The document discusses the five layers of security in a SharePoint environment:
1) Infrastructure security including physical security, service account setup, and Kerberos authentication.
2) Data security including role-based access control, SQL transparent data encryption, and antivirus.
3) Transport security including SSL and IPSec.
4) Edge security including inbound internet security.
5) Rights management.
It then provides details on infrastructure security focusing on best practices for service account configuration and enabling Kerberos authentication between SharePoint and SQL Server.
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...Michael Noel
One of the biggest advantage of using SharePoint as a Document Management and collaboration environment is that a robust security and permissions structure is built-in to the application itself. Authenticating and authorizing users is a fairly straightforward task, and administration of security permissions is simplified. Too often, however, security for SharePoint stops there, and organizations don’t pay enough attention to all of the other considerations that are part of a SharePoint Security stack, and more often than not don’t properly build them into a deployment. This includes such diverse categories including Edge, Transport, Infrastructure, Data, and Rights Management Security, all areas that are often neglected but are nonetheless extremely important. This session discusses the entire stack of Security within SharePoint, from best practices around managing permissions and ACLs to comply with Role Based Access Control, to techniques to secure inbound access to externally-facing SharePoint sites. The session is designed to be comprehensive, and includes all major security topics in SharePoint and a discussion of various real-world designs that are built to be secure.
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...Michael Noel
One of the biggest advantage of using SharePoint as a Document Management and collaboration environment is that a robust security and permissions structure is built-in to the application itself. Authenticating and authorizing users is a fairly straightforward task, and administration of security permissions is simplified. Too often, however, security for SharePoint stops there, and organizations don’t pay enough attention to all of the other considerations that are part of a SharePoint Security stack, and more often than not don’t properly build them into a deployment. This includes such diverse categories including Edge, Transport, Infrastructure, Data, and Rights Management Security, all areas that are often neglected but are nonetheless extremely important. This session discusses the entire stack of Security within SharePoint, from best practices around managing permissions and ACLs to comply with Role Based Access Control, to techniques to secure inbound access to externally-facing SharePoint sites. The session is designed to be comprehensive, and includes all major security topics in SharePoint and a discussion of various real-world designs that are built to be secure. • Understand how to use native technologies to secure all layers of a SharePoint environment, including Data, Transport, Infrastructure, Edge, and Rights Management. • Examine tools and technologies that can help secure SharePoint, including AD Rights Management Services, Forefront Unified Access Gateway, SQL Transparent Data Encryption, and more. • Understand a Role-Based Access Control (RBAC) permissions model and how it can be used to gain better control over authorization and access control to SharePoint files and data
SEASPC 2011 - SharePoint Security in an Insecure World: Understanding the Fiv...Michael Noel
One of the biggest advantage of using SharePoint as a Document Management and collaboration environment is that a robust security and permissions structure is built-in to the application itself. Authenticating and authorizing users is a fairly straightforward task, and administration of security permissions is simplified. Too often, however, security for SharePoint stops there, and organizations don’t pay enough attention to all of the other considerations that are part of a SharePoint Security stack, and more often than not don’t properly build them into a deployment. This includes such diverse categories including Edge, Transport, Infrastructure, Data, and Rights Management Security, all areas that are often neglected but are nonetheless extremely important. This session discusses the entire stack of Security within SharePoint, from best practices around managing permissions and ACLs to comply with Role Based Access Control, to techniques to secure inbound access to externally-facing SharePoint sites. The session is designed to be comprehensive, and includes all major security topics in SharePoint and a discussion of various real-world designs that are built to be secure.
TechEd Africa 2011 - OFC308: SharePoint Security in an Insecure World: Unders...Michael Noel
One of the biggest advantage of using SharePoint as a Document Management and collaboration environment is that a robust security and permissions structure is built-in to the application itself. Authenticating and authorizing users is a fairly straightforward task, and administration of security permissions is simplified. Too often, however, security for SharePoint stops there, and organizations don’t pay enough attention to all of the other considerations that are part of a SharePoint Security stack, and more often than not don’t properly build them into a deployment. This includes such diverse categories including Edge, Transport, Infrastructure, Data, and Rights Management Security, all areas that are often neglected but are nonetheless extremely important. This session discusses the entire stack of Security within SharePoint, from best practices around managing permissions and ACLs to comply with Role Based Access Control, to techniques to secure inbound access to externally-facing SharePoint sites. The session is designed to be comprehensive, and includes all major security topics in SharePoint and a discussion of various real-world designs that are built to be secure. • Understand how to use native technologies to secure all layers of a SharePoint environment, including Data, Transport, Infrastructure, Edge, and Rights Management. • Examine tools and technologies that can help secure SharePoint, including AD Rights Management Services, Forefront Unified Access Gateway, SQL Transparent Data Encryption, and more. • Understand a Role-Based Access Control (RBAC) permissions model and how it can be used to gain better control over authorization and access control to SharePoint files and data
Weblogic 11g admin basic with screencastRajiv Gupta
Installation of weblogic 11g
Creation and configuration of Admin server with three managed server
Creation of And Configuring Machines in Weblogic Server
Administering Managed Server With Node Manager
In this session, we will discuss how the new file server features in Microsoft Windows Server 2008 will help you more easily and reliably share your files on the network. We will review the new features of the File Server Role in Windows Server 2008 as well as talk about the new SMB 2.0 protocol, Transactional File IO, Server Backup, and the Storage Explorer. We will talk about using the new Offline Files feature to keep local and remote folders in sync, as well as taking a look at failover clustering. The session will round off by discussing istributed File System (DFS) and taking a look at the new replication features.
