SlideShare a Scribd company logo
Planning and Configuring
Extranets in SharePoint 2010
 Geoff Varosky
   Jornata
    Managing Consultant, Senior Architect, Senior Developer, Director of
     Evangelism
    President & Co-Founder Boston Area SharePoint Users Group
    Co-Organizer SharePoint Saturday Boston
  Recent Awards
    Top 25 2012 Harmon.ie Online Community Influencer
    Top 50 2012 KnowledgeLake Community Influencer
  Blog – www.SharePointYankee.com
  Email – geoff@varosky.com
  Twitter – @gvaro
 Thinking
   What is an Extranet?
   Design
    Topology
    Authentication Mechanism
    User Identity Storage Location
   Evaluating Your Requirements
   SharePoint 2010 Considerations
 Doing
   Configuration
   User and Role Management
Controlled access from
  external networks
Controlled access from
 EXTeRnAl NETworks
 Topology
 Authentication Methods
 User Identity Storage Location
Corporate network
                                     a/k/a where you access
Internets   Perimeter network         Facebook from every
                                            morning




External        Firewall/UAG    Server Farm
 Users
Internets                       Perimeter network                                        Corporate network




            Firewall                 Router A               Router B             Firewall
             /UAG                                                                 /UAG




                        LAYER 1                  LAYER 2              LAYER 3
                       Web Servers              APP & SQL       DNS, Active Directory,
                                                  Servers          LOB Systems
Internets              Perimeter network          Corporate network




External      Firewall                       Firewall
 Users         /UAG                           /UAG




                            CONSUMING                   SERVICES FARM
                              FARM
Corporate network
  Internets              Perimeter network
                                                        YAY! FACEBOOKS! LOLS!



External      Firewall                       Firewall
 Users         /UAG                           /UAG




                             Web Servers,                 SQL Servers,
                             Application                  Application
                              Servers,                      Servers,
                             DNS, Active                  DNS, Active
                              Directory                    Directory
 Windows
   NTLM
   Kerberos
   Basic
 Forms Based Authentication (FBA)*
   *Claims needs to be enabled for FBA
 Claims Based Authentication
   SAML tokens
   Active Directory
   LDAP
   SQL Server
   Other
     Facebooks
     Twitters
 What do you really need?
    Who needs access?
    How sensitive is the data?
    How sensitive is the network?
    Budget?**
 Who needs access?
   Internal employees only
     Active Directory
   Internal employees and external users
     Active Directory
       Additional domain with restricted access
     Active Directory & Forms Based Authentication
       Claims Authentication
   External only (rare)
     Clients, partners, consultants
       Active Directory or LDAP or SQL?
       Forms Based Authentication or Windows auth?
       Separate or together?
   Hosting
   Mobile Clients
 How sensitive is the data & internal network?
   Network & SharePoint
     Separate site?
     Separate site collection?
     Separate web application?
     Multiple farms with cross-farm services & publishing?
     Separate farm?
     DMZ?
 How sensitive is the data & internal network?
   Security
    Secure Certificates (SSL)
    Encryption
    Firewall
      Both hardware and software?
      Content Filtering
      ACLs
    Virtual Private Network
    Anti-Virus and Anti-Malware
    Client-based certificates
    One-time passwords (RSA tokens)
    Phone verification
    Biometrics
      Retina, fingerprint, facial structure, hair and blood samples
 How sensitive is the data & internal network?
   Security
    Secure Certificates (SSL)
    Encryption
    Firewall
      Both hardware and software?
      Content Filtering
      ACLs
    Virtual Private Network
    Anti-Virus and Anti-Malware
    Client-based certificates
    One-time passwords (RSA tokens)
    Phone verification
    Biometrics
      Retina, fingerprint, facial structure, hair and blood samples
 Budget**
 REMEMBER THIS…


                   You are giving a key to
                   access your company’s
                    data in some form or
                           another.
 Supported versions
  All – Foundation up through Enterprise
  Office 365
    Can be used as an extranet (since that is basically what it is!)
 Assumptions
      Any Topology
      Multi-Mode (Windows & FBA Authentication)
      SQL User Database


1.    Create ASP.NET Membership Database
2.    Configure SharePoint
3.    Configure IIS
4.    Create and Manage Users
 IIS
   Using your SharePoint Site = BAD
     Must first change default role manager, and then membership provider each time from
      claims to your SQL providers
       No one can log into SharePoint during this time
     And then change them back when done
       Each change recycles the application pool.
   Create a separate IIS Virtual Web Application and Manage from there

