SharePoint Europe WebinarChris McNulty, CTO Cryptzone

15 years in SharePoint, 20+ in IT

MVP MCP MCSE MCTS VTSP MSA

Meet Chris McNulty @cmcnulty2000

3 children (Devin,

Nate, Rachel) and

my wife Hayley

Cryptzone: Three Layers Of Defense – cryptzone.comAccess Control • Application & Content Security • Content Governance

APPLICATION & CONTENT SECURITY

HiSoftware Security Sheriff ®

HiSoftware Site Sheriff ®

SEP® Secured EmailSEP® Secured Files & FoldersSEP® Secured eUSB

CONTENT GOVERNANCE

Compliance Sheriff ®

CRYPTZONE SOLUTIONS

ACCESS CONTROL

AppGate® Secure Access

Key Topics

Administrative

Overview

Out of scope On premises migration/upgrade

O365 Dedicated

Extensive migration demos…

Rules Office 365 Shared ‘E’ Plans

Questions – time permitting during session

Any time after session – email etc. - @cmcnulty2000

Presentation governance

Cybersecurity Stakes Have Never Been HigherCrisis-Led Board Directives

Attacks increased 48% in 20142, and nowdirectly threaten earnings, executives, and company viability.

90%1 of organizations have been breached – perimeter security is insufficient and trust cannot be presumed based purely on credentials.

Static, perimeter-centric security models are no longer relevant in a world of globally-connected enterprises, mobile workers, and distributed applications, devices and content.

1 Ponemon Institute2 Global State of Information Security Survey 2015, PriceWaterhouseCoopers & CSO Magazine 10

0%

20%

40%

60%

80%

100%

BYOD Devices Compromised

accounts

User accident Malicious internal

users

Malicious external

users

Principal concern

Principal concern

0%

10%

20%

30%

40%

50%

60%

70%

BYOD Devices Compromised

accounts

User accident Malicious interal users Malicious external

users

Principal concern

Principal concern

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

BYOD Devices Compromised

accounts

User accident Malicious internal

users

Malicious external

users

Principal concern

Principal concern

“The volume of content is growing at 50 to 75% annually” – AIIM 2012 Survey

Use Cases

PRIVILEGED USER ACCESS

• Best way to control and enforce access policies even if you don’t manage the client device (BYOD)

• Agility-driven security to rapidly provision external users and publish applications

• Secure service tunnels grant per-application access, completely isolated from rest of the network

• Protect against internal threats

• Create completely isolated management or service networks

• Eliminates “jump box” risk present in typical network implementations

• Secures multi-tenant cloud/service provider environments

THIRD PARTY ACCESS

Source: Gartner IAM Summit (Dec 2014)Source: Mandiant

• Content-aware document classification

• Metadata-driven, item-level security

• Restrict publishing of non-compliant content

• Encrypt and protect data on servers, applications, mobile & USB

• Track access, email & distribution of sensitive documents

SECURING SENSITIVE DATA

16

The wrong approach to hybrid…

Create docs directly in SharePoint

Manage permissions

Applications

CONTROL

CO

ST

-E

FFIC

IEN

CYSharePoint (On-premises)

• SharePoint

Value Prop:• Full h/w control – size/scale

• Roll-your-own HA/DR/scale

Value Prop:• 100% of API surface area

• Easy migration of existing apps

• Roll-your-own HA/DR/scale

SharePoint (IaaS)• Hosted SharePoint

Value Prop:• Auto HA, Fault-Tolerance

• Friction-free scale

• Self-provisioning, mgmt. @ scale

• SharePoint Service

Office 365 (SaaS)

Office 365 Enterprise

Plans

E1 E2 E3 E4

SharePoint Online √ √ √ √

Office Online √ √ √

Local Copy of Office

Professional 2013 Plus

√ √

Forms Services, Visio

Services, Access

Services

√ √

Monthly cost per user $8 $20

FEATURE OFFICE 365 ENTERPRISE PLANS

Storage per user (contributes to

total storage base of tenant)

500 megabytes (MB) per subscribed user.

Storage base per tenant 10 GB + 500 MB per subscribed user + additional storage purchased.

Site collection storage limit 1TB

Site collections (#) per tenant 500,000 site collections (other than personal sites).

Subsites Up to 2,000 subsites per site collection

Personal site storage 1TB per user, as soon as provisioned - OneDrive for Business library and personal newsfeed. This amount is

counted separately from tenancy

Public Website storage default 5 GB (to 100GB by admin)

File upload limit 2 GB per file. (for now!)

