Microsoft Sharepoint Products and Technologies Resource Kit eBook

More documents

Recommendations

Info

674 Part VIII: Securing SharePoint Products and Technologies External User NLB SharePoint Portal Server Farm Front-end web server Front-end web server F25XR01 Figure 25-1 SharePoint Portal Server deployment behind a firewall On a simple level, firewalls perform packet filtering: when traffic comes to the firewall, it compares the data in the Internet Protocol (IP) header with the preconfigured rules to determine whether to allow or deny access. However, to protect SharePoint Portal Server deployments from external attacks, it is also necessary to check and verify the payload inside the HTTP header. A Microsoft Internet Security and Acceleration (ISA) Server 2000 firewall is an application-layer firewall that, in addition to packet filtering, provides the ability to examine the content contained in the application-level protocols such as HTTP. Using ISA Server provides the ability to publish portal sites to the Internet without compromising the security of your internal network. In this chapter, we will look into issues you need to consider when you configure ISA Server 2000 to protect the SharePoint Portal Server deployments from unauthorized access. ISA Server 2000 Web Publishing Back-end servers When you set up the external ISA Server 2000 firewall, you first need to consider how to use ISA Server 2000 Web publishing rules for making the internal SharePoint site available for external users. When a client on the Internet requests an object from a front-end Web server, the request is actually sent to an IP address on the ISA Server computer. Web publishing rules that are configured on the ISA Server computer forward the request, as applicable, to the server running SharePoint Portal Server located behind the firewall. The servers running SharePoint Portal Server require no special IP configuration.
Chapter 25: Firewall Considerations for SharePoint Portal Server Deployments 675 This is because the servers benefit from the ISA Server network address translation (NAT) architecture. Web publishing rules determine how ISA Server should intercept incoming HTTP requests for a server located behind the ISA Server computer, and how ISA Server should respond on behalf of this server. Requests are forwarded downstream to the server (or a server farm) running SharePoint Portal Server. If possible, requests are serviced from the ISA Server cache. Essentially, Web publishing rules map incoming requests to the appropriate server behind the ISA Server computer. Note Web publishing uses the ISA proxy service as well as the firewall service. Therefore, ISA Server 2000 has to be installed in integrated mode. When Web publishing is used, Secure Sockets Layer (SSL) connections to the SharePoint site are terminated at the ISA Server 2000 firewall so that the traffic can be decrypted and the HTTP payload examined. For a Web publishing rule, you can configure how HTTPS (HTTP over SSL) requests should be redirected from ISA Server to the internal SharePoint site—as HTTP requests or as HTTPS requests. This is known as SSL bridging. You can further enhance your solution by configuring link translation. Link translation provides the ability to replace text strings in an HTTP response based on a dictionary that is set up at the ISA Server. This functionality allows you to address the problem of broken links that might result from using internal computer names when responding to external clients. We will discuss setting up link translation later in this chapter. An additional layer of protection can be provided by enabling basic credentials delegation on the ISA Server. In this scenario, the external users are authenticated at the ISA Server. If the authentication at the ISA Server is successful, the user credentials are then forwarded to the internal SharePoint site for authentication. The Share- Point authentication is transparent to the users; the users submit their credentials only once. Note Link translation and basic credentials authentication are available in ISA Server 2000 Feature Pack 1. Feature Pack 1 can be downloaded from http://www.microsoft.com/isaserver/featurepack1/howtogetfp1.asp. We will start with setting up a Web publishing rule for a SharePoint Portal Server deployment. We will then look into configuring SSL bridging, link translation, and basic authentication delegation.
