sharepoint in the extranet joel oleson
TRANSCRIPT
SharePoint in the ExtranetSharePoint in the Extranet
Joel OlesonJoel Oleson
TechnologistTechnologist
Microsoft CorporationMicrosoft Corporation
OFF305OFF305
AgendaAgenda
Side by Side Comparison of 3 SharePoint Internet Facing Side by Side Comparison of 3 SharePoint Internet Facing DeploymentsDeployments
IT Windows SharePoint Services (WSS) Extranet DeploymentIT Windows SharePoint Services (WSS) Extranet Deployment
Intellectual Capital Exchange (ICE)Intellectual Capital Exchange (ICE)
Hosted Environment – Spsites.microsoft.comHosted Environment – Spsites.microsoft.com
Issues & ChallengesIssues & Challenges
SP2 & Windows R2 Extranet EnhancementsSP2 & Windows R2 Extranet Enhancements
ResourcesResources
Q/AQ/A
Side by Side Comparison Microsoft’s SharePoint Side by Side Comparison Microsoft’s SharePoint Internet Enabled DeploymentsInternet Enabled Deployments
Service ComparisonService ComparisonIT ExtranetIT Extranet ICEICE SPSitesSPSites
WSS HostingWSS Hosting
My Site HostingMy Site Hosting
Portal HostingPortal Hosting
Site DirectorySite Directory
SPS SearchSPS Search
Topics & AreasTopics & Areas
Existing AD AccountsExisting AD Accounts
Custom Web ServicesCustom Web Services
ADFSADFS
Partner Account AccessPartner Account Access
AD Account Creation ModeAD Account Creation Mode
Spsites TopologySpsites Topology
https://https://spsites.microsoft.comspsites.microsoft.com
10,000’s10,000’sWSS SitesWSS Sites
10,000’s10,000’sMy SitesMy Sites
Site DirectorySite Directory ProfilesProfiles
ICE TopologyICE Topology
ICEICEhttp://ice
https://ice.partners.extranet.microsoft.com
Topics & AreasTopics & Areas
My ICEMy ICE
Sub AreasSub Areas
Web Web ServiceService
Dublin
Singapore
Redmond
AmericasAmericasTeamTeam
https://*.team.partners.extranet.microsoft.comhttps://*.eteam.partners.extranet.microsoft.comhttps://*.spteam.partners.extranet.microsoft.com
Asia/South PacificAsia/South PacificSPTeamSPTeam
EuropeEuropeETeamETeam
IT WSS Extranet TopologyIT WSS Extranet Topology
HardwareHardware
3 Web
2 Search
1 Index/Job
2 WSS Web
(A/P)SQL
Cluster
2 Web/Search
1 Index/Job
SQL(A/P)SQL
Cluster
ISA 2004/Web Publishing Load BalancersLoad Balancers
IT WSS ExtranetMMS SPSitesICE
3 Extranet Deployments3 Extranet Deployments
Business & IT RequirementsBusiness & IT Requirements
Infrastructure/Architecture SolutionInfrastructure/Architecture Solution
Add-onsAdd-ons
WorkaroundsWorkarounds
ChallengesChallenges
IT WSS Extranet DeploymentIT WSS Extranet Deployment
IT WSS Extranet – RequirementsIT WSS Extranet – RequirementsScalable Hosting WSSScalable Hosting WSS
BusinessBusiness
Easy to Collaborate with PartnersEasy to Collaborate with Partners
Use Existing Internal AccountsUse Existing Internal Accounts
Scalable & Highly AvailableScalable & Highly Available
Accounts for partner collaborationAccounts for partner collaboration
IT & SecurityIT & Security
Secure Collaboration - 2 Factor AuthSecure Collaboration - 2 Factor Auth
No Anonymous AccessNo Anonymous Access
Web Servers: IP masked, no ICMPWeb Servers: IP masked, no ICMP
Only SSL port allowed (Admin port blocked)Only SSL port allowed (Admin port blocked)
No Corp ResourcesNo Corp Resources
IT Extranet WSS SolutionIT Extranet WSS Solution
Auth: Basic over SSLAuth: Basic over SSL
Accounts: One way NTLM trust between partner domain Accounts: One way NTLM trust between partner domain and corporate child domains and corporate child domains
Partner account provisioning & management system: Use Partner account provisioning & management system: Use Existing Existing ((https://www.partners.extranet.microsoft.comhttps://www.partners.extranet.microsoft.com))
Leverage Existing Extranet Onboarding processLeverage Existing Extranet Onboarding process
Hardware: Stand Alone Deployment in DMZHardware: Stand Alone Deployment in DMZ
Extranet ProvisioningExtranet Provisioning
ICE DeploymentICE Deployment
ICE RequirementsICE Requirements
BusinessBusinessTransparent LoginTransparent Login
Web Single Sign On (not SPS SSO)Web Single Sign On (not SPS SSO)
Use existing NT accountsUse existing NT accounts
