Plan for domain trust relationships in an EPM/Office SharePoint Server 2007 extranet environment
Updated: February 25, 2010
This article describes how to plan for domain trust relationships in an Enterprise Project Management (EPM)/ Microsoft Office SharePoint Server 2007 extranet environment. For an overview of this chapter about how to plan for EPM extranets, see Plan an EPM/Office SharePoint Server 2007 extranet environment.
Plan domain trust relationships
When the server farm is located inside a perimeter network, this network requires its own Active Directory service infrastructure and domain. Typically, a perimeter domain and a corporate domain are not configured to trust one another. However, there are several scenarios in which a trust relationship might be required. The following table summarizes scenarios that affect requirements for a trust relationship.
If the perimeter domain trusts the corporate network domain, you can authenticate both internal and remote employees by using their corporate domain credentials.
Forms authentication and Web single sign-on (SSO)
You can use forms-based authentication and Web SSO to authenticate both internal employees and remote employees against an internal Active Directory environment. For example, you can use Web SSO to connect to Active Directory Federation Services (ADFS). Using forms-based authentication or Web SSO does not require a trust relationship between domains.
However, several features of Office SharePoint Server 2007 might not available, depending on the authentication provider. For more information about features that might be affected when forms-based authentication or Web SSO is used, see Plan authentication settings for Web applications in Office SharePoint Server.
A trust relationship between domains is not required to publish content from one domain to the other. To avoid a requirement for a trust relationship, ensure that you use the appropriate account for publishing content.
For more information about how to configure a one-way trust relationship in an extranet environment, see Plan security hardening for extranet environments.