 BCS
   Great way to search for and manage users (passwords, email, etc.)
   No way to create users without additional logic
 CodePlex (www.codeplex.com)
   SharePoint 2010 FBA Pack
     http://sharepoint2010fba.codeplex.com


 Third Party Solutions
 Test your configuration
 Review security regularly
 Be wary of cats
 My Blog Series
   Part 1 : http://go.gvaro.net/ExtranetsP1
   Part 2 : http://go.gvaro.net/ExtranetsP2
   Part 3 : http://go.gvaro.net/ExtranetsP3
 Phone Factor – Phone Verification
   http://www.phonefactor.com
 Plan Security Hardening (TechNet)
   http://go.gvaro.net/uSyY1Z
 SharePoint 2007 & 2010 Farm Ports (Firewall Config)
   http://go.gvaro.net/uWQZzU
 Disabling SSL v2.0, PCT 1.0 +more in IIS7
   http://go.gvaro.net/N5GgEa
 SharePoint Ports, Proxies, and Protocols (Firewall Config)
   http://go.gvaro.net/tblxCn
 Harden SQL Server for SharePoint
   http://go.gvaro.net/viVQuN
 Visual FBA configuration by Donal Conlon
   http://go.gvaro.net/oPnAYx
 Extranet tested topologies for SP 2010 Model
   http://go.gvaro.net/SP2010ExtTopMod
 ASP.NET 2.0 Membership Database Reference
   Create, Add Users, etc. http://go.gvaro.net/AN2Mbr
 FBA Configuration in SharePoint 2010
   LDAP: http://go.gvaro.net/FBALDAP
 ASP.NET Membership DB
   http://go.gvaro.net/FBAANMDB
 PeoplePicker Wildcard Search
   http://go.gvaro.net/FBAWildCard
 Helpful Resources for Troubleshooting Membership Providers
   http://go.gvaro.net/TSMemProv
 “Sign me in automatically” in FBA
   http://go.gvaro.net/pAkDQP
 Configuring SSL in a Development Environment
   http://go.gvaro.net/uOTTlJ
   Meets 2nd Wednesday/month
   6-8PM
   Microsoft N.E.R.D. (Cambridge)
   BostonSharePointUG.org
   Twitter: @BASPUG / #BASPUG
   SPTechCon Hosted Meeting in August!
 Geoff Varosky
   Jornata
    Managing Consultant, Senior Architect, Senior Developer, Director of
     Evangelism
    President & Co-Founder Boston Area SharePoint Users Group
    Co-Organizer SharePoint Saturday Boston
  Recent Awards
    Top 25 2012 Harmon.ie Online Community Influencer
    Top 50 2012 KnowledgeLake Community Influencer
  Blog – www.SharePointYankee.com
  Email – geoff@varosky.com
  Twitter – @gvaro
Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon

More Related Content

What's hot

Automation In Android & iOS Application Review
Automation In Android & iOS 	Application Review�Automation In Android & iOS 	Application Review�
Automation In Android & iOS Application Review
Blueinfy Solutions
 
Sybase - Afaria 6.6 fp1 more detail
Sybase - Afaria 6.6 fp1 more detailSybase - Afaria 6.6 fp1 more detail
Sybase - Afaria 6.6 fp1 more detail
SmartPhones Telecom AS
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric World
Michele Leroux Bustamante
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation Firewall
Mundo Contact
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
Rayan Darine
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld
 
Android secure coding
Android secure codingAndroid secure coding
Android secure coding
Blueinfy Solutions
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
Michele Leroux Bustamante
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure Solution
Michele Leroux Bustamante
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support   lior rotkovitchWeb Socket ASM support   lior rotkovitch
Web Socket ASM support lior rotkovitch
Lior Rotkovitch
 
50357 a enu-module02
50357 a enu-module0250357 a enu-module02
50357 a enu-module02
Bố Su
 
Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture
Ajeet Singh
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
CloudIDSummit
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And Hardening
CA API Management
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
F5 Networks
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
JoAnna Cheshire
 
Mcafee ips nsp-2011
Mcafee ips  nsp-2011Mcafee ips  nsp-2011
Mcafee ips nsp-2011
Luluk Kristiawan
 
50357 a enu-module01
50357 a enu-module0150357 a enu-module01
50357 a enu-module01
Bố Su
 

What's hot (20)

Automation In Android & iOS Application Review
Automation In Android & iOS 	Application Review�Automation In Android & iOS 	Application Review�
Automation In Android & iOS Application Review
 