Spring 2007 SharePoint Connections Oleson Advanced Administration and Plannin...Joel Oleson
Advanced Administration the 2nd part in a 2 part series on Administration topics for SharePoint Server by Joel Oleson. SharePoint Connections Spring 2007 in Orlando,
To learn the architecture of WebLogic Server especially in terms of machines, domains and
servers.
• Installation and Configuration of WebLogic Server.
• Handling routine Administration tasks.
• Performing Backups and recovery.
• Monitoring server with GUI and command line tools.
• Setting up a cluster and distributing the resources to the cluster.
• To configure Oracle HTTP Server as the Web-tier front end for WebLogic Server instances and
clusters.
• Deploying and managing JavaEE applications/ large-scale Java EE applications throughout the
development and production life cycle.
• Configuring resource and application security
Have you ever used Oracle WebLogic Server? If the answer is no, this presentation is for you. We explain core WebLogic Server concepts and perform a live walkthrough of the console covering core administration areas that include managed servers, JVM servers, JMS resources, logs, data sources, application deployments, and more.
Writing simple web services in java using eclipse editorSantosh Kumar Kar
This is a simple steps showing how you can write a simple web service, host into a server, write a client class to access the service on web server. Just for a beginners...
In this session we will talk through deployment scenarios, design considerations and introduce AWS Active Directory Service. AWS Directory Service is a managed service that allows you to connect your AWS resources with an existing on-premises Microsoft Active Directory or to set up a new, stand-alone directory in the AWS cloud.
weblogic training | oracle weblogic online training | weblogic server courseNancy Thomas
Website : http://www.todaycourses.com
Weblogic Server Basics
Overview of Weblogic
WebLogic Directory Structure.
The config.xml File
Starting and Stopping Weblogic Server
Architecture of WebLogic Server
Weblogic Providing Services
J2EE Services Overview
The Administration Console
Overview of the Administration Console
Domain Configuration
Server Configuration
Introduction Weblogic Managed Servers and Clusters
What is a cluster?
Communications in a Cluster
Cluster -Wide JNDI Tree
Configuring Clusters
Node Manager
Deploying Applications to a Cluster
Creating a Cluster
Starting the Cluster
Deploying an Application to the Cluster
weblogic training, oracle weblogic training, weblogic server training, weblogic application server demo, application server demo, bangalore application server demo, weblogic stage mode, weblogic deployment, weblogic demo, weblogic application server, weblogic training in pune, weblogic training material, weblogic training institute in chennai, bea weblogic, weblogic tutorial, weblogic jdbc, weblogic datasource, weblogic admin training may 8th, weblogic admin training, weblogic training hyderabad
DAC Notes. We provide best training and placement in Data warehousing and big data analytics . Mainily we offer training on
1) OBIEE
2)ODI
3)OBIA
4)INFORMATICA
5)HADOOP
Weblogic 11g admin basic with screencastRajiv Gupta
Installation of weblogic 11g
Creation and configuration of Admin server with three managed server
Creation of And Configuring Machines in Weblogic Server
Administering Managed Server With Node Manager
In this session, we will discuss how the new file server features in Microsoft Windows Server 2008 will help you more easily and reliably share your files on the network. We will review the new features of the File Server Role in Windows Server 2008 as well as talk about the new SMB 2.0 protocol, Transactional File IO, Server Backup, and the Storage Explorer. We will talk about using the new Offline Files feature to keep local and remote folders in sync, as well as taking a look at failover clustering. The session will round off by discussing istributed File System (DFS) and taking a look at the new replication features.
