Do you have users that need access to your data, but aren't in your intranet?

A new white paper, Configuring extranet access for PerformancePoint Services 2010, describes architectural considerations for deploying PerformancePoint Services in an extranet environment. The paper provides a detailed walkthrough of the recommended architecture that uses Forefront Threat Management Gateway (TMG) server as a reverse-proxy server, the Kerberos protocol for authentication of service and user accounts, and Microsoft SQL Server and SQL Server Analysis Services as back-end data systems.

Here is a glimpse of what you can find in the paper:

  • Provides scenarios that describe why employees would want access to their business intelligence data in extranet environments. The following are two:
    • Access to corporate resources.
    • Disseminate information to customers or individuals outside of the organization.
  • Shows the advantages and disadvantages for extranet deployments such as VPN, placement of network topologies, and Reverse Proxy / Edge Firewall.
  • Gives all the details for setting up a test environment including necessary service accounts, Hyper-V setup, and SPN syntax.
  • Shows configuration steps for IIS, TMG server, SQL Server, Windows 2008 Server, and SharePoint 2010.
  • Shows steps for identity delegation for PerformancePoint Services.
  • Shows configuration steps for Claims to Windows Token Service (C2WTS).
  • Gives scenario steps for testing internal and external access.

Lastly, this paper offers troubleshooting section and mention of the troubleshooting tools you want to incorporate.

Download the paper here or paste (http://go.microsoft.com/fwlink/?LinkId=202004) into the address of your browser.