Hosted SharePoint like it is on Corp @ Home and on the GoHosted SharePoint like it is on Corp @ Home and on the Go
IT & SecurityIT & SecurityFirewalled (DMZ)Firewalled (DMZ)
Intrusion DetectionIntrusion Detection
IPSec between Corporate Clients & Managed ServersIPSec between Corporate Clients & Managed Servers
128 bit SSL128 bit SSL
Separate Forest from CorporateSeparate Forest from Corporate
Spsites DeploymentSpsites Deployment
MMS RequirementsMMS Requirements
BusinessBusinessTransparent LoginTransparent Login
Use existing NT accountsUse existing NT accounts
Hosted SharePoint like it is on Corp @ Home and on the GoHosted SharePoint like it is on Corp @ Home and on the Go
IT & SecurityIT & SecurityFirewalled (DMZ)Firewalled (DMZ)
Intrusion DetectionIntrusion Detection
128 bit SSL128 bit SSL
Separate Forest from Corp and Other Hosted CustomersSeparate Forest from Corp and Other Hosted Customers
Issues and ChallengesIssues and Challenges
Key Issues for MS Extranet or Internet Enabled Key Issues for MS Extranet or Internet Enabled DeploymentsDeployments
Four Primary ChallengesFour Primary Challenges
SecuritySecurity
Cross Forest IssuesCross Forest Issues
Account ManagementAccount Management
Client Facing IssuesClient Facing Issues
SecuritySecurity
Security team wants 2 factor authenticationSecurity team wants 2 factor authentication
Security wanted Digest authenticationSecurity wanted Digest authentication
Security wanted Forms authenticationSecurity wanted Forms authentication
Security then wanted token based authSecurity then wanted token based auth
Services/App Pools need to run with account in the same Services/App Pools need to run with account in the same domain (MMS)domain (MMS)
Password service account restrictions make maintenance Password service account restrictions make maintenance painfulpainful
Cross Forest Issues (Spsites)Cross Forest Issues (Spsites)
Manage Users Address book fails to work when email address & NT Manage Users Address book fails to work when email address & NT user name do not matchuser name do not match
Lookups fail when User domain does not trust resource domain and Lookups fail when User domain does not trust resource domain and Trust is at the forest level (works with domain (NTLM) trust)Trust is at the forest level (works with domain (NTLM) trust)
Display Name and Email address will not be populatedDisplay Name and Email address will not be populated
Requires user to know NT account or NT Security GroupRequires user to know NT account or NT Security Group
Document Workspace/Meeting Workspace creation from Document Workspace/Meeting Workspace creation from Outlook/Office doesn’t permission other users (lookup failure)Outlook/Office doesn’t permission other users (lookup failure)
Account Management Account Management (IT WSS/ICE)(IT WSS/ICE)
AD is the account repository (live or die by it)AD is the account repository (live or die by it)
Painful Process for managing partner accounts – account Painful Process for managing partner accounts – account creation and password management (listen to our story)creation and password management (listen to our story)
Active Directory Account Creation ModeActive Directory Account Creation Mode
Only for Windows SharePoint ServicesOnly for Windows SharePoint Services
Cannot coexist with pre-existing accountsCannot coexist with pre-existing accounts
Client Facing IssuesClient Facing Issues
Web capture web part doesn’t work with SSLWeb capture web part doesn’t work with SSL
Mixed content for online web parts (HTTP vs. HTTPS)Mixed content for online web parts (HTTP vs. HTTPS)
Web Folder mixed content promptWeb Folder mixed content prompt
Transparent Login requires Intranet Zone or special IE securityTransparent Login requires Intranet Zone or special IE security
URL Length (256 & 260)URL Length (256 & 260)
Internal vs. External URL path issues (Use Alternate Access (Alert Internal vs. External URL path issues (Use Alternate Access (Alert links, invalid extranet links, confusion)links, invalid extranet links, confusion)
Changes in WSS/SPS SP2 & R2?Changes in WSS/SPS SP2 & R2?
