SlideShare a Scribd company logo

Deploying an Extranet on SharePoint

Download as PPTX, PDF
Alan Marshall
Alan Marshall

Planning on deploying an Extranet on SharePoint? Before you open up your internal site for the your partners, consider the security, confidentiality, authentication and licencing implications

Technology
1 of 20
Deploying a SharePoint Extranet By Alan Marshall Twitter: pomealan Linkedin:http://nz.linkedin.com/pub/alan- marshall/3/980/267 Acknowledgements: Chandan Banerjee and Wayne Ewington (Microsoft)
Session Agenda — Extranet Definition — Implementation Scenarios — Design Considerations and Challenges — Deployment topologies — Which SharePoint version and licenses — Hints and Tips — Wrap up
What is an Extranet ex-tra-net [ek-struh-net] — Noun An intranet that is partially accessile to authorized persons outside of a company or organisation. A network (as of a company) similar to an intranet that also allows access by certain others (such as customer or suppliers)
Implementation Scenarios Share secure Collaborate with Personalised Remote Access information Partners Customer Portal •Employees •Provide reports •Design a •View loyalty working to suppliers solution card remotely •Display order •Request transactions •Teleworkers tracking support •Reward •Student Portal schemes •Specialised content
Design Considerations and Challenges — Authentication — Single Sign-on — Managing accounts — Security — Sensitivity of data — Protect against resources being compromised — SharePoint Platform — How much do you trust external users — Platform deployment requirements — Features required — Which version of SharePoint? Foundation, Server, Enterprise — Integration — License Costs — Network infrastructure
Implementation Options — Option 1 – Provide access to internal SharePoint Server — Remote Employees — Partners — Option 2 – Publish content to an external environment (read only) — Share secure information — Remote Employees — Partners — Option 3 – Provide an Extranet Farm dual authenticated — Share secure information — Partners — Customer Portal — Option 4 – Host in the cloud — Partners — Customer Portal
Option 1 – Perimeter Proxy Internet DMZ Internal Network • Threat Management Gateway (TMG) – acts as a reverse proxy SharePoint Farm translating external encrypted traffic to internal SharePoint server. HTTPS HTTPS HTTP • Firewall ports required for 443 Perimeter externally and 80 internal LAN Remote Employees Firewall TMG Server LAN Firewall firewall. • Authentication occurs on Authentication SharePoint Web Front ends with internal AD Unknown User Device • Virus Scanner • Private Browsing Unauthenticated traffic
What’s TMG — Threat Management Gateway — Formally ISA Server — Forefront TMG server features — URL filtering — antimalware inspection — intrusion prevention — application- and network-layer firewall — HTTP/HTTPS inspection in a single solution — Reverse Proxy HTTP – HTTPS — Authentication – including 2 phase
Option 1a – Perimeter Proxy with RODC Internet DMZ Internal Network • TMG – performs authentication and acts as a reverse proxy translating TMG Server SharePoint Farm external encrypted traffic to internal SharePoint server. HTTPS HTTPS HTTP • Firewall ports required for 443 Perimeter externally and 80 internal LAN Remote Employees Firewall LAN Firewall firewall, plus ports for IPSec Authentication • Authentication occurs on the TMG Server with the Read Only Domain Secure Controller (RODC). Account Replication RODC Active Server Directory Unknown User Device • Virus Scanner Accounts replicated to DMZ • Private Browsing • Subset of attributes • Admin accounts excluded • No updates permitted • Windows 2008 feature
What’s an RODC — Read Only Domain Controller — Windows Server 2008 — Removes the need for a trust between domains — Limit replication accounts and attributes
Option 1b – Perimeter Proxy with RODC and UAG Internet DMZ Internal Network • Unified Access Gateway (UAG) replaces TMG – performs UAG Server SharePoint Farm authentication, user privilege throttling, acts as a reverse proxy HTTPS HTTPS HTTP translating external encrypted Perimeter traffic to internal SharePoint server. Remote Employees Firewall LAN Firewall • Firewall ports required for 443 Authentication externally and 80 internal LAN firewall, plus ports for IPSec Secure • Authentication occurs on the UAG Account Server with the Read Only Domain Replication Controller (RODC) RODC Server Accounts replicated to DMZ • Subset of attributes • Admin accounts excluded • No updates permitted
