharePoint during this time  And then change them back when done  Each change recycles the application pool.  Create a separate IIS Virtual Web Application and Manage from there BCS  Great way to search for and manage users (passwords, email, etc.)  No way to create users without additional logic
  23. 23.  CodePlex (www.codeplex.com)  SharePoint 2010 FBA Pack  http://sharepoint2010fba.codeplex.com Third Party Solutions
  24. 24.  Test your configuration Review security regularly Be wary of cats
  25. 25.  My Blog Series  Part 1 : http://go.gvaro.net/ExtranetsP1  Part 2 : http://go.gvaro.net/ExtranetsP2  Part 3 : http://go.gvaro.net/ExtranetsP3 Phone Factor – Phone Verification  http://www.phonefactor.com Plan Security Hardening (TechNet)  http://go.gvaro.net/uSyY1Z SharePoint 2007 & 2010 Farm Ports (Firewall Config)  http://go.gvaro.net/uWQZzU Disabling SSL v2.0, PCT 1.0 +more in IIS7  http://go.gvaro.net/N5GgEa
  26. 26.  SharePoint Ports, Proxies, and Protocols (Firewall Config)  http://go.gvaro.net/tblxCn Harden SQL Server for SharePoint  http://go.gvaro.net/viVQuN Visual FBA configuration by Donal Conlon  http://go.gvaro.net/oPnAYx Extranet tested topologies for SP 2010 Model  http://go.gvaro.net/SP2010ExtTopMod ASP.NET 2.0 Membership Database Reference  Create, Add Users, etc. http://go.gvaro.net/AN2Mbr
  27. 27.  FBA Configuration in SharePoint 2010  LDAP: http://go.gvaro.net/FBALDAP ASP.NET Membership DB  http://go.gvaro.net/FBAANMDB PeoplePicker Wildcard Search  http://go.gvaro.net/FBAWildCard Helpful Resources for Troubleshooting Membership Providers  http://go.gvaro.net/TSMemProv “Sign me in automatically” in FBA  http://go.gvaro.net/pAkDQP Configuring SSL in a Development Environment  http://go.gvaro.net/uOTTlJ
  28. 28.  Meets 2nd Wednesday/month 6-8PM Microsoft N.E.R.D. (Cambridge) BostonSharePointUG.org Twitter: @BASPUG / #BASPUG MEETING TONIGHT HERE! 7P-9P  Staffordshire room  Ask the experts panel!
  29. 29.  Geoff Varosky  Jornata  Architect, Director of Evangelism  Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Blog – www.SharePointYankee.com  Email – gvarosky@jornata.com  Twitter – @gvaro  LinkedIn & Facebook  Visit Jornata Booth #601

×