Windows 2003 R2 & ADFSWindows 2003 R2 & ADFS
WSS SP2/SPS SP2 EnhancementsWSS SP2/SPS SP2 Enhancements
Support for IP-bound virtual serversSupport for IP-bound virtual servers
* Support for Advanced Extranet Configurations* Support for Advanced Extranet Configurations
SSL TerminationSSL Termination
Host Header ModificationHost Header Modification
Port TranslationPort Translation
Kerberos enabled by default on single box new installationKerberos enabled by default on single box new installation
WSS running on ASP.NET 2.0 (Whidbey)WSS running on ASP.NET 2.0 (Whidbey)
Support for Windows x64 editionsSupport for Windows x64 editions
Support for SQL 2005Support for SQL 2005
http://www.microsoft.com/downloads/details.aspx?FamilyId=ABBA20F2-3625-4C9C-A412-AB9BBhttp://www.microsoft.com/downloads/details.aspx?FamilyId=ABBA20F2-3625-4C9C-A412-AB9BBEBDB5E8&displaylang=enEBDB5E8&displaylang=en
* Applies only to Non Scalable Hosting Mode Configurations or * Applies only to Non Scalable Hosting Mode Configurations or NoNo support for Farms with Multiple support for Farms with Multiple Hostnames on a single IIS virtual server.Hostnames on a single IIS virtual server.
Ways to Support SSL on Multiple Portals or Ways to Support SSL on Multiple Portals or WSS IIS Web SitesWSS IIS Web Sites
Configuration RTM SP1 SP2
SSL + Single IIS Virtual Server per server X X X
SSL + IP Bound Virtual Server X
SSL + Host Headers W2K3 SP1* W2K3 SP1*
SSL w/ Wildcard Host Header DNS X X X
SSL on alternate ports for Multiple Virtual Servers X X X
SSL + Port Translation X
SSL + Reverse Proxy (Terminated at Reverse Proxy X
SSL + Reverse Proxy (Terminated at SharePoint i.e. ISA link/port translation) X X X
ADFS for Windows 2003 R2 & WSSADFS for Windows 2003 R2 & WSS
Windows Server 2003 R2 servers configured as federation servers can provide Windows Server 2003 R2 servers configured as federation servers can provide access to access to Windows SharePoint ServicesWindows SharePoint Services sites over the Internet sites over the Internet
Your network and the network in your partner organization both need to Your network and the network in your partner organization both need to support ADFSsupport ADFS
Shadow accounts setup in the resource partner if no forest trust exists between Shadow accounts setup in the resource partner if no forest trust exists between both partner organizations with federation trust between both partner both partner organizations with federation trust between both partner organizationsorganizations
WSS Web server configured with R2 and has SSL certificateWSS Web server configured with R2 and has SSL certificate
ADFS Web Service Agent on the Web server hosting Windows SharePoint ADFS Web Service Agent on the Web server hosting Windows SharePoint ServicesServices
Windows SharePoint Services site users in the account partner organization Windows SharePoint Services site users in the account partner organization setup with permissionssetup with permissions
http://download.microsoft.com/download/9/3/e/93eff406-5dd6-442d-bedd-http://download.microsoft.com/download/9/3/e/93eff406-5dd6-442d-bedd-082ef29a6d22/ADFSStepbyStep.doc082ef29a6d22/ADFSStepbyStep.doc
Be aware of SOAP issues (DWS & MWS Creation, FPEdit, Excel/Outlook Be aware of SOAP issues (DWS & MWS Creation, FPEdit, Excel/Outlook Export & Import)Export & Import)
Session SummarySession Summary
Security is strong but getting stronger and more flexibleSecurity is strong but getting stronger and more flexible
Workarounds are available for most issuesWorkarounds are available for most issues
