OFC323

Dot-Com Meets SharePoint:

Building an Internet-Facing
Web Site Using Microsoft
Office SharePoint Server
2007
Jim Masson
Lead Program Manager
Microsoft Corporation
Agenda
A look at an example internet site
The ABCs of Publishing
Authentication and Authorization
Internet Facing Topologies
Performance and Scale

Key topics covered elsewhere

OFC216 Using the Web Content Management Features of Microsoft
Office SharePoint Server 2007 to Build Great Looking Sites
Branding and change control
Multi-lingual publishing
Catch it on the DVD
OFC329 Migrating Your Content Management Server 2002 Web
Sites to Microsoft Office SharePoint Server 2007
Migration from CMS 2002
Thursday 1 – 2:15 259 AB
A Tour Through an Internet
Site
Jim Masson
Lead Program Manager
Office SharePoint Servers
Site Features
Visible
Custom Look And Feel
Anonymous Access
Blog
Content Rollup
Navigation
Behind the Scenes
Custom Master Page
Forms Authentication
WSS Blog template
Content Query and Table of Contents Web Parts
Controlled Publishing Process
Separate authoring and production environments
Cached for Performance
ABCs of Web Content
Management
 Extranet

Enterprise Internet

Division

Team
Individual
Authoring and Branding

Custom master page provides a shared look

and feel
Page Layouts control how specific types of
content are presented
All press-releases share a common structure
Constrained Editing Controls
HTML editor, link, and image controls
Styles can be separated from content
Branding Enforcement
Per web control of available master pages, page
layouts, and web templates
Controlled Publishing

Pages are document library items

Check out
Draft versions
Simple moderation
Approval workflows
Custom workflows
Page and document scheduling
Author can specify when content goes live
Content Deployment
Controlled release into production
Controlled Publishing
Jim Masson
Lead Program Manager
Microsoft Corporation
Security on Public Sites

Authentication and Authorization

Common pattern
Anonymous access site
But with a “members area”
Forms Authentication

Hardening
Restricted Reader Role
Disabling Client Integration
Policy enforcement
Authentication and
Authorization
Several Authentication Methods Available
Windows, Forms, Web SSO
Per Web Application

Forms Authentication
ASP.NET 2.0 Membership model
We ship LDAP membership provider
AD, ADAM, third party LDAP servers
Other ASP.NET Providers can also be used
i.e. SQL Server Provider shipped with ASP.NET
Anonymous Access
Configuring Anonymous Access
Enabled by central administrator per web application
Can then be enabled in webs and lists
For publishing scenarios, must be enabled in the root web
Subwebs can then require authentication
i.e. members areas
Rights capped
You simply cannot give anonymous users some rights
(i.e. writing to a document library)
Hardening

Restricted Reader role

Restricted Readers can use the site
Can view pages, documents, images
But they can’t use everything
Can’t call Remote APIs
Can’t view SharePoint application UI
Can’t view minor or historical versions
Disabling Client Integration
Policy
Can constrain maximum access per web
application
Deny all write access via http://site:80
ACLs can’t give you back write access
Updates only via content deployment, or an intranet
facing web app
Security Configuration
Jim Masson
Lead Program Manager
Microsoft Corporation
Topologies

Farms
Scale up and down as needed
Performance
Redundancy
Multi-farm
Staging environments in different network
Example
Authoring in intranet with Active Directory authentication
Production in perimeter network with forms auth
Site collections can be deployed
between environments
Multi-Farm Topology

Web Front End

Content Internet
Deployment NLB
Requests

Production
Authoring Farm Farm Internet
Content Deployment

Paths and jobs

Paths connect source and destination Site Collections
Jobs control what content is copied when
One direction (source -> destination)
Not multi-master

Incremental by default
Incremental takes changes since last successful deployment
Configured by central administrator
Can delegate to authors using the “QuickDeploy” job
Content fix-up
Links
Security
Content Deployment
Jim Masson
Lead Program Manager
Microsoft Corporation
Performance and Scale

Internet Publishing Scenarios

Mostly Read
Many repeat views of the same content
Course Grained Access
Good candidate for caching
Improve Scale Up
Improve Scale Out
Caching

Goal: Make your web site fast 

Minimize work per request in order to increase
performance for Internet scale
Respect permissions and personalization

Two main types of caching

No execution of the web page
Page output cache, disk-based cache
Reduction of number of database round trips
Page item cache, navigation node cache, list query cache
(cross list, single list)

Internet sites will focus on the first type

Page Output Cache
Serves cached versions of HTML output of
page to users
Cache one version of the page for each “bucket”
of users with unique permissions on the site
Cache is in-memory
Most efficient when most users have the
same rights on the site
Anonymous users are all in one bucket

Request
Cache Master Page
Navigation
Page Content
Data-Driven
Views
Configuring Output Caching

Cache Profiles – “How long should things

be held in the cache”?
Centrally defined, change in one place takes effect
across site collection instantly
Can apply to sites and to page layouts separately
Separate profiles for anonymous users versus
authenticated users

Cache Policy – “What profiles can be

used where?”
Allow or disallow owners of sites and page layouts to
choose a “cache profile” of their own
Centrally controlled per site collection
Disk-Based Caching
Caches page resources on web front-end servers for
serving to users
Images, .css, .js files are retrieved from the database once,
and stored on disk on the web front end
Further requests are served from the cache, trimmed based
on security
Configurable: Place on disk to cache, # of megabytes on disk,
file extensions to support

Logo.jpg
Cache Gradient.gif
Styles.css
Script.js
Call To Action
Install And Use Beta 2
Give Us Feedback
http://blogs.msdn.com/ecm

Chalk Talks In The TLC

Thursday 9:45 – 11:00 AM
Thursday 2:45 – 4:00 PM
Related Sessions
OFC216 Using the Web Content Management Features of
Microsoft Office SharePoint Server 2007 to Build Great
Looking Sites
Catch it on the DVD
OFC329 Migrating Your Content Management Server 2002
Web Sites to Microsoft Office SharePoint Server 2007 259
AB
Thursday 1:00 – 2:15
Resources
Technical Chats and Webcasts
http://www.microsoft.com/communities/chats/default.mspx
http://www.microsoft.com/usa/webcasts/default.asp

Microsoft Learning and Certification

http://www.microsoft.com/learning/default.mspx

MSDN & TechNet

http://microsoft.com/msdn
http://microsoft.com/technet

Virtual Labs
http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx

Newsgroups
http://communities2.microsoft.com/
communities/newsgroups/en-us/default.aspx

Technical Community Sites

http://www.microsoft.com/communities/default.mspx

User Groups
http://www.microsoft.com/communities/usergroups/default.mspx
Fill out a session
evaluation on
CommNet for
a chance to
Win an XBOX
360!
 The 2007 Microsoft Office
System Clients. Servers.
Solutions.
Install Beta 2 today!
It’s in your attendee bag

Talk
Lab Learn more at the Office System TLC
Demo Stations / Hands-on-Labs / Chalk-talks
Demo

Get more information

http://www.microsoft.com/office/preview/default.mspx
http://msdn.microsoft.com/office/
 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other
countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this
presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.