Sybase - Afaria 6.6 fp1 more detail
Sybase - Afaria 6.6 fp1 more detailSybase - Afaria 6.6 fp1 more detail
Sybase - Afaria 6.6 fp1 more detail
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric World
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation Firewall
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
 
Android secure coding
Android secure codingAndroid secure coding
Android secure coding
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure Solution
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support   lior rotkovitchWeb Socket ASM support   lior rotkovitch
Web Socket ASM support lior rotkovitch
 
50357 a enu-module02
50357 a enu-module0250357 a enu-module02
50357 a enu-module02
 
Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture
 
CIS13: Identity at Scale
CIS13: Identity at ScaleCIS13: Identity at Scale
CIS13: Identity at Scale
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And Hardening
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
Mcafee ips nsp-2011
Mcafee ips  nsp-2011Mcafee ips  nsp-2011
Mcafee ips nsp-2011
 
50357 a enu-module01
50357 a enu-module0150357 a enu-module01
50357 a enu-module01
 

Viewers also liked

Turbo-Charge Collaboration by Automating Site Provisioning in SharePoint 2010...
Turbo-Charge Collaboration by Automating Site Provisioning in SharePoint 2010...Turbo-Charge Collaboration by Automating Site Provisioning in SharePoint 2010...
Turbo-Charge Collaboration by Automating Site Provisioning in SharePoint 2010...
SPTechCon
 
Law & Order: Content Governance Strategies by Chrisitan Buckley - SPTechCon
Law & Order: Content Governance Strategies by Chrisitan Buckley - SPTechConLaw & Order: Content Governance Strategies by Chrisitan Buckley - SPTechCon
Law & Order: Content Governance Strategies by Chrisitan Buckley - SPTechCon
SPTechCon
 
Why Is SharePoint Still So Hard? by Michal Pisarek - SPTechCon
Why Is SharePoint Still So Hard? by Michal Pisarek - SPTechConWhy Is SharePoint Still So Hard? by Michal Pisarek - SPTechCon
Why Is SharePoint Still So Hard? by Michal Pisarek - SPTechCon
SPTechCon
 
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
SPTechCon
 
Tutorial: Business-Critical SharePoint by Ben Curry - SPTechCon
Tutorial: Business-Critical SharePoint by Ben Curry - SPTechConTutorial: Business-Critical SharePoint by Ben Curry - SPTechCon
Tutorial: Business-Critical SharePoint by Ben Curry - SPTechCon
SPTechCon
 
Ten Best SharePoint Features You’ve Never Used by Christian Buckley - SPTechCon
Ten Best SharePoint Features You’ve Never Used by Christian Buckley - SPTechConTen Best SharePoint Features You’ve Never Used by Christian Buckley - SPTechCon
Ten Best SharePoint Features You’ve Never Used by Christian Buckley - SPTechCon
SPTechCon
 
I Have Excel, I Need PerformancePoint, and I’m Afraid of Analysis Services by...
I Have Excel, I Need PerformancePoint, and I’m Afraid of Analysis Services by...I Have Excel, I Need PerformancePoint, and I’m Afraid of Analysis Services by...
I Have Excel, I Need PerformancePoint, and I’m Afraid of Analysis Services by...
SPTechCon
 

Viewers also liked (7)

Turbo-Charge Collaboration by Automating Site Provisioning in SharePoint 2010...
Turbo-Charge Collaboration by Automating Site Provisioning in SharePoint 2010...Turbo-Charge Collaboration by Automating Site Provisioning in SharePoint 2010...
Turbo-Charge Collaboration by Automating Site Provisioning in SharePoint 2010...
 
Law & Order: Content Governance Strategies by Chrisitan Buckley - SPTechCon
Law & Order: Content Governance Strategies by Chrisitan Buckley - SPTechConLaw & Order: Content Governance Strategies by Chrisitan Buckley - SPTechCon
Law & Order: Content Governance Strategies by Chrisitan Buckley - SPTechCon
 
Why Is SharePoint Still So Hard? by Michal Pisarek - SPTechCon
Why Is SharePoint Still So Hard? by Michal Pisarek - SPTechConWhy Is SharePoint Still So Hard? by Michal Pisarek - SPTechCon
Why Is SharePoint Still So Hard? by Michal Pisarek - SPTechCon
 
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
 
Tutorial: Business-Critical SharePoint by Ben Curry - SPTechCon
Tutorial: Business-Critical SharePoint by Ben Curry - SPTechConTutorial: Business-Critical SharePoint by Ben Curry - SPTechCon
Tutorial: Business-Critical SharePoint by Ben Curry - SPTechCon
 
