SharePoint in the Extranet Joel Oleson


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SharePoint in the Extranet Joel Oleson

  1. 1. SharePoint in the Extranet Joel Oleson Technologist Microsoft Corporation OFF305
  2. 2. Agenda <ul><li>Side by Side Comparison of 3 SharePoint Internet Facing Deployments </li></ul><ul><ul><li>IT Windows SharePoint Services (WSS) Extranet Deployment </li></ul></ul><ul><ul><li>Intellectual Capital Exchange (ICE) </li></ul></ul><ul><ul><li>Hosted Environment – </li></ul></ul><ul><li>Issues & Challenges </li></ul><ul><li>SP2 & Windows R2 Extranet Enhancements </li></ul><ul><li>Resources </li></ul><ul><li>Q/A </li></ul>
  3. 3. Side by Side Comparison Microsoft’s SharePoint Internet Enabled Deployments
  4. 4. Service Comparison Partner Account Access SPS Search Topics & Areas Existing AD Accounts Custom Web Services ADFS AD Account Creation Mode Site Directory Portal Hosting My Site Hosting WSS Hosting SPSites ICE IT Extranet
  5. 5. Spsites Topology 10,000’s WSS Sites 10,000’s My Sites Site Directory Profiles
  6. 6. ICE Topology ICE http://ice Topics & Areas My ICE Sub Areas Web Service
  7. 7. IT WSS Extranet Topology Dublin Singapore Redmond Americas Team https://* https://* https://* Asia/South Pacific SPTeam Europe ETeam
  8. 8. Hardware 3 Web 2 Search 1 Index/Job 2 WSS Web 2 Web/Search 1 Index/Job SQL ISA 2004/Web Publishing Load Balancers Load Balancers IT WSS Extranet MMS SPSites ICE (A/P) SQL Cluster (A/P) SQL Cluster
  9. 9. 3 Extranet Deployments <ul><li>Business & IT Requirements </li></ul><ul><li>Infrastructure/Architecture Solution </li></ul><ul><li>Add-ons </li></ul><ul><li>Workarounds </li></ul><ul><li>Challenges </li></ul>
  10. 10. IT WSS Extranet Deployment
  11. 11. IT WSS Extranet – Requirements Scalable Hosting WSS <ul><li>Business </li></ul><ul><ul><li>Easy to Collaborate with Partners </li></ul></ul><ul><ul><li>Use Existing Internal Accounts </li></ul></ul><ul><ul><li>Scalable & Highly Available </li></ul></ul><ul><ul><li>Accounts for partner collaboration </li></ul></ul><ul><li>IT & Security </li></ul><ul><ul><li>Secure Collaboration - 2 Factor Auth </li></ul></ul><ul><ul><li>No Anonymous Access </li></ul></ul><ul><ul><li>Web Servers: IP masked, no ICMP </li></ul></ul><ul><ul><li>Only SSL port allowed (Admin port blocked) </li></ul></ul><ul><ul><li>No Corp Resources </li></ul></ul>
  12. 12. IT Extranet WSS Solution <ul><li>Auth: Basic over SSL </li></ul><ul><li>Accounts: One way NTLM trust between partner domain and corporate child domains </li></ul><ul><li>Partner account provisioning & management system: Use Existing ( ) </li></ul><ul><li>Leverage Existing Extranet Onboarding process </li></ul><ul><li>Hardware: Stand Alone Deployment in DMZ </li></ul>
  13. 13. Extranet Provisioning
  14. 14. ICE Deployment
  15. 15. ICE Requirements <ul><li>Business </li></ul><ul><ul><li>Transparent Login </li></ul></ul><ul><ul><ul><li>Web Single Sign On (not SPS SSO) </li></ul></ul></ul><ul><ul><li>Use existing NT accounts </li></ul></ul><ul><ul><li>Hosted SharePoint like it is on Corp @ Home and on the Go </li></ul></ul><ul><li>IT & Security </li></ul><ul><ul><li>Firewalled (DMZ) </li></ul></ul><ul><ul><li>Intrusion Detection </li></ul></ul><ul><ul><li>IPSec between Corporate Clients & Managed Servers </li></ul></ul><ul><ul><li>128 bit SSL </li></ul></ul><ul><ul><li>Separate Forest from Corporate </li></ul></ul>
  16. 16. Spsites Deployment
  17. 17. MMS Requirements <ul><li>Business </li></ul><ul><ul><li>Transparent Login </li></ul></ul><ul><ul><li>Use existing NT accounts </li></ul></ul><ul><ul><li>Hosted SharePoint like it is on Corp @ Home and on the Go </li></ul></ul><ul><li>IT & Security </li></ul><ul><ul><li>Firewalled (DMZ) </li></ul></ul><ul><ul><li>Intrusion Detection </li></ul></ul><ul><ul><li>128 bit SSL </li></ul></ul><ul><ul><li>Separate Forest from Corp and Other Hosted Customers </li></ul></ul>
