SharePoint in the Extranet Joel Oleson & Charles Ofori Microsoft Corporation
Agenda <ul><li>Side by Side Comparison of 3 SharePoint Extranet Deployments </li></ul><ul><ul><li>IT Windows SharePoint Se...
Side by Side Comparison Microsoft’s SharePoint Extranet Deployments
Service Comparison Partner Account Access SPS Search Topics & Areas Existing AD Accounts Custom Web Services ADFS AD Accou...
MMS Topology MMS Services https://spsites.microsoft.com 10,000’s WSS Sites 10,000’s My Sites Site Directory
ICE Topology ICE http://ice https://ice.partners.extranet.microsoft.com Topics & Areas My ICE Sub Areas CustomWeb Service
IT WSS Extranet Topology Dublin Singapore Redmond Americas Team https://*.team.partners.extranet.microsoft.com https://*.e...
Hardware 3 Web 2 Search 1 Index/Job 2 WSS Web 2 Web/Search 1 Index/Job SQL ISA 2004/Web Publishing BigIP BigIP IT WSS Extr...
3 Extranet Deployments <ul><li>Business & IT Requirements </li></ul><ul><li>Infrastructure/Architecture Solution </li></ul...
IT WSS Extranet Deployment
IT WSS Extranet – Requirements Scalable Hosting WSS <ul><li>Business </li></ul><ul><ul><li>Easy to Collaborate with Partne...
IT Extranet WSS Solution <ul><li>Auth: Basic over SSL </li></ul><ul><li>Accounts: One way NTLM trust between partner domai...
Extranet Provisioning
ICE Deployment
ICE Requirements <ul><li>Business </li></ul><ul><ul><li>Transparent Login </li></ul></ul><ul><ul><ul><li>Web Single Sign O...
MMS Spsites Deployment
MMS Requirements <ul><li>Business </li></ul><ul><ul><li>Transparent Login </li></ul></ul><ul><ul><ul><li>Web Single Sign O...
Issues and Challenges
Key Issues for MS  Extranet or Internet Enabled D eployments <ul><li>This is on top of general issues of scaling, high-ava...
Security <ul><li>Security team wants 2 factor authentication </li></ul><ul><li>Security wanted Digest authentication </li>...
Cross Forest Issues (MMS) <ul><li>Manage Users Address book fails to work when email address & NT user name do not match <...
Account Management  (IT WSS/ICE) <ul><li>AD is the account repository (live or die by it) </li></ul><ul><li>Painful Proces...
Client Facing Issues <ul><li>Web capture web part doesn’t work with SSL </li></ul><ul><li>Mixed content for online web par...
What’s Coming Windows 2003 R2 & ADFS
ADFS for Windows 2003 R2 & WSS <ul><li>Windows Server 2003 R2 servers configured as federation servers can provide access ...
Windows R2 & Windows SharePoint Services Extranet Enhancements!!! <ul><li>Support for IP-bound virtual servers </li></ul><...
Session Summary <ul><li>SharePoint in the Extranet – No problem </li></ul><ul><li>Scalable and Enterprise Ready – Yes </li...
Resources: How Microsoft Does IT Resources from Microsoft IT See us at our Ask the Experts table! <ul><li>Microsoft IT | S...
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES N...