Ten Best SharePoint Features You’ve Never Used by Christian Buckley - SPTechCon
Ten Best SharePoint Features You’ve Never Used by Christian Buckley - SPTechConTen Best SharePoint Features You’ve Never Used by Christian Buckley - SPTechCon
Ten Best SharePoint Features You’ve Never Used by Christian Buckley - SPTechCon
 
I Have Excel, I Need PerformancePoint, and I’m Afraid of Analysis Services by...
I Have Excel, I Need PerformancePoint, and I’m Afraid of Analysis Services by...I Have Excel, I Need PerformancePoint, and I’m Afraid of Analysis Services by...
I Have Excel, I Need PerformancePoint, and I’m Afraid of Analysis Services by...
 

Similar to Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon

HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Michael Noel
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
 
SharePoint and Forefront United Access Gateway
SharePoint and Forefront United Access Gateway SharePoint and Forefront United Access Gateway
SharePoint and Forefront United Access Gateway
Planet Technologies
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
Advanced Technology Consulting (ATC)
 
Forefront UAG
Forefront UAGForefront UAG
Forefront UAG
James Tramel
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
 
Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010
Michael Noel
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
vfmindia
 
Design a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basicsDesign a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basics
Alexander Meijers
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)
Jorgen Thelin
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
Rundeck
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
Eurotech
 
Presentation network design and security for your v mware view deployment w...
Presentation   network design and security for your v mware view deployment w...Presentation   network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...
solarisyourep
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service Virtualization
Parasoft
 
IXIA Breaking Point
IXIA Breaking PointIXIA Breaking Point
IXIA Breaking Point
MUK Extreme
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge Multitenancy
PivotLogix
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
K.Mohamed Faizal
 
Barracuda Web Filter Ip 20100629
Barracuda Web Filter Ip 20100629Barracuda Web Filter Ip 20100629
Barracuda Web Filter Ip 20100629
Carolynrahn
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
John Lewis
 

Similar to Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon (20)

HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
SharePoint and Forefront United Access Gateway
SharePoint and Forefront United Access Gateway SharePoint and Forefront United Access Gateway
SharePoint and Forefront United Access Gateway
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
 
Forefront UAG
Forefront UAGForefront UAG
Forefront UAG
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010Planning Extranet Environments with SharePoint 2010
Planning Extranet Environments with SharePoint 2010
 
Vfm palo alto next generation firewall
Vfm palo alto next generation firewallVfm palo alto next generation firewall
Vfm palo alto next generation firewall
 
Design a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basicsDesign a share point 2013 architecture – the basics
Design a share point 2013 architecture – the basics
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
 
Presentation network design and security for your v mware view deployment w...
Presentation   network design and security for your v mware view deployment w...Presentation   network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service Virtualization
 
IXIA Breaking Point
IXIA Breaking PointIXIA Breaking Point
IXIA Breaking Point
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge Multitenancy
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
Barracuda Web Filter Ip 20100629
Barracuda Web Filter Ip 20100629Barracuda Web Filter Ip 20100629
Barracuda Web Filter Ip 20100629
 
Shibboleth Guided Tour Webinar
Shibboleth Guided Tour WebinarShibboleth Guided Tour Webinar
Shibboleth Guided Tour Webinar
 

More from SPTechCon

Deep Dive into the Content Query Web Part by Christina Wheeler - SPTechCon
Deep Dive into the Content Query Web Part by Christina Wheeler - SPTechConDeep Dive into the Content Query Web Part by Christina Wheeler - SPTechCon
Deep Dive into the Content Query Web Part by Christina Wheeler - SPTechCon
SPTechCon
 
NOW I Get It... What SharePoint Is, and Why My Business Needs It by Mark Rack...
NOW I Get It... What SharePoint Is, and Why My Business Needs It by Mark Rack...NOW I Get It... What SharePoint Is, and Why My Business Needs It by Mark Rack...
NOW I Get It... What SharePoint Is, and Why My Business Needs It by Mark Rack...
SPTechCon
 
“Managing Up” in Difficult Situations by Bill English - SPTechCon
“Managing Up” in Difficult Situations by Bill English - SPTechCon“Managing Up” in Difficult Situations by Bill English - SPTechCon
“Managing Up” in Difficult Situations by Bill English - SPTechCon
SPTechCon
 
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
SPTechCon
 
Part II: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTe...
Part II: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTe...Part II: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTe...
Part II: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTe...
SPTechCon
 
