Microsoft Sharepoint Products and Technologies Resource Kit eBook

More documents

Recommendations

Info

684 Part VIII: Securing SharePoint Products and Technologies Configuring SSL Bridging on the Web Publishing Rule The default configuration for SSL bridging is to forward external HTTPS requests as HTTPS requests to the internal website. This configuration provides an end-to-end secure connection between the external client and the portal site. If this is the configuration that you require, you do not need to perform any additional configuration steps. However, it is possible to configure the Web publishing rule to bridge incoming HTTPS connections to the ISA Server as HTTP connections from ISA Server to the internal portal site. In this case, the internal portal site should not be configured to request SSL connections. If this is your preferred configuration, do the following: 1. Open the ISA Management console, click Servers and Arrays, click your server name, and then click Publishing. Click Web Publishing Rules, rightclick the rule you would like to configure, and select Properties. 2. In the Properties dialog box, click Bridging tab. 3. On the Bridging tab, select Redirect SSL requests as: HTTP requests (terminate the secure channel at the proxy). 4. Click Require secure channel (SSL) for the published site. Depending on your company security policy, you might need to select Require 128-bit encryption. 5. Click Apply, and then click OK. When you configure the SSL-to-HTTP bridging for a SharePoint Portal Server extranet site, you might encounter two issues with accessing the search results links from an external client, as follows: ■ Because the portal site is not SSL-enabled, the links’ URLs in the search results page are generated with HTTP protocol, not HTTPS protocol. Therefore, when a user clicks any of them, the HTTP request will be sent back to the portal site. However, the Web publishing rule as configured requires an HTTPS connection for the portal site, so the HTTP connection request will fail. ■ The links’ URLs in search results use the internal name of the portal site, which cannot be resolved to an IP address by the external client. In addition, the destination set in the Web publishing rule uses an external FQDN, which is different from the internal name. Both of these issues can be addressed by configuring the link translation on the ISA Server. The second issue—broken links because of using internal names—can also be addressed by configuring alternate portal site access settings on the portal site. We will look into configuring link translation in the next section. Configuring alternate portal access settings is discussed in detail in Chapter 13, “Installing and Configuring Windows SharePoint Services in an Extranet.”
Chapter 25: Firewall Considerations for SharePoint Portal Server Deployments 685 Testing SSL Bridging Configuration Before you go any further, you need to test your SSL bridging configuration. On an external computer that is not connected to your network, start Internet Explorer and type in https://. In our example, we would open https://external.contoso.com. A security alert might appear because the certificate of the root CA that issued the portal site certificate is not installed on the external client’s machine. If the security alert appears, click Yes to proceed. Because the SharePoint site is set up to support Basic authentication, you should see the credentials dialog box. Enter your credentials, and you should be able to see the portal site’s home page. If an error message—specifically, “500 Internal Server Error”—is returned to the browser, you might need to reconfigure the Web publishing rule. The reason this error might occur is the difference between the common name in the certificate and the name of the server in the Web publishing rule where the requests are redirected. The common name in the certificate is the external FQDN, whereas the name of the server in the Web publishing rule is the server internal name. In our example, the common name is external.contoso.com and the internal name is internal. The workaround is to use the external FQDN for the name of the server the requests are redirected to. To change the name, go to the Web publishing rule Properties, click the Action tab, and in the Redirect The Request To This Internal Web Server (Name Or IP Address) box, type external FQDN. However, for this configuration to work, ISA Server must be able to resolve the external FQDN to the internal IP address of the SharePoint site—in our example, 192.168.1.1. To enable this name resolution, you can create a hosts file entry that maps the FQDN to an internal IP address. The solution is either to set up a split DNS or to add an entry to the hosts file on the ISA Server computer. For instructions on how to set up a split DNS, refer to Chapter13. If you want to use the hosts file, add a line to it with an external FQDN and an internal IP address—for example: 192.168.1.1 external.contoso.com Note The hosts file is located in the %SystemRoot%\System32\Drivers\Etc folder on the ISA Server computer. Configuring Link Translation Using link translation on an ISA Server addresses several problems that external users might encounter when connecting to an internal SharePoint site through a firewall. Link translation is implemented as a Web application filter that is installed in Feature Pack 1 for ISA Server 2000. By default, this filter is disabled.
