12 September, 2012

Integrating AD RMS and SharePoint

By preparing SharePoint infrastructure to store IRM-protected documents, where the protection capabilities are embedded in the document, it will make these protected documents unsearchable since they cannot be tagged or indexed while the document contents are encrypted.  This is no longer the case with AD RMS and SharePoint 2007 since the IRM policies are only applied when the documents are downloaded and they are stored unencrypted in the libraries, hence making them index able and later searchable.

With SharePoint, IRM protection is available for files that are located in document libraries. SharePoint uses the access control list (ACL) on the library or list to determine the permissions that it applies to a document for the user downloading it. Protection includes the following options with integration of SharePoint with AD RMS:
·         Whether or not users can print documents that are rights managed.
·         Whether the user can run Microsoft Visual Basic for Applications (VBA) and other custom code in the file.
·         The number of days for which the license is valid; after the specified number of days, the license expires and the user must download the file again from the document library.
·         Whether to let users upload file types that do not support IRM.
·         Optionally, the date to stop restricting permissions to the document library; after the specified date passes, Office SharePoint Server removes all rights-management restrictions from the documents in the library.
There are basically three simple steps to integrate AD RMS with SharePoint 2007 as follows:
(Notes: If we are using Windows Server 2008, as it already includes AD RMS client, there is no need to install a separate Windows RMS client as in Windows Server 2003)

Add permissions for the SharePoint server to the AD RMS certification pipeline
·         Log on to the AD RMS server as a local administrator
·         Click Start, and then click Computer
·         Navigate to c:\Inetpub\wwwroot\_wmcs\Certification
·         Right-click ServerCertification.asmx, click Properties, and then click the Security tab
·         Click Advanced, click Edit, select the Include inheritable permissions from this object's parent check box, and then click OK two times
·         Click Edit
·         Click Add
·         Click Object Types, select the Computers check box, and then click OK
·         Type the name of the SharePoint web front-end server, and then click OK twice.
·         Repeat the above three steps for other web front-end servers
·         Click OK to close the ServerCertification.asmx Properties sheet. By default the Read & Execute and the Read permissions are configured
·         Reset IIS

Specify RMS server location in SharePoint using Central Administration
·         Open SharePoint 3.0 Central Administration site
·         Click Operations, and then click Information Rights Management
·         Select Use the default RMS server specified in Active Directory.
·         Click OK

Before installation of Windows Rights Management Services Client.


After installation of Windows Rights Management Services Client


Note:  Ensure that Windows Rights Management Services Client (WindowsRightsManagementServicesSP2-KB917275-Client-ENU-X64.exe) is installed on the server. It is very small installation and takes less time. It will come by default with Windows server 2008.

Enable IRM policy to control access to the contents of a document library
1.       Open a SharePoint site and go to the document library where we want to enable the IRM policy
2.       Click Settings, and then click Document Library Settings
3.       Under Permissions and Management, click Information Rights Management
4.       Select the Restrict permission to documents in this library on download check box
5.       In the Permissions policy title box, type in the policy title
6.       In the Permission policy description box, type in the policy description
7.       Click OK

SharePoint will now automatically apply AD RMS rights to the document when it is downloaded from the document library. These rights are determined by the user permission for that library. For example, a user who has Read permission will not be able to modify the document when it is downloaded from the document library.

Notes: When AD RMS protected documents (created outside SharePoint environment) are uploaded to the library with IRM policy enabled, the original document protection policy will supersede the library protection policy when those documents are downloaded or accessed by users.  AD RMS end-to-end security prevents SharePoint from decrypting documents created outside of the SharePoint environment, hence applying the SharePoint library IRM policy to those documents.

Metalogix Content Migration and Upgrade for Microsoft SharePoint Server 2010

Microsoft’s SharePoint Products and Technologies have brought robust Enterprise Content Management and Collaboration capabilities to an increasing number of organizations in recent years. The popularity of the previous versions, such as Windows SharePoint Services 2.0 and 3.0, SharePoint Portal Server 2003 and Microsoft Office SharePoint Server (MOSS) 2007, led many organizations to deploy SharePoint to various business units, frequently on a large scale.
Many organizations are now looking toward the SharePoint 2010 wave of products, including SharePoint Foundation 2010 and Microsoft SharePoint Server 2010, because of key functionality improvements in the software. These include the integration of the Office ribbon into SharePoint sites, a more scalable services architecture, document management improvements, enterprise taxonomy and many more.

