Upload
webhostingguy
View
779
Download
3
Embed Size (px)
DESCRIPTION
Citation preview
SharePoint in the SharePoint in the ExtranetExtranet
Joel Oleson & Charles OforiJoel Oleson & Charles OforiMicrosoft CorporationMicrosoft Corporation
AgendaAgenda
Side by Side Comparison of 3 Side by Side Comparison of 3 SharePoint Extranet DeploymentsSharePoint Extranet Deployments
IT Windows SharePoint Services (WSS) IT Windows SharePoint Services (WSS) Extranet DeploymentExtranet DeploymentIntellectual Capital Exchange (ICE)Intellectual Capital Exchange (ICE)Microsoft Managed Solutions (MMS) – Microsoft Managed Solutions (MMS) – Spsites.microsoft.comSpsites.microsoft.com
Issues & ChallengesIssues & ChallengesWindows R2 Extranet Enhancements Windows R2 Extranet Enhancements & ADFS - Discussion& ADFS - DiscussionResourcesResourcesQ/AQ/A
Side by Side Comparison Side by Side Comparison Microsoft’s SharePoint Microsoft’s SharePoint Extranet DeploymentsExtranet Deployments
Service ComparisonService ComparisonIT WSS IT WSS ExtranetExtranet ICEICE MMS MMS
SPSitesSPSitesWSS HostingWSS Hosting
My Site HostingMy Site Hosting
Portal HostingPortal Hosting
Site DirectorySite Directory
SPS SearchSPS Search
Topics & AreasTopics & Areas
Existing AD AccountsExisting AD Accounts
Custom Web ServicesCustom Web Services
ADFSADFS
Partner Account AccessPartner Account Access
AD Account Creation ModeAD Account Creation Mode
MMS TopologyMMS Topology
MMS ServicesMMS Serviceshttps://https://
spsites.microsoft.comspsites.microsoft.com
10,000’s10,000’sWSS SitesWSS Sites
10,000’s10,000’sMy SitesMy Sites
Site DirectorySite Directory
ICE TopologyICE Topology
ICEICEhttp://icehttp://ice
https://ice.partners.extranet.microsoft.comhttps://ice.partners.extranet.microsoft.com
Topics & AreasTopics & Areas
My ICEMy ICE
Sub AreasSub Areas
CustomWeCustomWeb Serviceb Service
Dublin
Singapore
Redmond
AmericasAmericasTeamTeam
https://*.team.partners.extranet.microsoft.comhttps://*.team.partners.extranet.microsoft.comhttps://https://
*.eteam.partners.extranet.microsoft.com*.eteam.partners.extranet.microsoft.comhttps://https://
*.spteam.partners.extranet.microsoft.com*.spteam.partners.extranet.microsoft.com
Asia/SouthPacificAsia/SouthPacificSPTeamSPTeam
EuropeEuropeETeamETeam
IT WSS Extranet TopologyIT WSS Extranet Topology
HardwareHardware
3 Web
2 Search
1 Index/Job
2 WSS Web
(A/P)SQL
Cluster
2 Web/Search
1 Index/Job
SQL(A/P)SQL
Cluster
ISA 2004/Web Publishing BigIPBigIP
IT WSS ExtranetMMS SPSitesICE
3 Extranet Deployments3 Extranet Deployments
Business & IT RequirementsBusiness & IT RequirementsInfrastructure/Architecture SolutionInfrastructure/Architecture SolutionAdd-onsAdd-onsWorkaroundsWorkaroundsHow’s it going???How’s it going???
