Secure VPN solutions ensure all users and servers connected within a VPN have secure and encrypted access to each other. In a VPN environment all traffic sent through the secure VPN connection is automatically encrypted without requiring any changes in SharePoint or its underlying platform.
Secure VPN solutions allow network administrators to create a single comprehensive security solution for their clients without requiring specific changes and configuration in SharePoint. Replication Package transfers that are sent over the secure VPN connection are automatically encrypted by the VPN solution.
A whitepaper discussing MOSS 2007 in an SSL VPN environment, How to Select an SSL VPN for Remote Access to Microsoft SharePoint Portal Server 2007, can be downloaded from the Microsoft web site at http://download.microsoft.com/download/F/0/2/F0229C11-B47E-4002-A444-60207C6E11F5/SSL%20VPN%20for%20SharePoint-WP-200702.doc.
Least-privilege accounts is a security concept which provides each account in a network the minimum permissions required to perform required tasks. This concept all accounts, but for the purposes of this document the focus will be on SharePoint service accounts. The account privileges required by service accounts for SharePoint are discussed in the Microsoft Technet article found at http://technet.microsoft.com/en-us/library/hh377944.aspx. Least-privilege account requirements for Replicator will be discussed below.
The process of securing Replicator builds upon the security which has already been configured for SharePoint. The first step in ensuring a secure environment for replication is done by requiring farm administration privileges to configure Replicator. This ensures that only designated administrators can alter the configuration of your SharePoint and Replicator environments. Additional security is provided through the configuration of the Replicator data folders, encrypted zip files, firewalled connections and least-privilege accounts.
The Replicator service runs under the SharePoint Central Administration (SP CA) Application Pool account. The Replicator service must run under the SP CA application pool account and can't be replaced with another account. However, to increase security you could create separate application pool accounts for each web application which would result in the application pool account for the content web applications being different than the application pool account for the SP CA application pool account. This will work fine provided you follow the instruction in the Metalogix Replicator Advanced Installation Guide under Access Requirements.
© ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center