Building Internet Sites


When building a Internet web site you face the same questions and use the same toolbox of features as when building an intranet. The main differences relate to protecting the Internet web site and making sure that anonymous users do not see more than they are allowed to see. Note that an Internet site is not the same as an extranet site. The latter is used by external partners, customers, and other groups of users who need to access information on your network. In order to control a user accessing the extranet, you require them to log on. In other words, they must have a user account in your IT environment that can be validated by SharePoint, or to be more exact, by the Internet Information Service (IIS) that is governing the SharePoint application.

An Internet site (with a capital I, since it is a proper name!) is a site that people can access without any authentication process; that is, they log on automatically as anonymous users. SharePoint 2007 can offer anonymous access in these situations:

  • q When you create a new site collection in an existing SharePoint environment and use it as a public Internet site.

  • q When you use a subsite in an existing site collection for the public Internet site.

  • q When you install a separate WSS or MOSS server for the public Internet site.

There are two main questions you should ask when building a public Internet site: How will users access the site, and should you use WSS 3.0 or MOSS 2007 to build it? These questions are discussed below.

Accessing the Web Site from the Internet

You could install the SharePoint server on the local internet and then open the firewall for anonymous access using port 80. But this is a very bad idea! Do not do this; it will only be a matter of hours before your complete network is invaded by nasty applications such as Trojan horses, viruses, and applications that send spam to the world, using your internal mail server. Besides that all information on that network must then be considered public, regardless or whether or not it is "secured" by file system permissions, and hacking tools are vast in number and free! Even "script-kiddies" (young computer nerds with no expertise in hacking and breaking applications) will be able to use these hacking tools as long as they can find a way into your internal network. So you get the message? Do not open any anonymous connection from the Internet into your internal network. Period.

A better idea, but still not good enough, is to place the SharePoint server directly in the Demilitarized Zone (DMZ), that is, a network segment directly connected to your firewall, typically used for servers open for public access, such as Exchange front-end servers, and in this case an intranet. The reason that this is not a good idea is that the SharePoint server will be open to attacks, such as denial-of-service (DoS) attacks, or totally hacked. Maybe you think this is not as serious; then think about all the public Internet sites where the content has been modified in a way that is not flattering to the organization that owns the Internet site. Even if you can accept the possibility of losing the server, you surely do not want anyone to make a fool out of you by changing your public web site.

The best idea is to use a firewall that works as an application proxy server; that is, "pretends" to be an internal server, such as a SharePoint site. It works like this (see Figure 11-16).

image from book
Figure 11-16

  1. The External user opens the Internet site. The URL will point to the network firewall.

  2. The network firewall checks to see if the URL is open for anonymous access. If so, a connection is established between the external user's web browser and the application proxy server, which pretends to be a SharePoint server.

  3. When the external user requests information from the SharePoint server, such as the opening of a web page, the application server will contact the internal SharePoint server, asking for that information.

  4. The internal SharePoint server will send the requested information to the application server, which passes it on to the external user.

Under no circumstances will the external user get a connection to anything except the application proxy server.

Microsoft has a great product for this type of operation: MS Internet Security and Acceleration Server 2006 (MS ISA 2006). It comes with configuration wizards for pretending to be a SharePoint site, and many other applications, such as an Exchange server. In fact, MS ISA 2006 is a very good firewall as well as an application proxy server, so in most situations you will in fact be able to replace the old firewall with the MS ISA server, making your Internet connection both very safe and easy to manage. It also allows you to use a different URL on the Internet than the URL used when connecting to the web site from the internal network. Another very handy feature in MS ISA is that you expose just a part of the internal SharePoint environment, thus prohibiting that external Internet users from gaining access to more sites and information than you want them to.

You may ask yourself what will happen if somebody hacks the MS ISA server? The answer is: almost nothing! The worst that can happen is that you have to reinstall the MS ISA server, and during that time all connections to and from the Internet are down (the faster you can replace the MS ISA server, the faster your connections to the Internet get up and running again). Since the MS ISA server does not contain any actual content besides cached pages (and you can define how long they will be cached, if at all), there is no risk that somebody can change the content on your Internet site. Make sure to back up the MS ISA server whenever you change its configuration settings.