  18. 18. Issues and Challenges
  19. 19. Key Issues for MS Extranet or Internet Enabled Deployments <ul><li>Four Primary Challenges </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Cross Forest Issues </li></ul></ul><ul><ul><li>Account Management </li></ul></ul><ul><ul><li>Client Facing Issues </li></ul></ul>
  20. 20. Security <ul><li>Security team wants 2 factor authentication </li></ul><ul><li>Security wanted Digest authentication </li></ul><ul><li>Security wanted Forms authentication </li></ul><ul><li>Security then wanted token based auth </li></ul><ul><li>Services/App Pools need to run with account in the same domain (MMS) </li></ul><ul><li>Password service account restrictions make maintenance painful </li></ul>
  21. 21. Cross Forest Issues (Spsites) <ul><li>Manage Users Address book fails to work when email address & NT user name do not match </li></ul><ul><li>Lookups fail when User domain does not trust resource domain and Trust is at the forest level (works with domain (NTLM) trust) </li></ul><ul><ul><li>Display Name and Email address will not be populated </li></ul></ul><ul><ul><li>Requires user to know NT account or NT Security Group </li></ul></ul><ul><li>Document Workspace/Meeting Workspace creation from Outlook/Office doesn’t permission other users (lookup failure) </li></ul>
  22. 22. Account Management (IT WSS/ICE) <ul><li>AD is the account repository (live or die by it) </li></ul><ul><li>Painful Process for managing partner accounts – account creation and password management (listen to our story) </li></ul><ul><li>Active Directory Account Creation Mode </li></ul><ul><ul><li>Only for Windows SharePoint Services </li></ul></ul><ul><ul><li>Cannot coexist with pre-existing accounts </li></ul></ul>
  23. 23. Client Facing Issues <ul><li>Web capture web part doesn’t work with SSL </li></ul><ul><li>Mixed content for online web parts (HTTP vs. HTTPS) </li></ul><ul><li>Web Folder mixed content prompt </li></ul><ul><li>Transparent Login requires Intranet Zone or special IE security </li></ul><ul><li>URL Length (256 & 260) </li></ul><ul><li>Internal vs. External URL path issues (Use Alternate Access (Alert links, invalid extranet links, confusion) </li></ul>
  24. 24. Changes in WSS/SPS SP2 & R2? Windows 2003 R2 & ADFS
  25. 25. WSS SP2/SPS SP2 Enhancements <ul><li>Support for IP-bound virtual servers </li></ul><ul><li>* Support for Advanced Extranet Configurations </li></ul><ul><ul><li>SSL Termination </li></ul></ul><ul><ul><li>Host Header Modification </li></ul></ul><ul><ul><li>Port Translation </li></ul></ul><ul><li>Kerberos enabled by default on single box new installation </li></ul><ul><li>WSS running on ASP.NET 2.0 (Whidbey) </li></ul><ul><li>Support for Windows x64 editions </li></ul><ul><li>Support for SQL 2005 </li></ul><ul><li> </li></ul><ul><li>* Applies only to Non Scalable Hosting Mode Configurations or No support for Farms with Multiple Hostnames on a single IIS virtual server. </li></ul>
  26. 26. Ways to Support SSL on Multiple Portals or WSS IIS Web Sites X X X SSL + Reverse Proxy (Terminated at SharePoint i.e. ISA link/port translation) X SSL + Reverse Proxy (Terminated at Reverse Proxy X SSL + Port Translation X X X SSL on alternate ports for Multiple Virtual Servers X X X SSL w/ Wildcard Host Header DNS W2K3 SP1* W2K3 SP1* SSL + Host Headers X SSL + IP Bound Virtual Server X X X SSL + Single IIS Virtual Server per server SP2 SP1 RTM Configuration
