1 / 19

Agenda

Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical Consulting www.rjbtech.com russ@rjbtech.com. Agenda. What is an extranet??. Extranets pose unique challenges for SharePoint administrators. What is the purpose of FBA?.

lucy-rowland
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building Customer/Partner ExtranetsDesigning a Secure Extranet with Sharepoint 2007Russ BasiuraRJB Technical Consultingwww.rjbtech.comruss@rjbtech.com

  2. Agenda

  3. What is an extranet??

  4. Extranets pose unique challenges for SharePoint administrators

  5. What is the purpose of FBA?

  6. For what scenarios is FBA useful?

  7. What are the issues and limitations with the out-of-the-box features?

  8. Simple Extranet Scenario

  9. Scenario • Active Directory in the DMZ • No Trusts • Single Server or small farm • All servers in the DMZ • All Services in the DMZ • Mail • IM • Basic Authentication over HTTPS • Digest Authentication (Not Supported)

  10. Scenario • All Users must logon • Management via Remote Desktop • All content stored in portal • Ports • TCP 3389 open to intranet for RDP • TCP 80 open to intranet for HTTP • TCP 443 open to extranet for HTTPS

  11. Medium Extranet Scenario

  12. High Complexity scenario

  13. User Challenges • Authentication • Users don’t like being asked for identity • Use SSO to access other resources • URLS • Store content on the portal • Put content links on the portal

  14. Technical Challenges • Authentication • SSL • Account Creation and Maintentance • Site Creation Process

  15. Common Challenges • Where should I locate my servers? • How is my firewall affected? • What other solutions should be considered? • Authentication Security • High Availability • How does this effect my SharePoint architecture? • Do I really need another SharePoint Farm?

  16. Authentication • Basic over https • Integrated • NTLM • Kerberos • Digest • Single web server or web farm with affinity • Not Supported • Custom • ISAPI Filter with persistent cookie • Not Supported

  17. Custom Authentication • Must create a valid Windows Principal • Must attach context to thread before entering .Net pipeline • Ows.dll is an ISAPI extension • ISAPI extensions cannot be chained • Build an ISAPI filter • Create and manage Windows Principal • Embed basic authentication headers in request

  18. Service Level Agreements End User training Information lifecycle controls Communicating with external users Acceptable Use Policies Extranet Governance

  19. Questions and Discussion

More Related