SharePoint 2010 public facing sites
1 like3,208 views
This document outlines best practices for implementing public-facing SharePoint 2010 sites. It discusses the business case for public sites, new Internet-friendly licensing models, branding tips, authentication options like forms-based authentication and anonymous access. Topologies for external-facing implementations like edge firewall, perimeter network and split perimeter network are presented. Security gateways like TMG and UAG are also covered. The document concludes with avoiding common pitfalls, best practices like using a least privilege approach, and resources for assistance.
SharePoint 2010 public facing sites
- 1. Best Practices for SharePoint 2010 Public Facing Sites
- 2. SpeakersMichael Van CleaveSr. Architect & Practice Lead MCT, MCPD, MCTS, MCSD.NET Paul Papanek StorkSharePoint MVP & Author Chief Architect & Practice LeadMBA, MCT, MCSE, MCSD, MCDBA, MCTS, MCITP, MCPD…
- 3. AgendaDiscuss the Business CaseNew Internet Friendly LicensingBranding Tips for SuccessAuthentication and Anonymous AccessExtranet TopologiesSecurity GatewaysBest Practices/Avoiding Common PitfallsResources and Q & A
- 4. Audience SurveyWhat is your primary role in implementing SharePoint initiatives?Decision Maker, Influencer or SponsorAdmin, Architect or DeveloperAnalyst or End UserConsultant
- 5. The Business CaseMarket TrendsCollaborate with business partners/clientsConnect your virtual offices or telecommuting employeesCreate a more compelling internet presence (e.g. including dynamic content, workflow, etc.)Why SharePoint?Leverage content contributors / SME’s throughout your organizationProvide more timely, pointed content with ease Build on your existing SharePoint investment Don’t start from scratch!SharePoint is specifically built for these scenarios
- 6. New Licensing ModelsInternet Server licensing No CALs required for external usersVersionsSP Server 2010 for Internet Sites, StandardSame functionality as Standard CALLimited to one Internet domain (i.e. not AD domain)SP Server 2010 for Internet Sites, EnterpriseSame functionality as with Enterprise CALIncludes FAST Search ServerSharePoint FoundationFree, essentially
- 7. New Licensing Models – Cont’dDetermine upfront what functionality you need for your public siteLicensing costs differ significantly Development costs can differ significantlyMicrosoft Licensing is complex! Contact us if you need help: Info@ShareSquared.com
- 8. Branding for SuccessStart from “close to” scratchPerformance is KeyConsider image format and sizeUse Fiddler or other page analyzersReduce JavaScript payloads (Cui.js, Sp.ui.js, Core.js)Turn off Naming ActiveX controlWeb app general settings pageOrganize your content Utilize SharePoint lists, calendars, web parts etc. Leverage content expiration, versioning, alerts, auditing, etc.Choose a creative design firm that understands your brand, your content and SharePoint!Use a SharePoint Expert for implementation
- 9. Authentication ChoicesWindows AuthenticationNative windows authentication methods do not work well over internetBasic Authentication over HTTPSAlternative to native windows authenticationForms Based AuthenticationAlternative user store (SQL, LDAP, etc.)Full support for client application integration.Anonymous AccessRead-only users
- 10. Configuring FBA & Anonymous Access
- 11. Audience SurveyWhere are you on the SharePoint 2010 adoption curve?Already using SharePoint 2010Will implement/upgrade in 0-3 MonthsWill implement/upgrade in 4-12 MonthsNo near-term plans to upgrade/useUnsure – need more information
- 12. Selecting the Right TopologyQuestions to AskWho are the potential users?How will the site be used?What is in the existing environment?Internet Facing TopologiesEdge FirewallBack to Back Perimeter NetworkSplit Back to Back Perimeter Network
- 13. Edge FirewallGood for light duty/low security installationsBest for telecommuting employees
- 14. Edge Firewall Pros/ConsAdvantagesDisadvantagesLeast amount of hardware & configurationAll Data stored within the trusted networkOnly one set of servers to maintainA single farm to build and maintainMay not need Internet licenseLowest SecurityOnly one firewall protecting Internal network
- 15. Perimeter NetworkGood for an Internet only web site.Good for public hosting environment
- 16. Perimeter Network Pros/ConsAdvantagesDisadvantagesSingle farm simplifies sharing and maintenanceNo external user access to internal networkContent Deployment between internal and external farm possible Additional infrastructure and configuration requiredInternal users have two user accountsContent Deployment requires external sites to be Read Only
- 17. Split PerimeterBest for an Extranet Collaboration scenarioOne way AD Trust
- 18. Split Perimeter Pros/ConsAdvantagesDisadvantagesSQL servers not in Perimeter networkInternal users don’t need two accountsExternal users can use Windows (Basic) authenticationRequires the most hardwareMost Complex solution
- 19. Gateway Servers ISA Server 2006Forefront TMG Server 2010Forefront UAG Server 2010
- 20. Threat Management GatewayDesigned for Outbound Access ControlCapabilitiesSharePoint publishingNetwork load balancingArray supportMobile accessRich authenticationUnified portalDirect Access
- 21. Unified Access GatewayDesigned for Inbound Access ControlCapabilitiesSharePoint publishingNetwork load balancingArray supportMobile accessRich authenticationEndpoint health detectionGranular access policiesInformation leakage mitigationDirect Access
- 22. Publishing a SharePoint Site using TMG
- 23. Audience SurveyWhat do you see as next steps?Learn more about Public Facing Sites in SharePoint 2010Plan& Design a Public Facing SharePoint SiteImplement a Public Facing SharePoint Site in SharePoint 2010Get some help!
