Plan for domain trust relationships in an EPM/Office SharePoint Server 2007 extranet environment

项目
06/15/2015

更新时间: 2010年2月

上一次修改主题： 2015-03-09

This article describes how to plan for domain trust relationships in an Enterprise Project Management (EPM)/ Microsoft Office SharePoint Server 2007 extranet environment. For an overview of this chapter about how to plan for EPM extranets, see Project Server 2007 Extranet 环境的规划.

Plan domain trust relationships

When the server farm is located inside a perimeter network, this network requires its own Active Directory service infrastructure and domain. Typically, a perimeter domain and a corporate domain are not configured to trust one another. However, there are several scenarios in which a trust relationship might be required. The following table summarizes scenarios that affect requirements for a trust relationship.

Table 12. Summary of scenarios

Scenario	Description
Windows authentication	If the perimeter domain trusts the corporate network domain, you can authenticate both internal and remote employees by using their corporate domain credentials.
Forms authentication and Web single sign-on (SSO)	You can use forms-based authentication and Web SSO to authenticate both internal employees and remote employees against an internal Active Directory environment. For example, you can use Web SSO to connect to Active Directory Federation Services (ADFS). Using forms-based authentication or Web SSO does not require a trust relationship between domains. However, several features of Office SharePoint Server 2007 might not available, depending on the authentication provider. For more information about features that might be affected when forms-based authentication or Web SSO is used, see Plan authentication settings for Web applications in Office SharePoint Server.
Content publishing	A trust relationship between domains is not required to publish content from one domain to the other. To avoid a requirement for a trust relationship, ensure that you use the appropriate account for publishing content.

Windows authentication

If the perimeter domain trusts the corporate network domain, you can authenticate both internal and remote employees by using their corporate domain credentials.

Forms authentication and Web single sign-on (SSO)

You can use forms-based authentication and Web SSO to authenticate both internal employees and remote employees against an internal Active Directory environment. For example, you can use Web SSO to connect to Active Directory Federation Services (ADFS). Using forms-based authentication or Web SSO does not require a trust relationship between domains.

However, several features of Office SharePoint Server 2007 might not available, depending on the authentication provider. For more information about features that might be affected when forms-based authentication or Web SSO is used, see Plan authentication settings for Web applications in Office SharePoint Server.

Content publishing

A trust relationship between domains is not required to publish content from one domain to the other. To avoid a requirement for a trust relationship, ensure that you use the appropriate account for publishing content.

For more information about how to configure a one-way trust relationship in an extranet environment, see 为 Extranet 环境规划安全强化.

Plan for domain trust relationships in an EPM/Office SharePoint Server 2007 extranet environment

Plan domain trust relationships

Table 12. Summary of scenarios

其他资源