Windows R2, WSS SP2, SPS SP2 – Remove deployment Windows R2, WSS SP2, SPS SP2 – Remove deployment blockersblockers
Where to find Joel …Where to find Joel …Talks – Talks – ATEATE
TuesdayTuesday11:30-12:45 C&T SharePoint Gone Wrong – How to Recover11:30-12:45 C&T SharePoint Gone Wrong – How to Recover
13:00-14:00 IW SharePoint Demo Station13:00-14:00 IW SharePoint Demo Station
13:00-14:00 Panel: Life at the Bleeding Edge13:00-14:00 Panel: Life at the Bleeding Edge
15:00-16:00 IT ATE Booth 715:00-16:00 IT ATE Booth 7
18:30-20:00 IW SharePoint Demo Station18:30-20:00 IW SharePoint Demo Station
WednesdayWednesday9:45-11:00 C&T Windows File Servers and SharePoint – Clarity9:45-11:00 C&T Windows File Servers and SharePoint – Clarity
14:00-15:15 C&T SharePoint Gone Wrong – How to Recover II14:00-15:15 C&T SharePoint Gone Wrong – How to Recover II
15:30-16:45 Breakout - Building SharePoint for Maximum Scale15:30-16:45 Breakout - Building SharePoint for Maximum Scale
17:00-18:00 IT ATE Booth 717:00-18:00 IT ATE Booth 7
ThursdayThursday10:00-11:00 IW SharePoint Demo Station10:00-11:00 IW SharePoint Demo Station
13:00-14:00 Panel: Enabling the New World of Work13:00-14:00 Panel: Enabling the New World of Work
14:00-15:30 SharePoint Extranets14:00-15:30 SharePoint Extranets
15:30-16:30 IT ATE Booth 715:30-16:30 IT ATE Booth 7
Where to get more on …Where to get more on …How Microsoft Does ITHow Microsoft Does IT
““Ask The Experts” – Booth 7Ask The Experts” – Booth 7
Come find us in the Sponsors & Exhibition HallCome find us in the Sponsors & Exhibition Hall
Enter our daily prize draw and win X-box games & a memory Enter our daily prize draw and win X-box games & a memory mousemouse
Delegate NetworkingDelegate Networking
Schedule a 1:1 with any of our IT speakers and expertsSchedule a 1:1 with any of our IT speakers and experts
On the WebOn the Web
Visit www.microsoft.com/itshowcase Visit www.microsoft.com/itshowcase
IT Showcase DVDIT Showcase DVD
The very latest in white papers, presentations and Webcasts, The very latest in white papers, presentations and Webcasts, collect one HERE or from the ATE – Booth 7collect one HERE or from the ATE – Booth 7
Community ResourcesCommunity Resources
Community ResourcesCommunity Resources
http://www.microsoft.com/communities/default.mspxhttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)Most Valuable Professional (MVP)
http://www.microsoft.com/communities/mvphttp://www.microsoft.com/communities/mvp
NewsgroupsNewsgroups
Converse online with Microsoft Newsgroups,Converse online with Microsoft Newsgroups,including Worldwideincluding Worldwide
http://communities2.microsoft.com/communitieshttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx/newsgroups/en-us/default.aspx
User Groups - Meet and learn with your peersUser Groups - Meet and learn with your peers
http://www.microsoft.com/communities/usergroupshttp://www.microsoft.com/communities/usergroups/default.mspx/default.mspx
Microsoft Learning ResourcesMicrosoft Learning Resources
Come and talk to Microsoft Learning to find out more about developing your skills, you can kind us in the ‘Ask the Experts’ area
Special offers on Microsoft Certification from Microsoft Learning
Click here to access free Microsoft Learning Assessments http://www.microsoft.com/learning/assessment/ind/default.asp
and FREE elearning for Microsoft Visual Studio 2005 and Microsoft SQL Server 2005 with free Assessments and E-Learninghttp://www.microsoft.com/learning/mcp/
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