Spring 2007 SharePoint Connections Oleson Advanced Administration and Plannin...Joel Oleson
Advanced Administration the 2nd part in a 2 part series on Administration topics for SharePoint Server by Joel Oleson. SharePoint Connections Spring 2007 in Orlando,
To learn the architecture of WebLogic Server especially in terms of machines, domains and
servers.
• Installation and Configuration of WebLogic Server.
• Handling routine Administration tasks.
• Performing Backups and recovery.
• Monitoring server with GUI and command line tools.
• Setting up a cluster and distributing the resources to the cluster.
• To configure Oracle HTTP Server as the Web-tier front end for WebLogic Server instances and
clusters.
• Deploying and managing JavaEE applications/ large-scale Java EE applications throughout the
development and production life cycle.
• Configuring resource and application security
Have you ever used Oracle WebLogic Server? If the answer is no, this presentation is for you. We explain core WebLogic Server concepts and perform a live walkthrough of the console covering core administration areas that include managed servers, JVM servers, JMS resources, logs, data sources, application deployments, and more.
Writing simple web services in java using eclipse editorSantosh Kumar Kar
This is a simple steps showing how you can write a simple web service, host into a server, write a client class to access the service on web server. Just for a beginners...
In this session we will talk through deployment scenarios, design considerations and introduce AWS Active Directory Service. AWS Directory Service is a managed service that allows you to connect your AWS resources with an existing on-premises Microsoft Active Directory or to set up a new, stand-alone directory in the AWS cloud.
weblogic training | oracle weblogic online training | weblogic server courseNancy Thomas
Website : http://www.todaycourses.com
Weblogic Server Basics
Overview of Weblogic
WebLogic Directory Structure.
The config.xml File
Starting and Stopping Weblogic Server
Architecture of WebLogic Server
Weblogic Providing Services
J2EE Services Overview
The Administration Console
Overview of the Administration Console
Domain Configuration
Server Configuration
Introduction Weblogic Managed Servers and Clusters
What is a cluster?
Communications in a Cluster
Cluster -Wide JNDI Tree
Configuring Clusters
Node Manager
Deploying Applications to a Cluster
Creating a Cluster
Starting the Cluster
Deploying an Application to the Cluster
weblogic training, oracle weblogic training, weblogic server training, weblogic application server demo, application server demo, bangalore application server demo, weblogic stage mode, weblogic deployment, weblogic demo, weblogic application server, weblogic training in pune, weblogic training material, weblogic training institute in chennai, bea weblogic, weblogic tutorial, weblogic jdbc, weblogic datasource, weblogic admin training may 8th, weblogic admin training, weblogic training hyderabad
DAC Notes. We provide best training and placement in Data warehousing and big data analytics . Mainily we offer training on
1) OBIEE
2)ODI
3)OBIA
4)INFORMATICA
5)HADOOP
SharePoint 2010 best practices for infrastructure deployments SharePoint Sat...Knowledge Cue
This session cover best practices for ensuring that your core SharePoint infrastructure layer has been deployed correctly. The session is geared towards SharePoint infrastructure administrators and architects who will be managing a SharePoint deployment.
Presentation by Shree Prasad Khanal, Leader, Himalayan SQL Server User Group, on "Where should I be encrypting my data? " at "Braindigit 9th National ICT Conference 2013" organized by Information Technology Society, Nepal at Alpha House, Kathmandu, Nepal on 26th January, 2013
Microsoft released SQL Azure more than two years ago - that's enough time for testing (I hope!). So, are you ready to move your data to the Cloud? If you’re considering a business (i.e. a production environment) in the Cloud, you need to think about methods for backing up your data, a backup plan for your data and, eventually, restoring with Red Gate Cloud Services (and not only). In this session, you’ll see the differences, functionality, restrictions, and opportunities in SQL Azure and On-Premise SQL Server 2008/2008 R2/2012. We’ll consider topics such as how to be prepared for backup and restore, and which parts of a cloud environment are most important: keys, triggers, indexes, prices, security, service level agreements, etc.
Back Up SQL Server to Amazon S3 with Microsoft Tools and File Gateway (STG380...Amazon Web Services
A widespread method to protect databases, particularly for DBAs, is to dump a database and its logs to a file share, often redundantly consuming both production and backup storage capacity, for a backup. What if that file share really lived on Amazon S3? It can. This session describes a backup architecture using File Gateway and native SQL Server and PowerShell commands deployed by AWS customer Direct Supply. Attend this session to learn how you can reduce on-premises storage while simplifying backup, recovery, and even migration of Microsoft SQL Server to AWS.
Tackle Containerization Advisor (TCA) for Legacy ApplicationsKonveyor Community
Recording of presentation: https://youtu.be/VapEooROERw
With the adoption of cloud services and the reliability and resiliency it offers, enterprises are eager to understand how many of their legacy applications can be containerized.