WSS or MOSS for Internet Sites?

This answer to this question is similar to the one in the intranet site discussion: It depends on the features you need and how much money you are willing to spend on the solution. You have already seen that MOSS contains a great web content management functionality, which really will be needed for a serious Internet web site. But for a small organization, with simple needs, WSS will do just fine. Since WSS now also comes with a search and index engine, such an Internet site will also offer search features. Some of the pros and cons of these products are listed in the table below.

Open table as spreadsheet

Feature

WSS 3.0

MOSS Enterprise

Web content management

No - everything you change will immediately be visible to the external users on the Internet.

Yes - there is full support for page layout files, version history, approval control, workflows and more. You will not need any staging or test server.

Searching

Yes - but only for information in a SharePoint site open to anonymous access.

Yes - in any source location that SharePoint has access to and that is open to anonymous access.

Support for Master Pages

Yes

Yes

Support for Excel Services

No

Yes

Support for InfoPath Services

No

Yes

Support for displaying information in external databases, such as Navision, Oracle, and the like

No

Yes

Price

Free

Not free (contact your license partner to find your price).

Again, the main reason for selecting MOSS for a public Internet site is usually its advanced web content management. In the following sections, you see how to install both WSS and MOSS as a public Internet site.

Using WSS for Internet Sites

In this example, you will create an Internet site on your existing SharePoint server. First, you will create a new IIS web site named Internet-site, using the TCP port 8080, since the default port 80 is already taken by another web application. Another solution would be to use TCP port 80 for this new IIS web site as well and give it a Host Header name to distinguish these two web applications. If you do so, do not forget to create an Alias record in the DNS server for your network. You will use this IIS web site to create a new web application (i.e., an extended IIS web site). Then you will create a site collection, using the WSS site template named Blog. You will then open that site to anonymous access to allow any user access to the site. The following Try It Out shows how you do this.

Try It Out Use WSS for an Internet Site

image from book
  1. Start the SharePoint Central Administration tool, and then switch to the Application Management page.

  2. Click Create or extend Web application, then do this:

    1. Click Create a new Web application.

    2. In the IIS Web Site section, select the option Create a new Web site, and set the description to Internet-Site and the TCP port to 8080.

    3. In the Application Pool section, select the option to create a new application pool, named Internet-Site, using a security account that is different from the other web applications, just to be safe. Note that you can also use the same security account that you use for other web applications, but the security level is then slightly reduced, compared to using a separate account.

    4. Click OK to save and close the form.

  3. Go back to the Application Management page. Click Create site collection in the SharePoint Site Management section, then enter these values:

    1. Web Application: http://srv1:8080.

    2. Title: My Blog.

    3. Select a template: Blog.

    4. Primary Site Collection Administrator: Filobit\administrator. You would here normally enter the owner of this blog site, but in this example you will use the administrator in order to see how this works.

    5. Click OK to save and close the form.

  4. The Blog site is now created. The next step is to open it to anonymous access. You must use the SharePoint Central Administration tool for this. Open the Application Management page, then click Authentication Providers in the Application Security section. Continue with this:

    1. Select the Web Application http://srv1:8080.

    2. Click on Zone "Default."

    3. Check Enable anonymous access in the Anonymous Access section.

    4. Click Save.

  5. It is now possible to enable anonymous access to the Blog site, but so far, this site only allows authenticated users. Test it by opening http://srv1:8080. You will see that it lists the current user's name at the top.

  6. To enable anonymous access to the site:

    1. Click Site Actions image from book Site Settings image from book Advanced Permissions. This opens the Site Permission page for the site collection.

    2. Click Settings image from book Anonymous Access. On the next page you will decide how much of the site you want to open to anonymous access (see Figure 11-17). Select Entire Web site and click OK.

    image from book
    Figure 11-17

  7. Finally, start a new web client, and open http://srv1:8080 again - this time, you will see a Sign in link instead of the current user name; that is, you are now accessing the site as an anonymous user. The only permission an anonymous user has is Read access. Since you opened the complete web site to anonymous access, this will also include Read permission to all list and libraries in the web site, and all subsites you later create that inherit permissions from this site.