Microsoft Keynote by Richard Riley - SPTechCon
Microsoft Keynote by Richard Riley - SPTechConMicrosoft Keynote by Richard Riley - SPTechCon
Microsoft Keynote by Richard Riley - SPTechCon
SPTechCon
 
Looking Under the Hood: How Your Metadata Strategy Impacts Everything You Do ...
Looking Under the Hood: How Your Metadata Strategy Impacts Everything You Do ...Looking Under the Hood: How Your Metadata Strategy Impacts Everything You Do ...
Looking Under the Hood: How Your Metadata Strategy Impacts Everything You Do ...
SPTechCon
 
What IS SharePoint Development? by Mark Rackley - SPTechCon
 What IS SharePoint Development? by Mark Rackley - SPTechCon What IS SharePoint Development? by Mark Rackley - SPTechCon
What IS SharePoint Development? by Mark Rackley - SPTechCon
SPTechCon
 
The SharePoint and jQuery Guide by Mark Rackley - SPTechCon
The SharePoint and jQuery Guide by Mark Rackley - SPTechConThe SharePoint and jQuery Guide by Mark Rackley - SPTechCon
The SharePoint and jQuery Guide by Mark Rackley - SPTechCon
SPTechCon
 
Integrate External Data with the Business Connectivity Services by Tom Resing...
Integrate External Data with the Business Connectivity Services by Tom Resing...Integrate External Data with the Business Connectivity Services by Tom Resing...
Integrate External Data with the Business Connectivity Services by Tom Resing...
SPTechCon
 
Converting an E-mail Culture into a SharePoint Culture by Robert Bogue - SPTe...
Converting an E-mail Culture into a SharePoint Culture by Robert Bogue - SPTe...Converting an E-mail Culture into a SharePoint Culture by Robert Bogue - SPTe...
Converting an E-mail Culture into a SharePoint Culture by Robert Bogue - SPTe...
SPTechCon
 
Tutorial: Best Practices for Building a Records-Management Deployment in Shar...
Tutorial: Best Practices for Building a Records-Management Deployment in Shar...Tutorial: Best Practices for Building a Records-Management Deployment in Shar...
Tutorial: Best Practices for Building a Records-Management Deployment in Shar...
SPTechCon
 
Tutorial: Building Business Solutions: InfoPath & Workflows by Jennifer Mason...
Tutorial: Building Business Solutions: InfoPath & Workflows by Jennifer Mason...Tutorial: Building Business Solutions: InfoPath & Workflows by Jennifer Mason...
Tutorial: Building Business Solutions: InfoPath & Workflows by Jennifer Mason...
SPTechCon
 
Creating Simple Dashboards Using Out-of-the-Box Web Parts by Jennifer Mason- ...
Creating Simple Dashboards Using Out-of-the-Box Web Parts by Jennifer Mason- ...Creating Simple Dashboards Using Out-of-the-Box Web Parts by Jennifer Mason- ...
Creating Simple Dashboards Using Out-of-the-Box Web Parts by Jennifer Mason- ...
SPTechCon
 
Sponsored Session: Better Document Management Using SharePoint by Roland Simo...
Sponsored Session: Better Document Management Using SharePoint by Roland Simo...Sponsored Session: Better Document Management Using SharePoint by Roland Simo...
Sponsored Session: Better Document Management Using SharePoint by Roland Simo...
SPTechCon
 
Sponsored Session: The Missing Link: Content-Aware Integration to SharePoint ...
Sponsored Session: The Missing Link: Content-Aware Integration to SharePoint ...Sponsored Session: The Missing Link: Content-Aware Integration to SharePoint ...
Sponsored Session: The Missing Link: Content-Aware Integration to SharePoint ...
SPTechCon
 
Creating a Great User Experience in SharePoint by Marc Anderson - SPTechCon
Creating a Great User Experience in SharePoint by Marc Anderson - SPTechConCreating a Great User Experience in SharePoint by Marc Anderson - SPTechCon
Creating a Great User Experience in SharePoint by Marc Anderson - SPTechCon
SPTechCon
 
Sponsored Session: Driving the business case and user adoption for SharePoint...
Sponsored Session: Driving the business case and user adoption for SharePoint...Sponsored Session: Driving the business case and user adoption for SharePoint...
Sponsored Session: Driving the business case and user adoption for SharePoint...
SPTechCon
 
Tutorial: SharePoint 2013 Admin in the Hybrid World by Jason Himmelstein - SP...
Tutorial: SharePoint 2013 Admin in the Hybrid World by Jason Himmelstein - SP...Tutorial: SharePoint 2013 Admin in the Hybrid World by Jason Himmelstein - SP...
Tutorial: SharePoint 2013 Admin in the Hybrid World by Jason Himmelstein - SP...
SPTechCon
 
SharePoint Performance: Best Practices from the Field by Jason Himmelstein - ...
SharePoint Performance: Best Practices from the Field by Jason Himmelstein - ...SharePoint Performance: Best Practices from the Field by Jason Himmelstein - ...
SharePoint Performance: Best Practices from the Field by Jason Himmelstein - ...
SPTechCon
 

More from SPTechCon (20)

Deep Dive into the Content Query Web Part by Christina Wheeler - SPTechCon
Deep Dive into the Content Query Web Part by Christina Wheeler - SPTechConDeep Dive into the Content Query Web Part by Christina Wheeler - SPTechCon
Deep Dive into the Content Query Web Part by Christina Wheeler - SPTechCon
 
NOW I Get It... What SharePoint Is, and Why My Business Needs It by Mark Rack...
NOW I Get It... What SharePoint Is, and Why My Business Needs It by Mark Rack...NOW I Get It... What SharePoint Is, and Why My Business Needs It by Mark Rack...
NOW I Get It... What SharePoint Is, and Why My Business Needs It by Mark Rack...
 
“Managing Up” in Difficult Situations by Bill English - SPTechCon
“Managing Up” in Difficult Situations by Bill English - SPTechCon“Managing Up” in Difficult Situations by Bill English - SPTechCon
“Managing Up” in Difficult Situations by Bill English - SPTechCon
 
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
Part I: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTec...
 
Part II: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTe...
Part II: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTe...Part II: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTe...
Part II: SharePoint 2013 Administration by Todd Klindt and Shane Young - SPTe...
 
Microsoft Keynote by Richard Riley - SPTechCon
Microsoft Keynote by Richard Riley - SPTechConMicrosoft Keynote by Richard Riley - SPTechCon
Microsoft Keynote by Richard Riley - SPTechCon
 
Looking Under the Hood: How Your Metadata Strategy Impacts Everything You Do ...
Looking Under the Hood: How Your Metadata Strategy Impacts Everything You Do ...Looking Under the Hood: How Your Metadata Strategy Impacts Everything You Do ...
Looking Under the Hood: How Your Metadata Strategy Impacts Everything You Do ...
 
What IS SharePoint Development? by Mark Rackley - SPTechCon
 What IS SharePoint Development? by Mark Rackley - SPTechCon What IS SharePoint Development? by Mark Rackley - SPTechCon
What IS SharePoint Development? by Mark Rackley - SPTechCon
 
The SharePoint and jQuery Guide by Mark Rackley - SPTechCon
The SharePoint and jQuery Guide by Mark Rackley - SPTechConThe SharePoint and jQuery Guide by Mark Rackley - SPTechCon
The SharePoint and jQuery Guide by Mark Rackley - SPTechCon
 
Integrate External Data with the Business Connectivity Services by Tom Resing...
Integrate External Data with the Business Connectivity Services by Tom Resing...Integrate External Data with the Business Connectivity Services by Tom Resing...
Integrate External Data with the Business Connectivity Services by Tom Resing...
 
Converting an E-mail Culture into a SharePoint Culture by Robert Bogue - SPTe...
Converting an E-mail Culture into a SharePoint Culture by Robert Bogue - SPTe...Converting an E-mail Culture into a SharePoint Culture by Robert Bogue - SPTe...
Converting an E-mail Culture into a SharePoint Culture by Robert Bogue - SPTe...
 
Tutorial: Best Practices for Building a Records-Management Deployment in Shar...
Tutorial: Best Practices for Building a Records-Management Deployment in Shar...Tutorial: Best Practices for Building a Records-Management Deployment in Shar...
Tutorial: Best Practices for Building a Records-Management Deployment in Shar...
 
Tutorial: Building Business Solutions: InfoPath & Workflows by Jennifer Mason...
Tutorial: Building Business Solutions: InfoPath & Workflows by Jennifer Mason...Tutorial: Building Business Solutions: InfoPath & Workflows by Jennifer Mason...
Tutorial: Building Business Solutions: InfoPath & Workflows by Jennifer Mason...
 
Creating Simple Dashboards Using Out-of-the-Box Web Parts by Jennifer Mason- ...
Creating Simple Dashboards Using Out-of-the-Box Web Parts by Jennifer Mason- ...Creating Simple Dashboards Using Out-of-the-Box Web Parts by Jennifer Mason- ...
Creating Simple Dashboards Using Out-of-the-Box Web Parts by Jennifer Mason- ...
 