UAG — Unified Access Gateway — Spin-off of ISA Server — Remote Access to SharePoint and/or Exchange. — granular application filtering capabilities — deep endpoint health detection — wizard driven configuration — Comprehensive Remote Access (SSL VPN) — DirectAccess
Option 2 – Publish content Internet DMZ Internal Network • Threat Management Gateway (TMG) – Authentication, Reverse SharePoint Farm Proxy. HTTPS HTTPS Content Deployment • Firewall ports required for central admin port outbound and External Perimeter Firewall TMG HTTPS LAN Firewall externally 443. People Server • All or part of intranet is content Authentication deployed to the DMZ server SharePoint Server(s) IntegrationActive options SQL Server • Limited integration with back- Directory DMZ AD end systems New SharePoint Farm • Same version as internal • Separate domain and SQL Separate domain • No single sign on for internal users
Option 3 - Extranet Farm dual authenticated Internet DMZ Internal Network Internal • Unified Access Gateway (UAG) – UAG Server Users Authentication. Note TMG does not LAN Firewall support Forms hand off. HTTPS HTTPS HTTP • Firewall ports required for IPSec AD replication External Perimeter Firewall • All content accessed by internal People and external users is hosted in Authenticate LDAP External SQL Server DMZ Users Internal Users • Data layer (SQL) is separated into Separate SharePoint Authenticate Replicate farm another network layer SharePoint • No content sharing Shared SQL Environment Accounts Active (use Server(s) Extranet AD or LDS workflow or third party)Authentication for Server Directory SQL • Consideration to IAnot supported for DMZ AD useability SharePoint 2010 configured CLAIMS authentication
Option 3a - Extranet Farm dual authenticated with ADFS Internet Corp A DMZ Internal Network Internal UAG Server Users • Unified Access Gateway (UAG) – All LAN Firewall access and authentication. HTTPS HTTPS HTTPS • Firewall ports required for IPSec AD replication and ADFS port 443 External Perimeter Firewall • All content accessed by internal People and external users is hosted in All user SQL Server DMZ Authentication SharePoint • Data layer (SQL) is separated into Service Accounts another network layer Replicate Accounts • ADFS server hands off SharePoint ADFS 2.0 Server(s) Active authentication to internal AD or ADFS 2.0 Directory Server Proxy Server partner AD DMZ AD ADFS 2.0 Server Authentication hand off
Option 4 – use the cloud — All content Internet Internal Network stored in SharePoint cloud service HTTPS Remote Perimeter Internal — Internal users Employees Firewall Users authenticated against replicated AD Secure Account Replication Internal AD — External users use Windows Live ID Content Sharing - Use workflow or third party tool - Content deployment not supported
Which SharePoint version Applicable to Deployment Licences option SharePoint Collaboration Option 3 - 4 Windows Foundation (or Solutions External Search server Connector SQL express) CPU SharePoint Portals with WCM, Option 3 – 4 SharePoint Std Server 2010 Profiles, Option 1 for read CAL Std Intranet publishing only SQL CPU or CAL SharePoint Same as Std+ Option 3 SharePoint Server 2010 form services, BI Std+Ent CAL Ent and FAST SQL CPU or CAL SharePoint Anonymous or Option 3 - 4 SharePoint FIS Server 2010 unknown user base SQL CPU FIS
Component Parts — DMZ — Unified Access Gateway — Threat Management Gateway — SharePoint Foundation — SharePoint Server — Standard — Enterprise — Active Directory — Active Directory Lightweight Directory Services — Active Directory Federated Services — SQL Server — IPSec
Hints and Tips — When using an RODC with SharePoint member server direct access to RWDC required to: — Try to find a user who is not currently existing in a SharePoint site using people picker — Create a new farm by creating a new configuration database. — Running the PSconfig wizard to maintain/upgrade SharePoint — Create Site collections — AD Attribute filtering not per RODC so affects all network including branches that have an RODC — Profile service does not support LDAP import. See option 3
Wrap up — Decide what functionality you require — Pick appropriate version of SharePoint — Understand the limitations — Design deployment of appropriate option — Consider Test environments in same configuration as security of components usually issue

Recommended

Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz Kjell-Sverre Jerijærvi
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options Microsoft TechNet - Belgium and Luxembourg
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 