We propose Tackle Containerization Advisor (TCA), a framework that provides a containerization advisory for legacy applications.
Given an application description in terms of its technical components, TCA proposes a multi-step process that standardizes the raw inputs and curates technology stack into various components, detects missing components and finally recommends the best possible containerization approach.
Presenter: Anup Kalia, Research Staff Member @ IBM Research
GitHub: https://github.com/konveyor/tackle-container-advisor
Enterprise-class security with PostgreSQL - 1Ashnikbiz
For businesses that handle personal data everyday, the security aspect of their database is of utmost importance.
With an increasing number of hack attacks and frauds, organizations want their open source databases to be fully equipped with the top security features.
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsScott Sutherland
During this presentation, I’ll cover common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. I’ll also share a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.
Where there is Active Directory, there are SQL Servers. In dynamic enterprise environments it’s common to see both platforms suffer from misconfigurations that lead to unauthorized system and sensitive data access. During this presentation, I’ll cover common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. I’ll also share a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsHostway|HOSTING
Join Rodney Landrum, Senior DBA Consultant for Ntirety, a division of HOSTING, as he demonstrates his favorite new features of the latest Microsoft SQL Server 2016 Service Pack 1.
During the accompanying webinar and slides, Rodney will touch on the following:
• A demo of his favorite new features in SQL Server 2016 and SP1 including:
o Query Store
o Database Cloning
o Dynamic Data Masking
o Create or Alter
• A review of Enterprise features that are now available in standard edition
• New information in Dynamic Management Views and SQL Error Log that will make your DBAs job easier.
Combatting Cyberthreats with Microsoft Defender 365 - CollabDays Finland 2023Michael Noel
As presented at CollabDays Finland, Helsinki, 2023-09-09
The dramatic rise in the number and severity of cyber-threats faced by organizations today has led to a proliferation of countermeasure IT security tool-sets. In many cases, these security tools operate independently from each other and can lead to siloed alerting and monitoring making it difficult for IT staff to effectively identify threats and mitigate them before they become major issues.
Microsoft Defender 365 suite of cloud security tools consolidates multiple security tool-sets under a single management interface and provides for end-to-end security, allowing administrators to quickly identify and contain threats. Rather than constantly being on the defensive, Defender 365 provides for the ability to proactively hunt for vulnerabilities and potential bad actors while they are still making lateral moves within your environment, allowing IT cybersecurity the ability to stay one step ahead of increasingly sophisticated hackers.
This session takes an in-depth look at the tools that are part of the Microsoft Defender 365 suite, including Microsoft Defender for Cloud Apps, Microsoft Defender for Endpoint, Microsoft Defender for Identity and more. Discover how to better control, audit, and manage your organization’s data in both the cloud and on-premises infrastructure.
• Explore the various tool-sets and capabilities built into Microsoft 365 Defender, including Cloud Access Security Broker (CASB) functionality, endpoint threat detection and management, and sophisticated on-premises real-time threat prevention tools.
• Examine how real-time threats can overwhelm more traditional threat management systems and how an intuitive ‘single pane of glass’ view of threat detection and management can greatly improve the odds of stopping sophisticated cyberattacks.
• Understand how Microsoft licensing for Microsoft Defender 365 is structured and how you can take advantage of these security tools for little or even no cost in some scenarios.
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
Organizations today are vastly unprepared for the threat of modern cyber-attacks. At the same time, the attackers are becoming more sophisticated and the amount of resources at their disposal is increasing. It has become a lucrative business to hack, disrupt, and steal intellectual property from organizations of all sizes and in all business sectors.
While the attackers are becoming more sophisticated, organizations have their IT security positioned for threats from the past century, with poor password management techniques, simple ACL based file permissions, and basic firewall and zone-based containment techniques. This makes it easier for attackers to obtain access to critical intellectual property and makes career-ruining disruptions all the more common.
This session focuses on understanding what is currently wrong with IT security practices and how your organization can change processes, techniques, and tools to provide for a significantly higher level of IT security without necessarily having to implement expensive tools or obtrusive processes.
• Understand the pitfalls of current IT Security practices, including myths around password change policies, allowing logins without providing multiple factors, and the proliferation of ‘always-on’ admin rights.
• Examine how simple changes in IT strategy can greatly improve your overall IT posture, including providing for up to a 99% improvement in the likelihood of a data credential theft.
• Determine which easy to deploy tools and features which you may already be licensed for can be used to tighten up IT security within an environment, including solutions such as Microsoft Defender for Identity, Azure Sentinel, Microsoft Cloud App Security, next-generation firewalls, and more.
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments.
This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today.
• Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats
• Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more
• Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools
Understanding the Tools and Features of Office 365 - New Zealand Digital Work...Michael Noel
As presented at the New Zealand Digital Workplace Conference in Auckland, May 1st, 2018
Microsoft’s Office 365 has experienced massive growth, with reduced overhead costs and reliability acting as driving factors for many organisations. While popular services such as Exchange Online and SharePoint Online may be responsible for much of the interest in Office 365, there are other less well-known tools such as Power BI, Microsoft Teams, Microsoft Flow, Delve, Stream, MyAnalytics and many more which are added on a continual basis.
This session breaks down the various service offerings of Office 365, providing for easy to understand description of each of the tools provided and how they can be used to improve productivity and reduce costs. It examines the overall Office 365 licensing options and compares the internal tools with other common industry tools to help business decision makers to get the most out of their licensing.
Understand key features and functionality of each of the service offerings within Office 365, including Exchange Online, SharePoint Online, OneDrive for Business, Groups, Power BI, Microsoft Teams, and much more
Determine what type of license is required for your organisation based on the level of functionality required and the type of information workers that will use the platform
Compare Office 365 native tools with other similar industry tools to better understand what type of cost savings can be realized through the platform.
AUDWC 2016 - Using SQL Server 20146 AlwaysOn Availability Groups for SharePoi...Michael Noel
SQL Server 2016 provides for unprecedented high availability and disaster recovery options for SharePoint farms in the form of AlwaysOn Availability Groups. Using this new technology, SharePoint architects can provide for near-instant failover at the data tier, without the risk of any data loss. In addition, the latest version of this technology, available with SQL Server 2016, allows for replicas of SharePoint databases to be stored in the cloud in Microsoft’s Azure cloud offering. This technology, which will be demonstrated live, completely changes the data tier design options for SharePoint and revolutionises high availability options for a farm. This session covers in step-by-step detail the exact configuration required to enable this functionality for a SharePoint 2013 farm, based on the best practices, tips and tricks, and real-world experience of the presenter in deploying this technology in production.
Understand the differences between SQL AlwaysOn options, and determine the requirements to deploy the technologies
Examine how SQL Server 2016 AlwaysOn Availability Groups can provide aggressive Service Level Agreements (SLAs) with a Recovery Point Objective (RPO) of zero and a Recovery Time Objective (RTO) of a few seconds.
See the exact steps required to enable SQL Server 2016 AlwaysOn Availability Groups for a SharePoint 2013 On-Premises environment, including options for storing replicas in Microsoft’s Azure cloud service.
Understanding Office 365 Service Offerings - O365 Saturday Sydney 2015Michael Noel
Version of the presentation given at Office365 Saturday Sydney on 12 June, 2015. Contains licensing info in AUD.
Microsoft’s Office 365 has experienced massive growth in recent months, with reduced overhead costs and reliability acting as driving factors for many organizations. While popular services such as Exchange Online and SharePoint Online may be responsible for much of the interest in Office 365, there are other less well known services such as OneDrive for Business and Skype for Business that make Microsoft’s cloud offering even more tempting for IT decision makers.
This session breaks down the various service offerings of Office 365, providing for easy to understand description of each of the tools provided and how they can be used to improve productivity and reduce costs.
• Understand key features and functionality of each of the service offerings within Office 365, including Exchange Online, SharePoint Online, OneDrive for Business, Skype for Business, Office Web App, and the Office 2013 client suite
• Determine what type of license is required for your organization based on the level of functionality required and the type of information workers that will use the platform
• Review key decision points to make when considering an Office 365 deployment such as whether or not to provide Single Sign On to the platform with an internal Active Directory environment, data retention decisions, and migration options
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
2. Michael Noel
• Author of SAMS Publishing titles “SharePoint 2007 Unleashed,” the upcoming
“SharePoint 2010 Unleashed,” “SharePoint 2003 Unleashed”, “Teach Yourself
SharePoint 2003 in 10 Minutes,” “Windows Server 2008 R2 Unleashed,” “Exchange
Server 2010 Unleashed”, “ISA Server 2006 Unleashed”, and many other titles .
