sharepoint europe webinar chris mcnulty, cto cryptzone · mcts vtsp msa meet chris mcnulty...
TRANSCRIPT
15 years in SharePoint, 20+ in IT
MVP MCP MCSE MCTS VTSP MSA
Meet Chris McNulty @cmcnulty2000
3 children (Devin,
Nate, Rachel) and
my wife Hayley
Cryptzone: Three Layers Of Defense – cryptzone.comAccess Control • Application & Content Security • Content Governance
APPLICATION & CONTENT SECURITY
HiSoftware Security Sheriff ®
HiSoftware Site Sheriff ®
SEP® Secured EmailSEP® Secured Files & FoldersSEP® Secured eUSB
CONTENT GOVERNANCE
Compliance Sheriff ®
CRYPTZONE SOLUTIONS
ACCESS CONTROL
AppGate® Secure Access
Out of scope On premises migration/upgrade
O365 Dedicated
Extensive migration demos…
Rules Office 365 Shared ‘E’ Plans
Questions – time permitting during session
Any time after session – email etc. - @cmcnulty2000
Presentation governance
Cybersecurity Stakes Have Never Been HigherCrisis-Led Board Directives
Attacks increased 48% in 20142, and nowdirectly threaten earnings, executives, and company viability.
90%1 of organizations have been breached – perimeter security is insufficient and trust cannot be presumed based purely on credentials.
Static, perimeter-centric security models are no longer relevant in a world of globally-connected enterprises, mobile workers, and distributed applications, devices and content.
1 Ponemon Institute2 Global State of Information Security Survey 2015, PriceWaterhouseCoopers & CSO Magazine 10
0%
20%
40%
60%
80%
100%
BYOD Devices Compromised
accounts
User accident Malicious internal
users
Malicious external
users
Principal concern
Principal concern
0%
10%
20%
30%
40%
50%
60%
70%
BYOD Devices Compromised
accounts
User accident Malicious interal users Malicious external
users
Principal concern
Principal concern
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
BYOD Devices Compromised
accounts
User accident Malicious internal
users
Malicious external
users
Principal concern
Principal concern
Use Cases
PRIVILEGED USER ACCESS
• Best way to control and enforce access policies even if you don’t manage the client device (BYOD)
• Agility-driven security to rapidly provision external users and publish applications
• Secure service tunnels grant per-application access, completely isolated from rest of the network
• Protect against internal threats
• Create completely isolated management or service networks
• Eliminates “jump box” risk present in typical network implementations
• Secures multi-tenant cloud/service provider environments
THIRD PARTY ACCESS
Source: Gartner IAM Summit (Dec 2014)Source: Mandiant
• Content-aware document classification
• Metadata-driven, item-level security
• Restrict publishing of non-compliant content
• Encrypt and protect data on servers, applications, mobile & USB
• Track access, email & distribution of sensitive documents
SECURING SENSITIVE DATA
CONTROL
CO
ST
-E
FFIC
IEN
CYSharePoint (On-premises)
• SharePoint
Value Prop:• Full h/w control – size/scale
• Roll-your-own HA/DR/scale
Value Prop:• 100% of API surface area
• Easy migration of existing apps
• Roll-your-own HA/DR/scale
SharePoint (IaaS)• Hosted SharePoint
Value Prop:• Auto HA, Fault-Tolerance
• Friction-free scale
• Self-provisioning, mgmt. @ scale
• SharePoint Service
Office 365 (SaaS)
Office 365 Enterprise
Plans
E1 E2 E3 E4
SharePoint Online √ √ √ √
Office Online √ √ √
Local Copy of Office
Professional 2013 Plus
√ √
Forms Services, Visio
Services, Access
Services
√ √
Monthly cost per user $8 $20
FEATURE OFFICE 365 ENTERPRISE PLANS
Storage per user (contributes to
total storage base of tenant)
500 megabytes (MB) per subscribed user.
Storage base per tenant 10 GB + 500 MB per subscribed user + additional storage purchased.
Site collection storage limit 1TB
Site collections (#) per tenant 500,000 site collections (other than personal sites).
Subsites Up to 2,000 subsites per site collection
Personal site storage 1TB per user, as soon as provisioned - OneDrive for Business library and personal newsfeed. This amount is
counted separately from tenancy
Public Website storage default 5 GB (to 100GB by admin)
File upload limit 2 GB per file. (for now!)
