Extranets in SharePoint Title here 2007 and 2010 Camp Extranet Se… · Public internet site with...
Transcript of Extranets in SharePoint Title here 2007 and 2010 Camp Extranet Se… · Public internet site with...
Title here
Date here
Extranets in SharePoint2007 and 2010
Toronto SharePoint CampMarch 20, 2010
Agenda
• Welcome and Introduction
• Extranets Overview and Scenarios
• Implementing SQL FBA
• Q&A
Peter Carson
• Founder and President of Envision IT
• 20 years of industry experience
• Technical background with a strong business focus
• http://blog.petercarson.ca
Focused on complex SharePoint solutions, Envision IT is the “go-to” partner for Microsoft SharePoint, building integrated public web sites, Intranets, Extranets, and web applications that leverage your existing systems anywhere over the Internet.
Envision IT
Introductions
• Do you have an Intranet/Internet/Extranet?
• Is SharePoint your current web content management platform?
• What do you hope to get out of this seminar?
Agenda
• Welcome and Introduction
• Extranets Overview and Scenarios
• Implementing SQL FBA
• Q&A
Extranet Challenges
• SharePoint is a Powerful platform for collaboration and web
sites but lacks extranet support
• SharePoint is typically intended for users that are already
logged into a corporate domain
• Extranet users should not be a part of corporate domain
• Need a way for business users to manage extranet users,
whether they are in AD or SQL
• How do we provide users with access?
– They need a password that we don’t want to email them
in clear text.
– What happens if they forget their password?
26 SharePoint web sites for retail properties across Canada
Custom .NET web site for retailers to upload promotions and job postings, using the Envision IT Extranet Module
Integration with back ends systems for stores and floor plans
The Client Cadillac Fairview is one of
North America's largest investors, owners and
managers of commercial real estate. Cadillac
Fairview and its affiliates own and manage 83
properties, including some of Canada's
landmark developments such as the Toronto
Eaton Centre.
Cadillac Fairview Solution
Cadillac Fairview Results
• Savings of at least $500,000 per year
No additional staff required to transition and maintain the WCM platform.
Security, performance and availability were dramatically increased for the same monthly cost.
CF will no longer require 3rd party vendors to do these changes on our behalf.
• The old WCM solution was cumbersome and often involved assistance from CF Property & head office staff.
The “Retail Promo Tool” was redesigned to be more user-friendly and enables the Retailers to be more self sufficient.
It also included new functionality that allows Retailers to post for open positions at their stores.
The new Retail Promo Tool module saved between 5%-10% of staff (who assisted Retailers) time across all properties (26).
Primary channel of communication between Home Office and the Canadian Tire Retail stores
Expected to lead to the elimination of millions of pieces of paper
Improved execution of retail programs and enhanced customer experience
The Client Canadian Tire Retail and its
Associate Dealers together form one of
Canada's best-known and most successful
retailers, with more than 475 stores from coast
to coast. Canadian Tire offers customers a
large selection of national and retail brands
through three 'stores' under one roof.
