Exercise 2



Advanced Security in SharePoint Server 2010 for Search and FAST Search Server 2010 for SharePoint: Lab 2This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. ? 2010 Microsoft Corporation. All rights reserved.Advanced Security in SharePoint Server 2010 for Search and FAST Search Server 2010 for SharePoint: Lab 2Summary: In this exercise, you will export the root certificate from the consuming server farm and import the root certificate to the publishing server farm.Applies to: Microsoft SharePoint Server 2010 | Microsoft FAST Search Server 2010 for SharePoint FederationPublished: September 2010Provided by: David Codrington, Curriculum Developer, Microsoft LearningMicrosoft Corporation Contents TOC \o "1-3" \h \z \u Exercise 2 PAGEREF _Toc272996455 \h 2Task 1: Export the root certificate from the consuming farm PAGEREF _Toc272996456 \h 3Task 2: Import the Certificate to the publishing farm PAGEREF _Toc272996457 \h 3Conclusion PAGEREF _Toc272996458 \h 4Exercise 2 Scenario: Establishing a trust between a FAST SharePoint Server 2010 and a FAST Search Server 2010 for SharePoint serverIn Microsoft SharePoint Server 2010, a SharePoint farm can connect to and consume a service application that is published on another SharePoint Server 2010 farm. For this to occur, the farms must exchange trust certificates.To enable queries from Microsoft SharePoint Server search application to FAST Search Server 2010 for SharePoint, you must select a communication channel for exporting and importing the certificates. To enable crawling content with the Content SSA, you must also copy certificates to all servers used in the crawl setup. The Microsoft SharePoint Server 2010 certificate must be copied from the SharePoint node and imported to all FS query nodes. The STS certificate can be seen in the trusted people certificate store on the FS node after it has been imported. Then the FAST Search Server must be configured to trust SharePoint Security Token Service certificate.In this exercise, you will:Export the root certificate from the consuming farmImport the root certificate to the publishing farmTask 1: Export the root certificate from the consuming farmBefore using the Secure Store Service to create target applications, you must provide it with a pass phrase. The pass phrase is used to generate a key that is used to encrypt and decrypt the credentials that are stored in the Secure Store Service database. If you have to supply the initial pass phrase, you will see the following message when you open a Secure Store Service application instance: Please generate a new key for this Secure Store Service application.To initialize an instance of a Secure Store Service applicationVerify that you meet the following minimum requirements: You are a member of the SharePoint_Shell_Access role on the configuration database and a member of the WSS_ADMIN_WPG local group on the computer where SharePoint 2010 Products is installed.On the Start menu, click All Programs.Click Microsoft SharePoint 2010 Products.Click SharePoint 2010 Management Shell.From the Windows PowerShell command prompt (that is, PS C:\>), run the following commands:$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate $stsCert.Export("cert") | Set-Content -encoding byte MOSS_STS.cerThe file MOSS_STS.cer is created in the same directory from where the command was executed. Copy MOSS_STS.cer to the directory FASTSearch to the FAST Search Server 2010 for SharePoint node (Since you are using a single server setup, copy the file to c:\FASTSearch\.)Task 2: Import the Certificate to the publishing farmYou use the Secure Store Service to create target applications. A target application maps the credentials of a user, group, or claim to a set of credentials on an external data source such as a SQL Server database or a Web service. After a target application is created, you can associate it with an external content type or application model to provide access to an external data source.Verify that you meet the following minimum requirements: You are a member of the SharePoint_Shell_Access role on the configuration database and a member of the WSS_ADMIN_WPG local group on the computer where SharePoint 2010 Products is installed.On the Start menu, click All Programs.Click Microsoft FAST Search Server 2010 for SharePoint 2010.Click Microsoft FAST Search Server 2010 for SharePoint management shell link.Navigate to the FAST Search installation location <install drive>\FASTSearch\installer\scripts, in this case c:\FASTSearch\installer\scripts.From the Windows PowerShell command prompt (that is, PS C:\>), run the following commands:.\InstallSTSCertificateForClaims.ps1 –certPath c:\FASTSearch\MOSS_STS.cerUsing windows explorer, copy the Personal Information Exchange file FASTSearchCert.pfx from the c:\FASTSearch\data\data_security folder back to the SharePoint Server, in this case, just to the root of c:\You will also need to copy the securefastsearchconnector.ps1 script from the folder c:\FASTSearch\installer\scripts\securefastsearchconnector.ps1to the SharePoint Servers. Again just copy it to the root of c:\On the Start menu, click All Programs.Click Microsoft SharePoint 2010 Products.Click SharePoint 2010 Management Shell.From the Windows PowerShell command prompt (that is, PS C:\>), run the following command:\SecureFASTSearchConnector.ps1 –certPath FASTSearchCert.pfx –ssaName “FASTContent” –username “Administrator”You will be prompted to type the certificate password that you had mentioned during the time of installing the FAST server. In this case use pass@word1. In order for the trust to become active you will need to restart the FSA Services. Return to the Microsoft FAST Search Server 2010 for SharePoint management shell.At the management shell prompt, enter in the following commands, allowing each one to complete its process, before running the next command:nctrl stop samadminnctrl stop samworkernctrl start samworkernctrl start samadminYour connections allowing you to crawl and perform searches will not be active.ConclusionIn this exercise, the student:Exported the root certificate from the consuming server farmImported the root certificate to the publishing server farm ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download