Page 2 and 3:
PUBLISHED BY Microsoft Press A Divi
Page 4 and 5:
iv Contents at a Glance Part VIII S
Page 6 and 7:
vi Contents 2 Installing Windows Sh
Page 8 and 9:
viii Contents 5 SharePoint Portal S
Page 10 and 11:
x Contents Highly Available Medium
Page 12 and 13:
xii Contents 13 Installing and Conf
Page 14 and 15:
xiv Contents 18 Managing SharePoint
Page 16 and 17:
xvi Contents Incremental (Inclusive
Page 18 and 19:
xviii Contents Part VIII Securing S
Page 20 and 21:
xx Contents 29 Usage Analysis Tools
Page 22 and 23:
xxii Contents Advanced Customizatio
Page 24 and 25:
xxiv Contents 37 Using Visual Studi
Page 26 and 27:
xxvi Contents 42 Upgrading and Migr
Page 28 and 29:
xxviii Acknowledgments Shawn Baden,
Page 30 and 31:
xxx Acknowledgments I’d also like
Page 33 and 34:
Chapter 1 Introduction to Microsoft
Page 35 and 36:
Chapter 1: Introduction to Microsof
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Authentication Authorization Chapte
Page 49 and 50:
Page 51 and 52:
Chapter 2 Installing Windows ShareP
Page 53 and 54:
Chapter 2: Installing Windows Share
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
F02XR02 Chapter 2: Installing Windo
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Server Farm with Multiple Host Name
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Creating Sites Chapter 2: Installin
Page 79 and 80:
Table 2-6 Windows SharePoint Servic
Page 81 and 82:
Page 83 and 84:
Chapter 3 Installing Microsoft Offi
Page 85 and 86:
Chapter 3: Installing Microsoft Off
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
F03XR03 Chapter 3: Installing Micro
Page 97 and 98:
Page 99 and 100:
Configure Server Topology Chapter 3
Page 101 and 102:
F03XR09 Chapter 3: Installing Micro
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Uninstall SharePoint Portal Server
Page 119 and 120:
Page 121 and 122:
Page 123:
Part II SharePoint Products and Tec
Page 126 and 127:
96 Part II: SharePoint Products and
Page 128 and 129:
98 Part II: SharePoint Products and
Page 130 and 131:
100 Part II: SharePoint Products an
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 155 and 156:
Chapter 6 Security Architecture for
Page 157 and 158:
IIS IUSR_machinename user identity
Page 159 and 160:
Authorization Chapter 6: Security A
Page 161 and 162:
Chapter 6: Security Architecture fo
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Chapter 7 Architecting SharePoint P
Page 181 and 182:
Chapter 7: Architecting SharePoint
Page 183 and 184:
Chapter 7: Architecting SharePoint
Page 185:
Part III Planning and Deployment In
Page 188 and 189:
158 Part III: Planning and Deployme
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 215 and 216:
Chapter 9 Capacity Planning In this
Page 217 and 218:
Chapter 9: Capacity Planning 187 Th
Page 219 and 220:
Chapter 9: Capacity Planning 189
Page 221 and 222:
Small Server Farm Chapter 9: Capaci
Page 223 and 224:
■ Embedded ATA-100 IDE controller
Page 225 and 226:
Minimum Large Server Farm with a SQ
Page 227 and 228:
Page 229 and 230:
Planning Services Accounts Chapter
Page 231 and 232:
Chapter 9: Capacity Planning 201 di
Page 233 and 234:
Chapter 9: Capacity Planning 203 Mo
Page 235 and 236:
Chapter 9: Capacity Planning 205 sm
Page 237 and 238:
Chapter 9: Capacity Planning 207 Wh
Page 239 and 240:
Chapter 9: Capacity Planning 209 pr
Page 241 and 242:
Estimating System Requirements Chap
Page 243 and 244:
■ Divisional portal site access
Page 245 and 246:
Estimating Current and Future Stora
Page 247 and 248:
Chapter 9: Capacity Planning 217 yo
Page 249 and 250:
Chapter 9: Capacity Planning 219 me
Page 251 and 252:
Page 253 and 254:
Selecting the Stress Test Tool Chap
Page 255 and 256:
Chapter 9: Capacity Planning 225 to
Page 257 and 258:
Topics Chapter 9: Capacity Planning
Page 259 and 260:
Chapter 9: Capacity Planning 229 Th
Page 261 and 262:
Chapter 9: Capacity Planning 231 RA
Page 263 and 264:
RANDOMIZE F = INT(200 * RND) Test.G
Page 265:
Summary Chapter 9: Capacity Plannin
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 301:
Part IV Deployment Scenarios In thi
Page 304 and 305:
274 Part IV: Deployment Scenarios N
Page 306 and 307:
276 Part IV: Deployment Scenarios a
Page 308 and 309:
278 Part IV: Deployment Scenarios N
Page 310 and 311:
280 Part IV: Deployment Scenarios S
Page 312 and 313:
282 Part IV: Deployment Scenarios C
Page 314 and 315:
284 Part IV: Deployment Scenarios S
Page 316 and 317:
286 Part IV: Deployment Scenarios T
Page 318 and 319:
288 Part IV: Deployment Scenarios C
Page 320 and 321:
290 Part IV: Deployment Scenarios F
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Page 330 and 331:
Page 332 and 333:
302 Part IV: Deployment Scenarios T
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
308 Part IV: Deployment Scenarios
Page 340 and 341:
310 Part IV: Deployment Scenarios c
Page 342 and 343:
Page 344 and 345:
Page 347 and 348:
Chapter 13 Installing and Configuri
Page 349 and 350:
Chapter 13: Installing and Configur
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Next Steps Chapter 13: Installing a
Page 369 and 370:
Chapter 14 Shared Services In this
Page 371 and 372:
Use Intra-Farm Shared Services Chap
Page 373 and 374:
Chapter 14: Shared Services 343 Not
Page 375 and 376:
Chapter 14: Shared Services 345 6.