IT WSS Extranet IT WSS Extranet DeploymentDeployment
IT WSS Extranet – IT WSS Extranet – RequirementsRequirementsScalable Hosting WSSScalable Hosting WSS
BusinessBusinessEasy to Collaborate with PartnersEasy to Collaborate with PartnersUse Existing Internal AccountsUse Existing Internal AccountsScalable & Highly AvailableScalable & Highly AvailableAccounts for partner collaborationAccounts for partner collaboration
IT & SecurityIT & SecuritySecure Collaboration - 2 Factor AuthSecure Collaboration - 2 Factor Auth
Grandfathered w/ 2000 OWA Model (Basic over SSL)Grandfathered w/ 2000 OWA Model (Basic over SSL)Client certs too much overhead didn’t meet #1Client certs too much overhead didn’t meet #1
No Anonymous AccessNo Anonymous AccessWeb Servers: IP masked, no ICMPWeb Servers: IP masked, no ICMPOnly SSL port allowed (Admin port blocked)Only SSL port allowed (Admin port blocked)No Corp ResourcesNo Corp Resources
IT Extranet WSS SolutionIT Extranet WSS Solution
Auth: Basic over SSLAuth: Basic over SSLAccounts: One way NTLM trust Accounts: One way NTLM trust between partner domain and corp between partner domain and corp child domains (requires AD ports open child domains (requires AD ports open to internal DCs for auth)to internal DCs for auth)Partner account provisioning & Partner account provisioning & management system: Use Existing management system: Use Existing (https://www.partners.extranet.microsoft.co(https://www.partners.extranet.microsoft.com)m)Leverage Existing Extranet Onboarding Leverage Existing Extranet Onboarding processprocessHardware: Stand Alone Deployment in DMZHardware: Stand Alone Deployment in DMZ
Extranet ProvisioningExtranet Provisioning
ICE DeploymentICE Deployment
ICE RequirementsICE Requirements
BusinessBusinessTransparent LoginTransparent Login
Web Single Sign On (not SPS SSO)Web Single Sign On (not SPS SSO)Use existing NT accountsUse existing NT accountsHosted SharePoint like it is on Corp @ Hosted SharePoint like it is on Corp @ Home and on the GoHome and on the Go
IT & SecurityIT & SecurityFirewalled (DMZ)Firewalled (DMZ)Intrusion DetectionIntrusion DetectionIPSec between Corp Clients & Managed IPSec between Corp Clients & Managed ServersServers128 bit SSL128 bit SSLNo Corp Connectivity, no Internet No Corp Connectivity, no Internet ConnectivityConnectivitySeparate Forest from Corp and Other Separate Forest from Corp and Other CustomersCustomers
MMS Spsites DeploymentMMS Spsites Deployment
MMS RequirementsMMS Requirements
BusinessBusinessTransparent LoginTransparent Login
Web Single Sign On (not SPS SSO)Web Single Sign On (not SPS SSO)Use existing NT accountsUse existing NT accountsHosted SharePoint like it is on Corp @ Hosted SharePoint like it is on Corp @ Home and on the GoHome and on the Go
IT & SecurityIT & SecurityFirewalled (DMZ)Firewalled (DMZ)Intrusion DetectionIntrusion DetectionIPSec between Corp Clients & Managed IPSec between Corp Clients & Managed ServersServers128 bit SSL128 bit SSLNo Corp Connectivity, no Internet No Corp Connectivity, no Internet ConnectivityConnectivitySeparate Forest from Corp and Other Separate Forest from Corp and Other CustomersCustomers
Issues and ChallengesIssues and Challenges
Key Issues for MS Key Issues for MS Extranet or Extranet or Internet Enabled DInternet Enabled Deploymentseployments
This is on top of general issues of This is on top of general issues of scaling, high-availability, scaling, high-availability, manageability, etc.manageability, etc.
Four Primary ChallengesFour Primary ChallengesSecuritySecurityCross Forest IssuesCross Forest IssuesAccount ManagementAccount Management Client Facing IssuesClient Facing Issues
SecuritySecurity
Security team wants 2 factor Security team wants 2 factor authenticationauthenticationSecurity wanted Digest authenticationSecurity wanted Digest authenticationSecurity wanted Forms authenticationSecurity wanted Forms authenticationBasic over SSL is not good enough…Basic over SSL is not good enough…Pre-existing security standardsPre-existing security standardsServices/App Pools need to run with Services/App Pools need to run with account in the same domain (MMS)account in the same domain (MMS)Password service account restrictions Password service account restrictions make maintenance painfulmake maintenance painful
Cross Forest Issues (MMS)Cross Forest Issues (MMS)
Manage Users Address book fails to work Manage Users Address book fails to work when email address & NT user name do not when email address & NT user name do not matchmatchLookups fail when User domain does not Lookups fail when User domain does not trust resource domain and Trust is at the trust resource domain and Trust is at the forest level (works with domain (NTLM) forest level (works with domain (NTLM) trust)trust)
Display Name and Email address will not be Display Name and Email address will not be populatedpopulatedRequires user to know NT account or NT Security Requires user to know NT account or NT Security GroupGroup
Document Workspace/Meeting Workspace Document Workspace/Meeting Workspace creation from Outlook/Office doesn’t creation from Outlook/Office doesn’t permission other users (lookup failure)permission other users (lookup failure)Sybari Antigen for SharePoint fails to Sybari Antigen for SharePoint fails to install/function with account in different install/function with account in different forestforest
Account Management Account Management (IT WSS/ICE)(IT WSS/ICE)
AD is the account repository (live or AD is the account repository (live or die by it)die by it)Painful Process for managing partner Painful Process for managing partner accounts – account creation and accounts – account creation and password management (listen to our password management (listen to our story)story)Active Directory Account Creation Active Directory Account Creation ModeMode
