MOSS 2007 – Installation Intranet – Extranet – Internet

Banques de données déà installées depuis le setup:
 
 
SharePoint_AdminContent_48cae78b-91fb-4d1d-84bc-c764631bd963
 
Central Administration:
DB:                         SharePoint_Config
ApplicationPool:         SharePoint Central Administration v3 (Application Pool 01)
 
 
 
DB:                         WSS_Search_LORSRV011
 
 
Creation du SSPInternal
ApplicationPool02
 
 
 les sites intranet seront sécurisés:
 
172.24.65.211 LorSrv011 Sharepoint

 
172.24.65.220:443   —   Intranet
172.24.65.221:443   —   MySites
172.24.65.222.443  —    Projekte
172.24.65.211:80    —   Internet
 
Konfigurieren Sie die TCP/IP Einstellungen auf dem Server, so dass eine IP Adresse für jede Site gibt.
(multiples IP peuvent être assignée sur un seul NIC: IP configuration – advanced Properties – add IP address)
 
Konfigurieren Sie DNS so, dass die Hostnamen und entsprechenden IP adressen aufgelöst werden können.
Konfiguriren Sie jede Website, so, dass sie eigene IP Adresse verwendet
 
Fonctionne aussi avec SSL
 
autre solution Port différents avc la mêmem IP (attention, n’est pas ideal en cas d’utilisation SSL, car il est plus pratique d’avoir toujours le même port 443.
 
autre solution , même IP, même port mais les hostheaders changent ex http://Corpintranet – 172.24.65.211 et http://SalesIntranet – 172.24.65.211, konfig DNS und Website – hate Nachteile, funktionniert nicht mit SSL
 
 
 
pour mieux comprendre ces solution, consulter IIS 7.0 Taschenratgeber – p 158
 
 
Création SSP Internal
 
port: 55552
 
 
Central Administration > Application Management > Manage this Farm’s Shared Services  
 
 
SSPName                          SSP02_55551
 
SSP Service Credentials :    User Applicationpool    lorsinclair\LorSSP02Services – Pwd:  Jupiter11

                                               Shared Service Provider (SSP#_Service) => LorSSP02ervices
 
User:                              LorSSP02Services — The account only needs to be a basic Domain Account with no specific permissions set.
 
———————
 
Web Application:                              SSP02_55552 
Database Name and Authentication     WSS_Content_SSP02_55552 -NTLM Athentification
ApplicationPool:                               SSP02_55552
User:                                             Lorsinclair\LorSSP02Services (doit être le même que le Shared Service Provider credentials)
 
 
————————
 
My Site Location:
 
Create new WebApplication en mode SSL (https)
 
préalablement, TCP/IP config – ajout d’une IP: 172.24.65.221
puis , creation d’un enregistrement dans DNS:
 
Host A: mysites
IP:  172.24.65.221
 
 
website:                                    mysites_443
 
Load Balanced URL                       https://mysites:443
 
Application Pool                          mysites_443

 
ApplPoolUser                             Lorsinclair\LorMySites  
 
Database Name                        WSS_Content_MySites
                          
 —————————————-
 
Cration de la banque pour SSP
 
SSP Database                              SSP02_55552_DB                    
 Search Database                         SSP02_55552_Search_DB
 
SSL for Web Services (SSP02)                    no
 
—————————————————————–
 

Creation du Certificat pour Sharepoint Server

Using internal CA for Sharepoint p 690 Sharepoint 2007 Unleashed
 
Open IIS Manager – (start all programms – administrative tools – IIs)
Server Cerificate:
——————————————————————
Create Domain Certificate
 
Distinguished Name properties
Common name: mysites
Legt den allgemeinen Namen Ihrer Website fest. Wenn das Zertifikat in einem Intranet verwendet wird, kann der allgemeine Name
ein Wort sein. Er kann aber auch Netbios sein Name sein des Servers, w B CorpIntranet.
Wenn das Zertifikat im Internet verwendet wird, muss der allgemeine Name ein gültiger DNS-Name sein, w. z.B www.microsoft.com
Organisation: LorSinclair Corporation
Name der Organisation, w ZB microsoft Corporation
Organisationeinheit: Technology
legt die Abteilung Ihres Unternehmens fest, die für das Zertifikat verantwortlich ist, zB IT Abteilung
City: Neyruz
State: Fribourg
Country : CH
 
Online Certification authority             LorPKI\LorSrv001.lorsinclair.com
 
 friendly name: LorPKI
 ———————————————————————–
 
 
Suite Config MySites en mode SSL (https)
 
 aller sur le site: IISManager – aller sur website MySites  , cliquer sur le panneau de droite icône SSL settings: check require SSL 128 bits
 
aller sur Kontext Menu -Edit Bindings: (Rechte Maustaste positionné sur website MySites)
 
Type                    https
IP Adresse            172.24.65.221 port: 443
SSL Certificate       LorPKI (d’un champs de selection)
 
 ———————————————————-
 
Ajouter un user to SSP admin
 
 
  1. Start off by logging into the SSP admin site.
  2. Now you need to add the user just like you would to any other site. Click Site Actions > Site Settings
  3. Under Users and Permissions click Advanced permissions
  4. Click New > Add Users
  5. Enter your user and put them in a group. Normally I just place them in the Viewers group and hit OK

Now your user can log into the SSP and manage search settings, the Excel Service Settings, and can view the various links list. So how do you give them more permissions? Well in order to do that you need to give them some more access.