Unfortunately, the migration path provided by Microsoft does not always address organizations’ needs.

The out-of-box upgrade approaches available from Microsoft suffer from fairly significant limitations.

These approaches:
·         Do not support gradual upgrades
·         Do not support granular migration
·         Do not allow administrators to reorganize content during migration
·         Have limited support for 32-bit source systems
·         Do not support upgrades from SharePoint 2003 directly to SharePoint 2010

These limitations present organizations looking to upgrade to SharePoint 2010 with significant planning challenges that will limit both proof of concept and full implementations. Organizations must also ensure that the upgrade approach they select will not jeopardize the content on the existing platform.

Fortunately, Metalogix has released version 4 of SharePoint Site Migration Manager (SSMM 2010), a tool to migrate content from legacy SharePoint 2003/2007 technologies directly to SharePoint 2010.
SSMM 2010 allows organizations to take advantage of SharePoint’s new features without putting their valuable content at risk. SSMM 2010 provides significant advantages over existing migration tools and techniques, allowing for flexible migration between SharePoint versions and farms, granular migration, Power Shell support, reorganization of sites, templates, and databases during the process, as well as many other enhanced capabilities. Unlike some content migration options, SSMM 2010 uses only SharePoint’s fully supported APIs to migrate content, which ensures that it will not affect existing support agreements with Microsoft.

Key Benefits
·         Migrates SharePoint Sites, Lists and Libraries between Servers with full fidelity.
·         Upgrade from SharePoint 2003 and SharePoint 2007 to SharePoint 2010.
·         Re-Organize and re-template your SharePoint Content.
·         Manage your upgrade with zero downtime.
·         Migrate to the cloud or hosted SharePoint environments and reduce infrastructure costs.

Supported Source Systems

·         SharePoint Portal Server (SPS) 2003
·         Windows SharePoint Services (WSS) v2
·         Microsoft Office SharePoint Server (Moss) 2007
·         Windows SharePoint Services (WSS) v3
·         SharePoint Server 2010
·         SharePoint Foundation 2010
·         SQL Server 2000, 2005, and 2008 Unattached SharePoint databases (Read Only)
·         Microsoft Online Services (MOS) [a.k.a BPOS, Exchange Online, or SharePoint Online ] Standard and Dedicated Versions

Key Features
Easy to Use
Run your migration with a tree-based, copy-and-paste-style user interface that is similar to the familiar Windows File Explorer.

Reorganize or re-template sites during migration
Re-define site structure while migrating. Split Sites and Site collections into multiple targets and re-template Sites. Administrators and content owners can define what content is migrated.

Migrate all list types
Migrate Document Libraries, Issues, Tasks, Contacts, Announcements, Discussions and Custom Lists while preserving views, metadata, and user-edit information.

Retain your valuable data
Preserve all views, version chains, metadata, and user-edit information.

Migrate Permissions
Map and migrate site permissions from WSSv2/SPS 2003 and WSSv3/MOSS 2007 to SharePoint 2010 easily.

Migrate Web Parts
Migrate all out-of-the-box and custom web parts from WSSv2/SPS 2003 and WSSv3/MOSS 2007 sites to SharePoint 2010.

Connect to multiple sites
Connect to multiple SharePoint sites, across any number of servers, for easy consolidation or distribution of your SharePoint data.

Work remotely
Do all the heavy lifting for your SharePoint migration from the convenience of your own machine. SharePoint Site Migration Manager connects to any SharePoint site that you can access with your browser -- even those outside your organization’s intranet.

PowerShell Enabled
Access and extend all SharePoint Site Migration Manager Functionality via PowerShell commandlets, to script and automate all migration functionality.

Migrate from live sites and unattached content databases
SharePoint Site Migration Manager provides native capabilities to migrate directly from unattached content databases to live sites, eliminating the need to build temporary farms. Simply point to an unattached database extracts the data directly and migrate it into a live SharePoint 2010 environment.

Distribute the Workload
Use SSMM to delegate and distribute migration efforts across the organization to individual departments or content owners. This reduces IT workload, enhances buy-in on the new target system, and improves decision-making in terms of content re-organization. You can manage a distributed workload because SharePoint Site Migration Manager reads and writes only to the supported SharePoint APIs, so content is security trimmed properly. Content owners simply need read access to their source sites using the SSMM client, along with write access to their new target locations.