Recommended

Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz SharePoint 2010 anywhere access uag vs dmz
SharePoint 2010 anywhere access uag vs dmz Kjell-Sverre Jerijærvi
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options Microsoft TechNet - Belgium and Luxembourg
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
Adfs azure
Adfs azureAdfs azure
Adfs azureJethro Seghers
 
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...Nik Patel
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Microsoft TechNet - Belgium and Luxembourg
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010Spencer Harbar
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldMichele Leroux Bustamante
 
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013K.Mohamed Faizal
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Design a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basicsDesign a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basicsAlexander Meijers
 
A Real World Guide to Building Highly Available Fault Tolerant SharePoint Farms
A Real World Guide to Building Highly Available Fault Tolerant SharePoint FarmsA Real World Guide to Building Highly Available Fault Tolerant SharePoint Farms
A Real World Guide to Building Highly Available Fault Tolerant SharePoint FarmsEric Shupps
 
SharePoint Topology
SharePoint Topology SharePoint Topology
SharePoint Topology Information Technology
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateCraig Wu
 
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...Nik Patel
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
It112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 MythbustersIt112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 MythbustersSpencer Harbar
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Office 365 identity
Office 365 identityOffice 365 identity
Office 365 identityMotty Ben Atia
 
Designing for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted AppsDesigning for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted AppsRoy Kim
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Intranet and extranet best practices
Intranet and extranet best practicesIntranet and extranet best practices
Intranet and extranet best practicesSEGIC
 
SharePoint: Internet, Intranet, Extranet - Bringing Organizations Together
SharePoint: Internet, Intranet, Extranet - Bringing Organizations TogetherSharePoint: Internet, Intranet, Extranet - Bringing Organizations Together
SharePoint: Internet, Intranet, Extranet - Bringing Organizations TogetherPerficient, Inc.
 

More Related Content

What's hot

Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...Nik Patel
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010Spencer Harbar
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldMichele Leroux Bustamante
 
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013K.Mohamed Faizal
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Design a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basicsDesign a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basicsAlexander Meijers
 
A Real World Guide to Building Highly Available Fault Tolerant SharePoint Farms
A Real World Guide to Building Highly Available Fault Tolerant SharePoint FarmsA Real World Guide to Building Highly Available Fault Tolerant SharePoint Farms
A Real World Guide to Building Highly Available Fault Tolerant SharePoint FarmsEric Shupps
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateCraig Wu
 
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...Nik Patel
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsAvtex
 
It112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 MythbustersIt112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 MythbustersSpencer Harbar
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
Designing for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted AppsDesigning for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted AppsRoy Kim
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 

What's hot (20)

Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365
 
Adfs azure
Adfs azureAdfs azure
Adfs azure
 
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid De...
 
Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More Troubleshooting Federation, ADFS, and More
Troubleshooting Federation, ADFS, and More
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric World
 
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
Deep Dive into SharePoint Topologies and Server Architecture for SharePoint 2013
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
 
Design a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basicsDesign a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basics
 
A Real World Guide to Building Highly Available Fault Tolerant SharePoint Farms
A Real World Guide to Building Highly Available Fault Tolerant SharePoint FarmsA Real World Guide to Building Highly Available Fault Tolerant SharePoint Farms
A Real World Guide to Building Highly Available Fault Tolerant SharePoint Farms
 
SharePoint Topology
SharePoint Topology SharePoint Topology
SharePoint Topology
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederate
 
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
 
Leveraging SharePoint for Extranets
Leveraging SharePoint for ExtranetsLeveraging SharePoint for Extranets
Leveraging SharePoint for Extranets
 
It112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 MythbustersIt112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 Mythbusters
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Office 365 identity
Office 365 identityOffice 365 identity
Office 365 identity
 
Designing for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted AppsDesigning for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted Apps
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
 

Viewers also liked

Intranet and extranet best practices
Intranet and extranet best practicesIntranet and extranet best practices
Intranet and extranet best practicesSEGIC
 
SharePoint: Internet, Intranet, Extranet - Bringing Organizations Together
SharePoint: Internet, Intranet, Extranet - Bringing Organizations TogetherSharePoint: Internet, Intranet, Extranet - Bringing Organizations Together
SharePoint: Internet, Intranet, Extranet - Bringing Organizations TogetherPerficient, Inc.
 
