Configure external access for mobile devices (SharePoint Server 2010)
Applies to: SharePoint Server 2010
Mobile device users can access a SharePoint site either by using a mobile browser or by using a rich client application such as Microsoft SharePoint Workspace Mobile 2010. This article describes how to make SharePoint sites accessible for mobile devices when the devices are used outside the corporate firewall. There are three methods for enabling external access:
Virtual private network server A virtual private network (VPN) server that supports Secure Sockets Layer (SSL), such as Microsoft Forefront Unified Access Gateway (UAG), enables you to publish SharePoint sites across the corporate firewall. The following steps summarize how to make a SharePoint site accessible from outside the corporate firewall when using a VPN server:
Set up the VPN server.
Publish the SharePoint site on the VPN server.
Configure an alternate access mapping for the SharePoint site.
Add the SharePoint site to a zone that allows cross-firewall access. For more information about cross-firewall access, see Configure cross-firewall access, later in this article.
Forefront UAG is the only VPN server that is supported by Microsoft Office Mobile on Windows Phone 7 and Windows Phone 6.5. For more information about how to configure Forefront UAG to support Microsoft Office Mobile, see Configure Forefront Unified Access Gateway for SharePoint Workspace Mobile, later in this article.
For more information about Forefront UAG, see Forefront Unified Access Gateway (UAG) (http://go.microsoft.com/fwlink/p/?LinkID=196384), SharePoint publishing solution guide (http://go.microsoft.com/fwlink/p/?LinkId=206256), and Deploying Forefront UAG for mobile devices.
Mobile proxy server Mobile proxy servers, such as Microsoft System Center Mobile Device Center and Blackberry Enterprise Server, help mobile devices work within the IT infrastructure of a company. To access a SharePoint site from outside the corporate firewall, the mobile proxy server must pass the mobile browser's HTTP headers directly through to SharePoint Server.
Direct Internet access The SharePoint site can be placed on the extranet. This method supports only basic authentication. We recommend using a combination of technology and policy safeguards, such as SSL, with any Internet-facing servers.
In this article:
Configure cross-firewall access
Configure Forefront Unified Access Gateway for SharePoint Workspace Mobile
Configure cross-firewall access
After the SharePoint site is published outside the firewall, you must add the site to a zone that allows cross-firewall access. A cross-firewall access zone is used to generate external PC and mobile URLs in mobile alert messages, and enables users to send an externally accessible URL when they click the E-mail a link button on the ribbon.
To configure a cross-firewall access zone
Verify that you have the following administrative credentials:
- You must be a member of the Farm Administrators group.
In Central Administration, click System Settings.
On the System Settings page, under Farm Management, click Configure cross firewall access zone.
On the Cross Firewall Access Zone page, in Web Application, in the Web Application list box, select the Web application that is published across the firewall.
In Cross Firewall Access Zone, in the Zone selection for cross firewall access list box, select the zone that is published across the firewall.
Configure Forefront UAG for SharePoint Workspace Mobile
Office Mobile users can connect to a SharePoint site by using the mobile browser or by using Microsoft SharePoint Workspace Mobile 2010. This section describes the overall procedure for publishing a SharePoint site so it can be accessed by mobile devices, and it also describes additional configuration required to support SharePoint Workspace Mobile.
We recommend that you use Forefront UAG with Service Pack 1 (SP1) installed.
The SharePoint site can now be accessed by mobile browsers. To support connecting from SharePoint Workspace Mobile, you must also publish the SharePoint site for SharePoint Workspace Mobile on the Forefront UAG server. For more information, see Publishing SharePoint sites for SharePoint Workspace Mobile (http://go.microsoft.com/fwlink/p/?LinkId=206257).
SharePoint Workspace Mobile does not support directly connecting to sites in the Internet zone. When a user connects to the published site, Forefront UAG identifies the user agent that is sent by SharePoint Workspace Mobile and responds with an HTTP 401 challenge. SharePoint Workspace Mobile uses the user credentials that are configured in the Forefront UAG settings of the mobile device to authenticate to Forefront UAG by using Basic authentication. Forefront UAG then authenticates the user to the SharePoint site
A site that has a fully qualified domain name (for example, https://hrweb.contoso.com) is considered to be in the Internet zone by SharePoint Workspace Mobile.
The following procedures describe how configure the Forefront UAG settings on a Windows Phone device. Users must configure the Forefront UAG settings on their Windows Phone device before they can use SharePoint Workspace Mobile to access a SharePoint site. We recommend that you provide these procedures to users so they can configure their Windows Phone devices, and also provide them with their Forefront UAG server information.
To configure Forefront UAG settings on a Windows Phone 6.5 device (end users)
On the mobile device, start SharePoint Workspace Mobile.
Tap Menu, tap Settings, and then tap Configure Forefront UAG Server.
In the Forefront UAG address box, type the URL of the UAG trunk.
Enter the domain user name and password.
To configure Forefront UAG settings on a Windows Phone 7.0 device (end users)
On Start, flick left to the App list, and then tap Office.
Flick to SharePoint, and then tap All.
Tap More, tap Settings, and then tap UAG server.
On the UAG Server screen, do the following:
Tap the UAG server address box, and then type the server address, beginning with https://.
Tap the User name box, and then type your domain and user name. For example, if you log on to your computer by using domainName\userName, you would type domainName\userName in the box.
Tap the Password box, and then type your password.
Tap the Save password check box.