Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Planning and Configuring Extranets in SharePoint 2010
1. Thinking SharePoint? Think Jornata.
Planning and Configuring
Extranets in SharePoint 2010
Geoff Varosky
Director, Development & Evangelism
Prepared for
Prepared by Jornata
gvarosky@jornata.com
Jornata
61-63 Chatham Street
Follow me on Twitter @gvaro
Fourth Floor
Boston, MA 02109
Submitted on April 25, 2012
2. About Me
• Geoff Varosky
– Jornata
• Director, Development & Evangelism
• BASPUG Co-Founder
• SPS Boston Co-Organizer
– Blog : www.sharepointyankee.com
– Email: gvarosky@jornata.com
– Twitter: @gvaro
– LinkedIn & Facebook
Thinking SharePoint? Think Jornata.
3. Agenda
• Thinking
– What is an Extranet?
– Design
• Topology
• Authentication Mechanism
• User Identity Storage Location
– Evaluating Your Requirements
– SharePoint 2010 Considerations
• Doing
– Configuration
– User and Role Management
3
Thinking SharePoint? Think Jornata.
4. What is an extranet?
4
Thinking SharePoint? Think Jornata.
5. What is an extranet?
5
Thinking SharePoint? Think Jornata.
6. What is an extranet?
Controlled access from
external networks
6
Thinking SharePoint? Think Jornata.
7. What is an extranet?
Controlled access from
EXTeRnAl NETworks
7
Thinking SharePoint? Think Jornata.
21. Evaluating Your Requirements
• What do you REALLY need?
– Who needs access?
– How sensitive is the data?
– How sensitive is your network?
– Budget?**
21
Thinking SharePoint? Think Jornata.
23. Plan Your Requirements
• Who needs access?
– Internal employees only
• Active Directory
– Internal employees and external users
• Active Directory
– Additional domain with restricted access
• Active Directory & Forms Based Authentication
– Claims Authentication
– External only (rare)
• Clients, partners, consultants
– Active Directory or LDAP or SQL?
– Forms Based Authentication or Windows auth?
– Separate or together?
– Hosting
– Mobile Clients
23
Thinking SharePoint? Think Jornata.
24. Remember this…
You are giving a key
to access your
company’s data in
some form or
another.
24
Thinking SharePoint? Think Jornata.
25. Requirements
• How sensitive is the data & internal network?
– Network & SharePoint
• DMZ
• Same farm, separate web application
• Separate farm
• Multiple Farms – Cross-farm services, publishing
25
Thinking SharePoint? Think Jornata.
26. Requirements
• How sensitive is the data & internal network?
– Security
• Secure Certificates (SSL)
• Encryption
• Firewall
– Both hardware and software?
– Content Filtering
– ACLs
• Virtual Private Network
• Anti-Virus and Anti-Malware
• Client-based certificates
• One-time passwords (RSA tokens)
• Phone verification
• Biometrics
– Retina, fingerprint, facial structure, hair and blood samples
Thinking SharePoint? Think Jornata. 26
28. SharePoint 2010
• Supported version?
– All Versions: Foundation up through Enterprise Server 2010
– Office 365
• Can be used as an extranet (since that’s basically what it
is!)
28
Thinking SharePoint? Think Jornata.
30. Managing Users
• IIS
– Must change default role manager and membership providers
each time = DOWNTIME.
– Separate IIS Virtual Web Application
• BCS
– Great way to manage users (passwords, emails, etc.)
– No ability to create users without another layer of logic
• Codeplex
– SharePoint 2010 FBA Pack
• http://sharepoint2010fba.codeplex.com
• 3rd Party…
30
Thinking SharePoint? Think Jornata.
31. Remember this too…
• Test the configuration
• Review security regularly
31
Thinking SharePoint? Think Jornata.
32. Resources
• My blog series
– Part 1 : http://go.gvaro.net/ExtranetsP1
– Part 2 : http://go.gvaro.net/ExtranetsP2
– Part 3 : http://go.gvaro.net/ExtranetsP3
32
Thinking SharePoint? Think Jornata.
34. Resources
• Visual FBA configuration by Donal Conlon
– http://go.gvaro.net/oPnAYx
• Extranet tested topologies for SP 2010 Model
– http://go.gvaro.net/SP2010ExtTopMod
• ASP.NET 2.0 Membership Database Reference
– Create, Add Users, etc.
– http://go.gvaro.net/AN2Mbr
• FBA Configuration in SharePoint 2010
– LDAP: http://go.gvaro.net/FBALDAP
– ASP.NET Membership DB: http://go.gvaro.net/FBAANMDB
34
Thinking SharePoint? Think Jornata.
35. Resources
• PeoplePicker Wildcard Search
– http://go.gvaro.net/FBAWildCard
• Helpful Resources for Troubleshooting Membership
Providers
– http://go.gvaro.net/TSMemProv
• “Sign me in automatically” in FBA
– http://go.gvaro.net/pAkDQP
• Configuring SSL in a Development Environment
– http://go.gvaro.net/uOTTlJ
35
Thinking SharePoint? Think Jornata.
36. Summary
• Plan Your Design
– Topology
• Same Farm? Dedicated Farm? Back-to-Back? Etc…
– Authentication Mechanism
– User Identity Storage Location
• Evaluate Your Requirements
– Map to Technology
• Do
– Test!
– Easy Configuration
– User and Role Management
36
Thinking SharePoint? Think Jornata.