Page 2 and 3:
PUBLISHED BY Microsoft Press A Divi
Page 4 and 5:
iv Contents at a Glance Part VIII S
Page 6 and 7:
vi Contents 2 Installing Windows Sh
Page 8 and 9:
viii Contents 5 SharePoint Portal S
Page 10 and 11:
x Contents Highly Available Medium
Page 12 and 13:
xii Contents 13 Installing and Conf
Page 14 and 15:
xiv Contents 18 Managing SharePoint
Page 16 and 17:
xvi Contents Incremental (Inclusive
Page 18 and 19:
xviii Contents Part VIII Securing S
Page 20 and 21:
xx Contents 29 Usage Analysis Tools
Page 22 and 23:
xxii Contents Advanced Customizatio
Page 24 and 25:
xxiv Contents 37 Using Visual Studi
Page 26 and 27:
xxvi Contents 42 Upgrading and Migr
Page 28 and 29:
xxviii Acknowledgments Shawn Baden,
Page 30 and 31:
xxx Acknowledgments I’d also like
Page 33 and 34:
Chapter 1 Introduction to Microsoft
Page 35 and 36:
Chapter 1: Introduction to Microsof
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Authentication Authorization Chapte
Page 49 and 50:
Page 51 and 52:
Chapter 2 Installing Windows ShareP
Page 53 and 54:
Chapter 2: Installing Windows Share
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
F02XR02 Chapter 2: Installing Windo
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Server Farm with Multiple Host Name
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Creating Sites Chapter 2: Installin
Page 79 and 80:
Table 2-6 Windows SharePoint Servic
Page 81 and 82:
Page 83 and 84:
Chapter 3 Installing Microsoft Offi
Page 85 and 86:
Chapter 3: Installing Microsoft Off
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
F03XR03 Chapter 3: Installing Micro
Page 97 and 98:
Page 99 and 100:
Configure Server Topology Chapter 3
Page 101 and 102:
F03XR09 Chapter 3: Installing Micro
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Uninstall SharePoint Portal Server
Page 119 and 120:
Page 121 and 122:
Page 123:
Part II SharePoint Products and Tec
Page 126 and 127:
96 Part II: SharePoint Products and
Page 128 and 129:
98 Part II: SharePoint Products and
Page 130 and 131:
100 Part II: SharePoint Products an
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 155 and 156:
Chapter 6 Security Architecture for
Page 157 and 158:
IIS IUSR_machinename user identity
Page 159 and 160:
Authorization Chapter 6: Security A
Page 161 and 162:
Chapter 6: Security Architecture fo
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Chapter 7 Architecting SharePoint P
Page 181 and 182:
Chapter 7: Architecting SharePoint
Page 183 and 184:
Chapter 7: Architecting SharePoint
Page 185:
Part III Planning and Deployment In
Page 188 and 189:
158 Part III: Planning and Deployme
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 215 and 216:
Chapter 9 Capacity Planning In this
Page 217 and 218:
Chapter 9: Capacity Planning 187 Th
Page 219 and 220:
Chapter 9: Capacity Planning 189
Page 221 and 222:
Small Server Farm Chapter 9: Capaci
Page 223 and 224:
■ Embedded ATA-100 IDE controller
Page 225 and 226:
Minimum Large Server Farm with a SQ
Page 227 and 228:
Page 229 and 230:
Planning Services Accounts Chapter
Page 231 and 232:
Chapter 9: Capacity Planning 201 di
Page 233 and 234:
Chapter 9: Capacity Planning 203 Mo
Page 235 and 236:
Chapter 9: Capacity Planning 205 sm
Page 237 and 238:
Chapter 9: Capacity Planning 207 Wh
Page 239 and 240:
Chapter 9: Capacity Planning 209 pr
Page 241 and 242:
Estimating System Requirements Chap
Page 243 and 244:
■ Divisional portal site access
Page 245 and 246:
Estimating Current and Future Stora
Page 247 and 248:
Chapter 9: Capacity Planning 217 yo
Page 249 and 250:
Chapter 9: Capacity Planning 219 me
Page 251 and 252:
Page 253 and 254:
Selecting the Stress Test Tool Chap
Page 255 and 256:
Chapter 9: Capacity Planning 225 to
Page 257 and 258:
Topics Chapter 9: Capacity Planning
Page 259 and 260:
Chapter 9: Capacity Planning 229 Th
Page 261 and 262:
Chapter 9: Capacity Planning 231 RA
Page 263 and 264:
RANDOMIZE F = INT(200 * RND) Test.G
Page 265:
Summary Chapter 9: Capacity Plannin
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 301:
Part IV Deployment Scenarios In thi
Page 304 and 305:
274 Part IV: Deployment Scenarios N
Page 306 and 307:
276 Part IV: Deployment Scenarios a
Page 308 and 309:
278 Part IV: Deployment Scenarios N
Page 310 and 311:
280 Part IV: Deployment Scenarios S
Page 312 and 313:
282 Part IV: Deployment Scenarios C
Page 314 and 315:
284 Part IV: Deployment Scenarios S
Page 316 and 317:
286 Part IV: Deployment Scenarios T
Page 318 and 319:
288 Part IV: Deployment Scenarios C
Page 320 and 321:
290 Part IV: Deployment Scenarios F
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
302 Part IV: Deployment Scenarios T
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
308 Part IV: Deployment Scenarios
Page 340 and 341:
310 Part IV: Deployment Scenarios c
Page 342 and 343:
Page 344 and 345:
Page 347 and 348:
Chapter 13 Installing and Configuri
Page 349 and 350:
Chapter 13: Installing and Configur
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Next Steps Chapter 13: Installing a
Page 369 and 370:
Chapter 14 Shared Services In this
Page 371 and 372:
Use Intra-Farm Shared Services Chap
Page 373 and 374:
Chapter 14: Shared Services 343 Not
Page 375 and 376:
Chapter 14: Shared Services 345 6.
Page 377 and 378:
F14XR07 Figure 14-7 Creating a new
Page 379:
F14XX08 Summary Chapter 14: Shared
Page 383 and 384:
Chapter 15 Configuring Windows Shar
Page 385 and 386:
Chapter 15: Configuring Windows Sha
Page 387 and 388:
Page 389 and 390:
Page 391 and 392:
Page 393 and 394:
Page 395 and 396:
Page 397 and 398:
Page 399 and 400:
Page 401 and 402:
Page 403 and 404:
Page 405 and 406:
Page 407 and 408:
Page 409 and 410:
F15XR14 Figure 15-14 Authentication
Page 411 and 412:
Page 413 and 414:
Page 415 and 416:
Page 417 and 418:
Page 419 and 420:
Configuring Site Quotas and Locks C
Page 421 and 422:
Managing Quota Templates Chapter 15
Page 423 and 424:
Page 425 and 426:
Page 427 and 428:
Page 429 and 430:
Page 431 and 432:
Searching with SQL Server 2000 Chap
Page 433:
Page 436 and 437:
406 Part V: Administration of Windo
Page 438 and 439:
Page 440 and 441:
Page 442 and 443:
Page 444 and 445:
Page 446 and 447:
Page 448 and 449:
Page 450 and 451:
Page 452 and 453:
Page 454 and 455:
Page 456 and 457:
Page 458 and 459:
Page 460 and 461:
Page 462 and 463:
Page 464 and 465:
Page 466 and 467:
Page 468 and 469:
Page 470 and 471:
Page 472 and 473:
Page 474 and 475:
Page 476 and 477:
Page 479:
Part VI Administration of Microsoft
Page 482 and 483:
452 Part VI: Administration of Micr
Page 484 and 485:
Page 486 and 487:
Page 488 and 489:
Page 490 and 491:
Page 492 and 493:
Page 494 and 495:
Page 496 and 497:
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
Page 508 and 509:
Page 510 and 511:
Page 512 and 513:
Page 514 and 515:
Page 516 and 517:
Page 518 and 519:
Page 520 and 521:
Page 522 and 523:
Page 524 and 525:
Page 526 and 527:
Page 528 and 529:
Page 530 and 531:
Page 532 and 533:
Page 534 and 535:
Page 536 and 537:
Page 538 and 539:
Page 541 and 542:
Chapter 19 Working with Documents i
Page 543 and 544:
Form Libraries Chapter 19: Working
Page 545 and 546:
Chapter 19: Working with Documents
Page 547 and 548:
F21xr02 Chapter 19: Working with Do
Page 549 and 550:
Page 551 and 552:
Page 553 and 554:
Page 555 and 556:
Page 557 and 558:
Page 559 and 560:
F21xr05 Chapter 19: Working with Do
Page 561 and 562:
Page 563 and 564:
Page 565 and 566:
Page 567 and 568:
Page 569 and 570:
Page 571 and 572:
Page 573 and 574:
Page 575 and 576:
Page 577 and 578:
Content Approval Chapter 19: Workin
Page 579 and 580:
Page 581 and 582:
Serial Editor Legal Chapter 19: Wor
Page 583 and 584:
Chapter 20 Working with Information
Page 585 and 586:
Chapter 20: Working with Informatio
Page 587 and 588:
Page 589 and 590:
Page 591 and 592:
Page 593 and 594:
Page 595 and 596:
Page 597 and 598:
Page 599 and 600:
Page 601 and 602:
Page 603 and 604:
Areas Chapter 20: Working with Info
Page 605 and 606:
Page 607 and 608:
Page 609 and 610:
Page 611 and 612:
Page 613:
Page 616 and 617:
586 Part VII: Information Managemen
Page 618 and 619:
Page 620 and 621:
Page 622 and 623:
Page 624 and 625:
Page 626 and 627:
Page 628 and 629:
Page 630 and 631:
Page 632 and 633:
Page 634 and 635:
Page 637 and 638:
Chapter 22 Managing External Conten
