Virtual Identity Server for SharePoint

(VIS for SharePoint) - Providing a Secure, Manageable Multi-forest SharePoint Solution

Features

Solution Details

Extensible Authentication Framework

The Virtual Identity Server for SharePoint, provides an extensible authentication framework that that dramatically expands the authentication options for a SharePoint deployment. Out of the box, SharePoint provides either Forms Based Authentication (FBA), or authentication to a single Active Directory forest. VIS for SharePoint, expands the authentication options to include:

• Integrated Windows (NTLM/Kerberos): Can span multiple forests without the need for forest trusts.
• Two Factor Authentication: Such as: SecurID, Smart Card, USB Token
• Forms Based Authentication (FBA): Can span multiple forests and multiple platforms, such as: Active Directory(AD), Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Services (AD LDS), LDAP (Sun/IBM/e-Directory), AS/400, Mainframe.
• Federation: Federation with standard SAML or Active Directory Federation Services (ADFS) both internally as well with external partners.
• "Geneva": Support for Microsoft's "Geneva" framework via a STS that allows authentication to be multi-forest and multi-platform.
• CAC Authentication: Supports Department of Defense (DoD) Common Access Card (CAC) authentiation.
• IdM Solutions: Single Sign-On (SSO) with Identity Management solutions such as Sun Identity Manager,IBM Tivoli Identity Manager, Oracle Identity Management Suite (OIM/OAM), CA SiteMinder.
• Custom: Ability to extend the product to provide authentication to any system using standard Microsoft .NET programming languages.

Click picture to see larger image

The Virtual Identity Server for SharePoint enhances and extends Microsoft SharePoint to provide all of these authentication options across multiple disparate systems and multiple Active Directory forests without requiring trusts.

Additionally, VIS for SharePoint, installs in a matter of minutes and can be seamless deployed to both new and existing installations of SharePoint.

^ back to top

Seamless Cross-Forest Windows Authentication Module without trusts

The Virtual Identity Server (VIS) allows organizations to rapidly and easily to deploy SharePoint across multiple forests without the need for forest trusts with full Office integration.

Many companies have multiple internal Active Directory forests that do not have any forest trust relationships. There are many valid reasons for separating and isolating these forests. However, this often conflicts with the business need to share and collaborate data across these forests.

The Virtual Identity Server makes this once difficult task, easy to achieve. VIS bridges the gap of these siloed directories. This provides a single enterprise view of these isolated directories, while maintaining the security and control of the existing Active Directory infrastructure.

Click picture to see larger image

VIS for SharePoint includes an advanced cross-forest Windows authentication module. This module leverages a user’s existing Active Directory credentials, providing a seamless multi-forest Single Sign-On solution without requiring forest trusts. User’s who are logged into an Active Directory domain are automatically authenticated to SharePoint when accessing the site.

Users who have not authenticated to an Active Directory domain are prompted for a user id and password. This enables organizations to quickly and easily deploy one instance of SharePoint to external and internal users without creating a forest trust or requiring internal users to re-authenticate and full Office integration.

^ back to top

Enhanced Authorization & Content Management using Virtual Static and Dynamic Groups

SharePoint utilizes Active Directory groups to manage authorization and permissions within SharePoint. Utilizing Virtual Static Groups, businesses have a more flexible and powerful way to manage content permissions. Group membership can span multiple forests without the need for forest trusts.

In addition, SharePoint specific groups no longer need to reside in AD forests. Instead, these groups can be centralized within the SharePoint deployment; reducing complexity and cost. Unlike SharePoint site groups, Virtual Static Static Groups can span multiple SharePoint sites allowing for more control and flexibility in the deployment.

^ back to top

Single Point of Administration

The Virtual Identity Server for SharePoint, provides a single point of administration for multiple SharePoint sites. Using VIS, one SharePoint server can span hundreds of Active Directory forests quickly and easily. AD and SharePoint administrators now have an easy to use solution for managing users, groups and access from within SharePoint. VIS for SharePoint seamlessly integrates with and extends the capabilities of SharePoint and Active Directory.

^ back to top

SharePoint Governance

Governance at the root is the connection between IT and the business. SharePoint more so than other business applications brings these issues front and center. IT wants to mitigate risks, while the business wants to generate business value and collaborate. Achieving these goals together can be a challenge without a framework and proper process or checks and balances.

The Virtual Identity Server for SharePoint provides this framework, by enabling the business to work with not against the IT initiatives. With Dynamic Role Based Access Control, the security within SharePoint is now defined once and changes automatically over time, significantly reducing administration, increasing security and lowering the total cost of ownership (TCO). Static Groups at the virtual directory layer can span multiple SharePoint sites allowing for more control and flexibility in the deployment.

^ back to top

Dynamic Role Based Access Control

VIS for SharePoint also simplifies the security within SharePoint by providing administrators a dynamic role-based access control security model for SharePoint. Administrators are no longer required to manage security and group membership on an on-going basis. Instead, SharePoint administrators define dynamic groups based on business rules for who should be included in a dynamic group only once.

The Virtual Identity Server for SharePoint dynamically computes the group membership on-the-fly and in real-time. As the data changes on the user, so does the group membership. The security within SharePoint is now defined once and changes automatically, significantly reducing administration, increasing security and lowering the total cost of ownership (TCO).

^ back to top

Comprehensive Audit, Compliance & Reporting

VIS extends the SharePoint deployment further by providing comprehensive auditing and reporting capabilities. VIS tracks and logs all LDAP activity to a Microsoft SQL Server database.

VIS provides valuable auditing information that can be easily reported on using the Virtual Identity Server Reports, a web based reporting and compliance solution that is optionally available with VIS. Virtual Identity Server Reports allows reports to be run interactively using a .NET web application or can be scheduled for email distribution in popular formats such as PDF, Word and Excel.

^ back to top

Common Deployment Scenarios

The VIS/SharePoint integration is extremely flexible and can accommodate a wide variety of deployment scenarios. Customer requirements vary but often share a common architecture goal such as the ability to:

• Deploy SharePoint across multiple internal Active Directory forests
• Deploy an external (DMZ based) SharePoint to both external and internal users
• Integrate an external DMZ SharePoint server with an internal SharePoint server where documents are synchronized between two deployments.

^ back to top

---

DataSheet

  Download VIS & SharePoint Datasheet (pdf)

      
   VIS for SharePoint Datasheet (pdf)