  27. 27. ADFS for Windows 2003 R2 & WSS <ul><li>Windows Server 2003 R2 servers configured as federation servers can provide access to Windows SharePoint Services sites over the Internet </li></ul><ul><li>Your network and the network in your partner organization both need to support ADFS </li></ul><ul><ul><li>Shadow accounts setup in the resource partner if no forest trust exists between both partner organizations with federation trust between both partner organizations </li></ul></ul><ul><ul><li>WSS Web server configured with R2 and has SSL certificate </li></ul></ul><ul><ul><li>ADFS Web Service Agent on the Web server hosting Windows SharePoint Services </li></ul></ul><ul><ul><li>Windows SharePoint Services site users in the account partner organization setup with permissions </li></ul></ul><ul><ul><li> </li></ul></ul><ul><li>Be aware of SOAP issues (DWS & MWS Creation, FPEdit, Excel/Outlook Export & Import) </li></ul>
  28. 28. Session Summary <ul><li>Security is strong but getting stronger and more flexible </li></ul><ul><li>Workarounds are available for most issues </li></ul><ul><li>Windows R2, WSS SP2, SPS SP2 – Remove deployment blockers </li></ul>
  29. 29. Where to find Joel … Talks – ATE <ul><li>Tuesday </li></ul><ul><ul><li>11:30-12:45 C&T SharePoint Gone Wrong – How to Recover </li></ul></ul><ul><ul><li>13:00-14:00 IW SharePoint Demo Station </li></ul></ul><ul><ul><li>13:00-14:00 Panel: Life at the Bleeding Edge </li></ul></ul><ul><ul><li>15:00-16:00 IT ATE Booth 7 </li></ul></ul><ul><ul><li>18:30-20:00 IW SharePoint Demo Station </li></ul></ul><ul><li>Wednesday </li></ul><ul><ul><li>9:45-11:00 C&T Windows File Servers and SharePoint – Clarity </li></ul></ul><ul><ul><li>14:00-15:15 C&T SharePoint Gone Wrong – How to Recover II </li></ul></ul><ul><ul><li>15:30-16:45 Breakout - Building SharePoint for Maximum Scale </li></ul></ul><ul><ul><li>17:00-18:00 IT ATE Booth 7 </li></ul></ul><ul><li>Thursday </li></ul><ul><ul><li>10:00-11:00 IW SharePoint Demo Station </li></ul></ul><ul><ul><li>13:00-14:00 Panel: Enabling the New World of Work </li></ul></ul><ul><ul><li>14:00-15:30 SharePoint Extranets </li></ul></ul><ul><ul><li>15:30-16:30 IT ATE Booth 7 </li></ul></ul>
  30. 30. Where to get more on … How Microsoft Does IT <ul><li>“ Ask The Experts” – Booth 7 </li></ul><ul><ul><li>Come find us in the Sponsors & Exhibition Hall </li></ul></ul><ul><ul><li>Enter our daily prize draw and win X-box games & a memory mouse </li></ul></ul><ul><li>Delegate Networking </li></ul><ul><ul><li>Schedule a 1:1 with any of our IT speakers and experts </li></ul></ul><ul><li>On the Web </li></ul><ul><ul><li>Visit itshowcase </li></ul></ul><ul><li>IT Showcase DVD </li></ul><ul><ul><li>The very latest in white papers, presentations and Webcasts, collect one HERE or from the ATE – Booth 7 </li></ul></ul>
  31. 31. Community Resources <ul><li>Community Resources </li></ul><ul><ul><li> </li></ul></ul><ul><li>Most Valuable Professional (MVP) </li></ul><ul><ul><li> </li></ul></ul><ul><li>Newsgroups </li></ul><ul><ul><li>Converse online with Microsoft Newsgroups, including Worldwide </li></ul></ul><ul><ul><li> </li></ul></ul><ul><li>User Groups - Meet and learn with your peers </li></ul><ul><ul><li> </li></ul></ul>
  32. 32. Microsoft Learning Resources Come and talk to Microsoft Learning to find out more about developing your skills, you can kind us in the ‘Ask the Experts’ area Special offers on Microsoft Certification from Microsoft Learning Click here to access free Microsoft Learning Assessments and FREE elearning for Microsoft Visual Studio 2005 and Microsoft SQL Server 2005 with free Assessments and E-Learning
  33. 34. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.