Upcoming SlideShare
Loading in …5
×

Slide 1 - Home - SharePoint Joel's SharePoint Land

701 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
701
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. 04/02/10 23:26
  • © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. 04/02/10 23:26
  • Absolute URLs Normal reverse proxy allows client and server URLs to differ By default, ISA doesn’t include host header received from client in request to server SharePoint sites and portals use absolute URLs Page requests, query strings, form fields, ActiveX control properties, etc. Enable ISA host header forwarding Do NOT use ISA path mapping The client request and server URLs must match
  • © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. 04/02/10 23:26
  • © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. 04/02/10 23:26
  • Slide 1 - Home - SharePoint Joel's SharePoint Land

    1. 2. SharePoint in the Extranet Joel Oleson & Charles Ofori Microsoft Corporation
    2. 3. Agenda <ul><li>Side by Side Comparison of 3 SharePoint Extranet Deployments </li></ul><ul><ul><li>IT Windows SharePoint Services (WSS) Extranet Deployment </li></ul></ul><ul><ul><li>Intellectual Capital Exchange (ICE) </li></ul></ul><ul><ul><li>Microsoft Managed Solutions (MMS) – Spsites.microsoft.com </li></ul></ul><ul><li>Issues & Challenges </li></ul><ul><li>Windows R2 Extranet Enhancements & ADFS - Discussion </li></ul><ul><li>Resources </li></ul><ul><li>Q/A </li></ul>
    3. 4. Side by Side Comparison Microsoft’s SharePoint Extranet Deployments
    4. 5. Service Comparison Partner Account Access SPS Search Topics & Areas Existing AD Accounts Custom Web Services ADFS AD Account Creation Mode Site Directory Portal Hosting My Site Hosting WSS Hosting MMS SPSites ICE IT WSS Extranet
    5. 6. MMS Topology MMS Services https://spsites.microsoft.com 10,000’s WSS Sites 10,000’s My Sites Site Directory
    6. 7. ICE Topology ICE http://ice https://ice.partners.extranet.microsoft.com Topics & Areas My ICE Sub Areas CustomWeb Service
    7. 8. IT WSS Extranet Topology Dublin Singapore Redmond Americas Team https://*.team.partners.extranet.microsoft.com https://*.eteam.partners.extranet.microsoft.com https://*.spteam.partners.extranet.microsoft.com Asia/SouthPacific SPTeam Europe ETeam
    8. 9. Hardware 3 Web 2 Search 1 Index/Job 2 WSS Web 2 Web/Search 1 Index/Job SQL ISA 2004/Web Publishing BigIP BigIP IT WSS Extranet MMS SPSites ICE (A/P) SQL Cluster (A/P) SQL Cluster
    9. 10. 3 Extranet Deployments <ul><li>Business & IT Requirements </li></ul><ul><li>Infrastructure/Architecture Solution </li></ul><ul><li>Add-ons </li></ul><ul><li>Workarounds </li></ul><ul><li>How’s it going??? </li></ul>
    10. 11. IT WSS Extranet Deployment
    11. 12. IT WSS Extranet – Requirements Scalable Hosting WSS <ul><li>Business </li></ul><ul><ul><li>Easy to Collaborate with Partners </li></ul></ul><ul><ul><li>Use Existing Internal Accounts </li></ul></ul><ul><ul><li>Scalable & Highly Available </li></ul></ul><ul><ul><li>Accounts for partner collaboration </li></ul></ul><ul><li>IT & Security </li></ul><ul><ul><li>Secure Collaboration - 2 Factor Auth </li></ul></ul><ul><ul><ul><li>Grandfathered w/ 2000 OWA Model (Basic over SSL) </li></ul></ul></ul><ul><ul><ul><li>Client certs too much overhead didn’t meet #1 </li></ul></ul></ul><ul><ul><li>No Anonymous Access </li></ul></ul><ul><ul><li>Web Servers: IP masked, no ICMP </li></ul></ul><ul><ul><li>Only SSL port allowed (Admin port blocked) </li></ul></ul><ul><ul><li>No Corp Resources </li></ul></ul>
