MC+A

The Problem

Header requests is the default method for how the Google Search Appliance (GSA) performs authorization on a document level (also known as late binding) for web based content (See The Header Requester).  There are numerous advantages and disadvantages.  One of the minuses, is that it relies on the content source to adhere to HTTP protocols.

We’ve experienced numerous content systems that don’t fully support the correct HTTP response for this to work.  In many cases of Lotus Domino or Microsoft SharePoint, a friendly message is return or their is an embedded header.  This causes the to misinterpret the response from the server and think the user has access to the document.

The common method pre 6.4 was to implement a SAML interface and develop custom code to handle the logic for the variety of content sources.  Google released several Open Source projects to jump start your efforts.  Most notably they are:

• Google Value Security Framework
• Google SAML Bridge for Windows

The Solution: Header Request Deny Rules

Those tended to be difficult for our clients to implement and another piece of infrastructure to deploy and manage.  In version 6.4, Google has added additional rule validation on the appliance.  You now can check the most common sets on the appliance with simple configuration:

Screen shot of the Header Request Deny Rule Form

This virtually eliminates many of the customizations that we’ve made for the wrong response.  How Neat!!!

Since the Google Search Appliance introduced support for both Microsoft SharePoint and Kerberos many of our customers have begun to implement Kerberos more often technology. 

Kerberos with SharePoint can provide a Single Sign On technology that is silent.  However, the reason that most companies have not implemented Kerberos because it’s difficult to debug.  I have found this tool develop by Brian Murphy to save weeks of debugging time.  It’s easy to set up and provides tests for Kerberos authentication as well as delegation.

http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/delegconfig-delegation-configuration-reporting-tool.aspx

Recently, while working on a Google Search Appliance implementation involving a custom SAML interface users were being returned documents in some cases which they did not have access to. In reviewing the logs, we found that SharePoint was responding with an HTTP status of 200.

The GSA resolves late binding by performing a head request. Our case involved a user being granted access to a document by the GSA that they shouldn’t have. For reasons unknown, when one user accessed a page, they got a 401 (unauthorized) and when another use accessed the page, they got an error. Both users were not able to access the document.

The head request was something similar to:

This appears to be a standard 200 response, but it contains something interesting. There is an additional header called SharePointError. In digging around MSDN, I found this article . The SAML bridge had to be modified to check for this head in addition to the response. The existence of this header does not indicate a failure, only that it needs to be future examined to see if the user has access.

Earlier this week, Google release version 2.4.  This is the first public accessible version of the connectors.  Connections as part of this release are:

• SharePoint
• Documentum
• LiveLink
• FileNet
• File Systems – new (aka beta)
• Databases – new (aka beta)

Upon first view of them, it looks like they incorporate many of the suggestions we have posted on this blog over the past few months.  (i.e. use javascript to produce the results [Thanks Jon Doctor!]).  We’ll be posting a how to get the best search out of SharePoint with a Google Search Appliance shortly.

Customers interested in assistance with deployment of the connectors please contact us.

Today, Microsoft released the new Office 2010 and SharePoint 2010 public beta.  This is is the first public beta of the new technology.

It’s been 3 years since the previous release of the Office.  Much has changed in the economy and the enterprise landscape.  We just download the versions and will begin to test them and report back.

Answer: Yes – The Google Mini Can Index documents stored in Micrsoft SharePoint!

The Google Mini along with the MC+A Google SharePoint Sitemap can effectively be configured to crawl Microsoft SharePoint sites.  The MC+A Google SharePoint Sitemap produces a dyanmic site map which the Mini can use to crawl deep within SharePoint.   You can further enhance this by adding a Content Web Part onto the search page which will allow you to have the Google Mini produce search results within SharePoint.

Here’s it working in our environment.

and in edit mode:

How is the integration achieved?

Step 1 – Navigate to the search results page
Step 2 – Switch the search results page to edit mode
Step 3 – Delete the SharePoint search web parts
Step 4 – Add content editor web part
Step 5 Add the following code(modify for your environment)
Content for web part

How does this work?
1) SharePoint search web part reads the k parameter query string and makes an ‘ajax’ type of request to the appliance.
2) The end use broswer communicates directly with the Mini.

If you purchase a Google Mini from MC+A, we offer a free GSS with support matching for the term of the Google Mini. Otherwise, the product lists for $500 and includes a 30 day trial support during the trial. MC+A professional services can be engaged to assist with the integration within SharePoint.

An increasing number of our customers are discovering the undocument limitation in the SharePoint Web Service SiteData. While this API is sparsely documented to begin with, users are not aware that if there are over 1000 subsites within an Application (i.e. http://mysharepoint.company.com ) the GetSite method returns no subsites. As you would expect, having subsites is critical to any type of crawl functionality.

Until Microsoft fully discloses the bug, you can read Joel Oleson, and some commentors, discuss how its used as part of SharePoint. It’s really unknown how this bug impacts SharePoint functionlaity.

http://blogs.msdn.com/joelo/archive/2008/01/28/anatomy-of-indexing.aspx

Because of this limitation, MC+A pulled the vetern GSS Web Part out of the closet and developed the GSS into the SFGSA. The feeder provides the same basic functionality as the Google Enterprise Connector, but utlizes the SharePoint Object Model.

You can request a meeting with us about it by filling out the following online form:

Contact Us

The following features have been added:

• Multiple Start Ulrs (so it can support more then one sharepoint instance)
• All configuration settings accessible from the administrative interface

More to come shortly!!!!

MC + A’s CEO, Michael Cizmar, has been interviewed by the IT website SearchITChannel.com about his opionions and for his expertise on Google and other technologies. Check out the interview here:

http://searchitchannel.techtarget.com/originalContent/0,289142,sid96_gci1276994,00.html

As always, if you have any questions about Google, SharePoint or how we can help you more efficiently integrate those or other technologies for your business, contact us at sales@mcplusa.com.