Plan for Shared Services Providers in an EPM/Office SharePoint Server 2007 extranet environment

Project 2007

Updated: February 25, 2010

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.


Topic Last Modified: 2010-02-24

This article describes how to plan for Shared Services Providers in an Enterprise Project Management (EPM)/ Microsoft Office SharePoint Server 2007 extranet environment. For an overview of this chapter about how to plan for EPM extranets, see Plan an EPM/Office SharePoint Server 2007 extranet environment.

A Shared Services Provider (SSP) provides a common set of services and service data to a logical grouping of Web applications and their associated sites. Services and service data include the following:

  • Personalization services

  • Audiences

  • Business Data Catalog

  • Excel Services

  • Office SharePoint Server Search

  • Portal usage reporting

The most important criterion that determines whether you must have more than one SSP in your logical architecture is if you must isolate content. For example, if your server farm hosts applications for more than one class of users, separate SSPs can help create isolation between these classes of users.

The model incorporates a separate SSP for each of the following applications:

  • Intranet

  • Partner Web

Shared Services Provider Partner Web

The five individual applications that compose the intranet — published intranet content, My Sites, team sites, PWA and Project Workspaces — are brought together by one SSP. The intranet application illustrated in the model provides an example of balancing secure isolation with the business need to share information and take advantage of profile data across the applications.

  • The individual applications are isolated by Web applications and application pools. Separate application pools provide process isolation. Dedicated Web applications provide the opportunity to implement different permission policies for each kind of content.

  • Unifying the five applications under one SSP provides for personalization and enterprise-wide search across all of the applications.

Shared Services Provider architecture

Using a separate SSP for the Partner Web application ensures that partner users cannot search on or access sensitive information within your intranet environment. The SSP can be configured to better isolate content between site collections in the following ways:

  • Limit search scopes to the individual site collections.

  • Use audiences to target content to certain groups of users.

  • Use the Stsadm command-line tool to configure the People Picker to display only users who are members of the site collection. In this configuration, you can add any user from the directory if you know the user name. However, only users who are already added to the site collection are displayed in the People Picker. This prevents partner users from browsing your user directory through the People Picker.

Use the following command to turn this configuration on:

Stsadm.exe -o setproperty -url http://server -pn “peoplepicker-onlysearchwithinsitecollection” -pv yes

Use the following command to turn this configuration off:

Stsadm.exe -o setproperty -url http://server -pn “peoplepicker-onlysearchwithinsitecollection” -pv no

In addition to configuring services within the SSP to achieve isolation, consider configuring permissions in the following ways:

  • Limit access to sites to specific users or groups.

  • Use SharePoint groups to authorize access to content.