Project Server 2003: DC340: Security (Part 1 of 2): How to securely deploy Project Server in an enterprise environment Pradeep GanapathyRaj (PM), Karthik.

Slides:

Advertisements

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Advertisements

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.

Service Manager for MSPs

Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.

©2012 Microsoft Corporation. All rights reserved..

©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Bill Essary Software Architect Microsoft Corporation.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 Open Outlook On the Tools menu, click Account Settings. 1 Enable Outlook Anywhere 2 Click your Microsoft Exchange account, and then click.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.

OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks

Understanding Active Directory

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

EPM 2007 Implementation and Upgrade Tips Summary June 18th, 2008 Brendan Giles, PMP, MCP.

Welcome to the Minnesota SharePoint User Group. Introductions / Overview Project Tracking / Management / Collaboration via SharePoint Multiple Audiences.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Lessons Learned: Using the Experience of Others to Avoid Common Project Server Mistakes LaDonna Carpenter Technical Lead Product Support Services Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 5: Managing Public Folders. Overview Managing Public Folder Data Managing Network Access to Public Folders Publishing an Outlook 2003 Form Discussion:

Installing the Microsoft Office Project Server from Scratch Adrian Jenkins Supportability Program Manager Microsoft Corporation.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Module 8 Configuring and Securing SharePoint Services and Service Applications.

Copyright 2000 eMation SECURITY - Controlling Data Access with

D402 Extending your LOB Solution with Microsoft EPM Larry Duff Senior Consultant Microsoft Corporation.

Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.

How to organize and plan your people and resources for EPM Roy Kayahara Program Manager Microsoft Office Project Microsoft Corporation.

2 Microsoft Office SharePoint Server 2007: Administrative Architecture, Deployment, and Operations Fundamentals Shane Young, MVPTodd Klindt, MVP PresidentConsultant.

Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.

OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Active Directory Harikrishnan V G 18 March Presentation titlePage 2 Agenda ► Introduction – Active Directory ► Directory Service ► Benefits of Active.

Part II - Microsoft ® Project 2000 Enterprise Deployment Templates.

DC440: Security (Part 2 of 2): Logons, permissions and views - how these systems work and how to manage them Pradeep GanapathyRaj Program Manager Project.

Grid Chemistry System Architecture Overview Akylbek Zhumabayev.

James Akrigg Microsoft Ltd Integrating InfoPath Forms Into Workflow Solutions And Business Processes.

Module 11: Securing a Microsoft ASP.NET Web Application.

Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.

Tips and Tricks for Managing and Administering your Enterprise Project Management Server Solution Mike Joe / Karthik Chermakani Software Test Engineer.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.

2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.

Module 5 : Security I Jong S. Bok

Mirek Sztajno SQL Server Security PM

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Connect with life Vedant Kulshreshtha Technology Solutions Professional – SharePoint | Microsoft India

How to create a SharePoint site MICROSOFT OFFICE SHAREPOINT DESIGNER.

1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.

Microsoft Office Project 2003: A tour of the EPM Solution.

03 | Manage Team Foundation Server Steven Borg | Co-founder & Strategist, Northwest Cadence Anthony Borton | ALM Consultant, Enhance ALM.

©2012 Microsoft Corporation. All rights reserved..

Portfolio Analyzer Extender v. 1240

Secure Connected Infrastructure

Services Course 9/9/2018 3:37 PM Services Course Windows Live SkyDrive Participant Guide © 2008 Microsoft Corporation. All rights reserved.

Implementing TMG Server Publishing

Create a data-connected Visio Services web part

Excel Services Deployment and Administration

SharePoint Online Management and Control

李莹广州市品高软件开发有限公司 2018年11月30日3时46分 Project：使用 Microsoft Office Enterprise Project Management Solution 和 Microsoft SharePoint Portal.

