2. Geoff Varosky
Jornata
Architect, Director of Evangelism
Co-Founder Boston Area SharePoint Users Group
Co-Organizer SharePoint Saturday Boston
Blog – www.SharePointYankee.com
Email – gvarosky@jornata.com
Twitter – @gvaro
LinkedIn & Facebook
Visit Jornata Booth #601
3. Thinking
What is an Extranet?
Design
Topology
Authentication Mechanism
User Identity Storage Location
Evaluating Your Requirements
SharePoint 2010 Considerations
Doing
Configuration
User and Role Management
15. Corporate network
Internets Perimeter network
YAY! FACEBOOKS! LOLS!
External Firewall Firewall
Users /UAG /UAG
Web Servers, SQL Servers,
Application Application
Servers, Servers,
DNS, Active DNS, Active
Directory Directory
16.
17. Windows
NTLM
Kerberos
Basic
Forms Based Authentication (FBA)*
*Claims needs to be enabled for FBA
Claims Based Authentication
SAML tokens
18.
19. Active Directory
LDAP
SQL Server
Other
Facebooks
Twitters
20.
21. What do you really need?
Who needs access?
How sensitive is the data?
How sensitive is the network?
Budget?**
22. Who needs access?
Internal employees only
Active Directory
Internal employees and external users
Active Directory
Additional domain with restricted access
Active Directory & Forms Based Authentication
Claims Authentication
External only (rare)
Clients, partners, consultants
Active Directory or LDAP or SQL?
Forms Based Authentication or Windows auth?
Separate or together?
Hosting
Mobile Clients
23. How sensitive is the data & internal network?
Network & SharePoint
Separate site?
Separate site collection?
Separate web application?
Multiple farms with cross-farm services & publishing?
Separate farm?
DMZ?
24. How sensitive is the data & internal network?
Security
Secure Certificates (SSL)
Encryption
Firewall
Both hardware and software?
Content Filtering
ACLs
Virtual Private Network
Anti-Virus and Anti-Malware
Client-based certificates
One-time passwords (RSA tokens)
Phone verification
Biometrics
Retina, fingerprint, facial structure, hair and blood samples
25. How sensitive is the data & internal network?
Security
Secure Certificates (SSL)
Encryption
Firewall
Both hardware and software?
Content Filtering
ACLs
Virtual Private Network
Anti-Virus and Anti-Malware
Client-based certificates
One-time passwords (RSA tokens)
Phone verification
Biometrics
Retina, fingerprint, facial structure, hair and blood samples
27. REMEMBER THIS…
You are giving a key to
access your company’s
data in some form or
another.
28.
29. Supported versions
All – Foundation up through Enterprise
Office 365
Can be used as an extranet (since that is basically what it is!)
30. Assumptions
Any Topology
Multi-Mode (Windows & FBA Authentication)
SQL User Database
1. Create ASP.NET Membership Database
2. Configure SharePoint
3. Configure IIS
4. Create and Manage Users
31. IIS
Using your SharePoint Site = BAD
Must first change default role manager, and then membership provider each time from
claims to your SQL providers
No one can log into SharePoint during this time
And then change them back when done
Each change recycles the application pool.
Create a separate IIS Virtual Web Application and Manage from there
BCS
Great way to search for and manage users (passwords, email, etc.)
No way to create users without additional logic
32. CodePlex (www.codeplex.com)
SharePoint 2010 FBA Pack
http://sharepoint2010fba.codeplex.com
Third Party Solutions
33. Test your configuration
Review security regularly
Be wary of cats
34. My Blog Series
Part 1 : http://go.gvaro.net/ExtranetsP1
Part 2 : http://go.gvaro.net/ExtranetsP2
Part 3 : http://go.gvaro.net/ExtranetsP3
Phone Factor – Phone Verification
http://www.phonefactor.com
Plan Security Hardening (TechNet)
http://go.gvaro.net/uSyY1Z
SharePoint 2007 & 2010 Farm Ports (Firewall Config)
http://go.gvaro.net/uWQZzU
Disabling SSL v2.0, PCT 1.0 +more in IIS7
http://go.gvaro.net/N5GgEa
35. SharePoint Ports, Proxies, and Protocols (Firewall Config)
http://go.gvaro.net/tblxCn
Harden SQL Server for SharePoint
http://go.gvaro.net/viVQuN
Visual FBA configuration by Donal Conlon
http://go.gvaro.net/oPnAYx
Extranet tested topologies for SP 2010 Model
http://go.gvaro.net/SP2010ExtTopMod
ASP.NET 2.0 Membership Database Reference
Create, Add Users, etc. http://go.gvaro.net/AN2Mbr
36. FBA Configuration in SharePoint 2010
LDAP: http://go.gvaro.net/FBALDAP
ASP.NET Membership DB
http://go.gvaro.net/FBAANMDB
PeoplePicker Wildcard Search
http://go.gvaro.net/FBAWildCard
Helpful Resources for Troubleshooting Membership Providers
http://go.gvaro.net/TSMemProv
“Sign me in automatically” in FBA
http://go.gvaro.net/pAkDQP
Configuring SSL in a Development Environment
http://go.gvaro.net/uOTTlJ