Maximum number of users per

tenant

500,000+

Maximum number of external

user invitees

None

http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/sharepoint-online-software-boundaries-and-limits-HA102694293.aspx

https://github.com/windowsazure/azure-sdk-tools-samples

AD/DC/DNSLB WEB/APP SQL

80

20000

Cloud Service

Virtual Network

Windows Azure

Web/App Tier

1 x Large

(4 Cores & 7 GB)

Data Tier

1 x A6

(4 Cores & 28 GB)

Identity Tier

1 Small

(1 Core & 1.75 GB)

K

AD/DC/DNSLB WEB SQLAPP

80

20000

Cloud Service

Virtual Network

Windows Azure

AVSETSPWEB

AVSETSPAPP

AVSETSQLHA

AVSETDCSET

Web Tier

2 x Large

(4 Cores & 7 GB)

App Tier

2 x Large

(4 Cores & 7 GB)

Data Tier

2 x A6

(4 Cores & 28 GB)

1 x Small (Quorum)

(1 Core & 1.75 GB)

Identity Tier

2 Small

(1 Core & 1.75 GB)

K

1.

2.

3.

Build new 2013 farm

Install required solutions, settings and service apps

Backup/restore SQL content DB

SharePoint database attach PowerShell (2010 mode)

Test and perform site collection upgrades (2013 mode)

Eastern Long Island, August 2012

Prepare content

Migrate users (if hybrid)

Configure necessary apps and services

Migrate content (user or third party tools)

Option Summary

AD Sync User accts on premises

copied to cloud and

passwords synced

DirSync, WAADC, Azure

AD Connect

Option Summary

AD Sync User accts on premises

copied to cloud and

passwords synced

DirSync, WAADC, Azure

AD Connect

AD Federation “manual”, Azure AD

Connect, ADFS 2.0,

certificates

Option Summary

AD Sync User accts on premises

copied to cloud and

passwords synced

DirSync, WAADC, Azure

AD Connect

AD Federation “manual”, Azure AD

Connect, ADFS 2.0,

certificates

Migration Migrate users to cloud

and remove on premises

Third party

Option Summary

AD Sync User accts on premises

copied to cloud and

passwords synced

DirSync, WAADC, Azure

AD Connect

AD Federation “manual”, Azure AD

Connect, ADFS 2.0,

certificates

Migration Migrate users to cloud

and remove on premises

Third party

Cloud only Users defined and live in

Azure AD only

Office 365

http://connect.microsoft.com/site1164

Administration

SSL

Primary web app

SharePoint Online

InternetMicrosoft data center Intranet

Local search

results only Site collection

Microsoft Office 365 tenant

SharePoint

SharePoint Online cannot query

SharePoint Server

• Search: One-way outbound

• Business Connectivity Services: Not supported

• Duet Enterprise for SharePoint and SAP: Not supported

SharePoint Server 2013

SharePoint Server can query SharePoint Online

Federated search

results

Outbound

Inbound

On-premises SharePoint Server 2013 Enterprise Search portal: Local and remote search results are available

SharePoint Online search portal: Local search results are available

Local search

results onlyPrimary web app

SharePoint Online

InternetMicrosoft data center Intranet

Federated search

results Site collection

Office 365 tenant

SharePoint

SharePoint Online can query SharePoint Server

• Search: One-way inbound

• Business Connectivity Services: Supported

• Duet Enterprise for SharePoint and SAP: Supported

SharePoint Server 2013

SharePoint Server cannot query SharePoint Online

Inbound

On-premises SharePoint Server 2013 Enterprise Search portal: Local search results are available

SharePoint Online search portal: Local and remote search results are available

Perimeter

network

Customer network

Outbound

Reverse proxy

Federated search

resultsPrimary web app

SharePoint Online

InternetMicrosoft data center Intranet

Federated search

results Site collection

Office 365 tenant

SharePoint

SharePoint Online can query SharePoint Server

• Search: Bidirectional

• Business Connectivity Services: Supported

• Duet Enterprise for SharePoint and SAP: Supported

SharePoint Server 2013

SharePoint Server can query SharePoint Online

Inbound

On-premises SharePoint Server 2013 Enterprise Search portal and SharePoint Online search portal: Local and remote

search results are available. If extranet authentication services are configured, extranet users can log in remotely through

an on-premises Active Directory account and use all available hybrid functionality.

Perimeter

network

Customer network

Outbound

Q&A

http://www2.hisoftware.com/ESPC-Webinar-Offer

chris.mcnulty@cryptzone.com

http://www.chrismcnulty.net/blog