More Power Out: Empowering your mobile workforce Damir Bersinic IT Pro Advisor Microsoft Canada Rick Claus IT Pro Advisor Microsoft Canada xBox Live: Rickster CDN
Session Goals: Allow your workforce to be mobile and connectedAllow your workforce to be mobile and connected Configure your environment to maximize your mobile workforce experienceConfigure your environment to maximize your mobile workforce experience Best Practices, Tools and Tips.Best Practices, Tools and Tips.
Agenda Remote Access ScenariosRemote Access Scenarios Publishing Web Sites with ISA Server 2004Publishing Web Sites with ISA Server 2004 Authentication Methods for SharePointAuthentication Methods for SharePoint Publishing OWA, OMA, RPC over HTTPSPublishing OWA, OMA, RPC over HTTPS Publishing Live Communication Server 2005Publishing Live Communication Server 2005
Remote Access Scenarios Traditional Remote Access Methods File Transfer Protocol (FTP) SitesFile Transfer Protocol (FTP) Sites Secure connections using the InternetSecure connections using the Internet Lack of functionalityLack of functionality Administrative expenseAdministrative expense Dial-up Remote Access Server (RAS)Dial-up Remote Access Server (RAS) Secure direct connectionsSecure direct connections Expensive (server resources)Expensive (server resources) Administrative expenseAdministrative expense Virtual Private Networks (VPN)Virtual Private Networks (VPN) Secure connections using the InternetSecure connections using the Internet Expensive (server resources)Expensive (server resources) Administrative expenseAdministrative expense
Remote Access Scenarios Extranets Accessible to Web browsersAccessible to Web browsers HTTP and HTTPS accessHTTP and HTTPS access Low administrative costsLow administrative costs Secure connections using the InternetSecure connections using the Internet Different authentication mechanisms availableDifferent authentication mechanisms available Fully-functional Web-based applicationsFully-functional Web-based applications Line-of-business applicationsLine-of-business applications SharePoint Portal SitesSharePoint Portal Sites Collaborative SharePoint team sitesCollaborative SharePoint team sites Consistent user-experienceConsistent user-experience Intranet accessIntranet access Extranet and Internet accessExtranet and Internet access
Remote Access Scenarios RPC over HTTPS Proxies Allows for VPN-less connections while still providing strong securityAllows for VPN-less connections while still providing strong security More and more applications are supporting RPC proxies via HTTPS using SSL tunnelsMore and more applications are supporting RPC proxies via HTTPS using SSL tunnels –Outlook 2003 SP1 can use RPC over HTTPS Other applications are planned in the futureOther applications are planned in the future
Agenda Remote Access ScenariosRemote Access Scenarios Publishing Web Sites with ISA Server 2004Publishing Web Sites with ISA Server 2004 Authentication Methods for SharePoint Web SitesAuthentication Methods for SharePoint Web Sites Publishing OWA, OMA, RPC over HTTPSPublishing OWA, OMA, RPC over HTTPS Publishing Live Communication Server 2005Publishing Live Communication Server 2005
Publishing Web Sites with ISA Server 2004 ISA Server Firewalls Web Server Domain Controller ISA Server
ISA Server 2004 Overview ISA Management MMC Rules, Listeners, Publishing demonstration demonstration
Publishing Web Sites with ISA Server 2004 Server Publishing Typically used for services other than Web or FTPTypically used for services other than Web or FTP Examples: SQL Server, SMTP ServicesExamples: SQL Server, SMTP Services Used for Live Communications Server 2005 TLSUsed for Live Communications Server 2005 TLS Can be used for publishing Web sitesCan be used for publishing Web sites Not recommendedNot recommended Lack of configuration flexibilityLack of configuration flexibility External HTTP requests can bypass the Web proxy serviceExternal HTTP requests can bypass the Web proxy service
Publishing Web Sites with ISA Server 2004 Link Translation Some Web applications use absolute addresses for resources and hyperlinksSome Web applications use absolute addresses for resources and hyperlinks Can result in inaccessibility to users on the Internet or extranetCan result in inaccessibility to users on the Internet or extranet Can expose computer names and IP addresses to hackersCan expose computer names and IP addresses to hackers Can be confusing to users on the intranetCan be confusing to users on the intranet SharePoint applications often use a mix of relative and absolute addressesSharePoint applications often use a mix of relative and absolute addresses Server namesServer names IP addressesIP addresses ISA Server allows string substitution to resolve absolute address issuesISA Server allows string substitution to resolve absolute address issues
Agenda Remote Access ScenariosRemote Access Scenarios Publishing Web Sites with ISA Server 2004Publishing Web Sites with ISA Server 2004 Authentication Methods for SharePoint Web SitesAuthentication Methods for SharePoint Web Sites Publishing OWA, OMA, RPC over HTTPSPublishing OWA, OMA, RPC over HTTPS Publishing Live Communication Server 2005Publishing Live Communication Server 2005
Authentication Methods for SharePoint Web Sites Securing SharePoint Applications SharePoint supports a number of different authentication scenariosSharePoint supports a number of different authentication scenarios Anonymous accessAnonymous access Basic authenticationBasic authentication Windows authenticationWindows authentication SSL and certificate authenticationSSL and certificate authentication SharePoint users and groups are used to control access to sites, libraries, and other resourcesSharePoint users and groups are used to control access to sites, libraries, and other resources
Authentication Methods for SharePoint Web Sites Authentication for Published SharePoint Sites ISA Server 2004 can:ISA Server 2004 can: Pre-authenticate usersPre-authenticate users Often with basic authenticationOften with basic authentication Use SSL for basic authentication scenariosUse SSL for basic authentication scenarios Publishing a secure Web sitePublishing a secure Web site User credentials are encrypted by SSLUser credentials are encrypted by SSL Use pass-through Windows authenticationUse pass-through Windows authentication Passes authentication to the SharePoint Web serverPasses authentication to the SharePoint Web server
Securing SharePoint with ISA 2004 Configure SharePoint Security Configure External DNS for Site Access Publish SharePoint Site Using ISA 2004 Connecting to SharePoint Site from External Network demonstration demonstration
Agenda Remote Access ScenariosRemote Access Scenarios Publishing Web Sites with ISA Server 2004Publishing Web Sites with ISA Server 2004 Authentication Methods for SharePoint Web SitesAuthentication Methods for SharePoint Web Sites Publishing OWA, OMA, RPC over HTTPSPublishing OWA, OMA, RPC over HTTPS Publishing Live Communication Server 2005Publishing Live Communication Server 2005
Firewall Flexible, Secure Access Windows 2003 AD / GC Server Exch 2003 ISA Firewall Perimeter Network (DMZ) E2003 Back- End Servers Radius (IAS) Server ISA 2004 RPC Filtering SMTP Filtering RSA SecurID OWA Access Wizard OWA Clients (HTTPS / HTML) Outlook Clients (RPC/HTTPS) WAP 2.0, iMode (xHTML, cHTML) Pocket PC (HTTPS / HTML) Wireless Carrier and Internet
Configure RPC over HTTPS Configure Exchange 2003 Server for RPC over HTTPS Publish RPC over HTTPS in ISA 2004 Configure Outlook 2003 for RPC over HTTPS demonstration demonstration
Firewall Flexible, Secure Access Windows 2003 AD / GC Server Exch 2003 ISA Firewall Perimeter Network (DMZ) E2003 Back- End Servers Radius (IAS) Server ISA 2004 RPC Filtering SMTP Filtering RSA SecurID OWA Access Wizard OWA Clients (HTTPS / HTML) Outlook Clients (RPC/HTTPS) WAP 2.0, iMode (xHTML, cHTML) Pocket PC (HTTPS / HTML) Wireless Carrier and Internet
Publishing OWA and OMA Configure Outlook Web Access Configure Exchange for Outlook Mobile Access Publish OWA and OMA in ISA 2004 demonstration demonstration
Firewall Flexible, Secure Access Windows 2003 AD / GC Server Exch 2003 ISA Firewall Perimeter Network (DMZ) E2003 Back- End Servers Radius (IAS) Server ISA 2004 RPC Filtering SMTP Filtering RSA SecurID OWA Access Wizard OWA Clients (HTTPS / HTML) Outlook Clients (RPC/HTTPS) WAP 2.0, iMode (xHTML, cHTML) Pocket PC (HTTPS / HTML) Wireless Carrier and Internet
Publishing Exchange ActiveSync Configure Exchange for ActiveSync Publish ActiveSync in ISA 2004 demonstration demonstration
Agenda Remote Access ScenariosRemote Access Scenarios Publishing Web Sites with ISA Server 2004Publishing Web Sites with ISA Server 2004 Authentication Methods for SharePoint Web SitesAuthentication Methods for SharePoint Web Sites Publishing OWA, OMA, RPC over HTTPSPublishing OWA, OMA, RPC over HTTPS Publishing Live Communication Server 2005Publishing Live Communication Server 2005
Publishing the LCS 2005 Server Configure LCS 2005 for External Access Publish LCS 2005 in ISA 2004 demonstration demonstration
More Power Out: Empowering your mobile workforce Web-based extranets provide access to business information with low administrative and resource costsWeb-based extranets provide access to business information with low administrative and resource costs SharePoint Web sites provide ideal extranet solutions for collaborative access to business informationSharePoint Web sites provide ideal extranet solutions for collaborative access to business information ISA Server 2004 can be used to publish and secureISA Server 2004 can be used to publish and secure –SharePoint applications for an extranet or over the Internet –Exchange Outlook Web Access / Outlook Mobile Access –Outlook RPC over HTTPS –Live Communication Server 2005
For More Information… Main TechNet Canada Web site atMain TechNet Canada Web site at Exchange Server 2003 SP2Exchange Server 2003 SP2 Exchange Product Team BlogExchange Product Team Blog Live Communications Server 2005 SP1Live Communications Server 2005 SP1 Sharepoint Portal Server 2003Sharepoint Portal Server
Join us for the next session on: Extending your collaboration platform