Attending my second extranet session for the conference they first reminded people of the design considerations that need to be addressed before an extranet development.  Things like account management, single sign-on, network access and anti-virus.

When defining an extranet there are three main types of users that will access an extranet; remote employees, partners, customers and vendors.  Currently in SharePoint 2007 if you require different authentication methods for the different types of users, you needed to deal with separate URL’s.  Now in SharePoint 2010, you have the ability to use a new multi-authentication mode which lets you use a single URL for multiple types of authentication.  The extranet session also re-emphasized the new claims based authentication model that is available in SharePoint 2010 that will help SharePoint administrators combine authentication types to improve end user experience.

When using claims, you now have a friendly FBA login screen where the user is able to choose the type of authentication and then will log them into the correct authentication provider.

Moving towards the extranet architectures that are common, there are three primary types of architecture deployments:

• Edge Firewall: allow external users access into existing corporate environment
• Back-to-Back Perimeter: have an extranet DMZ where all SharePoint servers and other associated resources live (SQL, AD, etc)
• Split Back-to-Back: have servers both internal and external based on the types of roles they provide

After the architecture discussions they talked about the Forefront stack as they relate to extranet.  Products like the Unified Access Gateway (formerly IAG) which allows users to authenticate to multiple sources, but also allows security administrators to define policies for access to information, anti-virus levels needed before access is granted and much much more.  Identity Manager (formerly ILM 2) enables user self-service for functions such as password reset, user account provisioning and synchronization of identities.  Finally they discussed how Protection manager can assist SharePoint administrators by scanning content before it gets placed into SharePoint along with automatically disallowing inappropriate content based on administrator define rules.

[“Brian”]