Page 639 and 640:
Chapter 22: Managing External Conte
Page 641 and 642:
Page 643 and 644:
Page 645 and 646:
Page 647 and 648:
Page 649 and 650:
Page 651 and 652:
Page 653 and 654: Chapter 22: Managing External Conte
Page 659 and 660: Chapter 23 Personalization Services
Page 661 and 662: Chapter 23: Personalization Service
Page 677 and 678: Personal Sites Chapter 23: Personal
Page 691 and 692: Chapter 24 Information Security Pol
Page 693 and 694: Chapter 24: Information Security Po
Page 701: Part VIII Securing SharePoint Produ
Page 706 and 707: 676 Part VIII: Securing SharePoint
Page 723 and 724: Chapter 26 Single Sign-On in ShareP
Page 725 and 726: Chapter 26: Single Sign-On in Share
Page 741 and 742: Creating the Encryption Key Chapter
Page 753 and 754: Chapter 27 Securing an Extranet Usi
Page 755 and 756:
Chapter 27: Securing an Extranet Us
Page 757 and 758:
Page 759 and 760:
Page 761 and 762:
Page 763 and 764:
Page 765 and 766:
Page 767 and 768:
Page 769 and 770:
Page 771 and 772:
Page 773 and 774:
Page 775 and 776:
Page 777:
Page 781 and 782:
Chapter 28 Disaster Recovery in Sha
Page 783 and 784:
Chapter 28: Disaster Recovery in Sh
Page 785 and 786:
Page 787 and 788:
Page 789 and 790:
Page 791 and 792:
Page 793 and 794:
Page 795 and 796:
Page 797 and 798:
Page 799 and 800:
Page 801 and 802:
Page 803 and 804:
Page 805 and 806:
Page 807 and 808:
Page 809 and 810:
Page 811 and 812:
Page 813 and 814:
Best Practices Chapter 28: Disaster
Page 815 and 816:
Page 817 and 818:
Chapter 29 Usage Analysis Tools in
Page 819 and 820:
Chapter 29: Usage Analysis Tools in
Page 821 and 822:
F31xr01 Chapter 29: Usage Analysis
Page 823 and 824:
Page 825 and 826:
Configuring the Log Files Chapter 2
Page 827 and 828:
Page 829 and 830:
Chapter 30 Default Tools to Customi
Page 831 and 832:
Shared View vs. Personal View Chapt
Page 833 and 834:
Chapter 30: Default Tools to Custom
Page 835 and 836:
Page 837 and 838:
Page 839 and 840:
Page 841 and 842:
Other Customizations Chapter 30: De
Page 843 and 844:
Page 845 and 846:
Page 847:
Areas Summary Chapter 30: Default T
Page 850 and 851:
820 Part IX: Maintaining a Server i
Page 852 and 853:
Page 854 and 855:
Page 856 and 857:
Page 858 and 859:
Page 860 and 861:
Page 862 and 863:
Page 864 and 865:
Page 866 and 867:
Page 868 and 869:
Page 870 and 871:
Page 872 and 873:
Page 874 and 875:
Page 876 and 877:
Page 878 and 879:
Page 880 and 881:
Page 882 and 883:
Page 884 and 885:
Page 886 and 887:
Page 888 and 889:
Page 890 and 891:
Page 892 and 893:
Page 894 and 895:
Page 896 and 897:
Page 898 and 899:
Page 900 and 901:
Page 902 and 903:
Page 904 and 905:
Page 906 and 907:
Page 908 and 909:
Page 910 and 911:
Page 912 and 913:
Page 914 and 915:
Page 916 and 917:
Page 918 and 919:
Page 920 and 921:
Page 922 and 923:
Page 924 and 925:
Page 926 and 927:
Page 928 and 929:
Page 930 and 931:
Page 932 and 933:
Page 934 and 935:
Page 936 and 937:
Page 938 and 939:
Page 940 and 941:
Page 942 and 943:
Page 944 and 945:
Page 946 and 947:
Page 948 and 949:
Page 950 and 951:
Page 952 and 953:
Page 954 and 955:
Page 956 and 957:
Page 958 and 959:
Page 960 and 961:
Page 962 and 963:
Page 964 and 965:
Page 966 and 967:
Page 968 and 969:
Page 970 and 971:
Page 972 and 973:
Page 974 and 975:
Page 976 and 977:
Page 978 and 979:
Page 980 and 981:
Page 982 and 983:
Page 984 and 985:
Page 986 and 987:
Page 988 and 989:
Page 990 and 991:
Page 992 and 993:
Page 994 and 995:
Page 996 and 997:
Page 998 and 999:
Page 1000 and 1001:
Page 1002 and 1003:
Page 1004 and 1005:
Page 1006 and 1007:
Page 1008 and 1009:
Page 1010 and 1011:
Page 1012 and 1013:
Page 1014 and 1015:
Page 1016 and 1017:
Page 1018 and 1019:
Page 1020 and 1021:
Page 1022 and 1023:
Page 1024 and 1025:
Page 1026 and 1027:
Page 1028 and 1029:
Page 1031 and 1032:
Chapter 37 Using Visual Studio .NET
Page 1033 and 1034:
Chapter 37: Using Visual Studio .NE
Page 1035 and 1036:
Page 1037 and 1038:
Page 1039 and 1040:
Page 1041 and 1042:
Creating a Web Part Chapter 37: Usi
Page 1043 and 1044:
Page 1045 and 1046:
Page 1047 and 1048:
Page 1049 and 1050:
Page 1051 and 1052:
Page 1053:
Summary Chapter 37: Using Visual St
Page 1057 and 1058:
Chapter 38 Windows SharePoint Servi
Page 1059 and 1060:
Chapter 38: Windows SharePoint Serv
Page 1061 and 1062:
Page 1063 and 1064:
Page 1065 and 1066:
Document Workspace Sites Chapter 38
Page 1067 and 1068:
Chapter 39 Using Microsoft Office I
Page 1069 and 1070:
Chapter 39: Using Microsoft Office
Page 1071 and 1072:
Page 1073 and 1074:
Page 1075 and 1076:
Page 1077 and 1078:
Page 1079 and 1080:
Page 1081 and 1082:
Page 1083 and 1084:
Page 1085 and 1086:
Page 1087 and 1088:
Page 1089 and 1090:
Page 1091 and 1092:
Page 1093 and 1094:
Page 1095 and 1096:
Page 1097 and 1098:
Chapter 40 Microsoft Outlook 2003 I
Page 1099 and 1100:
Chapter 40: Microsoft Outlook 2003
Page 1101 and 1102:
Page 1103 and 1104:
Page 1105 and 1106:
Page 1107 and 1108:
Page 1109 and 1110:
! Chapter 40: Microsoft Outlook 200
Page 1111 and 1112:
Page 1113 and 1114:
Page 1115 and 1116:
Page 1117:
Part XI Upgrading and Migrating to
Page 1120 and 1121:
1090 Part XI: Upgrading and Migrati
Page 1122 and 1123:
Page 1124 and 1125:
Page 1126 and 1127:
Page 1129 and 1130:
Chapter 42 Upgrading and Migrating
Page 1131 and 1132:
Chapter 42: Upgrading and Migrating
Page 1133 and 1134:
Page 1135 and 1136:
Page 1137 and 1138:
Page 1139 and 1140:
Page 1141 and 1142:
Page 1143 and 1144:
Page 1145 and 1146:
Page 1147 and 1148:
Page 1149 and 1150:
F42XR05 Chapter 42: Upgrading and M
Page 1151 and 1152:
Page 1153 and 1154:
Page 1155 and 1156:
Page 1157 and 1158:
Page 1159 and 1160:
Page 1161 and 1162:
Migration Tools Chapter 42: Upgradi
Page 1163 and 1164:
Glossary access control list (ACL)
Page 1165 and 1166:
crawl To search content to include
Page 1167 and 1168:
Glossary 1137 Internet Server Appli
Page 1169 and 1170:
scope The range and depth of a sear
Page 1171:
Glossary 1141 virtual server A virt
show all

Microsoft Sharepoint Products and Technologies Resource Kit eBook

Create successful ePaper yourself

Delete template?

Save as template?