CEPM SharePoint Agent Guide - Introduction [Cisco Policy Enforcement Point]

Table Of Contents

Introduction

Advantages of Integrating SharePoint with CEPM

Introduction

This document provides a step-by-step procedure to install the CEPM SharePoint Agent and integrate the Policy Administration Point (PAP) with your web applications running on SharePoint Server 2007.

Advantages of Integrating SharePoint with CEPM

Microsoft Office SharePoint Server (MOSS) 2007 is an integrated suite of server capabilities that can help improve organizational effectiveness by providing comprehensive content management and enterprise search, accelerating shared business processes, and facilitating information-sharing across boundaries for better business insight. Office SharePoint Server 2007 supports all intranet, extranet, and web applications across an enterprise within one integrated platform, instead of relying on separate fragmented systems. Additionally, this collaboration and content management server provides IT professionals and developers with the platform and tools they need for server administration, application extensibility, and interoperability.

Additionally, MOSS 2007 allows an organization to:

•Manage content and processes

•Improve business insight

•Simplify internal and external collaboration

•Empower Information Technology to make a strategic impact

While the process of managing security within Microsoft SharePoint has been improved in MOSS in comparison to prior versions, it is still a painstaking process that will grow in complexity as MOSS-based sites and applications grow over time and proliferate throughout the enterprise. Consider the following issues:

•As application owners and end users add more sites, one can expect the number of roles and user-groups defined within MOSS to grow.

•Enforcement of enterprise security policies can be a challenge when end users are managing their own sites.

•Compliance can become an issue when security policies for securable objects have been overridden by the site or item owners, and those owners leave the organization or change over time.

•It is difficult to implement business logic in the MOSS authorization process without the use of custom code. For example, this item should only be editable by users who are authorized by external system of record.

•There is no easy way to enforce segregation of duty rules in MOSS.

•Authorization policies stored within SharePoint are destined to remain encapsulated in infrastructure silos.

The Cisco Enterprise Policy Manager (CEPM) SharePoint Agent allows an administrator to secure a page within a site. Every enterprise portal competing with SharePoint can protect pages, but not SharePoint. To do this basic but critical security measure in SharePoint, you need the Cisco SharePoint Agent.

In addition, the SharePoint Backdoor Navigation, called All Site Content, exposes all the components of the site, completely ignoring any presentation security. This means if there is a LIST Web Part you are not supposed to see, you will still see it and view all the metadata describing that list. However, when you click the link, that denied access page is displayed. This practice is often referred as Dead End Navigation. With CEPM, you can secure this page and no longer publicly expose the guts of your site, possibly revealing the contents of what the site holds.

To help abstract MOSS security onto a service platform that uses CEPM, Cisco provides a shrink-wrapped agent for MOSS. The agent facilitates:

•Authorization abstraction

•Roles and rules based policy enforcement including business-logic execution

•The ability to utilize user and application data stores beyond SQL Server and Microsoft AD/ADAM

•Fine-grained access control (CRUD) that compliments MOSS item-level security for sites, lists, collections, libraries and documents

•Application-level security enforcement for custom web-part based applications

•Protecting stock Web Parts with the addition of HTTP handler hook

CEPM can thus compliment an enterprise's investment in Microsoft Office SharePoint Server 2007 by helping to abstract some of the embedded authorization logic from SharePoint, so as to help transition SharePoint onto the enterprise authorization service platform. In doing so, CEPM helps alleviate some of the complexity in managing the authorization model of MOSS 2007.

	CEPM SharePoint Agent Guide
	Introduction
CEPM SharePoint Agent Guide Preface Introduction Product Architecture Installing SharePoint Agent Integration of CEPM with MOSS Application Setting up policies from within MOSS Troubleshooting Configuring Membership and Role Provider	Download this chapter Introduction Download the complete book CEPM SharePoint Agent Guide (PDF - 4 MB) Feedback Table Of Contents Introduction Advantages of Integrating SharePoint with CEPM Introduction This document provides a step-by-step procedure to install the CEPM SharePoint Agent and integrate the Policy Administration Point (PAP) with your web applications running on SharePoint Server 2007. Advantages of Integrating SharePoint with CEPM Microsoft Office SharePoint Server (MOSS) 2007 is an integrated suite of server capabilities that can help improve organizational effectiveness by providing comprehensive content management and enterprise search, accelerating shared business processes, and facilitating information-sharing across boundaries for better business insight. Office SharePoint Server 2007 supports all intranet, extranet, and web applications across an enterprise within one integrated platform, instead of relying on separate fragmented systems. Additionally, this collaboration and content management server provides IT professionals and developers with the platform and tools they need for server administration, application extensibility, and interoperability. Additionally, MOSS 2007 allows an organization to: •Manage content and processes •Improve business insight •Simplify internal and external collaboration •Empower Information Technology to make a strategic impact While the process of managing security within Microsoft SharePoint has been improved in MOSS in comparison to prior versions, it is still a painstaking process that will grow in complexity as MOSS-based sites and applications grow over time and proliferate throughout the enterprise. Consider the following issues: •As application owners and end users add more sites, one can expect the number of roles and user-groups defined within MOSS to grow. •Enforcement of enterprise security policies can be a challenge when end users are managing their own sites. •Compliance can become an issue when security policies for securable objects have been overridden by the site or item owners, and those owners leave the organization or change over time. •It is difficult to implement business logic in the MOSS authorization process without the use of custom code. For example, this item should only be editable by users who are authorized by external system of record. •There is no easy way to enforce segregation of duty rules in MOSS. •Authorization policies stored within SharePoint are destined to remain encapsulated in infrastructure silos. The Cisco Enterprise Policy Manager (CEPM) SharePoint Agent allows an administrator to secure a page within a site. Every enterprise portal competing with SharePoint can protect pages, but not SharePoint. To do this basic but critical security measure in SharePoint, you need the Cisco SharePoint Agent. In addition, the SharePoint Backdoor Navigation, called All Site Content, exposes all the components of the site, completely ignoring any presentation security. This means if there is a LIST Web Part you are not supposed to see, you will still see it and view all the metadata describing that list. However, when you click the link, that denied access page is displayed. This practice is often referred as Dead End Navigation. With CEPM, you can secure this page and no longer publicly expose the guts of your site, possibly revealing the contents of what the site holds. To help abstract MOSS security onto a service platform that uses CEPM, Cisco provides a shrink-wrapped agent for MOSS. The agent facilitates: •Authorization abstraction •Roles and rules based policy enforcement including business-logic execution •The ability to utilize user and application data stores beyond SQL Server and Microsoft AD/ADAM •Fine-grained access control (CRUD) that compliments MOSS item-level security for sites, lists, collections, libraries and documents •Application-level security enforcement for custom web-part based applications •Protecting stock Web Parts with the addition of HTTP handler hook CEPM can thus compliment an enterprise's investment in Microsoft Office SharePoint Server 2007 by helping to abstract some of the embedded authorization logic from SharePoint, so as to help transition SharePoint onto the enterprise authorization service platform. In doing so, CEPM helps alleviate some of the complexity in managing the authorization model of MOSS 2007.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks