Planning and Configuring Extranets in SharePoint 2010
1. Thinking SharePoint? Think Jornata.
Planning and Configuring
Extranets in SharePoint 2010
Geoff Varosky
Director, Development & Evangelism
Prepared for
Prepared by Jornata
gvarosky@jornata.com
Jornata
61-63 Chatham Street
Follow me on Twitter @gvaro
Fourth Floor
Boston, MA 02109
Submitted on April 25, 2012
2. About Me
• Geoff Varosky
– Jornata
• Director, Development & Evangelism
• BASPUG Co-Founder
• SPS Boston Co-Organizer
– Blog : www.sharepointyankee.com
– Email: gvarosky@jornata.com
– Twitter: @gvaro
– LinkedIn & Facebook
Thinking SharePoint? Think Jornata.
3. Agenda
• Thinking
– What is an Extranet?
– Design
• Topology
• Authentication Mechanism
• User Identity Storage Location
– Evaluating Your Requirements
– SharePoint 2010 Considerations
• Doing
– Configuration
– User and Role Management
3
Thinking SharePoint? Think Jornata.
4. What is an extranet?
4
Thinking SharePoint? Think Jornata.
5. What is an extranet?
5
Thinking SharePoint? Think Jornata.
6. What is an extranet?
Controlled access from
external networks
6
Thinking SharePoint? Think Jornata.
7. What is an extranet?
Controlled access from
EXTeRnAl NETworks
7
Thinking SharePoint? Think Jornata.
21. Evaluating Your Requirements
• What do you REALLY need?
– Who needs access?
– How sensitive is the data?
– How sensitive is your network?
– Budget?**
21
Thinking SharePoint? Think Jornata.
23. Plan Your Requirements
• Who needs access?
– Internal employees only
• Active Directory
– Internal employees and external users
• Active Directory
– Additional domain with restricted access
• Active Directory & Forms Based Authentication
– Claims Authentication
– External only (rare)
• Clients, partners, consultants
– Active Directory or LDAP or SQL?
– Forms Based Authentication or Windows auth?
– Separate or together?
– Hosting
– Mobile Clients
23
Thinking SharePoint? Think Jornata.
24. Remember this…
You are giving a key
to access your
company’s data in
some form or
another.
24
Thinking SharePoint? Think Jornata.
25. Requirements
• How sensitive is the data & internal network?
– Network & SharePoint
• DMZ
• Same farm, separate web application
• Separate farm
• Multiple Farms – Cross-farm services, publishing
25
Thinking SharePoint? Think Jornata.
26. Requirements
• How sensitive is the data & internal network?
– Security
• Secure Certificates (SSL)
• Encryption
• Firewall
– Both hardware and software?
– Content Filtering
– ACLs
• Virtual Private Network
• Anti-Virus and Anti-Malware
• Client-based certificates
• One-time passwords (RSA tokens)
• Phone verification
• Biometrics
– Retina, fingerprint, facial structure, hair and blood samples
Thinking SharePoint? Think Jornata. 26
28. SharePoint 2010
• Supported version?
– All Versions: Foundation up through Enterprise Server 2010
– Office 365
• Can be used as an extranet (since that’s basically what it
is!)
28
Thinking SharePoint? Think Jornata.
30. Managing Users
• IIS
– Must change default role manager and membership providers
each time = DOWNTIME.
– Separate IIS Virtual Web Application
• BCS
– Great way to manage users (passwords, emails, etc.)
– No ability to create users without another layer of logic
• Codeplex
– SharePoint 2010 FBA Pack
• http://sharepoint2010fba.codeplex.com
• 3rd Party…
30
Thinking SharePoint? Think Jornata.
31. Remember this too…
• Test the configuration
• Review security regularly
31
Thinking SharePoint? Think Jornata.
32. Resources
• My blog series
– Part 1 : http://go.gvaro.net/ExtranetsP1
– Part 2 : http://go.gvaro.net/ExtranetsP2
– Part 3 : http://go.gvaro.net/ExtranetsP3
32
Thinking SharePoint? Think Jornata.
34. Resources
• Visual FBA configuration by Donal Conlon
– http://go.gvaro.net/oPnAYx
• Extranet tested topologies for SP 2010 Model
– http://go.gvaro.net/SP2010ExtTopMod
• ASP.NET 2.0 Membership Database Reference
– Create, Add Users, etc.
– http://go.gvaro.net/AN2Mbr
• FBA Configuration in SharePoint 2010
– LDAP: http://go.gvaro.net/FBALDAP
– ASP.NET Membership DB: http://go.gvaro.net/FBAANMDB
34
Thinking SharePoint? Think Jornata.
35. Resources
• PeoplePicker Wildcard Search
– http://go.gvaro.net/FBAWildCard
• Helpful Resources for Troubleshooting Membership
Providers
– http://go.gvaro.net/TSMemProv
• “Sign me in automatically” in FBA
– http://go.gvaro.net/pAkDQP
• Configuring SSL in a Development Environment
– http://go.gvaro.net/uOTTlJ
35
Thinking SharePoint? Think Jornata.
36. Summary
• Plan Your Design
– Topology
• Same Farm? Dedicated Farm? Back-to-Back? Etc…
– Authentication Mechanism
– User Identity Storage Location
• Evaluate Your Requirements
– Map to Technology
• Do
– Test!
– Easy Configuration
– User and Role Management
36
Thinking SharePoint? Think Jornata.