- 24. Avoiding PitfallsAnonymous access users still need licensesPeople Picker issues with Read Only Domain ControllersAdmin and Service Accounts should be from Trusted DomainDeactivate/Block features and services that won’t be used (e.g. MySites)Don’t use Themes for SharePoint Foundation 2010Don’t just move to SharePoint – use it’s features!
- 25. Best PracticesStart with a “Least Privileges” Security Account approachSet Anonymous Policy for the External Web Application ZoneUse Content Deployment for Read Only WCM systemsService accounts should all be Managed Accounts with automated passwordLeverage multiple zonesAnalyze content & put it into the proper SharePoint structures
- 26. SharePoint GamePLAN®Jumpstart your SharePoint deploymentConducted by an MCM, MVP or Sr. ArchitectDeliverablesEducation on SharePoint 2010Brainstorming & Conceptual DesignAssessment – Hardware, AD, Skills, etc.Planning & Implementation Roadmap $4,500 + travel for a 3-day engagementUtilize Microsoft Vouchers (as applicable)Email Info@ShareSquared.com or Call 800-445-1279
- 27. DownloadsSeveral handouts are available for download from LiveMeeting:SharePoint 2010 GamePLANSharePoint Composer/MaestroCompany ProfileFREE Trial Version of SharePoint Composer:www.SharePointComposer.com
- 28. Resources and Q & AAssessment & PlanningSchedule a SharePoint GamePLAN engagementLearn more about SharePoint 2010Next Webinar: “Tour de SharePoint 2010 with our SharePoint MVP's & Certified Master Candidates” on 5/3/2011Online resourcesExtranet Topologies for SharePoint 2010 http://tinyurl.com/SpExtranetChart Plan Security Hardeninghttp://tinyurl.com/PlanSecHarden Account Permissions and Security Settingshttp://tinyurl.com/AcctPermContact Us: Info@ShareSquared.com or 800-445-1279
Editor's Notes
- #2: PAUL WILL START 10 MINUTE TIMER Blended SharePoint 2010 & .NET Solutions
- #3: PAUL
- #4: PAULBullet Points from the email blastDeveloping a Strategy for Leveraging SharePoint Inside-OutNew Internet Friendly Licensing in SharePoint 2010Branding for SuccessAuthentication and Anonymous AccessSelecting the Right Extranet TopologyForefront Threat Management and Unified Access GatewaysBest Practices & Avoiding Pitfalls
- #5: PAUL
- #6: MICHAEL
- #7: MICHAELLimited to ONE Internet domain. (Not AD domain) Example: ShareSquared.com Partners.ShareSquared.com Emplyees.ShareSquared.com NOT: CompanyA.com CompanyB.com OrganizaitonC.org*** Fast Search/Enterprise SharePointYou cannot deploy both on the same license. The license only covers SharePoint Enterprise Internet OR Fast Search Server. Not both concurrently.*** SharePoint Foundation if you expose it externally you need to purchase a Windows external connector or your server.
- #8: MICHAELMicrosoft Licensing check with a Licensing Representative BEFORE you deploy your site!
- #9: MICHAELChoose a SharePoint Expert:Branding in needs expert proficiency due to it’s complexity.Start from close to scratch: Start from a minimal.master and only include needed controls (moderate)(icon)Performance is Key: use Fiddler to assist you with what the page is sending to the browserReduce Javascript Payloads: some of the following scripts may not be needed depending on your site. Remove the .js file if it’s functionality is not needed.
- #10: MICHAELWindows Auth Remote UsersExtranet Remote Partners/Clients/etcAnonymous Read-only users ***Although you can allow users to post to lists (blogs, comments, etc) but you cannot set them up to contribute to libraries.
- #11: MICHAEL
- #12: MICHAEL
- #13: PAUL
- #14: PAUL
- #15: PAUL
- #16: PAUL
- #17: PAUL
- #18: PAUL
- #19: PAUL
- #20: PAUL
- #21: PAUL
- #22: PAUL
- #23: PAUL
- #24: PAUL
- #25: PAUL
- #26: PAUL
- #27: PAULIf they need help, we’ve had access to SharePoint 2010 for over a year – we can guide them thru the processMention Downloads, Recording & Email invite to ECM in SharePoint 2010 WebinarExplain SharePoint GamePLAN Q & A - EVERYONE
- #28: PAUL
- #29: PAULIf they need help, we’ve had access to SharePoint 2010 for over a year – we can guide them thru the processMention Downloads, Recording & Email invite to ECM in SharePoint 2010 WebinarExplain SharePoint GamePLAN WEBINAR: Tuesday October 26th 11:00 AM PSTCOMPOSER Site: About to get a makeover as a branded 2010 site, build using Composer & MaestroPRICING / LICENSING: Free SharePoint Foundation Version – Composer Only~$299 for Foundation BuildComposer Standard and Enterprise is sold per-UserMaestro Standard and Enterprise is sold per-serverSee the site for pricing details & info in a follow-up email w/ the Q & A contentQ & A – EVERYONEExtranet Topologies for SharePoint 2010http://tinyurl.com/SpExtranetChartPlan Security Hardeninghttp://technet.microsoft.com/en-us/library/cc262849.aspxAccount Permissions and Security Settingshttp://technet.microsoft.com/en-us/library/cc678863.aspx