  8. Click Sign in at the top right of the web page. You will be automatically authenticated, since you are doing this from the internal network. If you, instead, tried signing in from the Internet, you would have entered your logon credentials in a normal fashion. After you have signed in, you will be able to add content to and modify the settings on this page, just like normal.

image from book

The next step is to allow external users to access this site from the Internet. Exactly how to do this depends on what solution you choose, as described earlier in the section "Accessing the Web Site from the Internet." I do remind you that one of the best ways is to use an MS ISA 2006 server.

Using MOSS for an Internet Site

The method to create a public Internet site using a MOSS server is very similar to that using a WSS server, as described in the previous section. The only real difference is the site template you use. MOSS comes with a starting template for anonymous Internet sites, named the Publishing Portal and located on the Publishing tab for site templates.

In this example, you will once again create an Internet site on your existing SharePoint server. To make this example shorter, you will use the same web application as in the WSS example above. To do that you have to delete the WSS site collection first, then you will create a new site collection, using the MOSS site template named Publishing Portal. You will then open that site to anonymous access to allow any user access to it. The following Try It Out shows how you do this.

Try It Out Use MOSS for an Internet Site

image from book
  1. Start the SharePoint Central Administration tool, then switch to the Application Management page.

  2. In this example, you will first remove the old WSS site collection so that you can create a MOSS site instead, using the same web application:

    1. Click Delete Site Collection.

    2. Click No Selection, and select Change Site Collection.

    3. Then change the Web Application to http://srv1:8080, select the only existing site collection (i.e., the Blog site you created earlier), and click OK.

  3. Go back to the Application Management page. Click Create site collection in the SharePoint Site Management section, then enter these values:

    1. Web Application: http://srv1:8080.

    2. Title: Filobit Home Page.

    3. Description: "Welcome to Filobit's Home Page."

    4. Select a template: Publishing Portal (on the Publishing tab).

    5. Primary Site Collection Administrator: Filobit\administrator. You would here normally enter the owner of this Internet site, but in this example you will use the administrator in order to see how this works.

    6. Click OK to save and close the form.

  4. The Publishing Portal web site is now created. The next step is to open it to anonymous access. You already enabled anonymous access for this Web Application in the previous example (step 4) with WSS, so you do not have to repeat those steps here.

  5. It is now possible to enable anonymous access to the Publishing Portal site, but so far, this site only allows authenticated users. Test it by opening http://srv1:8080, and you will see that it will list the current user's name at the top. Note that the content of this page contains a lot of tips, for example how to open this site for anonymous access, change the Master Page, and set up multilingual support (see Figure 11-18).

    image from book
    Figure 11-18

  6. To enable anonymous access to this top site:

    1. Click Site Actions image from book Site Settings image from book People and Groups.

    2. Click Site Permissions in the Quick Launch bar.

    3. Click Settings image from book Anonymous Access. On the next page, you will decide how much of the site you want to open to anonymous access (see Figure 11-17). Select Entire Web site and click OK.

  7. Finally, start a new web client, and open http://srv1:8080 again. This time, you will see a Sign in link instead of the current user's name; that is, you are now accessing the site as an anonymous user. As described in the previous example, an anonymous user will only have Read permission to this site, all its lists, and all subsites you later create that inherit permissions from this site.

  8. Click Sign in at the top right of the web page. You will be automatically authenticated, since you are doing this from the internal network. If you, instead, tried this from the Internet, you would have entered your logon credentials in a normal fashion. After you have signed in, you will be able to add content to and modify the settings on this page, just like normal.

image from book

The next step is the same as for the WSS Internet site: Set up the network to allow external users to access the site from the Internet. Exactly how to do this depends on what solution you choose, as described earlier in the section "Accessing the Web Site from the Internet." As before, I recommend that you use an MS ISA 2006 server for this purpose.



Beginning SharePoint 2007 Administration. Windows SharePoint Services 3 and Microsoft Office SharePoint Server 2007
Software Testing Fundamentals: Methods and Metrics
ISBN: 047143020X
EAN: 2147483647
Year: 2004
Pages: 119

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net