Sponsored Session: Better Document Management Using SharePoint by Roland Simo...
Sponsored Session: Better Document Management Using SharePoint by Roland Simo...Sponsored Session: Better Document Management Using SharePoint by Roland Simo...
Sponsored Session: Better Document Management Using SharePoint by Roland Simo...
 
Sponsored Session: The Missing Link: Content-Aware Integration to SharePoint ...
Sponsored Session: The Missing Link: Content-Aware Integration to SharePoint ...Sponsored Session: The Missing Link: Content-Aware Integration to SharePoint ...
Sponsored Session: The Missing Link: Content-Aware Integration to SharePoint ...
 
Creating a Great User Experience in SharePoint by Marc Anderson - SPTechCon
Creating a Great User Experience in SharePoint by Marc Anderson - SPTechConCreating a Great User Experience in SharePoint by Marc Anderson - SPTechCon
Creating a Great User Experience in SharePoint by Marc Anderson - SPTechCon
 
Sponsored Session: Driving the business case and user adoption for SharePoint...
Sponsored Session: Driving the business case and user adoption for SharePoint...Sponsored Session: Driving the business case and user adoption for SharePoint...
Sponsored Session: Driving the business case and user adoption for SharePoint...
 
Tutorial: SharePoint 2013 Admin in the Hybrid World by Jason Himmelstein - SP...
Tutorial: SharePoint 2013 Admin in the Hybrid World by Jason Himmelstein - SP...Tutorial: SharePoint 2013 Admin in the Hybrid World by Jason Himmelstein - SP...
Tutorial: SharePoint 2013 Admin in the Hybrid World by Jason Himmelstein - SP...
 
SharePoint Performance: Best Practices from the Field by Jason Himmelstein - ...
SharePoint Performance: Best Practices from the Field by Jason Himmelstein - ...SharePoint Performance: Best Practices from the Field by Jason Himmelstein - ...
SharePoint Performance: Best Practices from the Field by Jason Himmelstein - ...
 

Planning and Configuring Extranets in SharePoint 2010 by Geoff Varosky - SPTechCon

