###BeginCaseStudy###
Case Study: 5
Contoso Ltd
Background
You are the SharePoint server administrator for Contoso, Ltd. Contoso has a SharePoint 2010
environment hosted on SharePoint Online and a separate on-premises SharePoint 2010 farm. You
are preparing to upgrade the environments to newer versions of SharePoint. You are also planning
to support a hybrid on-premises/cloud deployment that will be available to customers, partners, and
third-party vendors.
Contoso collaborates with a partner company, Tailspin Toys, on multiple projects.
Technical Environment
All user groups reside in the existing Active Directory Domain Services (AD DS) domain
corp.contoso.com.
The existing SharePoint Online environment is configured as follows:
• The SharePoint Online URL assigned by Microsoft is
http://contoso.sharepoint.com.
• The SharePoint Online Administration Center URL is
https://contoso.admin.sharepoint.com.
• The user name for the Contoso Office 365 administrator is
[email protected].
• An existing line-of-business application provides an OData service
that is hosted in Microsoft Windows Azure SQL Database.
The site collections are described in the following table.
Business Requirements
The upgraded SharePoint environments must meet the following business requirements:
• All SharePoint 2013 features must be available to all users when
connecting from inside or outside of the corporate network.
• Users of the Partner Projects site collection must be able to share
content from their Microsoft Outlook clients and receive content from
external users who send email directly to the site.
• The Corporate Projects site collection must be available to internal
users who connect from outside of the corporate network and must not
require a VPN connection.
• Third-party vendors must be able to read and modify documents.
Technical Requirements
You must meet the following technical requirements:
• Before upgrading the Partner Projects site collection, create a
duplicate, upgraded copy of the site for review and verification purposes.
• Use Active Directory Federation Services (AD FS) 2.0 to authenticate
Contoso employees, partners, and customers.
• Automate the sign-in experience by using the local AD FS 2.0 servers
for AD FS single sign-on (SSO).
• Ensure that a web usage report that contains traffic reports, search
reports, and inventory reports can be provided for any site.
The upgraded SharePoint environments must meet the following technical requirements:
• All user profile information that resides in Active Directory must be
available in SharePoint Online.
• All sites must be able to share a mail-enabled document library that
resides in the cloud.
• The existing line-of-business application must be consumed as an
external content type by using Microsoft Business Connectivity Services
(BCS).
• The Partner Projects site collection must allow Contoso and Tailspin
Toys users to share documents with third-party vendors on an ad-hoc basis,
without incurring additional licensing requirements.
###EndCaseStudy###
DRAG DROP
You need to provide access to the Corporate Projects site collection to remote internal users.
Which authentication mode and site collection URL should you use? (To answer, drag the
appropriate answer choices to the correct location or locations in the answer area. Each answer
choice may be used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.)
Answer: See the explanation
Explanation:
Box 1: DirectAccess authentication
Box 2: Path-based site collections
Note:
* From scenario: Automate the sign-in experience by using the local AD FS 2.0 servers for AD FS
single sign-on (SSO).
* The Corporate Projects site collection must be available to internal users who connect from
outside of the corporate network and must not require a VPN connection
* DirectAccess authenticates the computer before the user logs on. Typically, computer
authentication grants access only to domain controllers and DNS servers. After the user logs on,
DirectAccess authenticates the user, and the user can connect to any resources he or she is
authorized to access.
DirectAccess supports standard user authentication using a computer certificate and user account
name and password credentials.
DirectAccess supports standard user authentication using a computer certificate and user account
name and password credentials. For greater security, you can implement additional authorization
with smart cards. This type of configuration allows users to access Internet resources without their
smart cards, but requires a smart card before users can connect to intranet resources. A user must
insert a smart card in addition to typing his or her user credentials. Smart card authorization
prevents an attacker who acquires a user’s password (but not the smart card) from accessing the
intranet. Similarly, an attacker who acquires the smart card but does not know the user’s password
does not have access.
When smart cards are required for end-to-end authentication, you must use Active DirectoryDomain
Services (AD DS) in Windows Server 2008 R2.
* From scenario: Ensure that a web usage report that contains traffic reports, search reports, and
inventory reports can be provided for any site.
* Microsoft SharePoint supports both path-based and host-named site collections. The primary
difference between path-based and host-named site collections is that all path-based site collections
in a Web application share the same host name (DNS name), and each host-named site collection in
a Web application is assigned a unique DNS name.
Path-based site collections
Ex: http://www.company.com/sites/cust1
http://www.company.com/sites/cust2
http://www.company.com/sites/cust3
Host-named site collections
Ex: http://cust1.company.com
http://cust2.company.com