Title here

Date here

Extranets in SharePoint2007 and 2010

Toronto SharePoint CampMarch 20, 2010

Agenda

• Welcome and Introduction

• Extranets Overview and Scenarios

• Implementing SQL FBA

• Q&A

Peter Carson

• Founder and President of Envision IT

• 20 years of industry experience

• Technical background with a strong business focus

• http://blog.petercarson.ca

• peter@envisionit.com

Focused on complex SharePoint solutions, Envision IT is the “go-to” partner for Microsoft SharePoint, building integrated public web sites, Intranets, Extranets, and web applications that leverage your existing systems anywhere over the Internet.

Envision IT

Introductions

• Do you have an Intranet/Internet/Extranet?

• Is SharePoint your current web content management platform?

• What do you hope to get out of this seminar?

Agenda

• Welcome and Introduction

• Extranets Overview and Scenarios

• Implementing SQL FBA

• Q&A

Extranet Challenges

• SharePoint is a Powerful platform for collaboration and web

sites but lacks extranet support

• SharePoint is typically intended for users that are already

logged into a corporate domain

• Extranet users should not be a part of corporate domain

• Need a way for business users to manage extranet users,

whether they are in AD or SQL

• How do we provide users with access?

– They need a password that we don’t want to email them

in clear text.

– What happens if they forget their password?

26 SharePoint web sites for retail properties across Canada

Custom .NET web site for retailers to upload promotions and job postings, using the Envision IT Extranet Module

Integration with back ends systems for stores and floor plans

The Client Cadillac Fairview is one of

North America's largest investors, owners and

managers of commercial real estate. Cadillac

Fairview and its affiliates own and manage 83

properties, including some of Canada's

landmark developments such as the Toronto

Eaton Centre.

Cadillac Fairview Solution

Cadillac Fairview Results

• Savings of at least $500,000 per year

No additional staff required to transition and maintain the WCM platform.

Security, performance and availability were dramatically increased for the same monthly cost.

CF will no longer require 3rd party vendors to do these changes on our behalf.

• The old WCM solution was cumbersome and often involved assistance from CF Property & head office staff.

The “Retail Promo Tool” was redesigned to be more user-friendly and enables the Retailers to be more self sufficient.

It also included new functionality that allows Retailers to post for open positions at their stores.

The new Retail Promo Tool module saved between 5%-10% of staff (who assisted Retailers) time across all properties (26).

Primary channel of communication between Home Office and the Canadian Tire Retail stores

Expected to lead to the elimination of millions of pieces of paper

Improved execution of retail programs and enhanced customer experience

The Client Canadian Tire Retail and its

Associate Dealers together form one of

Canada's best-known and most successful

retailers, with more than 475 stores from coast

to coast. Canadian Tire offers customers a

large selection of national and retail brands

through three 'stores' under one roof.

An extranet solution for client access

Used to access public information, and secure private client account and project data

One place for clients to go for all information about Unitrax, the Citi hosted application used by their financial institution clients

A collaboration site for hospitals across Canada to store and share research data

Security and privacy was critical

Rapid deployment and easy user adoption

Public internet site with private areas for authorized users

Self service registration with a custom registration form

Approval process before a registered member can access private areas of the site

Other Extranet Examples

Customers and employees securely login, authenticated against SalesLogix CRM database

access to product support information and download product utilities, view streaming media, and attend online training events

custom web parts query the SalesLogix database, to retrieve customer-specific information

Envision IT Extranet Scenarios

• Windows SharePoint Services Collaboration Portal

• Internet Web Site Members Only Area

• Board of Directors’ Portal

• CRM Integrated Customer Care Portal

Windows SharePoint Services Collaboration Portal

• Simple WSS team sites for collaboration

• Uses Windows Authentication to provide the full Office integration with SharePoint

• Separate AD installed directly on the WSS server

• Internal SQL farm used for content databases, but SQL Express is installed with WSS to bootstrap SharePoint from the config database

• One-way trust allows internal users to use their corporate accounts to access the Extranet