Page 377 and 378:
F14XR07 Figure 14-7 Creating a new
Page 379:
F14XX08 Summary Chapter 14: Shared
Page 383 and 384:
Chapter 15 Configuring Windows Shar
Page 385 and 386:
Chapter 15: Configuring Windows Sha
Page 387 and 388:
Page 389 and 390:
Page 391 and 392:
Page 393 and 394:
Page 395 and 396:
Page 397 and 398:
Page 399 and 400:
Page 401 and 402:
Page 403 and 404:
Page 405 and 406:
Page 407 and 408:
Page 409 and 410:
F15XR14 Figure 15-14 Authentication
Page 411 and 412:
Page 413 and 414:
Page 415 and 416:
Page 417 and 418:
Page 419 and 420:
Configuring Site Quotas and Locks C
Page 421 and 422:
Managing Quota Templates Chapter 15
Page 423 and 424:
Page 425 and 426:
Page 427 and 428:
Page 429 and 430:
Page 431 and 432:
Searching with SQL Server 2000 Chap
Page 433:
Page 436 and 437:
406 Part V: Administration of Windo
Page 438 and 439:
Page 440 and 441:
Page 442 and 443:
Page 444 and 445:
Page 446 and 447:
Page 448 and 449:
Page 450 and 451:
Page 452 and 453:
Page 454 and 455:
Page 456 and 457:
Page 458 and 459:
Page 460 and 461:
Page 462 and 463:
Page 464 and 465:
Page 466 and 467:
Page 468 and 469:
Page 470 and 471:
Page 472 and 473:
Page 474 and 475:
Page 476 and 477:
Page 479:
Part VI Administration of Microsoft
Page 482 and 483:
452 Part VI: Administration of Micr
Page 484 and 485:
Page 486 and 487:
Page 488 and 489:
Page 490 and 491:
Page 492 and 493:
Page 494 and 495:
Page 496 and 497:
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
Page 508 and 509:
Page 510 and 511:
Page 512 and 513:
Page 514 and 515:
Page 516 and 517:
Page 518 and 519:
Page 520 and 521:
Page 522 and 523:
Page 524 and 525:
Page 526 and 527:
Page 528 and 529:
Page 530 and 531:
Page 532 and 533:
Page 534 and 535:
Page 536 and 537:
Page 538 and 539:
Page 541 and 542:
Chapter 19 Working with Documents i
Page 543 and 544:
Form Libraries Chapter 19: Working
Page 545 and 546:
Chapter 19: Working with Documents
Page 547 and 548:
F21xr02 Chapter 19: Working with Do
Page 549 and 550:
Page 551 and 552:
Page 553 and 554:
Page 555 and 556:
Page 557 and 558:
Page 559 and 560:
F21xr05 Chapter 19: Working with Do
Page 561 and 562:
Page 563 and 564:
Page 565 and 566:
Page 567 and 568:
Page 569 and 570:
Page 571 and 572:
Page 573 and 574:
Page 575 and 576:
Page 577 and 578:
Content Approval Chapter 19: Workin
Page 579 and 580:
Page 581 and 582:
Serial Editor Legal Chapter 19: Wor
Page 583 and 584:
Chapter 20 Working with Information
Page 585 and 586:
Chapter 20: Working with Informatio
Page 587 and 588:
Page 589 and 590:
Page 591 and 592:
Page 593 and 594:
Page 595 and 596:
Page 597 and 598:
Page 599 and 600:
Page 601 and 602:
Page 603 and 604:
Areas Chapter 20: Working with Info
Page 605 and 606:
Page 607 and 608:
Page 609 and 610:
Page 611 and 612:
Page 613:
Page 616 and 617:
586 Part VII: Information Managemen
Page 618 and 619:
Page 620 and 621:
Page 622 and 623:
Page 624 and 625:
Page 626 and 627:
Page 628 and 629:
Page 630 and 631:
Page 632 and 633:
Page 634 and 635:
Page 637 and 638:
Chapter 22 Managing External Conten
