Collaboration has become an essential force at the workplace as groups of colleagues work together to solve problems, complete projects, and perform other essential day-to-day business operations.
Using products such as Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0, information workers throughout a company can work jointly on documents as well as post files, participate in threaded discussions, link to dynamic Web content, and generate tables based on information in corporate databases. In addition, companies can use these tools to collaborate with partners and customers around the world.
Unfortunately, this collaborative environment is often limited to on-network use or is accessible only via cumbersome virtual private network (VPN) schemes from fully managed client machines. Wouldn’t it be great if you could safely access your SharePoint portal from anywhere at any time?
Microsoft has the tools to make that happen. By combining the Microsoft Intelligent Application Gateway 2007 with Microsoft Forefront Security for SharePoint, you can:
Increase productivity: Allow users to access SharePoint resources from any Internet connection.
Enhance the end-user experience: Maintain the familiar look and functionality of the SharePoint site while working off the network
Bolster security: Help ensure that access to resources is secured and document content is clean and free from malware and inappropriate information.
Two Products, Two Purposes
The Intelligent Application Gateway 2007 (IAG) is a comprehensive, secure remote access gateway that provides secure socket layer (SSL)-based application access and protection with endpoint security management. Using a specially designed Intelligent Application Optimizer for SharePoint 2007, IAG gives you the tools to let users access SharePoint resources safely and securely.
Microsoft Forefront Security for SharePoint manages and integrates industry-leading antivirus scan engines to help provide comprehensive protection against the latest threats, inappropriate content, and disclosure of confidential information -- helping ensure that documents are safe before they are saved to or retrieved from the SharePoint document library.
IAG provides:
Single-Sign On: One entry of user name and password grants access to all defined resources, and endpoint applications like Microsoft Office Outlook can be accessed directly.
Host Address Translation: Ensures that SharePoint links which normally would not work over the Internet resolve successfully.
Microsoft Office integration: Means that Microsoft Office 2003 and 2007 Microsoft Office applications will work successfully across the SSL VPN.
Password Change Management: Road warriors may go weeks without being on the network. This can lead to situations where passwords expire and users are locked out of critical applications. With IAG, users can be prompted when their passwords are nearing expiration and they can update them directly through the SSL VPN. Password management includes Active Directory service and Radius support, and it also works with resetting token PINs for third-party authentication schemes.
Common Interface: With the Intelligent Application Gateway, users can see their SharePoint portal exactly as it appears when they are in the office, plus a special IAG toolbar. Alternately, a built-in portal page can be used to provide easy point-and-click access to multiple applications.
Security Policies: Differentiate access attempts from trusted and non-trusted computers and apply different levels of permission and trust based on the source.
Secure Logoff: Forces re-authentication after a predefined time period, thus minimizing the window of opportunity for hijacking or taking over an abandoned session. To avoid dropping a session in the middle of activity (such as when writing a long e-mail message), a pop-up window lets the user prolong the session.
With all these protections around access, there is still one security hole left to plug—the threat from malicious content. And that’s where Forefront Security for SharePoint comes into play.
Forefront Security for SharePoint incorporates eight antivirus scan engines in a single product (one from Microsoft and seven from third-party antivirus labs), and it uses up to five of them at a time. All documents being uploaded to or downloaded from the document library can be scanned for viruses by five engines, each with unique detection capabilities. This is critical when opening the SharePoint portal to external access because there is no way to ensure that a connecting computer is properly protected from viruses.
Forefront Security for SharePoint also offers proactive protection by allowing you to block specific types of files that may be dangerous, such as .exe, .vbs, and .bat. And while SharePoint provides the native ability to block files by extension name, Forefront goes a step further and examines the file type directly, meaning that simple tricks like changing the file extension will not evade Forefront defenses. Forefront will also examine files embedded in ZIP and other compression formats, as well as malware embedded into documents such as Office files.