• Capacity Building Initiative Collaboration Portal

• Constellation HomeBuilders Customer Service Portal

• SickKids Hospital SharePoint Portal

Windows SharePoint Services Collaboration Portal

Internet Web Site Members Only Area

• Public web site with a private members area

• Typically SQL authentication, but could be AD as well

• Forms-based authentication typically used to provide a rich login experience

• Self-registration with approvals typically provided

• Cadillac Fairview Retail Web Sites

• Centre for Addiction and Mental Health Problem Gambling Portal

• Grontmij

Internet Web Site Members Only Area

Board of Directors Portal

• Corporate or public sector board of directors portal

• Small set of users that are typically already part of the internal corporate domain

• SSL publishing of portal externally

• Halton Healthcare Services Board of Directors' Portal

• William Osler Board of Directors' Portal

• Enersource Hydro Mississauga

• Heart and Stroke Foundation of Ontario

Board of Directors Portal

CRM Integrated Customer Care Portal

• Customer care portal

• Accounts are provisioned through the CRM system

• Microsoft CRM, Sales Logix, etc.

• Welcome emails are sent automatically when contacts are setup in CRM

• Groups are automatically setup when accounts are setup

• Contacts are made members of security groups based on their account relationship in CRM

• Citi Client Extranet

• Constellation HomeBuilders Customer Service Portal

• Boys and Girls Clubs of Canada

CRM Integrated Customer Care Portal

IN COLLABORATION WITH

Authentication Scenarios

•Windows Authentication

–Standard browser login

–ISA Server HTML login form

•Forms-Based Authentication

Windows Authentication

Cons– AD protocol generally not

fire-wall friendly (mitigated by use of ISA server)

– Requires a second domain to keep Extranet users out of corporate domain

Pros– Single URL for all users, inside

and outside

– Works best when user credentials are stored in AD

– Maximum integration of Office applications with SharePoint document libraries and web sites

– Works well with Microsoft ISA Server 2006 firewall

Forms-Based Authentication

Cons– User has No Windows

Identity

– Reduced Office Application Integration

• No SharePoint context available in Task pane

• Unable to launch Office applications

– My Site Link disappears

– Need BDC to import Profiles

– LDAP vs. Active Directory Logins

– Uses Cookies

Pros– Works best for user

credentials stored outside AD (e.g. SQL Server)

– Works best for extranet user credentials you don’t want to store in your corporate AD

– Ability to manage users without granting admin access to AD

– Can use email address as username

ISA Server 2006

• Microsoft Internet Security & Acceleration Server 2006

• It is an integrated edge security gateway that helps protect the network from Internet-based threats

• Gives the best of both worlds of Windows and Forms-Based Authentication models

• Rich HTML login form can be branded and customized

• Domain-level cookie gives full Office application integration and eliminates multiple authentication prompts when properly configured

Standard SharePoint FBA

• IIS7 has an interface to create users and roles (groups) in the provider

• No provision for setting, changing, or retrieving passwords

• Rudimentary login page

• No self-service account creation

CKS Forms Based Authentication Solution

http://cks.codeplex.com/releases/view/17901

• Automated Solution Deployment

• Membership request web part (including CAPTCHA)

• Membership request list

• Login web part

• Recover Password web part

• Change Password web part

• ULS Logging

• User Management

• Role Management

• User Properties - Brendon Schwartz

• Self-service and business user web interfaces for setup of Extranet users

• Welcome email with account validation and secure password setup

• Password change and self-serve retrieval of lost usernames and password resets

• Display of sites each user or group has access to across SharePoint servers

• Active Directory or SQL Server forms-based authentication

• www.envisionit.com/Products

Agenda

• Welcome and Introduction

• Extranets Overview and Scenarios

• Implementing SQL FBA

• Q&A

Peter Carson

• Founder and President of Envision IT

• 20 years of industry experience

• Technical background with a strong business focus

• http://blog.petercarson.ca

• peter@envisionit.com