  • 2.  Geoff Varosky  Jornata  Managing Consultant, Senior Architect, Senior Developer, Director of Evangelism  President & Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Recent Awards  Top 25 2012 Harmon.ie Online Community Influencer  Top 50 2012 KnowledgeLake Community Influencer  Blog – www.SharePointYankee.com  Email – geoff@varosky.com  Twitter – @gvaro
  • 3.
  • 4.  Thinking  What is an Extranet?  Design  Topology  Authentication Mechanism  User Identity Storage Location  Evaluating Your Requirements  SharePoint 2010 Considerations  Doing  Configuration  User and Role Management
  • 5.
  • 6.
  • 7. Controlled access from external networks
  • 8. Controlled access from EXTeRnAl NETworks
  • 9.
  • 10.  Topology  Authentication Methods  User Identity Storage Location
  • 11.
  • 12.
  • 13. Corporate network a/k/a where you access Internets Perimeter network Facebook from every morning External Firewall/UAG Server Farm Users
  • 14. Internets Perimeter network Corporate network Firewall Router A Router B Firewall /UAG /UAG LAYER 1 LAYER 2 LAYER 3 Web Servers APP & SQL DNS, Active Directory, Servers LOB Systems
  • 15. Internets Perimeter network Corporate network External Firewall Firewall Users /UAG /UAG CONSUMING SERVICES FARM FARM
  • 16. Corporate network Internets Perimeter network YAY! FACEBOOKS! LOLS! External Firewall Firewall Users /UAG /UAG Web Servers, SQL Servers, Application Application Servers, Servers, DNS, Active DNS, Active Directory Directory
  • 17.
  • 18.  Windows  NTLM  Kerberos  Basic  Forms Based Authentication (FBA)*  *Claims needs to be enabled for FBA  Claims Based Authentication  SAML tokens
  • 19.
  • 20. Active Directory  LDAP  SQL Server  Other  Facebooks  Twitters
  • 21.
  • 22.  What do you really need?  Who needs access?  How sensitive is the data?  How sensitive is the network?  Budget?**
  • 23.  Who needs access?  Internal employees only  Active Directory  Internal employees and external users  Active Directory  Additional domain with restricted access  Active Directory & Forms Based Authentication  Claims Authentication  External only (rare)  Clients, partners, consultants  Active Directory or LDAP or SQL?  Forms Based Authentication or Windows auth?  Separate or together?  Hosting  Mobile Clients
  • 24.  How sensitive is the data & internal network?  Network & SharePoint  Separate site?  Separate site collection?  Separate web application?  Multiple farms with cross-farm services & publishing?  Separate farm?  DMZ?
  • 25.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  • 26.  How sensitive is the data & internal network?  Security  Secure Certificates (SSL)  Encryption  Firewall  Both hardware and software?  Content Filtering  ACLs  Virtual Private Network  Anti-Virus and Anti-Malware  Client-based certificates  One-time passwords (RSA tokens)  Phone verification  Biometrics  Retina, fingerprint, facial structure, hair and blood samples
  • 28.  REMEMBER THIS… You are giving a key to access your company’s data in some form or another.
  • 29.
  • 30.  Supported versions  All – Foundation up through Enterprise  Office 365  Can be used as an extranet (since that is basically what it is!)
  • 31.  Assumptions  Any Topology  Multi-Mode (Windows & FBA Authentication)  SQL User Database 1. Create ASP.NET Membership Database 2. Configure SharePoint 3. Configure IIS 4. Create and Manage Users
  • 32.  IIS  Using your SharePoint Site = BAD  Must first change default role manager, and then membership provider each time from claims to your SQL providers  No one can log into SharePoint during this time  And then change them back when done  Each change recycles the application pool.  Create a separate IIS Virtual Web Application and Manage from there  BCS  Great way to search for and manage users (passwords, email, etc.)  No way to create users without additional logic
  • 33.  CodePlex (www.codeplex.com)  SharePoint 2010 FBA Pack  http://sharepoint2010fba.codeplex.com  Third Party Solutions
  • 34.  Test your configuration  Review security regularly  Be wary of cats
  • 35.  My Blog Series  Part 1 : http://go.gvaro.net/ExtranetsP1  Part 2 : http://go.gvaro.net/ExtranetsP2  Part 3 : http://go.gvaro.net/ExtranetsP3  Phone Factor – Phone Verification  http://www.phonefactor.com  Plan Security Hardening (TechNet)  http://go.gvaro.net/uSyY1Z  SharePoint 2007 & 2010 Farm Ports (Firewall Config)  http://go.gvaro.net/uWQZzU  Disabling SSL v2.0, PCT 1.0 +more in IIS7  http://go.gvaro.net/N5GgEa
  • 36.  SharePoint Ports, Proxies, and Protocols (Firewall Config)  http://go.gvaro.net/tblxCn  Harden SQL Server for SharePoint  http://go.gvaro.net/viVQuN  Visual FBA configuration by Donal Conlon  http://go.gvaro.net/oPnAYx  Extranet tested topologies for SP 2010 Model  http://go.gvaro.net/SP2010ExtTopMod  ASP.NET 2.0 Membership Database Reference  Create, Add Users, etc. http://go.gvaro.net/AN2Mbr
  • 37.  FBA Configuration in SharePoint 2010  LDAP: http://go.gvaro.net/FBALDAP  ASP.NET Membership DB  http://go.gvaro.net/FBAANMDB  PeoplePicker Wildcard Search  http://go.gvaro.net/FBAWildCard  Helpful Resources for Troubleshooting Membership Providers  http://go.gvaro.net/TSMemProv  “Sign me in automatically” in FBA  http://go.gvaro.net/pAkDQP  Configuring SSL in a Development Environment  http://go.gvaro.net/uOTTlJ
  • 38.
  • 39. Meets 2nd Wednesday/month  6-8PM  Microsoft N.E.R.D. (Cambridge)  BostonSharePointUG.org  Twitter: @BASPUG / #BASPUG  SPTechCon Hosted Meeting in August!
  • 40.
  • 41.  Geoff Varosky  Jornata  Managing Consultant, Senior Architect, Senior Developer, Director of Evangelism  President & Co-Founder Boston Area SharePoint Users Group  Co-Organizer SharePoint Saturday Boston  Recent Awards  Top 25 2012 Harmon.ie Online Community Influencer  Top 50 2012 KnowledgeLake Community Influencer  Blog – www.SharePointYankee.com  Email – geoff@varosky.com  Twitter – @gvaro

Editor's Notes

  1. Wonderful family, wife, 2 kids, love camping, hiking, backpacking, snowshoeing, and I’m also a stand-up comedian, and I love a good 80’s themed party.
  2. Wonderful family, wife, 2 kids, love camping, hiking, backpacking, snowshoeing, and I’m also a stand-up comedian, and I love a good 80’s themed party.