I - Thou shalt use SSL for all SharePoint sites
Like a I said a couple of posts ago, I've been spending a lot of time with SharePoint lately. One of the things that I have decided is important is that all SharePoint sites should start out at the very beginning with SSL encryption. SharePoint suffers from a couple of irritations and one of the big ones is that sites don't want to be renamed much. There are too many things that default to hard coded links so you need to pick the right URL to use from the start. And, since you are logging on with your network credentials, why pass them in plain text? At least make a malicious user work for it.
So, what is the best way to set this up? When you run the MOSS 2007 installer, you are really just installing the basic SharePoint infrastructure and you are not installing a specific site. Once you install the software, it sets up the Central Administration website (and no other site) and from there you configure things like e-mail settings, search settings, and so on. After all of that is done, you then create a Web Application that will actually host the site. The terminology in v3.0 and MOSS 2007 is different than previous versions but a web application was referred to as virtual server in previos versions. You create a new web application and the options are there to use SSL for and port 443.
You can create this web application before you install a certificate. Once IIS is restarted, you can go to the IIS console, select the new SharePoint website, and walk through the SSL certification steps to get the certificate installed.
There will be no site to see on the Web Application until after you create a Site Collection on the new web application. You can't test your site, certificate, or anything like that until after you create the site collection.
For once, the MOSS 2007 / SharePoint installer does not overwrite the Default Website so after you create a new web application, it will sit next to the Default Website instead of overwriting it. This will be really, really useful. From the IIS console, open the default website. Go to the Home Directory tab. Change the radio button to redirect traffic and enter in the full URL of the SSL site you created. If you do that, IIS will redirect all traffic from the default, port 80, non SSL site to the new SSL site you created so that when people forget to put in HTTPS, they still go to the right place.
which are the one thing that an attacker really wants, you should make them work for it.
Saturday, September 27, 2008
For anyone who's lived in Japan...
You have to see this site: http://www.engrish.com. It's a collection of odd signs, t-shirts, and more that have odd, not quite right, English slogans written on them. Normally by a marketing person and probably by someone without a lot of language skill.
Friday, September 26, 2008
DevConnection conference in November
It look slike I'm going to be able to attend a Microsoft-centric seminar/trade show in Vegas in November. The DevConnection company is hosting a triple-combo seminar on Windows 2008, Exchange 2007, and SharePoint. When you register for one conference, you can attend sessions in any of the other conferences freely - kind of a mix and match thing. I'm going to try and tack on some vacation at the end of it, too, but not that many. I want to horde my vacation days a bit since I haven't racked up that many, yet.
I don't know the company much but there are reviews of past events floating around on the Internet that sound pretty positive. I'll try to blog about it while I'm there.
I don't know the company much but there are reviews of past events floating around on the Internet that sound pretty positive. I'll try to blog about it while I'm there.
Wednesday, September 24, 2008
WebEx and SharePoint
WebEx offers corporations a free Active Directory plug in that uses Active Directory Application Mode (ADAM) to allow your active directory to talk to WebEx. When you look at the WebEx site, it looks pretty easy. Install the SharePoint system, add some web parts, configure ADAM, run the batch import, and all of your users are ready to go with WebEx accounts.
This is totally, completely, and utterly FALSE. The WebEx integration tools are UTTER CRAP.
The ADAM component will not read any user account that is not the in default "user" container. So, if you use any intelligent Active Directory design, then the WebEx components will not import users.
The ADAM component and built in batch import have different restrictions than the WebEx site. There are different user name requirements, password requirements, and e-mail address requirements are different from the WebEx site.
If WebEx tries to sell you this as solution, tell them to take a hike.
This is totally, completely, and utterly FALSE. The WebEx integration tools are UTTER CRAP.
The ADAM component will not read any user account that is not the in default "user" container. So, if you use any intelligent Active Directory design, then the WebEx components will not import users.
The ADAM component and built in batch import have different restrictions than the WebEx site. There are different user name requirements, password requirements, and e-mail address requirements are different from the WebEx site.
If WebEx tries to sell you this as solution, tell them to take a hike.
Friday, September 19, 2008
MOSS 2007 - You REALLY want the Enterprise version
Like I mentioned before, I've started a project that is pretty SharePoint heavy. Since we have a very flexible license with Microsoft, I could pretty much run whatever version I thought was best, a luxury that a smaller company doesn't have. However, if you are a Microsoft partner, you do have access to both version of MOSS as part of your partner benefit.
There is no reason to purchase and install the standard version, in my opinion. The additional search features, site publishing features, InfoPath support, Business Intelligence (BI) web parts, and default site types in the Enterprise version are extremely useful. If you have access to both, pick the Enterprise version.
I would strongly recommend that you look long and hard at the Publishing feature that is included with MOSS 2007. Rather than using the SharePoint site as a web-enabled file share, the publishing features lets you create documents as webpages directly. Since web pages are smaller, load quicker, and can be displayed on a wide variety of devices (cell phones, Macs, etc.) without special plug ins, it really simplifies the long-term life of the documents you are creating.
And, you get a multi-lingual option called Variations that can be quite useful... and amazingly irritating at the same time...
There is no reason to purchase and install the standard version, in my opinion. The additional search features, site publishing features, InfoPath support, Business Intelligence (BI) web parts, and default site types in the Enterprise version are extremely useful. If you have access to both, pick the Enterprise version.
I would strongly recommend that you look long and hard at the Publishing feature that is included with MOSS 2007. Rather than using the SharePoint site as a web-enabled file share, the publishing features lets you create documents as webpages directly. Since web pages are smaller, load quicker, and can be displayed on a wide variety of devices (cell phones, Macs, etc.) without special plug ins, it really simplifies the long-term life of the documents you are creating.
And, you get a multi-lingual option called Variations that can be quite useful... and amazingly irritating at the same time...
Temperature is improving
Tokyo is starting to move into fall and is finally starting to cool down. Unlike back in July, the temperature has moved below 30 C and is sitting at around 27C (77-78 F). The humidity is still up a bit (especially compared to Seattle) but it is pretty livable. Right now, there a typhoon sitting to the southeast that sending a fair amout of rain our way. It might be the source of the humidity, too.
So, other than the occasional rain, late September and early October seems to be the best time to come to Tokyo.
So, other than the occasional rain, late September and early October seems to be the best time to come to Tokyo.
Wednesday, September 17, 2008
Microsoft Office SharePoint Server 2007 - the saga begins
I've started working on project that is in a lot more of a rush the previous project. It's actually a worldwide deployment of WebEx to a 7500 person company but the real fun is the WebEx portions that tie into SharePoint. I've had to set up the SharePoint server in a very specific way to get the WebEx web parts to work correctly and I've actually learned a lot about MOSS 2007 in the process. As time permits I'm going to post as much as I can about it. Especially since the included Microsoft documentation stops at the initial point and skips so much stuff...
Tuesday, September 16, 2008
Cirque du Soleil in Tokyo - ZED
On Monday, we went to see the new Cirque du Soleil show that is being staged at Tokyo Disneyland. The show, called ZED, was absolutely amazing. It is a little expensive, just like every other show, but it is completely worth it. This show is not one of the traveling shows but is permanently housed in a new theater. If you get a chance to go, you do not need to pay extra for the VIP seats. The regular seats in the second section are still excellent seats. I would go for the sections that are not on the absolute outside but one or two sections in from the edge. Any of of the seats there are going to be really good.
Wednesday, September 10, 2008
Boy, I am behind
It's been a month and half since I posted an update. I have to be more organized than that. I'll see what I can do over the next couple of days.
Subscribe to:
Posts (Atom)