sharepoint.microsoft.com
-
Upload
webhostingguy -
Category
Documents
-
view
1.274 -
download
2
Transcript of sharepoint.microsoft.com
IT13 - Extranets and Internet Facing Environments in the Real WorldDeployment and Management
European Microsoft SharePoint Conference 2007February 12th to 14th, 2007Convention CenterHotel Estrel, Berlin, Germany
Important
If you’re looking for “Building Internet Facing SharePoint Sites” session, it’s tomorrow (Wednesday) at 11:45AM.This session is about how MS IT implemented SharePoint extranets and Internet accessible internal applications.
Agenda
Three extranet/Internet facing case studies
Key featuresChallengesToday’s workarounds2007 enhancements
Secure, flexible, scalable topologiesDemo
ISA 2006 web publishingExchange 2007 offline SharePoint files
Three Scenarios
MS IT hosted collaboration extranet
For collaboration with business partnersMCS Intellectual Capital Exchange
For MS consultants on site with customersEnterprise intranet web presence
For employees working away from work
Terms
Authentication – who you areAuthorization – what can you doAlternate domain (namespace) – “Zones”
Domains used to access a single set of content, e.g.
http://customerhttps://customer.domain.com
Web Application = IIS Virtual Server = IIS Web Site
Three Scenarios
MS IT hosted collaboration extranet
For collaboration with business partnersMCS Intellectual Capital Exchange
For MS consultants on site with customersEnterprise intranet web presence
For employees working away from work
Key Features
Partner Partner CollaboratioCollaboratio
nnICEICE SPSitesSPSites
WSS HostingWSS Hosting
My Site HostingMy Site Hosting
Site DirectorySite Directory
SearchSearch
AreasAreas
AD AccountsAD Accounts
Partner Account AccessPartner Account Access
Dublin
Singapore
Redmond
AmericasTeam
Asia/SouthPacificSPTeam
EuropeETeam
Microsoft Partner Collaboration
https://*.team.extranet.microsoft.comhttps://*.eteam.extranet.microsoft.comhttps://*.spteam.extranet.microsoft.com
Issues
Authentication
Two factor?Account management
AD Account Creation Mode?Isolation of partner accounts
Separate AD forest?
Workarounds for SharePoint 2003
Authentication
Basic over SSL with logout buttonAuth delegation with ISA 2006 support for forms and cookies
Account management
Managed partner forestCustom web account provisioning
Isolation of partner access
Separate farm in DMZ
Enhancements in SharePoint 2007Authentication
Pluggable authentication (ASP.NET 2.0)Forms based authentication (FBA) with cookiesADFS federation with Passport/LiveID, others
Account management
LDAP directoriesUsers database (SQL Server, etc.)
Isolation of partner access
Application isolation with Web applicationMultiple authentication providers
ASP.NET 2.0 Authentication
Pluggable authentication provider framework
User identity is independent from Windows or Activity Directory identityCustom code to handle authenticationTwo related providers
Membership – user identitiesRole – roles/groups/attributes for a user
Out of the box providers
LDAP v3 (provided by MOSS 2007)SQL Server (ASP.NET 2.0)AD – single domain only (ASP.NET 2.0)
ASP.NET Authentication Limitations
Browser clients only
Search crawler must use Windows accountOffice client interaction degraded due to lack of FBA support
One authentication type per web applicationForms over Windows accounts
Forms user not the same as Windows user
Three Scenarios
MS IT hosted collaboration extranet
For collaboration with business partnersMCS Intellectual Capital Exchange
For MS Consultants on site with customers
Enterprise intranet web presence
For employees working away from work
Key Features
Partner Partner CollaboratioCollaboratio
nn
ConsultantConsultantPortalPortal
SPSitesSPSites
WSS HostingWSS Hosting
My Site HostingMy Site Hosting
Site DirectorySite Directory
SearchSearch
AreasAreas
AD AccountsAD Accounts
Partner Account AccessPartner Account Access
ICE Topology
Topics and AreasMy ICE
Sub Areas
ICE
http://ice
https://ice.partners.extranet.microsoft.com
Challenges
Granular securityCross Browser CompatibilityReverse publishing/zones
Workarounds for SharePoint 2003
Granular security
IRM’d documentsCross Browser Compatibility
End user education re: depreciated functionality