An extranet solution for client access
Used to access public information, and secure private client account and project data
One place for clients to go for all information about Unitrax, the Citi hosted application used by their financial institution clients
A collaboration site for hospitals across Canada to store and share research data
Security and privacy was critical
Rapid deployment and easy user adoption
Public internet site with private areas for authorized users
Self service registration with a custom registration form
Approval process before a registered member can access private areas of the site
Other Extranet Examples
Customers and employees securely login, authenticated against SalesLogix CRM database
access to product support information and download product utilities, view streaming media, and attend online training events
custom web parts query the SalesLogix database, to retrieve customer-specific information
Envision IT Extranet Scenarios
• Windows SharePoint Services Collaboration Portal
• Internet Web Site Members Only Area
• Board of Directors’ Portal
• CRM Integrated Customer Care Portal
Windows SharePoint Services Collaboration Portal
• Simple WSS team sites for collaboration
• Uses Windows Authentication to provide the full Office integration with SharePoint
• Separate AD installed directly on the WSS server
• Internal SQL farm used for content databases, but SQL Express is installed with WSS to bootstrap SharePoint from the config database
• One-way trust allows internal users to use their corporate accounts to access the Extranet
• Capacity Building Initiative Collaboration Portal
• Constellation HomeBuilders Customer Service Portal
• SickKids Hospital SharePoint Portal
Windows SharePoint Services Collaboration Portal
Internet Web Site Members Only Area
• Public web site with a private members area
• Typically SQL authentication, but could be AD as well
• Forms-based authentication typically used to provide a rich login experience
• Self-registration with approvals typically provided
• Cadillac Fairview Retail Web Sites
• Centre for Addiction and Mental Health Problem Gambling Portal
• Grontmij
Internet Web Site Members Only Area
Board of Directors Portal
• Corporate or public sector board of directors portal
• Small set of users that are typically already part of the internal corporate domain
• SSL publishing of portal externally
• Halton Healthcare Services Board of Directors' Portal
• William Osler Board of Directors' Portal
• Enersource Hydro Mississauga
• Heart and Stroke Foundation of Ontario
Board of Directors Portal
CRM Integrated Customer Care Portal
• Customer care portal
• Accounts are provisioned through the CRM system
• Microsoft CRM, Sales Logix, etc.
• Welcome emails are sent automatically when contacts are setup in CRM
• Groups are automatically setup when accounts are setup
• Contacts are made members of security groups based on their account relationship in CRM
• Citi Client Extranet
• Constellation HomeBuilders Customer Service Portal
• Boys and Girls Clubs of Canada
CRM Integrated Customer Care Portal
IN COLLABORATION WITH
Authentication Scenarios
•Windows Authentication
–Standard browser login
–ISA Server HTML login form
•Forms-Based Authentication
Windows Authentication
Cons– AD protocol generally not
fire-wall friendly (mitigated by use of ISA server)
– Requires a second domain to keep Extranet users out of corporate domain
Pros– Single URL for all users, inside
and outside
– Works best when user credentials are stored in AD
– Maximum integration of Office applications with SharePoint document libraries and web sites
– Works well with Microsoft ISA Server 2006 firewall
Forms-Based Authentication
Cons– User has No Windows
Identity
– Reduced Office Application Integration
• No SharePoint context available in Task pane
• Unable to launch Office applications
– My Site Link disappears
– Need BDC to import Profiles
– LDAP vs. Active Directory Logins
– Uses Cookies
Pros– Works best for user
credentials stored outside AD (e.g. SQL Server)
– Works best for extranet user credentials you don’t want to store in your corporate AD
– Ability to manage users without granting admin access to AD
– Can use email address as username
ISA Server 2006
• Microsoft Internet Security & Acceleration Server 2006
• It is an integrated edge security gateway that helps protect the network from Internet-based threats
• Gives the best of both worlds of Windows and Forms-Based Authentication models
• Rich HTML login form can be branded and customized
• Domain-level cookie gives full Office application integration and eliminates multiple authentication prompts when properly configured
Standard SharePoint FBA
• IIS7 has an interface to create users and roles (groups) in the provider
• No provision for setting, changing, or retrieving passwords
• Rudimentary login page
• No self-service account creation
CKS Forms Based Authentication Solution
http://cks.codeplex.com/releases/view/17901
• Automated Solution Deployment
• Membership request web part (including CAPTCHA)
• Membership request list
• Login web part
• Recover Password web part
• Change Password web part
• ULS Logging
• User Management
• Role Management
• User Properties - Brendon Schwartz
• Self-service and business user web interfaces for setup of Extranet users
• Welcome email with account validation and secure password setup
• Password change and self-serve retrieval of lost usernames and password resets
• Display of sites each user or group has access to across SharePoint servers
• Active Directory or SQL Server forms-based authentication
• www.envisionit.com/Products
Agenda
• Welcome and Introduction
• Extranets Overview and Scenarios
• Implementing SQL FBA
• Q&A
Peter Carson
• Founder and President of Envision IT
• 20 years of industry experience
• Technical background with a strong business focus
• http://blog.petercarson.ca