  1. Under User Profiles and My Sites click Personalization services permissions.
  2. Click Add Users/Groups
  3. Enter your users name select which permissions you would like to bestow upon them and click Save.

What are all of these different permissions? I am glad you asked. J

  • Create personal site gives the user the capability to create and use a My Site. Going deep here will have to be saved for another day but if you want to make that My Site link disappear take away this right from the users. But you didn’t give it to them. Why do they have it? Go back to the manage permission screen. All authenticated users were given this right by default.
  • Use personal features is another topic for another day. Essentially though this provides the My Links functionality and allows users to manage their Colleagues.
  • Manage user profiles this allows your user to do just that. Get in there and modify the profiles for this SSP. Give them this right and now they can access the links: User profiles and properties, Profile services policies, and My Site Settings.
  • Manage audiences you guessed it but now you can click that handy little Audiences link. Once you are there you can set the schedule or define the rules for building those global audiences.
  • Manage permissions this will let that user modify Personalization services permissions (the stuff we are doing right now).
  • Manage usage analytics this gives the user access to make changes to Usage reporting. Small bug here but if the user doesn’t have this right they can still open up the screen. Then if they make a change and hit ok they get a 403 forbidden error. Reminds you of SPS 2003 doesn’t it. J

So now if you have given the user all of those permissions they should be a happy camper? Depends. If you have MOSS Enterprise then probably not because they still can’t manage the BDC. Yikes! More to do.

  1. Click Business Data Catalog permissions from the main screen of the SSP
  2. Click Add Users/Groups
  3. Enter your user, select their permissions and click Save
 
 
—————————————————————–
 
Creation Internet
 
 Création SSP Internet 

port: 55553
 
 
Central Administration > Application Management > Manage this Farm’s Shared Services  
 
 
SSPName                          SSP03_55553
 
SSP Service Credentials :    User Applicationpool    lorsinclair\LorSSP03Services – Pwd:  Jupiter11

                                               Shared Service Provider (SSP#_Service) => LorSSP03ervices
 
User:                              LorSSP03Services — The account only needs to be a basic Domain Account with no specific permissions set.
 
———————
 
Web Application:                              SSP03_55553 
Database Name and Authentication     WSS_Content_SSP03_55553 -NTLM Athentification
ApplicationPool:                               SSP03_55553
User:                                             Lorsinclair\LorSSP03Services (doit être le même que le Shared Service Provider credentials)
 
 

DNS                                      Host A – SSP03 – 172.24.65.211

 

IIS – Bindings sur SSP03:         HOST Header: SSP03 – IP Address: all unassigned – Port 55553    

————————
 
My Site Location: meme WebApplication que pour SSP
 
 
Creation de la banque pour SSP
 
SSP Database                              SSP03_55553_DB                    
 Search Database                         SSP03_55553_Search_DB
 
SSL for Web Services (SSP03)                    no
 
—————————————————————–
 
Creation de la web applivation par defaut: www port 80 – Internet
 
Create a new IIS web site           www_80
Port                                        80
Host Header                             www
Path                                       wwwroot\wss\VirtualDirectories\www_80
Load Balanced URL                    http://www:80
Application Pool                        www_80
user                                       LorSinclair\LorWwwAppPool
                                             Jupiter11
Database Name                        WSS_Content_www_80
 
 
Creation de la zone publique internet
 
extend web application to another website
 
Create a new IIs website :     www.lorsinclair.com
port:                                  80
Host Header :                      www.lorsinclair.com
Path                                  C:\inetpub\wwwroot\wss\VirtualDirectories\www.lorsinclair.com80
Load Balanced Url :               www.lorsinclair.com
Zone                                  internet
 
voir aussi les résultats des opérations dans
Central Administration > Application Management > Authentication Providers  (mod autehntification se trouve à cet endroit)
Central Administration > Operations > Alternate Access Mappings  
 
 
 

Construction des variations

 

Creation du site Variation Root
 
Create site collection
 
Choisir web application : http://www
 
Title:                          variation root
language:                    english
template:                     publishing portal
 
aller sur http://www
 
DNS préalablement mis a jour pour que site fonctionne
 
site settings- Modify all site setting
Variation settings:
 
Variation Home : / 
automatically create site and page variation
recreate new target
update target web pag
send resources
copy ressource
 
Define Labels
Variation Labels
 
New Label for F – D – E
 
type labe : F – D – E
site template language : french -german – english
Hierarchy: Publishi aites and all pages
source variation
set publishing template
 
puis procéder à la creation de la hierarchie
 
 
Content deployment
se fait au niveau de la web application , qui contient les sites collections variation
 

Content deployment can be configured within a single server farm. In this topology, authors work in one site collection and deploy to a duplicate publishing site collection on the same farm. The site collections are in separate Web applications, and they use separate databases on the same computer running Microsoft® SQL Server™. Security is managed by granting users permissions to the content rather than by using separate Active Directory domains.

 

 

 
 Athentification anonyme:
 
Application Management – Authentification Providers under Application Security group
 
(Enable anonymous access)
 
next step is to enable  a sharepoint site to allw for anonymous access. Browse to the desired Shrepoint site site settings page and select avanced permissions from its parents. Break inheritance by selecting Actions – Edit Permissions
 
On the change Anonymous Access Settings page, select Entire Web site and click OK (p303, Sharepoint 2007 web content management)
       
 

Publicités
Cet article a été publié dans Microsoft - MOSS 2007. Ajoutez ce permalien à vos favoris.

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s