Maximum number of users per
tenant
500,000+
Maximum number of external
user invitees
None
http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/sharepoint-online-software-boundaries-and-limits-HA102694293.aspx
https://github.com/windowsazure/azure-sdk-tools-samples
AD/DC/DNSLB WEB/APP SQL
80
20000
Cloud Service
Virtual Network
Windows Azure
Web/App Tier
1 x Large
(4 Cores & 7 GB)
Data Tier
1 x A6
(4 Cores & 28 GB)
Identity Tier
1 Small
(1 Core & 1.75 GB)
K
AD/DC/DNSLB WEB SQLAPP
80
20000
Cloud Service
Virtual Network
Windows Azure
AVSETSPWEB
AVSETSPAPP
AVSETSQLHA
AVSETDCSET
Web Tier
2 x Large
(4 Cores & 7 GB)
App Tier
2 x Large
(4 Cores & 7 GB)
Data Tier
2 x A6
(4 Cores & 28 GB)
1 x Small (Quorum)
(1 Core & 1.75 GB)
Identity Tier
2 Small
(1 Core & 1.75 GB)
K
Build new 2013 farm
Install required solutions, settings and service apps
Backup/restore SQL content DB
SharePoint database attach PowerShell (2010 mode)
Test and perform site collection upgrades (2013 mode)
Prepare content
Migrate users (if hybrid)
Configure necessary apps and services
Migrate content (user or third party tools)
Option Summary
AD Sync User accts on premises
copied to cloud and
passwords synced
DirSync, WAADC, Azure
AD Connect
Option Summary
AD Sync User accts on premises
copied to cloud and
passwords synced
DirSync, WAADC, Azure
AD Connect
AD Federation “manual”, Azure AD
Connect, ADFS 2.0,
certificates
Option Summary
AD Sync User accts on premises
copied to cloud and
passwords synced
DirSync, WAADC, Azure
AD Connect
AD Federation “manual”, Azure AD
Connect, ADFS 2.0,
certificates
Migration Migrate users to cloud
and remove on premises
Third party
Option Summary
AD Sync User accts on premises
copied to cloud and
passwords synced
DirSync, WAADC, Azure
AD Connect
AD Federation “manual”, Azure AD
Connect, ADFS 2.0,
certificates
Migration Migrate users to cloud
and remove on premises
Third party
Cloud only Users defined and live in
Azure AD only
Office 365
Primary web app
SharePoint Online
InternetMicrosoft data center Intranet
Local search
results only Site collection
Microsoft Office 365 tenant
SharePoint
SharePoint Online cannot query
SharePoint Server
• Search: One-way outbound
• Business Connectivity Services: Not supported
• Duet Enterprise for SharePoint and SAP: Not supported
SharePoint Server 2013
SharePoint Server can query SharePoint Online
Federated search
results
Outbound
Inbound
On-premises SharePoint Server 2013 Enterprise Search portal: Local and remote search results are available
SharePoint Online search portal: Local search results are available
Local search
results onlyPrimary web app
SharePoint Online
InternetMicrosoft data center Intranet
Federated search
results Site collection
Office 365 tenant
SharePoint
SharePoint Online can query SharePoint Server
• Search: One-way inbound
• Business Connectivity Services: Supported
• Duet Enterprise for SharePoint and SAP: Supported
SharePoint Server 2013
SharePoint Server cannot query SharePoint Online
Inbound
On-premises SharePoint Server 2013 Enterprise Search portal: Local search results are available
SharePoint Online search portal: Local and remote search results are available
Perimeter
network
Customer network
Outbound
Reverse proxy
Federated search
resultsPrimary web app
SharePoint Online
InternetMicrosoft data center Intranet
Federated search
results Site collection
Office 365 tenant
SharePoint
SharePoint Online can query SharePoint Server
• Search: Bidirectional
• Business Connectivity Services: Supported
• Duet Enterprise for SharePoint and SAP: Supported
SharePoint Server 2013
SharePoint Server can query SharePoint Online
Inbound
On-premises SharePoint Server 2013 Enterprise Search portal and SharePoint Online search portal: Local and remote
search results are available. If extranet authentication services are configured, extranet users can log in remotely through
an on-premises Active Directory account and use all available hybrid functionality.
Perimeter
network
Customer network
Outbound
http://www.chrismcnulty.net/blog