SharePoint 2013 Document Management Features
SharePoint 2013 Document Management FeaturesSharePoint 2013 Document Management Features
SharePoint 2013 Document Management FeaturesThuan Ng
 
Document Management in SharePoint without folders - Introduction to Metadata
Document Management in SharePoint without folders - Introduction to MetadataDocument Management in SharePoint without folders - Introduction to Metadata
Document Management in SharePoint without folders - Introduction to MetadataGregory Zelfond
 
10 Best Productivity Features in SharePoint 2013
10 Best Productivity Features in SharePoint 201310 Best Productivity Features in SharePoint 2013
10 Best Productivity Features in SharePoint 2013Christian Buckley
 

Viewers also liked (6)

Intranet and extranet best practices
Intranet and extranet best practicesIntranet and extranet best practices
Intranet and extranet best practices
 
SharePoint: Internet, Intranet, Extranet - Bringing Organizations Together
SharePoint: Internet, Intranet, Extranet - Bringing Organizations TogetherSharePoint: Internet, Intranet, Extranet - Bringing Organizations Together
SharePoint: Internet, Intranet, Extranet - Bringing Organizations Together
 
Lunch 'n Learn - Word: templates & styles
Lunch 'n Learn - Word: templates & stylesLunch 'n Learn - Word: templates & styles
Lunch 'n Learn - Word: templates & styles
 
SharePoint 2013 Document Management Features
SharePoint 2013 Document Management FeaturesSharePoint 2013 Document Management Features
SharePoint 2013 Document Management Features
 
Document Management in SharePoint without folders - Introduction to Metadata
Document Management in SharePoint without folders - Introduction to MetadataDocument Management in SharePoint without folders - Introduction to Metadata
Document Management in SharePoint without folders - Introduction to Metadata
 
10 Best Productivity Features in SharePoint 2013
10 Best Productivity Features in SharePoint 201310 Best Productivity Features in SharePoint 2013
10 Best Productivity Features in SharePoint 2013
 

Similar to Deploying an Extranet on SharePoint

Clavister security for virtualized environment
Clavister security for virtualized environmentClavister security for virtualized environment
Clavister security for virtualized environmentnicolasotira
 
Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...Khazret Sapenov
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentationsaddepalli
 
50357 a enu-module02
50357 a enu-module0250357 a enu-module02
50357 a enu-module02Bố Su
 
Discovering Vulnerabilities For Fun and Profit
Discovering Vulnerabilities For Fun and ProfitDiscovering Vulnerabilities For Fun and Profit
Discovering Vulnerabilities For Fun and ProfitAbhisek Datta
 
DSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGADSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGAAndris Soroka
 
50357 a enu-module01
50357 a enu-module0150357 a enu-module01
50357 a enu-module01Bố Su
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorNewvewm
 
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...scarisbrick
 

Similar to Deploying an Extranet on SharePoint (20)

Clavister security for virtualized environment
Clavister security for virtualized environmentClavister security for virtualized environment
Clavister security for virtualized environment
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
1. introduzione a TMG
1. introduzione a TMG1. introduzione a TMG
1. introduzione a TMG
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
 
EAI example
EAI exampleEAI example
EAI example
 
Kerberos
KerberosKerberos
Kerberos
 
Intranet & Extranet
Intranet & ExtranetIntranet & Extranet
Intranet & Extranet
 
Intranets and Extranets
Intranets and Extranets Intranets and Extranets
Intranets and Extranets
 
Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentation
 
50357 a enu-module02
50357 a enu-module0250357 a enu-module02
50357 a enu-module02
 
Tokenization Webinar featuring Securosis - Intel
Tokenization Webinar featuring Securosis - IntelTokenization Webinar featuring Securosis - Intel
Tokenization Webinar featuring Securosis - Intel
 
Discovering Vulnerabilities For Fun and Profit
Discovering Vulnerabilities For Fun and ProfitDiscovering Vulnerabilities For Fun and Profit
Discovering Vulnerabilities For Fun and Profit
 
DSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGADSS ITSEC 2012 ForeScout Technical RIGA
DSS ITSEC 2012 ForeScout Technical RIGA
 
50357 a enu-module01
50357 a enu-module0150357 a enu-module01
50357 a enu-module01
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
 