• Partner at Convergent Computing (www.cco.com / +1(510)444-5700) – San
Francisco, U.S.A. based Infrastructure/Security specialists for SharePoint, AD,
Exchange, Security
3. SharePoint Security
Layers of Security in a SharePoint Environment
• 1: Infrastructure Security
– Physical Security
– Best Practice Service Account Setup
– Kerberos Authentication
• 2: Data Security
– Role Based Access Control (RBAC)
– Transparent Data Encryption (TDE) of SQL Databases
– Antivirus
• 3: Transport Security
– Secure Sockets Layer (SSL) from Client to Server
– IPSec from Server to Server
• 4: Edge Security
– Inbound Internet Security (Forefront UAG/TMG)
• 5: Rights Management
5. Layer 1: Infrastructure Security
Sample List of Service Accounts
Service Account Name Role of Service Account Special Permissions
COMPANYABCSRV-SP-Setup SharePoint Installation Account Local Admin on all SP Servers (for installs)
COMPANYABCSRV-SP-SQL SQL Service Account(s) – Should be separate Local Admin on Database Server(s)
admin accounts from SP accounts. (Generally, some exceptions apply)
COMPANYABCSRV-SP-Farm SharePoint Farm Account(s) – Can also be N/A
standard admin accounts. RBAC principles
apply ideally.
COMPANYABCSRV-SP-Search Search Account N/A
COMPANYABCSRV-SP-Content Default Content Access Account Read rights to any external data sources
to be crawled
COMPANYABCSRV-SP-Prof Default Profiles Access Account Member of Domain Users (to be able to
read attributes from users in domain) and
‘Replicate Directory Changes’ rights in AD.
COMPANYABCSRV-SP-AP-SPCA Application Pool Identity account for DBCreator and Security Admin on SQL.
SharePoint Central Admin. Create and Modify contacts rights in OU
used for mail.
COMPANYABCSRV-SP-AP-Data Application Pool Identity account for the N/A
Content related App Pool (Portal, MySites,
etc.) Additional as needed for security.
6. Layer 1: Infrastructure Security
Enable Kerberos
• When creating any Web Applications in Classic-mode, USE
KERBEROS. It is much more secure and also faster with heavy
loads as the SP server doesn’t have to keep asking for auth
requests from AD.
• Kerberos auth does require extra steps, which makes people
shy away from it, but once configured, it improves security
considerably and can improve performance on high-load sites.
• Should also be configured on SPCA Site! (Best Practice =
Configure SPCA for NLB, SSL, and Kerberos (i.e.
https://spca.companyabc.com)
7. Layer 1: Infrastructure Security
Kerberos Step 1: Create the Service Principal Names
• Use the setspn utility to create Service Principle Names in
AD, the following syntax for example:
– Setspn.exe -A HTTP/mysite.companyabc.com
DOMAINNAMEMYSiteAppAccount
– Setspn.exe -A HTTP/mysite DOMAINNAMEMYSITEAppAccount
– Setspn.exe -A HTTP/home.companyabc.com
DOMAINNAMEHOMEAppAccount
– Setspn.exe -A HTTP/sp DOMAINNAMEHOMEAppAccount
8. Layer 1: Infrastructure Security
Kerberos Step 2: Enable Kerberos between SP and SQL
• Use setspn to create SPNs for SQL Service Account
• SPNs need to match the name that SharePoint uses to
connect to SQL (Ideally SQL Alias, more on this later)
• Syntax similar to following:
– Setspn.exe -A MSSQLSvc/spsql:1433 COMPANYABCSRV-SQL-DB
– Setspn.exe –A MSSQLSvc/spsql.companyabc.com:1433
COMPANYABCSRV-SQL-DB
• MSSQLSvc = Default instance, if named instance, specify the name
instead
• In this example, SRV-SQL-DB is the SQL Admin account
9. Layer 1: Infrastructure Security
Kerberos Step 3: Allow Accounts to Delegate (Optional)
• Required only for Excel
Services and other
impersonation applications.
• On all SP Computer accounts
and on the Application
Identity accounts, check the
box in ADUC to allow for
delegation.
– In ADUC, navigate to the
computer or user account,
right-click and choose
Properties.
– Go to the Delegation tab
– Choose Trust this
user/computer for delegation
to any service (Kerberos)
10. Layer 1: Infrastructure Security
Kerberos Step 4: Enable Kerberos on Web Application
• Go to Application Management – Authentication Providers
• Choose the appropriate Web Application
• Click on the link for ‘Default’ under Zone
• Change to Integrated Windows Authentication - Kerberos
(Negotiate)
• Run iisreset /noforce from the command prompt
• If creating Web App from scratch, this step may be unnecessary
if you choose Negotiate from the beginning
12. Layer 2: Data Security
Role Based Access Control (RBAC)
• Role Groups defined within Active Directory (Universal
Groups) – i.e. ‘Marketing,’ ‘Sales,’ ‘IT,’ etc.
• Role Groups added directly into SharePoint ‘Access Groups’
such as ‘Contributors,’ ‘Authors,’ etc.
• Simply by adding a user account into the associated Role
Group, they gain access to whatever rights their role
requires.