Office 365 Identity Management

2/27/2019 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

SharePoint Server Assessment Results

Activating Microsoft Imagine Academy

Presentation transcript:

Project Server 2003: DC340: Security (Part 1 of 2): How to securely deploy Project Server in an enterprise environment Pradeep GanapathyRaj (PM), Karthik Chermakani (Test) Project Microsoft Corporation

Approach Identify key deployment options Identify key project server processes Walkthrough processes for each deployment scenario – with security in mind

P11 architecture

Key deployment options Single domain One box Multiple boxes Multi domain One way trust No trust Firewalled Multi domain Extranet deployment

Key processes Project open and save Publishing a project Share point Assign users to appropriate Sharepoint roles Assign users to appropriate Sharepoint roles Accessing WSS site (issues/risks/docs) Accessing WSS site (issues/risks/docs) Portfolio analyzer Building the cube Building the views Accessing the cube

Project Security Authentication Windows Authentication Single logon account Seamless experience across all Project Server components Project User Accounts SharePoint complications OLAP complications Authorization Categories, Global permissions, Roles

Project 2003 Highlights Publishing from Non-Trusted Domain user can login with Windows User Account in Project Professional client ?? Sharepoint Sites created, roles populated for Sharepoint site Portfolio Analyzer New extranet address field for accessing Portfolio Analyzer from the internet New version of OWC 11 will prompt for credentials when accessing across domains

Single v/s Multi domain

Multi domain-extreme case

Project open/save architecture Proj Auth Authorization

Publish architecture Proj Auth WSS Auth Directory Perm

Project Open/Save/Publish Success Project Open/Save/Publish Fail because Project Server does not recognize User 1 No Trust between 2 Domains WSS Subweb created with PSComPlus Account Project Client Domain 5 Project Server Domain 3 WSS Server Domain 1 Sharepoint fails to assign role to User 1 Sharepoint recoginizes User 1 Role assigned correctly Project Open/Save/Publish No Trust Between Domains WSS Server assigns role to User 1

Project Publish Publish from Project Professional Log in with Windows Users Accounts (local/User1) We check for user1 account in Project Server machine WSS site creation with PSComPlus credentials, correct windows users roles added if WSS/User1 exist

PWA Login Success Browse to WSS Section WSS Section Login Success WSS Server Challenges User 1 PWA Domain 4 Project Server Domain 3 WSS Server Domain 1 No Trust Between Domains Sharepoint Access

User log into PWA with windows user account User access sharepoint section iFrame prompts for login information User enters information that matches with sharepoint machine (instead of replicating ALL project users, admin can choose to create only a few sharepoint users)

Portfolio Analyzer Architecture – create cubes OLAPAdmin Perm2 ?

Portfolio Analyzer Architecture – access/build views OLAPUser Permcheck

Administrator browse to Cube creation page to create cube OLAP Cube created with PSComPlus Credentials PWA Domain 4 Project Server Domain 3 SQL Server Domain 2 Portfolio Analyzer – Cube Creation Administrator must add users or generic accounts to SQL Server

Portfolio Analyzer – Cube Creation PWA admin login with windows user accounts Project Server uses PSComPlus credentials to create a cube Admin creates a view and roles must be assigned to replicated user accounts in analysis server

PWA Login Success Browse to Portfolio Analyzer User granted access to Portfolio Analyzer PWA Domain 4 Project Server Domain 3 SQL Server Domain 2 Portfolio Analyzer OWC connects to SQL Server with account in connection string OWC challenges User 1

Portfolio Analyzer - OWC Project User logs into Project Server with Windows user credentials User arrives at page with Office Web Component OWC prompts user for login information User enters local Analysis Server credentials to browse the cube

Extranet Application/ Data Services DMZ Extranet Corporate Intranet /

Extranet Use SSL for extranet access from PWA SSL not needed for intranet users 2 instances of Project Server and WSS 1 for external access, 1 for internal access Terminal Server in DMZ for Project Professional Client users

Extranet – Publishing/File open/Save Extranet user connect to Terminal Server inside DMZ User login with Windows user account

Extranet - WSS iFrame will prompt for login info User must enter a windows account that has been granted access to Sharepoint

Extranet – Portfolio Analyzer Cube creation PWA Administrator login using windows authentication w/ SSL Project server uses PSComPlus to create cube New Portfolio Analyzer view ?? specifies the http address of Analysis server (requires SQL Enterprise edition) Portfolio Analyzer view access OWC connects to the http address, Analysis Server challenges user User enters Windows User information

Summary Sharepoint requires Windows Authentication SQL Analysis Server requires Windows Authentication Sharepoint and Project Server should be placed in the same domain Most problems can be worked around by creating matching user accounts

Questions ?

© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.