I have been doing weird, wacky things with SharePoint for the last two years to help customers use it as their Internet facing portal. Through these experiences and tribulations, I have developed my own list of “things to hate about SharePoint Internet/Extranet facing portals”. Working with big customers and doing these weird things, attracts the attention of the product teams and fortunately I have developed a really strong working relationship with them. It seems that they have taken a lot of my customer’s complaining to heart because a lot of things are fixed in the next version.
MOSS 2007 (please insert many jokes about the name) solves a lot of things on my hate list, but there may still be a need for consultants like me. Phew, they didn’t put me out of a job yet.
** Note: MOSS 2007 is not released yet, and some of the information below is subject to change but you should be able to check all of them out in Beta2 **
Web Part and Template Deployment
Most of my feedback has been around high availability of SharePoint, specifically deploying code such as web parts and templates in SPS 2003. The problem/feature is that SharePoint stores most content in a SQL database, but “code” is kept local to the box. When you have a large farm of servers, getting code to the boxes without disrupting active sessions is impossible. I wrote some complex scripts to drain IIS connections, copy web parts/templates, and start the web service again, but it is far from the seamless.
This is not completely fixed in MOSS 2007, but it is much better. Templates are now in document libraries, which are stored in SQL (ya!). Web parts are still ASP.NET 2.0 assemblies and still reside on the individual web server, but SharePoint provides a mechanism to “CAB” them and have the SharePoint deploy them for you. I really need to try this on my own, because SPS 2003 had this ability but there was a limitation that it couldn’t do some of the files we required.
That still leaves the problem of deploying the web.config and machine.config through alternate means such as script (I use WMIC to call a remote scheduled task and call VBS on a file server). Most customers that use SPS 2003 and MOSS 2007 don’t have to worry about the web.config or machine.config, but if you are using it as a platform it is something you have to solve.
Extranet Portals are a core feature in MOSS 2007
SPS 2003 was intended for Intranets only. When you try and use it for Extranet sites, you run into issues where the portal name is different than the URL you specify for the load balancer. There is an alternate name that you can use, but it can still break things like alerting and provisioning.
Well, MOSS 2007 now has Extranets as part of its core competencies and there is support for many URL’s as well as many other Extranet type features.
Infrastructure Changes to support DMZ’s
The biggest problems with putting SPS 2003 in a DMZ to make it Internet facing is that it required “Windows Authentication” to the SQL Server. This meant that you had to have SQL and AD servers in the DMZ to support SQL. You could either make swiss cheese of a your corporate perimeter firewall and put the boxes in your corporate network (not recommended) or put SQL and AD in the DMZ. If you wanted to allow employees to use SharePoint with their corporate credentials you then had to find a way to create a trust between the DMZ AD and internal AD (we recommend a cross forest trust with IPSec).
MOSS 2007 has two major things going for it to support this scenario. One, “windows Auth” is no longer required for SQL, so you can use “SQL Auth” which only requires a single port for SQL traffic. Sure, “Windows Auth” is more secure, but MOS 2007 eliminates the need for AD infrastructure in places you may not want it. Second, MOSS 2007 supports authentication against other directories such as LDAP instead of AD. Security guys are much happier to open secure LDAP traffic than they are about AD Sync or cross forest trust. For me, I still think the cross forest trust model offers the most flexibility and is secure if you use IPSec ESP-Null to pass through the corporate perimeter firewall. I got a chance to catch up and discuss this with Steve Riley this week, and hopefully he can post his thoughts on this someday.
No more Topologies
SharePoint veterans know that there are three types of SPS 2003 topologies: small, medium, and large farm. And, you have to have a certain number of web, search, index and job servers or SPS will yell at you. You can pretty much have any type of topology you want, and there are a couple new type of services that can be combine, but I won’t spoil all of MOSS’s secrets.
Content Management and Workflow
Integrating SharePoint and Content Management Server is the most important thing Microsoft could have done for this version of SharePoint. On at least two big SharePoint projects, we had to use SPS and CMS together and do stupid things like iFrame content from CMS so that we could index the pages and make it look like one big happy family.
No more tricks, it’s all in there. Workflow is there, and content management is there.
The administrator console has caused a lot of pain for administrators. It was always this separate site that had a bunch of settings that you had to memorize.
It is now just another site, and all the links are searchable. Don’t know where to change the site structure? Just search for the answer because it is all indexed. Did I mention that you can also easily customize options and it is security sensitive (you won’t see items that you can’t perform)?
SharePoint storing credentials
I didn’t get a chance to ask around, but I believe the issue of SharePoint storing its own copy of credentials in its database is gone. If you recall, this causes problems when you move users from one domain to another. I will update this as I find out…
There was a lot of information, and I am honestly not doing all the cool things justice. Got something that causes you pain in SPS, let me know and I can give you an idea if it is fixed in MOSS 2007?
Marcus, you mentioned that you can use SQL Auth, are you referring to the option of doing so with the content Dbs or are you talking ALL the dbs? If all, I would wonder if you could post info on how you'd go about doing it. Right now theMOSS 2007 beta 2 install isrequiring Windows Auth for connecting to a remote Config DB.
I did a bit of digging, and found that you can not setup SQL security thorugh the GUI, it forces you to use Windows Auth. Fortunately, PSCONFIG is your friend and allows you to do this from the command line. See Mike Starr's blog about this at http://gourangaland.spaces.live.com/?_c11_blogpart_blogpart=blogview&_c=blogpart&partqs=cat%3dTechnical
I have gone to central administration and cleared some blocked file types. I am now trying to upload these file types and still receive the error.
I noticed a note: to allow a file type that is currently blocked, you must delete it from both the global and we application lists.
what does this mean?
Have you taken a look at Epok’s extranet server for SharePoint 2007. Check out the demo in the link below:
If you are interested I can arrange for a full demo.
I am trying to install MOSS2007 in one server via remote connection but that server is firewall protected and login given to me via some dmz server.
step 1 - installation completed sucessfuly.
stef 2 - configuration successful, but when trying to open central admin page for rest of the configuration settings it does not gives me access.
The firewall person is telling the port used by it is open. what can be the solutions ?