Only for Windows SharePoint ServicesOnly for Windows SharePoint ServicesCannot coexist with pre-existing accountsCannot coexist with pre-existing accounts
Client Facing IssuesClient Facing Issues
Web capture web part doesn’t work with Web capture web part doesn’t work with SSLSSLMixed content for online web parts (HTTP Mixed content for online web parts (HTTP vs. HTTPS)vs. HTTPS)Web Folder security promptWeb Folder security promptTransparent Login requires Intranet Zone or Transparent Login requires Intranet Zone or special IE securityspecial IE securityURL Length (256 & 260)URL Length (256 & 260)Internal vs. External URL path issues (Use Internal vs. External URL path issues (Use Alternate Access (Alert links, invalid Alternate Access (Alert links, invalid extranet links, confusion)extranet links, confusion)
What’s ComingWhat’s Coming
Windows 2003 R2 & ADFSWindows 2003 R2 & ADFS
ADFS for Windows 2003 ADFS for Windows 2003 R2 & WSSR2 & WSSWindows Server 2003 R2 servers configured as Windows Server 2003 R2 servers configured as
federation servers can provide access to federation servers can provide access to Windows SharePoint ServicesWindows SharePoint Services sites over the sites over the Internet (Not SPS)Internet (Not SPS)Your network and the network in your partner Your network and the network in your partner organization both need to support ADFSorganization both need to support ADFS
Shadow accounts setup in the resource partner if no forest Shadow accounts setup in the resource partner if no forest trust exists between both partner organizations. trust exists between both partner organizations. Federation trust between both partner organizationsFederation trust between both partner organizationsWeb server configured with prerequisite applicationsWeb server configured with prerequisite applicationsWeb server with valid SSL certificateWeb server with valid SSL certificateADFS Web Service Agent on the Web server hosting ADFS Web Service Agent on the Web server hosting Windows SharePoint ServicesWindows SharePoint ServicesWindows SharePoint Services with Windows Server 2003 Windows SharePoint Services with Windows Server 2003 R2R2Windows SharePoint Services site users in the account Windows SharePoint Services site users in the account partner organization setup with permissionspartner organization setup with permissionshttp://download.microsoft.com/download/9/3/e/93eff406-http://download.microsoft.com/download/9/3/e/93eff406-5dd6-442d-bedd-082ef29a6d22/ADFSStepbyStep.doc5dd6-442d-bedd-082ef29a6d22/ADFSStepbyStep.doc
Windows R2 & Windows Windows R2 & Windows SharePoint Services SharePoint Services Extranet Enhancements!!!Extranet Enhancements!!!
Support for IP-bound virtual serversSupport for IP-bound virtual servers* Support for Advanced Extranet Configurations* Support for Advanced Extranet Configurations
SSL TerminationSSL TerminationHost Header ModificationHost Header ModificationPort TranslationPort Translation
Kerberos enabled by default on single box new installationKerberos enabled by default on single box new installationWindows SharePoint Services running on ASP.NET 2.0 Windows SharePoint Services running on ASP.NET 2.0 (Whidbey)(Whidbey)Windows SharePoint Services support for Windows x64 Windows SharePoint Services support for Windows x64 editionseditions
http://www.microsoft.com/downloads/http://www.microsoft.com/downloads/details.aspx?FamilyIddetails.aspx?FamilyId=ABBA20F2-3625-4C9C-A412-AB9BBEBDB5E8&displaylang==ABBA20F2-3625-4C9C-A412-AB9BBEBDB5E8&displaylang=enen
* Applies only to Non Scalable Hosting Mode Configurations or * Applies only to Non Scalable Hosting Mode Configurations or NonNon Farms that support Multiple Hostnames on a single IIS Farms that support Multiple Hostnames on a single IIS virtual server.virtual server.
Session SummarySession Summary
SharePoint in the Extranet – No SharePoint in the Extranet – No problemproblemScalable and Enterprise Ready – YesScalable and Enterprise Ready – YesSecure – YesSecure – YesWindows R2 – Removes deployment Windows R2 – Removes deployment blockersblockers
Resources: How Microsoft Does ITResources: How Microsoft Does ITResources from Microsoft ITResources from Microsoft IT
See us at our Ask the Experts table!See us at our Ask the Experts table!
Microsoft IT | ShowcaseMicrosoft IT | ShowcaseResources created for the IT Pro on how Microsoft does ITResources created for the IT Pro on how Microsoft does IThttp://itshowcase/ http://itshowcase/
Customer-ready content on DVD—Get one at the IRCCustomer-ready content on DVD—Get one at the IRCOrder for customer events and meetings!Order for customer events and meetings!http://itshowcase/ordercd http://itshowcase/ordercd
Customer Connection—Peer to peer discussions with Microsoft IT Customer Connection—Peer to peer discussions with Microsoft IT professionalsprofessionalshttp://itshowcase/itcustomerconnection http://itshowcase/itcustomerconnection
Content on the Web—TechNet Content on the Web—TechNet http://www.microsoft.com/technet/itshowcase/ http://www.microsoft.com/technet/itshowcase/
Webcasts on how Microsoft does ITWebcasts on how Microsoft does IThttp://itshowcase/webcasts/ http://itshowcase/webcasts/
Microsoft IT | FellowshipMicrosoft IT | FellowshipBringing Microsoft IT and Services together for best practice sharing, Bringing Microsoft IT and Services together for best practice sharing, problem solving workshops, and knowledge transferproblem solving workshops, and knowledge transferhttp://itfellowship http://itfellowship
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.