Asia Pacific

SharePoint Conference 2007May 15th to 16th, 2007Hilton HotelSydney

Jorke OdolphiProduct Technology SpecialistWebCentraljorke@webcentral.com.au

Configuring an Internet-Facing Web Site Using Microsoft Office SharePoint Server 2007

Agenda

• A look at an example internet site• The ABCs of Publishing• Authentication and Authorization• Internet Facing Topologies• Performance and Scale

A Tour Through an Internet Site

Site Features

• Visible– Custom Look And Feel– Anonymous Access– Blog– Content Rollup – Navigation

• Behind the Scenes– Custom Master Page– Forms Authentication– WSS Blog template– Content Query and Table of Contents Web Parts– Controlled Publishing Process– Separate authoring and production environments– Cached for Performance

ABCs of Web Content Management

AuthoringWeb-basedWord/InfopathToolbarWebparts

Controlled Publishing

Page SchedulingWorkfl owContent Deployment

BrandingMaster PagesPage LayoutsTemplate Governance

Team

Division

Enterprise

Extranet

Internet

Individual CA

B

A

CA

Authoring and Branding

• Custom master page provides a shared look and feel

• Page Layouts control how specific types of content are presented– All press-releases share a common structure

• Constrained Editing Controls– HTML editor, link, and image controls– Styles can be separated from content

• Branding Enforcement– Per web control of available master pages, page layouts,

and web templates

Controlled Publishing

• Pages are document library items– Check out– Draft versions– Simple moderation– Approval workflows– Custom workflows

• Page and document scheduling– Author can specify when content goes live

• Content Deployment– Controlled release into production

Controlled Publishing

Security on Public Sites

• Authentication and Authorization– Common pattern

• Anonymous access site• But with a “members area”• Forms Authentication

• Hardening– Restricted Reader Role– Disabling Client Integration– Policy enforcement

Authentication and Authorization

• Several Authentication Methods Available– Windows, Forms, Web SSO– Per Web Application

• Forms Authentication– ASP.NET 2.0 Membership model– We ship LDAP membership provider

• AD, ADAM, third party LDAP servers– Other ASP.NET Providers can also be used

• i.e. SQL Server Provider shipped with ASP.NET

Anonymous Access

• Configuring Anonymous Access– Enabled by central administrator per web application– Can then be enabled in webs and lists

• For publishing scenarios, must be enabled in the root web

• Subwebs can then require authenticationi.e. members areas

• Rights capped• You simply cannot give anonymous users some rights

(i.e. writing to a document library)

Hardening

• Protect your servers– Use Firewalls and standard network security– Disable SMTP

• Secure your Central Administration site• Secure your content deployment

– Disable “Deploy user names” when you configure your path

• Disable incoming email• Use Lockdown mode

– stsadm –o activatefeature –url <site collection url> -filename ViewFormPagesLockdown\feature.xml

Hardening• Restricted Reader role

– Restricted Readers can use the site• Can view pages, documents, images

– But they can’t use everything• Can’t call Remote APIs• Can’t view SharePoint application UI• Can’t view minor or historical versions

• Disable Client Integration• Policy

– Can constrain maximum access per web application• Deny all write access via http://site:80• ACLs can’t give you back write access• Updates only via content deployment, or an intranet

facing web app

Security Configuration

Topologies

• Farms– Scale up and down as needed

• Performance• Redundancy

• Multi-farm– Staging environments in different network– Example

• Authoring in intranet with Active Directory authentication

• Production in perimeter network with forms auth• Site collections can be deployed

between environments

Authoring Farm InternetProduction

Farm

Multi-Farm Topology

NLB

Web Front End

Internet

Content Deployment Requests

Content Deployment

• Paths and jobs– Paths connect source and destination Site Collections– Jobs control what content is copied when– One direction (source -> destination)

• Not multi-master

• Incremental by default– Incremental takes changes since last successful

deployment

• Configured by central administrator– Can delegate to authors using the “QuickDeploy” job

• Content fix-up– Links– Security

Content Deployment

Performance and Scale

• Internet Publishing Scenarios– Mostly Read– Many repeat views of the same content– Course Grained Access

• Good candidate for caching• Improve Scale Up• Improve Scale Out

Caching

• Goal: Make your web site fast – Minimize work per request in order to increase

performance for Internet scale– Respect permissions and personalization

• Two main types of caching– No execution of the web page

• Page output cache, disk-based cache– Reduction of number of database round trips

• Page item cache, navigation node cache, list query cache (cross list, single list)

• Internet sites will focus on the first type

Page Output Cache• Serves cached versions of HTML output of

page to users– Cache one version of the page for each “bucket”

of users with unique permissions on the site– Cache is in-memory

• Most efficient when most users have the same rights on the site– Anonymous users are all in one bucket

CacheRequest

Master PageNavigation

Page ContentData-Driven

Views

Configuring Output Caching

• Cache Profiles – “How long should things be held in the cache”?– Centrally defined, change in one place takes effect across

site collection instantly– Can apply to sites and to page layouts separately – Separate profiles for anonymous users versus

authenticated users

• Cache Policy – “What profiles can be used where?”– Allow or disallow owners of sites and page layouts to

choose a “cache profile” of their own – Centrally controlled per site collection

Cache Logo.jpgGradient.gifStyles.cssScript.js

Disk-Based Caching• Caches page resources on web front-end servers for

serving to users– Images, .css, .js files are retrieved from the database once,

and stored on disk on the web front end– Further requests are served from the cache, trimmed

based on security

– Configurable: Place on disk to cache, # of megabytes on disk, file extensions to support

Configuring caching

Key Takeaways

• Lock down your servers

• Control your sites’ access through Policy

• Use Caching to improve performance

© 2007 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Questions?

jorke@webcentral.com.au