立即与支持人员聊天
与支持团队交流

Replicator 7.4 - Secure Replication

Encrypting Transfers using Secure VPN

Secure VPN solutions ensure all users and servers connected within a VPN have secure and encrypted access to each other. In a VPN environment all traffic sent through the secure VPN connection is automatically encrypted without requiring any changes in SharePoint or its underlying platform.

Secure VPN solutions allow network administrators to create a single comprehensive security solution for their clients without requiring specific changes and configuration in SharePoint. Replication Package transfers that are sent over the secure VPN connection are automatically encrypted by the VPN solution.

A whitepaper discussing MOSS 2007 in an SSL VPN environment, How to Select an SSL VPN for Remote Access to Microsoft SharePoint Portal Server 2007, can be downloaded from the Microsoft web site at http://download.microsoft.com/download/F/0/2/F0229C11-B47E-4002-A444-60207C6E11F5/SSL%20VPN%20for%20SharePoint-WP-200702.doc.

Least-Privilege Accounts

Least-privilege accounts is a security concept which provides each account in a network the minimum permissions required to perform required tasks.  This concept all accounts, but for the purposes of this document the focus will be on SharePoint service accounts.  The account privileges required by service accounts for SharePoint are discussed in the Microsoft Technet article found at http://technet.microsoft.com/en-us/library/hh377944.aspx.  Least-privilege account requirements for Replicator will be discussed below.

Replicator

The process of securing Replicator builds upon the security which has already been configured for SharePoint.  The first step in ensuring a secure environment for replication is done by requiring farm administration privileges to configure Replicator.  This ensures that only designated administrators can alter the configuration of your SharePoint and Replicator environments. Additional security is provided through the configuration of the Replicator data folders, encrypted zip files, firewalled connections and least-privilege accounts.

Replicator Services

The Replicator service runs under the SharePoint Central Administration (SP CA) Application Pool account. The Replicator service must run under the SP CA application pool account and can't be replaced with another account.  However, to increase security you could create separate application pool accounts for each web application which would result in the application pool account for the content web applications being different than the application pool account for the SP CA application pool account.  This will work fine provided you follow the instruction in the Metalogix Replicator Advanced Installation Guide under Access Requirements.  

 

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级