345: Everything you Need to Know about Security and FAST ...

greenpepperwhinnySecurity

Nov 3, 2013 (3 years and 9 months ago)

186 views

NT Token

Windows Identity

SAML Token

LiveID
, ADFS, Others

SAML Token

Claims Based Identity

1

2

3

4

5

6

7

8

9

10

User

Profiles

Content

Search Center



Format

Conversion

Language

Detection

Property

Extraction

Stemming

Mapper



Item

Processing

Pipeline

SID: S
-
1
-
5
-
11

Authenticated Users

docacl
:
winaeaqaaaaaaaakcyaaaaa

Index

Search Center

Data Crawled

Data Indexed

Query Issued

Filter Created

Processing Pipeline

Query=<query>

and

docacl
:

winaeaqaaaaaaaakcyaaaaa

Query Pipeline

Get
-
FASTFixml

bcondocacl
bcondocacl
fast
uid
=MCMud3x2bVxwYWJyYW5zbw==

docacl
":(
string("
all
"), string("
unknown
"
winaecqaaaaaaaakfiaaaamyprizsccly1ljilgcs1qaqaaa
9winaecqaaaaaaaakfiaaaamyprizsccly1ljilgcs1qaqaaa
fast

Query Pipeline


Located
in qtf
-
config.xml


Use to disable
security


Comment out
securityfql

instance


Restart
QRServer

Download Scripts

View indexed document security
Expose the Show All link in the Search Center
Query/TCP13287


TCP/443 or
TCP/80

TCP/1433

TCP/1433

Content/TCP13391


Admin/TCP13257


Resource/TCP13255

Image

Port

Allow

Block

Secure

NodeConf
/
Observered

Name

ServiceName

crawler

13000

no

yes

yes

NodeConf.xml

Enterprise Crawler


crawler.exe

13000

no

yes

yes

Observed

Enterprise Crawler


crawler.exe

13003

no

yes

yes

Observed

Enterprise Crawler


crawler


13040

no

yes

yes

NodeConf.xml

Enterprise Crawler


dupserver


13042

no

yes

yes

NodeConf.xml

Duplicate server


dupserverreplica


13043

no

yes

yes

NodeConf.xml

Duplicate server replica


browserengine

13046

no

yes

yes

Observed

Browser Engine


Browserengine

13048

no

yes

yes

Observed

Browser Engine


fdispatch.exe

13050

no

yes

yes

Observed

query dispatch process


fdispatch.exe

13052

no

yes

yes

Observed

query dispatch process


fsearch.exe

13056

no

yes

yes

Observed

partition control process


fsearch.exe

13066

no

yes

yes

Observed

partition control process


fsearch.exe

13076

no

yes

yes

Observed

partition control process


fsearch.exe

13086

no

yes

yes

Observed

partition control process


fsearch.exe

13096

no

yes

yes

Observed

partition control process


indexer.exe

13247

no

yes

yes

Observed

RTS Indexer


fsearchctrl.exe

13248

no

yes

yes

Observed

Search Control


fsearchctrl.exe

13249

no

yes

yes

Observed

Search Control


configserver


13250

no

yes

yes

NodeConf.xml

Config

Server


configserver.exe

13250

no

yes

yes

Observed

Config

Server


fastsearch.exe

13260

no

yes

yes

Observed

Node Controller

FASTSearchService

nctrl

13260

no

yes

yes

NodeConf.xml

Node Controller

FASTSearchService

security module

13270

no

yes

yes

Observed

FSA


security module

13278

no

yes

yes

Observed

FSA


security module

13279

no

yes

yes

Observed

FSA


qrserver


13280

no

yes

yes

NodeConf.xml

QRServer


qrserver.exe

13280

no

yes

yes

Observed

QRServer


qrserver.exe

13282

no

yes

yes

Observed

QRServer


qrproxyservice.exe

13285

no

yes

no

Observed

QRProxy

Service


walinkstorerreceiver


13290

no

yes

yes

NodeConf.xml

WALinkStorerReceiver


walinkstorerreceiver.exe

13290

no

yes

yes

Observed

WALinkStorerReceiver


walinkstorerreceiver.exe

13291

no

yes

yes

Observed

WALinkStorerReceiver


walookupdb

(1)

13295

no

yes

yes

NodeConf.xml

WALookupDB


walookupdb.exe

13295

no

yes

yes

Observed

WALookupDB


walookupdb

(2)

13297

no

yes

yes

NodeConf.xml

WALookupDB


webanalyzer


13300

no

yes

yes

NodeConf.xml

WebAnalyzer


webanalyzer.exe

13300

no

yes

yes

Observed

WebAnalyzer


sprel


13305

no

yes

yes

NodeConf.xml

SPRel


sprel.exe

13305

no

yes

yes

Observed

SPRel


fdmworker


13310

no

yes

yes

NodeConf.xml

FDMWorker


fdmworker.exe

13310

no

yes

yes

Observed

FDMWorker


fdmworker.exe

13312

no

yes

yes

Observed

FDMWorker


contentdistributor

(internal)

13390

no

yes

yes

NodeConf.xml

Name Service


contentdistributor

(external)

13391

yes

no

no

NodeConf.xml

Content Distributor


procserver


13395

no

yes

yes

NodeConf.xml

Document Processor

(up to 20 of them, up to port 13415 by 1s)

procserver.exe

13395

no

yes

yes

Observed

Document Processor


monitoringservice.exe

13416

no

yes

yes

Observed

Monitoring Service


topfdispatch


15199

NA

NA

NA

NodeConf.xml

RTS Top Dispatcher


search
-
1

15699

NA

NA

NA

NodeConf.xml

RTS Search


indexer

15899

NA

NA

NA

NodeConf.xml

RTS Indexer


indexingdispatcher

16060

NA

NA

NA

NodeConf.xml

Indexing Dispatcher


nameservice


16099

NA

NA

NA

NodeConf.xml

Name Service


contentdistributor


16100

NA

NA

NA

NodeConf.xml

Content Distributor


browserengine


service




NodeConf.xml

Browser Engine

FASTSearchBrowserEngine

qrproxy


service




NodeConf.xml

QRProxy

Service

QRProxyService

samadmin


service




NodeConf.xml

SAM Admin

FASTSearchSAMAdmin

samworker


service




NodeConf.xml

SAM Worker

FASTSearchSAMWorker

SSL Query/TCP13286

TCP/443 or
TCP/80

netsh

http>add
sslcert

ipport
=0.0.0.0:13286
certhash
=57c3f5472cd585c58601c787bc3562b0dea7938a
appid
={a5455c78
-
6489
-
4e13
-
b395
-
47fbdee0e7e6}

SPC Code

Session Name

Day

Time

Type

Location

Next

Session(s)

246


Migrating from 2007 to SharePoint 2010
-

How to do it "Search First"


Monday

15:45
-

17
:00


Technical/

Business

ACC:

Ballroom D


371

Notes from the Field: Sizing and High Availability with FAST Search Server
2010 for SharePoint


Tuesday

09:00
-

10
:15


Technical

ACC 211

Related Session(s)

389

SharePoint Internet Sites that Integrate FAST Search

Wednesday

9:00



10:15

Technical

ACC 207

3991

The Official Guide to Troubleshooting FAST Search for SharePoint 2010

Wednesday

10:30
-
11:45

Technical

ACC:
Ballroom

C

323

Putting Search on the Map with FAST Search for SharePoint

Thursday

12:00


13:15

Technical

ACC 201