MOSS 2007 and ISA 2006
Has anyone used MOSS 2007 with ISA 2006 and kerberos constrained delegation? If so, can someone point me to an architecture document and a step by step process to setting it up? If not, any information other than 'the wizard will do it for you' would be great!
Last Comment
ASKER
Ha, good point Keith,
One of the business requirments we have is to SmartCard enable SharePoint, and have a user provisioning process. I know if we use ISA, its kerberos constrained delegation, which seems to be a lot of overhead / pain / compatability issues with office features, etc. We are running a medium farm, two web front ends, an app server and a sql cluster.
What are the pros of using ISA for a gateway to handle certificates and authentication? What do we stand to gain by setting up an ISA solution, and if we don't use ISA, what's another way to accommodate the business requirement?
Thanks keith!
One of the business requirments we have is to SmartCard enable SharePoint, and have a user provisioning process. I know if we use ISA, its kerberos constrained delegation, which seems to be a lot of overhead / pain / compatability issues with office features, etc. We are running a medium farm, two web front ends, an app server and a sql cluster.
What are the pros of using ISA for a gateway to handle certificates and authentication? What do we stand to gain by setting up an ISA solution, and if we don't use ISA, what's another way to accommodate the business requirement?
Thanks keith!
Welcome.
I have to provide a similar situation for both single sign-on employees to our CRM & ERP systems plus non-employee access to our internal/extranet portals.
The approach we took was to use two active directories - one in the DMZ and obviously our normal internal AD. The tools we used were the IAG2007 and ISA2006 and a full PKI/Certificate environment. This was supplemented by the use of Silver hard tokens and RADIUS authentication.
You can find details on both the ISA/IAG products here on the Forefront - Edge section on the MS web site.
http://www.microsoft.com/forefront/edgesecurity/default.mspx
Have a read first please on the processes and principles so we can ensure that the terms and names we use are consistent. I think you will find everything you need here but if we need to go into it in depth it is a nightmare if each of us has a different understanding of a word or phrase.
Keith
I have to provide a similar situation for both single sign-on employees to our CRM & ERP systems plus non-employee access to our internal/extranet portals.
The approach we took was to use two active directories - one in the DMZ and obviously our normal internal AD. The tools we used were the IAG2007 and ISA2006 and a full PKI/Certificate environment. This was supplemented by the use of Silver hard tokens and RADIUS authentication.
You can find details on both the ISA/IAG products here on the Forefront - Edge section on the MS web site.
http://www.microsoft.com/forefront/edgesecurity/default.mspx
Have a read first please on the processes and principles so we can ensure that the terms and names we use are consistent. I think you will find everything you need here but if we need to go into it in depth it is a nightmare if each of us has a different understanding of a word or phrase.
Keith
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Microsoft SharePoint
Microsoft Sharepoint is a software platform and family of software products used for collaboration and web publishing combined. These capabilities include developing web sites, portals, intranets, content management systems, search engines, wikis, blogs, and other tools for business intelligence and collaboration. SharePoint has a Microsoft Office-like interface, and it is closely integrated with the Office suite.
40K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Full details on the requirement/environment please