Page 639 and 640:
Chapter 22: Managing External Conte
Page 641 and 642:
Page 643 and 644:
Page 645 and 646:
Page 647 and 648:
Page 649 and 650:
Page 651 and 652:
Page 653 and 654:
Page 655 and 656:
Page 657 and 658:
Page 659 and 660:
Chapter 23 Personalization Services
Page 661 and 662:
Chapter 23: Personalization Service
Page 663 and 664: Chapter 23: Personalization Service
Page 677 and 678: Personal Sites Chapter 23: Personal
Page 691 and 692: Chapter 24 Information Security Pol
Page 693 and 694: Chapter 24: Information Security Po
Page 701: Part VIII Securing SharePoint Produ
Page 704 and 705: 674 Part VIII: Securing SharePoint
Page 723 and 724: Chapter 26 Single Sign-On in ShareP
Page 725 and 726: Chapter 26: Single Sign-On in Share
Page 741 and 742: Creating the Encryption Key Chapter
Page 753 and 754: Chapter 27 Securing an Extranet Usi
Page 755 and 756: Chapter 27: Securing an Extranet Us
Page 765 and 766:
Chapter 27: Securing an Extranet Us
Page 767 and 768:
Page 769 and 770:
Page 771 and 772:
Page 773 and 774:
Page 775 and 776:
Page 777:
Page 781 and 782:
Chapter 28 Disaster Recovery in Sha
Page 783 and 784:
Chapter 28: Disaster Recovery in Sh
Page 785 and 786:
Page 787 and 788:
Page 789 and 790:
Page 791 and 792:
Page 793 and 794:
Page 795 and 796:
Page 797 and 798:
Page 799 and 800:
Page 801 and 802:
Page 803 and 804:
Page 805 and 806:
Page 807 and 808:
Page 809 and 810:
Page 811 and 812:
Page 813 and 814:
Best Practices Chapter 28: Disaster
Page 815 and 816:
Page 817 and 818:
Chapter 29 Usage Analysis Tools in
Page 819 and 820:
Chapter 29: Usage Analysis Tools in
Page 821 and 822:
F31xr01 Chapter 29: Usage Analysis
Page 823 and 824:
Page 825 and 826:
Configuring the Log Files Chapter 2
Page 827 and 828:
Page 829 and 830:
Chapter 30 Default Tools to Customi
Page 831 and 832:
Shared View vs. Personal View Chapt
Page 833 and 834:
Chapter 30: Default Tools to Custom
Page 835 and 836:
Page 837 and 838:
Page 839 and 840:
Page 841 and 842:
Other Customizations Chapter 30: De
Page 843 and 844:
Page 845 and 846:
Page 847:
Areas Summary Chapter 30: Default T
Page 850 and 851:
820 Part IX: Maintaining a Server i
Page 852 and 853:
Page 854 and 855:
Page 856 and 857:
Page 858 and 859:
Page 860 and 861:
Page 862 and 863:
Page 864 and 865:
Page 866 and 867:
Page 868 and 869:
Page 870 and 871:
Page 872 and 873:
Page 874 and 875:
Page 876 and 877:
Page 878 and 879:
Page 880 and 881:
Page 882 and 883:
Page 884 and 885:
Page 886 and 887:
Page 888 and 889:
Page 890 and 891:
Page 892 and 893:
Page 894 and 895:
Page 896 and 897:
Page 898 and 899:
Page 900 and 901:
Page 902 and 903:
Page 904 and 905:
Page 906 and 907:
Page 908 and 909:
Page 910 and 911:
Page 912 and 913:
Page 914 and 915:
Page 916 and 917:
Page 918 and 919:
Page 920 and 921:
Page 922 and 923:
Page 924 and 925:
Page 926 and 927:
Page 928 and 929:
Page 930 and 931:
Page 932 and 933:
Page 934 and 935:
Page 936 and 937:
Page 938 and 939:
Page 940 and 941:
Page 942 and 943:
Page 944 and 945:
Page 946 and 947:
Page 948 and 949:
Page 950 and 951:
Page 952 and 953:
Page 954 and 955:
Page 956 and 957:
Page 958 and 959:
Page 960 and 961:
Page 962 and 963:
Page 964 and 965:
Page 966 and 967:
Page 968 and 969:
Page 970 and 971:
Page 972 and 973:
Page 974 and 975:
Page 976 and 977:
Page 978 and 979:
Page 980 and 981:
Page 982 and 983:
Page 984 and 985:
Page 986 and 987:
Page 988 and 989:
Page 990 and 991:
Page 992 and 993:
Page 994 and 995:
Page 996 and 997:
Page 998 and 999:
Page 1000 and 1001:
Page 1002 and 1003:
Page 1004 and 1005:
Page 1006 and 1007:
Page 1008 and 1009:
Page 1010 and 1011:
Page 1012 and 1013:
Page 1014 and 1015:
Page 1016 and 1017:
Page 1018 and 1019:
Page 1020 and 1021:
Page 1022 and 1023:
Page 1024 and 1025:
Page 1026 and 1027:
Page 1028 and 1029:
Page 1031 and 1032:
Chapter 37 Using Visual Studio .NET
Page 1033 and 1034:
Chapter 37: Using Visual Studio .NE
Page 1035 and 1036:
Page 1037 and 1038:
Page 1039 and 1040:
Page 1041 and 1042:
Creating a Web Part Chapter 37: Usi
Page 1043 and 1044:
Page 1045 and 1046:
Page 1047 and 1048:
Page 1049 and 1050:
Page 1051 and 1052:
Page 1053:
Summary Chapter 37: Using Visual St
Page 1057 and 1058:
Chapter 38 Windows SharePoint Servi
Page 1059 and 1060:
Chapter 38: Windows SharePoint Serv
Page 1061 and 1062:
Page 1063 and 1064:
Page 1065 and 1066:
Document Workspace Sites Chapter 38
Page 1067 and 1068:
Chapter 39 Using Microsoft Office I
Page 1069 and 1070:
Chapter 39: Using Microsoft Office
Page 1071 and 1072:
Page 1073 and 1074:
Page 1075 and 1076:
Page 1077 and 1078:
Page 1079 and 1080:
Page 1081 and 1082:
Page 1083 and 1084:
Page 1085 and 1086:
Page 1087 and 1088:
Page 1089 and 1090:
Page 1091 and 1092:
Page 1093 and 1094:
Page 1095 and 1096:
Page 1097 and 1098:
Chapter 40 Microsoft Outlook 2003 I
Page 1099 and 1100:
Chapter 40: Microsoft Outlook 2003
Page 1101 and 1102:
Page 1103 and 1104:
Page 1105 and 1106:
Page 1107 and 1108:
Page 1109 and 1110:
! Chapter 40: Microsoft Outlook 200
Page 1111 and 1112:
Page 1113 and 1114:
Page 1115 and 1116:
Page 1117:
Part XI Upgrading and Migrating to
Page 1120 and 1121:
1090 Part XI: Upgrading and Migrati
Page 1122 and 1123:
Page 1124 and 1125:
Page 1126 and 1127:
Page 1129 and 1130:
Chapter 42 Upgrading and Migrating
Page 1131 and 1132:
Chapter 42: Upgrading and Migrating
Page 1133 and 1134:
Page 1135 and 1136:
Page 1137 and 1138:
Page 1139 and 1140:
Page 1141 and 1142:
Page 1143 and 1144:
Page 1145 and 1146:
Page 1147 and 1148:
Page 1149 and 1150:
F42XR05 Chapter 42: Upgrading and M
Page 1151 and 1152:
Page 1153 and 1154:
Page 1155 and 1156:
Page 1157 and 1158:
Page 1159 and 1160:
Page 1161 and 1162:
Migration Tools Chapter 42: Upgradi
Page 1163 and 1164:
Glossary access control list (ACL)
Page 1165 and 1166:
crawl To search content to include
Page 1167 and 1168:
Glossary 1137 Internet Server Appli
Page 1169 and 1170:
scope The range and depth of a sear
Page 1171:
Glossary 1141 virtual server A virt
show all

Microsoft Sharepoint Products and Technologies Resource Kit eBook

Create successful ePaper yourself

Delete template?

Save as template?