Reverse publishing/zones
Use ISA web publishing for reverse proxyingZones in WSS 2.0 SP2
Enhancements in SharePoint 2007
Granular security
Item level securityServer side IRM policy enforcement
Cross Browser Compatibility
Improved cross browser supportReverse publishing/zones
No absolute URLsSupport for reverse proxyZone based policy support
Three Scenarios
MS IT hosted collaboration extranet
For collaboration with business partnersMCS Intellectual Capital Exchange
For consultants on site with customersEnterprise intranet web presence
For employees working away from work
Key Features
Partner Partner CollaboratioCollaboratio
nn
ConsultantConsultantPortalPortal
EmployeeEmployeePortalPortal
WSS HostingWSS Hosting
My Site HostingMy Site Hosting
Site DirectorySite Directory
SearchSearch
AreasAreas
AD AccountsAD Accounts
Partner Account AccessPartner Account Access
SpSites Topology
https://spsites.microsoft.com
10,000’sWSS Sites
10,000’s
My Sites
Site Directory
Profiles
Challenges
Cross forest add user (people picker)Delegation of Shared Services (Search)Multilingual MySitesAuthentication token timeout
Workarounds for SharePoint 2003
Cross forest add user (people picker)
Custom developed UI using profilesDelegation of Shared Services (Search)
Build custom UI with delegationMultilingual MySites
Content editor web parts (not full solution)
Authentication token timeout
Custom “logout” button
Enhancements in SharePoint 2007
Cross forest add user (people picker)
Cross forest support – stsadm commandDelegation of Shared Services (Search)
Delegation with security trimmed UIMultilingual MySites
User chooses site language during provisioning
Authentication token timeout
Forms authorization and expiring cookie support“Logout” button built-in
Secure, Scalable, Flexible Topologies
Perimeter Proxy (Reverse Proxy/Web Publishing)
ISA Server
SQL Server
Network Load BalancedWeb Front-End Servers
Application Servers
Internet Perimeter Network Corporate Network
Back To Back Perimeter
ISA Server
SQL Server
Network Load BalancedWeb Front-End Servers
Application ServersISA Server
Internet Perimeter Network Corporate Network
Back To Back Perimeter With Publishing
SQL Server
Network Load BalancedWeb Front-End Servers
Application ServersISA Server
SQL Server
Network Load BalancedWeb Front-End Servers
Application ServersISA Server
PUBLISH
Authors
Internet Perimeter Network Corporate Network
Back To Back Perimeter With Publishing And Content Caching
Internet Perimeter Network Corporate Network
SQL Server
Network Load BalancedWeb Front-End Servers
Application Servers
SQL Server
Network Load BalancedWeb Front-End Servers
Application ServersISA Server
PUBLISH
Authors
Cached Array of ISA Servers
4-Factor Authentication with ISA 2006
4-Factor Authentication with ISA 2006
1st Factor: Smart Card
https://portal.public.microsoft.com
2nd Factor: Smart Card
3rd Factor: Smart Card PIN
4th Factor: Forms Based Authentication
“SharePoint Web Access”“SharePoint Web Access”
No Smart Card, No VPN Required
https://spsites.microsoft.com
Key Take Aways
Flexible scalable topologies
Consolidation with isolationInternal URL, external URL, partner URLIsolate Partner accounts from IntranetEmployees use same account in intranet & extranet
Internet ready/PublishingCross forest support
Extensible authentication
ASP.NET 2.0 pluggable auth/multi authZone policiesForms/cookies/logout
Key Take Aways
Test! Test! Test!
Network latency and bandwidth Locally: 50-80 msGlobally: 180-250 ms (as much as 450 ms)
Understand the datasizesEngineering & Manufacturing documents (large)
Understand usage scenariosUnderstand the collaboration policy in the organization
Authorization, roles, retention policies.
Resources
Planning, Designing & Securing an Extranet and Internet Facing WSSv3 and SharePoint Server 2007 Environments
http://blogs.msdn.com/sharepoint/archive/2006/08/08/planning-designing-amp-securing-an-extranet-and-internet-facing-wssv3-and-sharepoint-server-2007-environments.aspx
SharePoint Community Searchhttp://search.live.com/macros/lliu/spsearch
SharePoint Community Portalhttp://sharepoint.microsoft.com/sharepoint
Sweepstake
Complete your Feedback form and have a chance to win a Zune!*
* English US version