G3sixty Overview
G3sixty OverviewG3sixty Overview
G3sixty Overview
 
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
 
Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012 Configuring and Implementing DirectAccess with Windows Server 2012
Configuring and Implementing DirectAccess with Windows Server 2012
 
Design review
Design reviewDesign review
Design review
 

Recently uploaded

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Deploying an Extranet on SharePoint

  • 1. Deploying a SharePoint Extranet By Alan Marshall Twitter: pomealan Linkedin:http://nz.linkedin.com/pub/alan- marshall/3/980/267 Acknowledgements: Chandan Banerjee and Wayne Ewington (Microsoft)
  • 2. Session Agenda — Extranet Definition — Implementation Scenarios — Design Considerations and Challenges — Deployment topologies — Which SharePoint version and licenses — Hints and Tips — Wrap up
  • 3. What is an Extranet ex-tra-net [ek-struh-net] — Noun An intranet that is partially accessile to authorized persons outside of a company or organisation. A network (as of a company) similar to an intranet that also allows access by certain others (such as customer or suppliers)
  • 4. Implementation Scenarios Share secure Collaborate with Personalised Remote Access information Partners Customer Portal •Employees •Provide reports •Design a •View loyalty working to suppliers solution card remotely •Display order •Request transactions •Teleworkers tracking support •Reward •Student Portal schemes •Specialised content
  • 5. Design Considerations and Challenges — Authentication — Single Sign-on — Managing accounts — Security — Sensitivity of data — Protect against resources being compromised — SharePoint Platform — How much do you trust external users — Platform deployment requirements — Features required — Which version of SharePoint? Foundation, Server, Enterprise — Integration — License Costs — Network infrastructure
  • 6. Implementation Options — Option 1 – Provide access to internal SharePoint Server — Remote Employees — Partners — Option 2 – Publish content to an external environment (read only) — Share secure information — Remote Employees — Partners — Option 3 – Provide an Extranet Farm dual authenticated — Share secure information — Partners — Customer Portal — Option 4 – Host in the cloud — Partners — Customer Portal
  • 7. Option 1 – Perimeter Proxy Internet DMZ Internal Network • Threat Management Gateway (TMG) – acts as a reverse proxy SharePoint Farm translating external encrypted traffic to internal SharePoint server. HTTPS HTTPS HTTP • Firewall ports required for 443 Perimeter externally and 80 internal LAN Remote Employees Firewall TMG Server LAN Firewall firewall. • Authentication occurs on Authentication SharePoint Web Front ends with internal AD Unknown User Device • Virus Scanner • Private Browsing Unauthenticated traffic
  • 8. What’s TMG — Threat Management Gateway — Formally ISA Server — Forefront TMG server features — URL filtering — antimalware inspection — intrusion prevention — application- and network-layer firewall — HTTP/HTTPS inspection in a single solution — Reverse Proxy HTTP – HTTPS — Authentication – including 2 phase
  • 9. Option 1a – Perimeter Proxy with RODC Internet DMZ Internal Network • TMG – performs authentication and acts as a reverse proxy translating TMG Server SharePoint Farm external encrypted traffic to internal SharePoint server. HTTPS HTTPS HTTP • Firewall ports required for 443 Perimeter externally and 80 internal LAN Remote Employees Firewall LAN Firewall firewall, plus ports for IPSec Authentication • Authentication occurs on the TMG Server with the Read Only Domain Secure Controller (RODC). Account Replication RODC Active Server Directory Unknown User Device • Virus Scanner Accounts replicated to DMZ • Private Browsing • Subset of attributes • Admin accounts excluded • No updates permitted • Windows 2008 feature
  • 10. What’s an RODC — Read Only Domain Controller — Windows Server 2008 — Removes the need for a trust between domains — Limit replication accounts and attributes
  • 11. Option 1b – Perimeter Proxy with RODC and UAG Internet DMZ Internal Network • Unified Access Gateway (UAG) replaces TMG – performs UAG Server SharePoint Farm authentication, user privilege throttling, acts as a reverse proxy HTTPS HTTPS HTTP translating external encrypted Perimeter traffic to internal SharePoint server. Remote Employees Firewall LAN Firewall • Firewall ports required for 443 Authentication externally and 80 internal LAN firewall, plus ports for IPSec Secure • Authentication occurs on the UAG Account Server with the Read Only Domain Replication Controller (RODC) RODC Server Accounts replicated to DMZ • Subset of attributes • Admin accounts excluded • No updates permitted