User1
Role SharePoint
Group Group
User2
13. Layer 2: Data Security
SQL Transparent Data Encryption (TDE)
• SQL Server 2008 and 2008 R2 Enterprise
Edition Feature
• Encrypts SQL Databases Transparently,
SharePoint is unaware of the encryption and
does not need a key
• Encrypts the backups of the database as well
14. Layer 2: Data Security
TDE vs. Cell Level Encryption
• Available with either SQL 2005 or SQL 2008
• Encrypts individual cells in a database
• Requires a password to access the cell
• Requires that columns be changed from their
original data type to varbinary
• Advantage is that only specific info is encrypted
• Disadvantage is that you cannot use this for
SharePoint Databases
15. Layer 2: Data Security
TDE vs. File Level Encryption
• Two forms, older Encrypting File System (EFS)
and Bitlocker
• EFS encrypts data at the File Level
• Bitlocker encrypts data at the Volume Level
• Bitlocker Encrypts every file on the disk, not
just database files
• Could be used together with TDE
16. Layer 2: Data Security
SQL Transparent Data Encryption (TDE) Limitations
• Does not encrypt the Communication Channel (IPSec
can be added)
• Does not protect data in memory (DBAs could access)
• Cannot take advantage of SQL 2008 Backup
Compression
• TempDB is encrypted for the entire instance, even if
only one DB is enabled for TDE, which can have a
performance effect for other DBs
• Replication or FILESTREAM data is not encrypted when
TDE is enabled (i.e. RBS BLOBs not encrypted)
17. Key Windows OS Level Hierarchy
and Cert Data Protection API (DPAPI)
DPAPI Encrypts SMK
SQL Instance Level Service Master Key
SMK encrypts the DMK for master DB
master DB Level Database Master Key
DMK creates Cert in master DB
master DB Level Certificate
Certificate Encrypts DEK in Content DB
Content DB Level Database Encryption Key
DEK used to encrypt Content DB
18. Layer 2: Data Security
SQL TDE Step 1: Creating the Database Master Key (DMK)
• Symmetric key used to protect private keys and
asymmetric keys
• Protected itself by Service Master Key (SMK),
which is created by SQL Server setup
• Use syntax as follows:
– USE master;
– GO
– CREATE MASTER KEY ENCRYPTION BY PASSWORD =
'CrypticTDEpw4CompanyABC';
– GO
19. Layer 2: Data Security
SQL TDE Step 2: Creating the TDE Certificate
• Protected by the DMK
• Used to protect the database encryption key
• Use syntax as follows:
USE master;
GO
CREATE CERTIFICATE CompanyABCtdeCert WITH
SUBJECT = 'CompanyABC TDE Certificate' ;
GO
20. Layer 2: Data Security
SQL TDE Step 3: Backup the Master Key
• Without a backup, data can be lost
• Backup creates two files, the Cert backup and the Private Key File
• Use following syntax:
USE master;
GO
BACKUP CERTIFICATE CompanyABCtdeCert TO FILE =
'c:BackupCompanyABCtdeCERT.cer'
WITH PRIVATE KEY (
FILE = 'c:BackupCompanyABCtdeDECert.pvk',
ENCRYPTION BY PASSWORD = 'CrypticTDEpw4CompanyABC!' );
GO
21. Layer 2: Data Security
SQL TDE Step 4: Creating the Database Encryption Key (DEK)
• DEK is used to encrypt specific database
• One created for each database
• Encryption method can be chosen for each DEK
• Use following syntax:
USE SharePointContentDB;
GO
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE CompanyABCtdeCert
GO
22. Layer 2: Data Security
SQL TDE Step 5: Enable TDE on the Database(s)
• Data encryption will begin after running
command
• Size of DB will determine time it will take, can be
lengthy and could cause user blocking
• Use following syntax:
USE SharePointContentDB
GO
ALTER DATABASE SharePointContentDB
SET ENCRYPTION ON
GO
23. Layer 2: Data Security
SQL TDE Step 6: Monitor the TDE Encryption Progress
• State is Returned
• State of 2 = Encryption Begun
• State of 3 = Encryption Complete
• Use following syntax:
USE SharePointContentDB
GO
SELECT *
FROM sys.dm_database_encryption_keys
WHERE encryption_state = 3;
GO
24. Layer 2: Data Security
SQL TDE: Restoring a TDE Database to Another Server
• Step 1: Create new Master Key on Target Server (Does not need to match
source master key)
• Step 2: Backup Cert and Private Key from Source
• Step 3: Restore Cert and Private Key onto Target (No need to export the
DEK as it is part of the backup)
USE master;
GO
CREATE CERTIFICATE CompanyABCtdeCert
FROM FILE = 'C:RestoreCompanyABCtdeCert.cer'
WITH PRIVATE KEY (
FILE = 'C:RestoreCompanyABCtdeCert.pvk'
, DECRYPTION BY PASSWORD = 'CrypticTDEpw4CompanyABC!'
