380 likes | 1.01k Views
SESSION CODE: WPH301. Windows Phone 7: Deploy Microsoft Forefront Unified Access Gateway (UAG) for Access Control to SharePoint, Exchange and More . Uri Lichtenfeld Director of Enterprise Services and Security Specialist – NY Certified Security Solutions. Ben Bernstein
E N D
SESSION CODE: WPH301 Windows Phone 7: Deploy Microsoft Forefront Unified Access Gateway (UAG) for Access Control to SharePoint, Exchange and More Uri Lichtenfeld Director of Enterprise Services and Security Specialist – NY Certified Security Solutions Ben Bernstein Sr. Program Manager UAG Product Group Microsoft Corporation
Agenda • Solution Architecture for enterprise mobile access with Windows Phone • Deploying UAG 2010 with Windows Phone 7
The Problem Data Center / Corporate Network Windows Phone Internet AD, ADFS, RADIUS, LDAP…. NPS, ILM
UAG Solution Data Center / Corporate Network Exchange CRM SharePoint IIS based IBM, SAP, Oracle Windows Phone HTTPS / HTTP HTTPS (443) Internet AD, ADFS, RADIUS, LDAP…. NPS, ILM
Benefits of HTTPS Publishing • Efficient • Bandwidth – Very minimal overhead for most of the applications • Battery efficient – No need to maintain a connection over time • Seamless & Always-on • No need to open explicitly, applications get data when requested • Always Working • Supported on all cellular data networks (Unlike IPSec) • More Control • Admin has a tight control over what is exposed and what is not • No need for full network access
UAG Solution Architecture Data Center / Corporate Network Exchange CRM SharePoint IIS based IBM, SAP, Oracle Windows Phone Home / Friend / Kiosk HTTPS / HTTP Layer3 VPN Terminal / Remote Desktop Services HTTPS (443) Internet DirectAccess Non web AD, ADFS, RADIUS, LDAP…. Business Partners / • Sub-Contractors NPS, ILM Employees Managed Machines
Agenda • Solution Architecture for enterprise mobile access with Windows Phone • Deploying UAG 2010 with Windows Phone 7 • Exchange ActiveSync • Publishing • Filtering • Mobile Access • Portal and mobile login • SharePoint Access • Mobile Browsing • SharePoint Workspaces Mobile 2010
ActiveSync Publishing • UAG 2010 has out-of the box support for Exchange external protocols • Easy publishing with publishing wizard: • Outlook Web Access • Exchange ActiveSync • Outlook Anywhere
Benefits of publishing ActiveSync With UAG • Enhanced Security • End-users pre-authenticate against the Forefront UAG server before they gain access to the Exchange CAS • Utilize the application-level control engine to inspect URLs • Integrated Load Balancing • Traffic is distributed evenly between the Exchange CAS using UAG built-in farms L/B Exchange CAS UAG UAG Exchange CAS Exchange CAS
ActiveSync Filtering for Compliance • AGAT Software Solutions developed an add-on to IAG and UAG that filters ActiveSync traffic according to the device type/ID accessing it, the content type and keywords © AGAT Software Solutions – www.agatsolutions.com
Agenda • Solution Architecture for enterprise mobile access with Windows Phone • Deploying UAG 2010 with Windows Phone 7 • Exchange ActiveSync • Publishing • Filtering • Mobile Access • Portal and mobile login • SharePoint Access • Mobile Browsing • SharePoint Workspaces Mobile 2010
Mobile Portal • UAG adapts portal to mobile devices capabilities: • Browsers with mainly textual UI and smaller screens • Windows Phone with more advanced browser • UAG automatically identifies the devices capabilities
Single Sign-On • Once the mobile user is logged in to UAG, he does not need to authenticate again when moving from one application to the other
Mobile Login: Problem • Corporate passwords are long and complicated • Complex credentials are hard to type on smartphones
Mobile Login: Solution • UAG implements innovative simplified login for mobile devices: • User first login with his corporate credentials • Then he can associate a PIN • Next time, the users logs using the PIN • Every several days the user has to reenter her corporate password
Mobile Login • PIN login is implemented without leaving the corporate password on the mobile device or store it on the server: Username + Password + PIN UAG Server Secret Set-Cookie with encrypted: Username + password + PIN + Server Secret + Salt Cookie + PIN UAG Server Secret Cookie
Agenda • Solution Architecture for enterprise mobile access with Windows Phone • Deploying UAG 2010 with Windows Phone 7 • Exchange ActiveSync • Publishing • Filtering • Mobile Access • Portal and mobile login • SharePoint Access • Mobile Browsing • SharePoint Workspaces Mobile 2010
SharePoint Mobile Browsing • UAG 2010 supports SharePoint Server publishing • SharePoint 2010 can be accessed thru mobile browser • Office Web Apps are supported in Mobile browser
SharePoint Mobile Workspace • Easier access to SharePoint libraries and lists • Ability to synchronize Office docs edited and stored locally on the device • UAG allows access for on-premises SharePoint Server 2010 via SSL Browse a site and view list & libraries easily Access multiple sites and libraries Access your documents offline
SharePoint Mobile Workspace • SharePoint Mobile Workspace client has a special protocol with UAG to translate the internal to external URLs • Example: http://MyPortal/ • https://myportal.contoso.com/ • Configuring UAG settings on Windows Phone
Configuring Forefront UAG Mobile Browsing • From AgentAuthenticationCompetency.xml: • Added automatically for SharePoint Mobile Workspace
SharePoint Mobile Workspace and UAG – Request Flow • SharePoint Mobile Workspace performs a get request to the signURL.asp page in the UAG internalsite • The signURL.asp page has the AAM address of the SharePoint site published by UAG • SharePoint Mobile Workspace accesses the SharePoint AAM site • UAG identifies the user agent sent by SharePoint Mobile Workspace and responds with a 401 (basic auth). • SharePoint Mobile Workspace uses the user’s credentials that are defined in the UAG settings page • UAG authenticates the user • The user can start working with the SharePoint site
Request flow (user PoV) User accesses a document on a SharePoint library The document opens!
Deployment Tips • Wildcard SSL certificate for UAG sites • Configuring SharePoint AAM for UAG • UAG guide for SharePoint publishing http://technet.microsoft.com/en-us/library/dd857356.aspx • UAG team blog http://blogs.technet.com/edgeaccessblog/archive/2008/10/13/publishing-sharepoint-with-iag-2007-part-3-sharepoint-topologies.aspx • TechNet: Plan Alternate Access Mappings http://technet.microsoft.com/en-us/library/cc288609.aspx
Windows Phone Resources Questions? Demos? The Latest phones? Visit the Windows Phone Technical Learning Center for demos and more… • Business IT Resources www.windowsphone.com/business • Developer Resources developer.windowsphone.com • Experience Windows Phone 7 on-line and get a backstage pass www.windowsphone7.com
Win a Windows Phone Contest Hat Contest* How do you enter? Enter by visiting the Windows Phone booth, accepting a free Windows Phone branded hat, and wearing that hat during the Event. How am I selected? Each day of the event, a Windows Phone representative will randomly select up to 5 people who are observed wearing their Windows Phone branded hat Session Contest* During each Windows Phone session the moderator will post a question. The first person to correctly answer the question and called on by the moderator will potentially win Questions? Go to the WPH Information Counter at the TLC * Restrictions apply please see contest rules for eligibility and restrictions. Contest rules are displayed in the Technical Learning Center at the WPH info counter.
Related Windows Phone Content – Breakout Sessions Mon &Tue Monday WPH301WP7: Deploy Microsoft Forefront Unified Access Gateway for Access Control to SharePoint, Exchange and more. WPH202 Deploying Windows Phone 7 with Exchange Server and SharePoint Server Tuesday WPH203 Overview of the Windows Phone 7 Application Platform WPH313 Windows Phone 7 Architecture Deep Dive WPH304 An In-Depth view at Building Applications for WP7 with Silverlight (Part 1) WPH305 An In-Depth view at Building Applications for WP7 with Silverlight (Part 2) WPH306 Developing Occasionally Connected Applications for Windows Phone 7
Related Windows Phone Content – Breakout Sessions Wed &Thu Wednesday WPH310 Designing and Developing for the Rich Mobile Web WPH311 Developing Mobile Code Today that will run on WP 7 Tomorrow WPH309 Silverlight performance on Windows Phone WPH307 Building Windows Phone Games with XNA WPH308 Building a High Performance 3D Game for Windows Phone Thursday WPH303 Understanding the Windows Phone 7 Development Tools WPH314 Learn Windows Phone 7 Development by Creating a Robotic T-Shirt Cannon WPH312 Understanding Marketplace and Making Money with WP7 Applications
Related Windows Phone Content – Interactive Session & HOL Windows Phone Interactive Sessions Windows Phone 7 Demo Only! Microsoft’s Next Generation Mobile Enterprise Application Platform (MEAP) Windows Phone 7 Application Performance Prepare for Windows Phone 7 Development! Coding practices you should start using now in Windows Mobile Windows Phone Hands On Labs Hello Windows Phone - Building Your first Windows Phone Application Microsoft Silverlight for Windows Phone Microsoft XNA Framework 4.0 for Windows Phones Using Push Notifications and Windows Communication Foundation (WCF) Services
Required Slide Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet • http://microsoft.com/msdn
Required Slide Complete an evaluation on CommNet and enter to win!
Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.