Latest Version
SharePoint 2010
SharePoint Foundation 2010
Microsoft SharePoint Server 2010
SharePoint Site Migration Manager 2010

SharePoint Extranet Collaboration Manager 2010

SharePoint Extranet Collaboration Manager for SharePoint Server 2010 and SharePoint Foundation 2010 (WSS 4) is a SharePoint add-in that provides the easy SharePoint extranet collaboration and simplified SharePoint extranet administration that SharePoint 2010 is missing in the out-of-the-box product.
Built on the solid foundation of SharePoint Extranet Collaboration Manager for 2007, the SharePoint Extranet Collaboration Manager for 2010 features enhanced functionality and powerful new capabilities – all accessed from within SharePoint 2010 itself.
The comprehensive SharePoint extranet toolkit includes the following features:
  • The flexibility to empower delegated users to perform routine administrative tasks like sending invitations, adding accounts, unlocking accounts, managing passwords, granting access, removing access, and more.  Bottlenecks and wait times are eliminated.
  • New extranet users can register for site access themselves or you can send them invitations – approval of registrations can be automated.  IT “busywork” is reduced.
  • New security features – administrators can define security policies to govern site access and activity – at the site collection level, at the site level, or based on email domain.  You can make your extranet as secure as you want.
  • Total SharePoint integration – extranet management from within SharePoint itself eliminates learning obstacles and facilitates enthusiastic adoption.
  • With the remote extranet installation service package, the SharePoint solution teams, SharePoint extranet experts can have the vendor extranet up and running quickly, securely, and affordably in just a few hours.  We can start collaborating with our business partners right away!     

Features

* Extranet Collaboration Manager for SharePoint 2010 allows you to manage your extranet within SharePoint itself. No separate program or interface to learn!
* Allows the flexibility to designate certain users as Site Sponsors to perform routine administrative tasks like sending invitations, adding accounts, unlocking accounts, managing passwords, granting access, removing access, and more. Bottlenecks and wait times are eliminated.

* Improved control over assignment of administrative responsibilities – may be based on SharePoint Group(s), Membership Role(s), or both.

* Self-service features for extranet users, including password reset, extranet account sign-up, profile updating, etc.
* Reporting and monitoring features to measure your extranet’s effectiveness.
* Ability to send invitations to one or more desired extranet users.
* Allows an administrator to send an invitation URL manually when necessary.
* Allows an administrator to simulate an invitation in order to see what the         invitee would receive
* Ability to require users to agree with Terms and Conditions before receiving extranet access.
* Ability to capture all site activity in a detailed, simple-to-read audit log, allowing administrators to track service level and maintain compliance.
* Ability to automate registration approval process through a SharePoint workflow.
* Improved control of email notifications:
  • Ability to customize notification content with a mail definition defined by an administrator
  • Ability to define signatures for your notification emails
  • Ability to define the “From” address used by each notification email
  • Ability to “turn off” any unwanted notification  
* Ability to choose between SQL, Active Directory, or other membership providers for your extranet user database.
* Ability to set up forms-based login for extranet users; simple, familiar, and easy to use.
* Optional custom sign-in page which supports saved accounts, mixed-mode authentication, and the ability to map requests from an IP range to a specific authentication provider.
* Ability to set security policies at the site collection level, at the site level, or based upon email domain.
* Membership management features allow you to:
  • Add and remove extranet accounts
  • Change extranet account passwords
  • Lock extranet accounts based on last password change date or last login date
  • Unlock extranet accounts
  • Approve or deny extranet accounts
  • View extranet account role membership
  • View extranet role account members
  • Add extranet users to extranet roles
  • Add and remove extranet roles
* Allows new extranet users to register for site access.
* Allows existing SharePoint users to register for site access.
* Supports invitation registration and anonymous registration for site access.
* Allows requiring email verification during anonymous registration.
* Allows an administrator to manually verify an email address used during a registration.

Restore an Entire VM in Minutes - Architecture Design Guide,


Now businesses can recover from failures in minutes, not hours, with unprecedented affordability. The key to achieving the best business up time and cost savings is proper storage management and data protection design. 

This guide, sponsored by HP and Intel, outlines an architecture that offers compelling total cost of ownership breakeven in months, not years.