Published: February 28, 2008

The External Collaboration Toolkit for SharePoint (ECTS) is a collection of software and guidance that will help you easily deploy an environment for collaboration with external parties. The ECTS can be installed on a single server in less than a day, which means that your users can begin collaborating with external partners very quickly. In addition, because the ECTS software is built on Microsoft® Windows® SharePoint® Services 3.0, it is designed to be both familiar and very easy to use so that users will be more likely to use this solution and not revert to e-mail for collaboration. Finally, the ECTS software provides a secure platform that protects the data it stores.

Note   Although the solution is designed to work using Windows SharePoint Services 3.0, it also works on Microsoft Office SharePoint Server 2007. If you want to install it in a Microsoft Office SharePoint Server 2007 environment, please review Appendix A, “Installing in Larger Environments,” for more information.

Audience

This solution is intended for organizations whose users need to collaborate with various people outside the organization such as partners, contractors, clients, customers, and so on. Although the ECTS and Windows SharePoint Services provide strong external collaboration capabilities, companies that have highly complex collaboration needs, or need very high levels of security may not have their specific needs met by the ECTS.

Choosing an External Collaboration Solution provides guidance to help you determine if SharePoint Products ad Technologies and the ECTS are well suited to your specific situation.

How the Solution Works

The ECTS allows users inside and outside the firewall to share documents, lists, calendars, and so on, using the features and functionality provided by Windows SharePoint Services. Internal users access the collaboration site through an internal URL and are authenticated against the organization’s Active Directory® domain as usual. External collaborators use a typical Internet address to access the site (for example, https://collab.treyresearch.net). They log on using a form, and are authenticated against a separate Active Directory Application Mode (ADAM) directory that contains only external users.

The following figure shows the basic logical diagram of the solution.

Figure 1.1 Logical diagram of the ECTS solution

This diagram shows how external and internal users navigate to a common SharePoint installation, which is connected to two different identity stores for authentication. Internal users access the collaboration site through an internal URL and use their Active Directory Domain Services (AD DS) account to access shared content whereas external users use a typical Internet address to access the site, are provisioned in a stand-alone ADAM instance, and log on using a form. Placing external users in a distinct directory effectively segregates them from the internal network infrastructure. The solution provides custom components that integrate seamlessly with Windows SharePoint Services and allows you to manage external users similarly to the process used for internal users.

When internal and external users are logged on, they can store documents on the site and otherwise interact with the site as they would with a typical SharePoint site.

Capabilities and Features

The ECTS provides the following capabilities and features that streamline the process of setting up collaboration with external parties.

Provision New Site Collections

Windows SharePoint Services usually allows users to create sites inside a site collection. Unfortunately, sites do not provide the level of security isolation required for an external collaboration environment. However, site collections provide appropriate security isolation so that users who have access to one collaboration area will not have any access to another collaboration area. The ECTS allows users to create a new site collection either with or without administrator approval. This streamlines the process of creating new collaboration sites, and gets users collaborating quickly. The ECTS provides the following components that enable this capability:

• Create Site Collection. This Web Part allows an approved user either to create a new site collection (if workflow is not enabled), or request that a new site be created.
• Site Collection Manager. This Web Part shows an internal user all of the sites that they currently own. The user can navigate to one of the sites listed or delete the site.
• Site Collection Approval (optional). This Web Part gives an administrator the option to approve or deny site collection creation requests.

Provision New Users

It is very easy to provide access to a SharePoint site for users that already exist in your AD DS domain. However, when the user is outside the organization and does not have an internal account, the process is much more difficult. Usually, it requires a request to the administrator to create an account, after which access can be granted. With the ECTS, the collaboration site owner can easily create new external users and give them permission to access the sites. This process can be set up either to require administrative approval or not. The ECTS provides the following components that enable this capability:

• Add External User. This Web page allows an approved user to create a new external user account (if it does not already exist) or give an existing account access to the site collection. This page is analogous to the SharePoint New User page.
• External User Manager. This Web Part allows administrators to view all external users within the SharePoint environment and to perform common management operations on external users who have been created in ADAM. These operations include to:
  • Delete. Removes the external user from ADAM.
  • Disable/Enable. Toggles the account disabled attribute in ADAM, which prevents the external user from logging on to the SharePoint site.
  • Reset Password. Resets the external user’s password in ADAM.
  • Modify Profile Information. Allows the administrator to change attributes of the user’s profile.
• External User Approval (optional). This Web Part gives an administrator the option to approve or deny external user account creation requests.

Additional Features

The ECTS also provides some additional features that help make using and administering the system easier. These features include:

• Configuration Utility. This Web Part allows administrators to modify how the software works.  Settings that can be changed include the SMTP host, mail sender account, workflow for site creation and user creation, and so forth.
• Update My Account Information. Provides self service profile update functionality.
• Forgotten password reset. Provides functionality to help external users who have forgotten their passwords.
• Forms-based authentication. Lets external users authenticate using a logon form.
• Gather profile information at first logon. Directs external users to a Web page to input profile information.