    12. 13. IT Extranet WSS Solution <ul><li>Auth: Basic over SSL </li></ul><ul><li>Accounts: One way NTLM trust between partner domain and corp child domains (requires AD ports open to internal DCs for auth) </li></ul><ul><li>Partner account provisioning & management system: Use Existing ( https://www.partners.extranet.microsoft.com ) </li></ul><ul><li>Leverage Existing Extranet Onboarding process </li></ul><ul><li>Hardware: Stand Alone Deployment in DMZ </li></ul>
    13. 14. Extranet Provisioning
    14. 15. ICE Deployment
    15. 16. ICE Requirements <ul><li>Business </li></ul><ul><ul><li>Transparent Login </li></ul></ul><ul><ul><ul><li>Web Single Sign On (not SPS SSO) </li></ul></ul></ul><ul><ul><li>Use existing NT accounts </li></ul></ul><ul><ul><li>Hosted SharePoint like it is on Corp @ Home and on the Go </li></ul></ul><ul><li>IT & Security </li></ul><ul><ul><li>Firewalled (DMZ) </li></ul></ul><ul><ul><li>Intrusion Detection </li></ul></ul><ul><ul><li>IPSec between Corp Clients & Managed Servers </li></ul></ul><ul><ul><li>128 bit SSL </li></ul></ul><ul><ul><li>No Corp Connectivity, no Internet Connectivity </li></ul></ul><ul><ul><li>Separate Forest from Corp and Other Customers </li></ul></ul>
    16. 17. MMS Spsites Deployment
    17. 18. MMS Requirements <ul><li>Business </li></ul><ul><ul><li>Transparent Login </li></ul></ul><ul><ul><ul><li>Web Single Sign On (not SPS SSO) </li></ul></ul></ul><ul><ul><li>Use existing NT accounts </li></ul></ul><ul><ul><li>Hosted SharePoint like it is on Corp @ Home and on the Go </li></ul></ul><ul><li>IT & Security </li></ul><ul><ul><li>Firewalled (DMZ) </li></ul></ul><ul><ul><li>Intrusion Detection </li></ul></ul><ul><ul><li>IPSec between Corp Clients & Managed Servers </li></ul></ul><ul><ul><li>128 bit SSL </li></ul></ul><ul><ul><li>No Corp Connectivity, no Internet Connectivity </li></ul></ul><ul><ul><li>Separate Forest from Corp and Other Customers </li></ul></ul>
    18. 19. Issues and Challenges
    19. 20. Key Issues for MS Extranet or Internet Enabled D eployments <ul><li>This is on top of general issues of scaling, high-availability, manageability, etc. </li></ul><ul><li>Four Primary Challenges </li></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Cross Forest Issues </li></ul></ul><ul><ul><li>Account Management </li></ul></ul><ul><ul><li>Client Facing Issues </li></ul></ul>
    20. 21. Security <ul><li>Security team wants 2 factor authentication </li></ul><ul><li>Security wanted Digest authentication </li></ul><ul><li>Security wanted Forms authentication </li></ul><ul><li>Basic over SSL is not good enough… </li></ul><ul><li>Pre-existing security standards </li></ul><ul><li>Services/App Pools need to run with account in the same domain (MMS) </li></ul><ul><li>Password service account restrictions make maintenance painful </li></ul>
    21. 22. Cross Forest Issues (MMS) <ul><li>Manage Users Address book fails to work when email address & NT user name do not match </li></ul><ul><li>Lookups fail when User domain does not trust resource domain and Trust is at the forest level (works with domain (NTLM) trust) </li></ul><ul><ul><li>Display Name and Email address will not be populated </li></ul></ul><ul><ul><li>Requires user to know NT account or NT Security Group </li></ul></ul><ul><li>Document Workspace/Meeting Workspace creation from Outlook/Office doesn’t permission other users (lookup failure) </li></ul><ul><li>Sybari Antigen for SharePoint fails to install/function with account in different forest </li></ul>
    22. 23. Account Management (IT WSS/ICE) <ul><li>AD is the account repository (live or die by it) </li></ul><ul><li>Painful Process for managing partner accounts – account creation and password management (listen to our story) </li></ul><ul><li>Active Directory Account Creation Mode </li></ul><ul><ul><li>Only for Windows SharePoint Services </li></ul></ul><ul><ul><li>Cannot coexist with pre-existing accounts </li></ul></ul>
    23. 24. Client Facing Issues <ul><li>Web capture web part doesn’t work with SSL </li></ul><ul><li>Mixed content for online web parts (HTTP vs. HTTPS) </li></ul><ul><li>Web Folder security prompt </li></ul><ul><li>Transparent Login requires Intranet Zone or special IE security </li></ul><ul><li>URL Length (256 & 260) </li></ul><ul><li>Internal vs. External URL path issues (Use Alternate Access (Alert links, invalid extranet links, confusion) </li></ul>
    24. 25. What’s Coming Windows 2003 R2 & ADFS
    25. 26. ADFS for Windows 2003 R2 & WSS <ul><li>Windows Server 2003 R2 servers configured as federation servers can provide access to Windows SharePoint Services sites over the Internet (Not SPS) </li></ul><ul><li>Your network and the network in your partner organization both need to support ADFS </li></ul><ul><ul><li>Shadow accounts setup in the resource partner if no forest trust exists between both partner organizations. </li></ul></ul><ul><ul><li>Federation trust between both partner organizations </li></ul></ul><ul><ul><li>Web server configured with prerequisite applications </li></ul></ul><ul><ul><li>Web server with valid SSL certificate </li></ul></ul><ul><ul><li>ADFS Web Service Agent on the Web server hosting Windows SharePoint Services </li></ul></ul><ul><ul><li>Windows SharePoint Services with Windows Server 2003 R2 </li></ul></ul><ul><ul><li>Windows SharePoint Services site users in the account partner organization setup with permissions </li></ul></ul><ul><ul><li>http://download.microsoft.com/download/9/3/e/93eff406-5dd6-442d-bedd-082ef29a6d22/ADFSStepbyStep.doc </li></ul></ul>
    26. 27. Windows R2 & Windows SharePoint Services Extranet Enhancements!!! <ul><li>Support for IP-bound virtual servers </li></ul><ul><li>* Support for Advanced Extranet Configurations </li></ul><ul><ul><li>SSL Termination </li></ul></ul><ul><ul><li>Host Header Modification </li></ul></ul><ul><ul><li>Port Translation </li></ul></ul><ul><li>Kerberos enabled by default on single box new installation </li></ul><ul><li>Windows SharePoint Services running on ASP.NET 2.0 (Whidbey) </li></ul><ul><li>Windows SharePoint Services support for Windows x64 editions </li></ul><ul><li>http://www.microsoft.com/downloads/ details.aspx?FamilyId =ABBA20F2-3625-4C9C-A412-AB9BBEBDB5E8&displaylang=en </li></ul><ul><li>* Applies only to Non Scalable Hosting Mode Configurations or Non Farms that support Multiple Hostnames on a single IIS virtual server. </li></ul>
    27. 28. Session Summary <ul><li>SharePoint in the Extranet – No problem </li></ul><ul><li>Scalable and Enterprise Ready – Yes </li></ul><ul><li>Secure – Yes </li></ul><ul><li>Windows R2 – Removes deployment blockers </li></ul>
    28. 29. Resources: How Microsoft Does IT Resources from Microsoft IT See us at our Ask the Experts table! <ul><li>Microsoft IT | Showcase </li></ul><ul><ul><li>Resources created for the IT Pro on how Microsoft does IT http:// itshowcase / </li></ul></ul><ul><ul><li>Customer-ready content on DVD—Get one at the IRC Order for customer events and meetings! http:// itshowcase/ordercd </li></ul></ul><ul><ul><li>Customer Connection—Peer to peer discussions with Microsoft IT professionals http://itshowcase/itcustomerconnection </li></ul></ul><ul><ul><li>Content on the Web—TechNet http://www.microsoft.com/ technet/itshowcase / </li></ul></ul><ul><ul><li>Webcasts on how Microsoft does IT http:// itshowcase/webcasts / </li></ul></ul><ul><li>Microsoft IT | Fellowship </li></ul><ul><ul><li>Bringing Microsoft IT and Services together for best practice sharing, problem solving workshops, and knowledge transfer http://itfellowship </li></ul></ul>
    29. 30. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

    ×