)
• Step 4: Restore DB
27. Layer 2: Data Security
SharePoint Antivirus VSAPI
• Realtime scanning only uses the VSAPI
• Realtime Scan Settings are Administered
through the SharePoint Central Admin Tool
– Realtime Options are grayed out in the ForeFront
Admin Console
28. Layer 2: Data Security
SharePoint Antivirus: FPS Keyword and File Filtering
• Look for specific
keywords (sensitive
company info,
profanity, etc.)
– Block
– Simply detect and
notify
• Create Filter List
– Add Keywords, either
manually or bulk as
lines in a text file
29. Layer 2: Data Security
SharePoint Antivirus: FPS Profanity Filters
• New Profanity lists in 11 languages
available in SP2
– (Run KeywordInstaller.msi to install)
– Import the lists into FF from Program
FilesMicrosoft Forefront
SecuritySharePointDataExample
Keywords
32. Layer 3: Transport Security
Client to Server: Using Secure Sockets Layer (SSL) Encryption
• External or Internal Certs highly
recommended
• Protects Transport of content
• 20% overhead on Web Servers
• Can be offloaded via SSL offloaders if
needed
• Don’t forget for SPCA as well!
33. Layer 3: Transport Security
Server to Server: Using IPSec to encrypt traffic
• By default, traffic between SharePoint
Servers (i.e. Web and SQL) is unencrypted
• IPSec encrypts all packets sent between
servers in a farm
• For very high security scenarios when all
possible data breaches must be addressed
36. Layer 4: Edge Security
UAG Comparison with Forefront TMG
Capability TMG 2010 UAG
2010
Publish Web applications using HTTPS X X
Publish internal mobile applications to roaming mobile devices X X
Layer 3 firewall X X*
Outbound scenarios support X X*
Array support X
Globalization and administration console localization X
Wizards and predefined settings to publish SharePoint sites and Exchange X X
Wizards and predefined settings to publish various applications X
Active Directory Federation Services (ADFS) support X
Rich authentication (for example, one-time password, forms-based, smart card) X X
Application protection (Web application firewall) Basic Full
Endpoint health detection X
Information leakage prevention X
Granular access policy X
Unified Portal X
38. Layer 5: Rights Management
Active Directory Rights Management Services (AD RMS)
• AD RMS is a form of Digital Rights Management (DRM)
technology, used in various forms to protect content
• Used to restrict activities on files AFTER they have
been accessed:
– Cut/Paste
– Print
– Save As…
• Directly integrates with SharePoint DocLibs
39. Layer 5: Rights Management
How AD RMS Works
1. On first use, authors
receive client licensor
certificate from RMS server
2. Author creates content and
assigns rights
3. File is distributed to
recipient(s)
4. Recipient opens file, and
their RMS client contacts
server for user validation
and to obtain a license
5. Application opens the file
and enforces the
restrictions
40. Layer 5: Rights Management
Installing AD RMS – Key Storage
• Select Cluster Key Storage
• CSP used for advanced scenarios
41. Layer 5: Rights Management
Installing AD RMS – Creating the Cluster Name
42. Layer 5: Rights Management
Installing AD RMS – Using an SSL Cert for Transport Encryption
43. Layer 5: Rights Management
Allowing SharePoint to use AD RMS
• By default, RMS server is configured to
only allow the local system account of the
RMS server or the Web Application
Identity accounts to access the certificate
pipeline directly
• SharePoint web servers and/or Web
Application Service Accounts need to be
added to this security list
• Add the RMS Service Group, the machine
account(s) of the SharePoint Server and
the Web App Identity accountswith Read
and Excecute permissions to the
ServerCertification.asmx file in the
%systemroot%inetpubwwwroot_wmcs
Certification folder on the RMS server
44. Layer 5: Rights Management
Client Accessing AD RMS Documents
• RMS-enabled client, when accessing
document in doclib, will access RMS server to
validate credentials
45. Layer 5: Rights Management
Client Accessing AD RMS Documents
• Effective
permissions can be
viewed from the
document
• The RMS client will
enforce the
restrictions
46. Session Summary
• Determine Security Risk for your SharePoint
Environment
• Identify any Regulatory Compliance Requirements for
SharePoint
• Determine which aspects of SharePoint need to be
secured, touching on all five layers of SharePoint
Security
47. Your Feedback is Important
Please fill out a session evaluation form drop it
off at the conference registration desk.
Thank you!