  • 12. UAG — Unified Access Gateway — Spin-off of ISA Server — Remote Access to SharePoint and/or Exchange. — granular application filtering capabilities — deep endpoint health detection — wizard driven configuration — Comprehensive Remote Access (SSL VPN) — DirectAccess
  • 13. Option 2 – Publish content Internet DMZ Internal Network • Threat Management Gateway (TMG) – Authentication, Reverse SharePoint Farm Proxy. HTTPS HTTPS Content Deployment • Firewall ports required for central admin port outbound and External Perimeter Firewall TMG HTTPS LAN Firewall externally 443. People Server • All or part of intranet is content Authentication deployed to the DMZ server SharePoint Server(s) IntegrationActive options SQL Server • Limited integration with back- Directory DMZ AD end systems New SharePoint Farm • Same version as internal • Separate domain and SQL Separate domain • No single sign on for internal users
  • 14. Option 3 - Extranet Farm dual authenticated Internet DMZ Internal Network Internal • Unified Access Gateway (UAG) – UAG Server Users Authentication. Note TMG does not LAN Firewall support Forms hand off. HTTPS HTTPS HTTP • Firewall ports required for IPSec AD replication External Perimeter Firewall • All content accessed by internal People and external users is hosted in Authenticate LDAP External SQL Server DMZ Users Internal Users • Data layer (SQL) is separated into Separate SharePoint Authenticate Replicate farm another network layer SharePoint • No content sharing Shared SQL Environment Accounts Active (use Server(s) Extranet AD or LDS workflow or third party)Authentication for Server Directory SQL • Consideration to IAnot supported for DMZ AD useability SharePoint 2010 configured CLAIMS authentication
  • 15. Option 3a - Extranet Farm dual authenticated with ADFS Internet Corp A DMZ Internal Network Internal UAG Server Users • Unified Access Gateway (UAG) – All LAN Firewall access and authentication. HTTPS HTTPS HTTPS • Firewall ports required for IPSec AD replication and ADFS port 443 External Perimeter Firewall • All content accessed by internal People and external users is hosted in All user SQL Server DMZ Authentication SharePoint • Data layer (SQL) is separated into Service Accounts another network layer Replicate Accounts • ADFS server hands off SharePoint ADFS 2.0 Server(s) Active authentication to internal AD or ADFS 2.0 Directory Server Proxy Server partner AD DMZ AD ADFS 2.0 Server Authentication hand off
  • 16. Option 4 – use the cloud — All content Internet Internal Network stored in SharePoint cloud service HTTPS Remote Perimeter Internal — Internal users Employees Firewall Users authenticated against replicated AD Secure Account Replication Internal AD — External users use Windows Live ID Content Sharing - Use workflow or third party tool - Content deployment not supported
  • 17. Which SharePoint version Applicable to Deployment Licences option SharePoint Collaboration Option 3 - 4 Windows Foundation (or Solutions External Search server Connector SQL express) CPU SharePoint Portals with WCM, Option 3 – 4 SharePoint Std Server 2010 Profiles, Option 1 for read CAL Std Intranet publishing only SQL CPU or CAL SharePoint Same as Std+ Option 3 SharePoint Server 2010 form services, BI Std+Ent CAL Ent and FAST SQL CPU or CAL SharePoint Anonymous or Option 3 - 4 SharePoint FIS Server 2010 unknown user base SQL CPU FIS
  • 18. Component Parts — DMZ — Unified Access Gateway — Threat Management Gateway — SharePoint Foundation — SharePoint Server — Standard — Enterprise — Active Directory — Active Directory Lightweight Directory Services — Active Directory Federated Services — SQL Server — IPSec
  • 19. Hints and Tips — When using an RODC with SharePoint member server direct access to RWDC required to: — Try to find a user who is not currently existing in a SharePoint site using people picker — Create a new farm by creating a new configuration database. — Running the PSconfig wizard to maintain/upgrade SharePoint — Create Site collections — AD Attribute filtering not per RODC so affects all network including branches that have an RODC — Profile service does not support LDAP import. See option 3
  • 20. Wrap up — Decide what functionality you require — Pick appropriate version of SharePoint — Understand the limitations — Design deployment of appropriate option — Consider Test environments in same configuration as security of components usually issue