Most companies, large or small, require contact and collaboration with external entities, whether they are vendors, clients, or contractors. SharePoint gives us the ability to open up portals for collaboration with these external entities – this session will show you how to accomplish this using SharePoint 2010.
We will review what is required to make SharePoint “open” to the external world, discuss scenarios regarding security and privacy, as well as walk through configuring Forms Based Authentication, Claims Based Authentication, as well as using Business Connectivity Services in SharePoint 2010, to authenticate, and manage our external users.
Once completing this session, you should have a firm grasp on how to configure an extranet environment using SharePoint 2010, as well as what should be considered during the planning of your extranet scenarios.
11. Requirements What do you REALLY need? Who needs access? How sensitive is the data? How sensitive is your network? Budget? geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
13. Requirements Who needs access? Internal employees only? Active Directory Internal employees and external users? Active Directory Additional domain with restricted access Active Directory & Forms Based Authentication Claims Authentication External Clients, partners, consultants Active Directory Forms Based Authentication Separate or together? geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
14. Requirements How sensitive is the data & internal network? Network & SharePoint DMZ Separate web application Separate farm Security SSL Security Firewall Both hardware and software? Content Filtering Virtual Private Network Anti-Virus and Anti-Malware Client-based certificates One-time passwords (RSA tokens) Biometrics Retina, fingerprint, facial structure, hair and blood samples geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
15. Remember this… You are giving a key to access your company’s data in some form or another. geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
17. Requirements How sensitive is the data & internal network? Network & SharePoint DMZ Separate web application Separate farm geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
18. Requirements How sensitive is the data & internal network? Security Secure Certificates (SSL) Encryption Firewall Both hardware and software? Content Filtering ACLs Virtual Private Network Anti-Virus and Anti-Malware Client-based certificates One-time passwords (RSA tokens) Biometrics Retina, fingerprint, facial structure, hair and blood samples geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
20. SharePoint 2010 Versions? Foundation up to Enterprise Server 2010 Claims Based Authentication Forms Based Authentication Configuration (and our Demo) Create ASP.NET Membership Database Configure SharePoint Extend Web Application web.config settings Alternate Access Mappings Configure IIS Create and Manage Users geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
22. Managing Users… IIS Must change default role manager and membership providers each time = DOWNTIME. BCS Great way to manage users (passwords, emails, etc.) No ability to create users without another layer of logic Codeplex Solutions CKS Forms Based Authentication Solution http://go.gvaro.net/CKSFBAS This *may* work, or, it may not. Mixed results. 3rd Party… DevIt.EU http://www.devit.eu/products/121-fba-manager-2010-forms-based-authentication.aspx geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
23. And also, remember this too… Test the configuration Review security regularly geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
24. Resources My blog series Part 1 : http://go.gvaro.net/ExtranetsP1 Part 2 : http://go.gvaro.net/ExtranetsP2 Part 3 : coming soon… Part 4 : coming soon… My Virtual Environment via CloudShare SharePoint 2010 Information Worker image Configured just about the same as we did here On the desktop Links to my information Link to Extranet COMING SOON! LEAVE NOTE ON EVAL AND I WILL SEND IT TO YOU! geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]
25. Resources Extranet tested topologies for SP 2010 Model http://go.gvaro.net/SP2010ExtTopMod ASP.NET 2.0 Membership Database Reference Create, Add Users, etc. http://go.gvaro.net/AN2Mbr FBA Configuration in SharePoint 2010 LDAP: http://go.gvaro.net/FBALDAP ASP.NET Membership DB: http://go.gvaro.net/FBAANMDB PeoplePicker Wildcard Search http://go.gvaro.net/FBAWildCard Helpful Resources for Troubleshooting Membership Providers http://go.gvaro.net/TSMemProv geoffvarosky gvarosky@gracehunt.com [email] www.gracehunt.com [web] sharepointyankee.com [blog] @gvaro [twitter]