Extranet Decisions

iStock_tincan-commsExtranets are necessary for working with customers, suppliers and partners. And at  least two questions are the same regardless of the industry or size of the organisation

A question came through via email and I thought I’d post/expand my reply here. The question was along the lines of reasons for deploying an extranet.  Whilst the question was targeting SharePoint, the technology platform is somewhat irrelevant.

The response:

Most organisations I work with have an extranet for working with third parties, be they customers, suppliers or partners. Extranets require Internet access but differ from normal web sites in that access is always restricted to a limited audience and always requires a login account.

The uses usually fall into two categories:

  1. To collaborate on content: jointly edit items such as documents, web pages, list items etc.
  2. To share content: Upload and download finished items for viewing

At least two key decisions are the same regardless of industry or size of organisation:

What type of extranet is needed?

  • Shared content: content either exists on the intranet or, if third party access is required, exists on the extranet so that everyone can collaborate (make edits). The extranet is isolated from the Intranet so that third parties can only access extranet content.
  • Copied content: content is copied from the intranet to the extranet for sharing (not collaborating) with third parties. As with Shared, the two systems are separate. The difference is duplication of content.
  • Merged content: No differentiation between intranet or extranet, it is just one system. Your login determines what content you can see. At a basic level, it will identify if you are internal or a third party and apply restrictions as appropriate

That third option is a relatively new development and most organisations are not yet comfortable with the idea of merging their intranet into their extranet. Expect that to change a lot over the next three years.

I presented at an Ovum event last November on the topic of imagining future intranets (more on that, including slides, in another post). One great question afterwards was ‘Will we see the intranet go away and be replaced with an extranet style login accessed from the web site?’

In time I think it will be normal to have 3 levels of login to access web sites on the Internet, all visible in the usual login links area of a web page (top right corner is the most popular):

  1. No login required – you see a limited set of data published for anonymous viewing, read-only. With legal issues arising around cookies to track user activity without the user realising, there will be less and less of this content available from companies…
  2. Open login required – access to more data or to interact with content (post comments, upload/download stuff). Bit like logging into Twitter or Facebook.  Companies prefer it to improve tracking user activity. Any user can create a login account.  They agree to Ts & Cs and the account is automatically activated. In some instances, payment is required first…
  3. Authorised login required – authorised to access company information, merged intranet/extranet content. The account creation process includes a review to approve/decline and, if approved, to assign the correct role (employee, partner etc.) as well as more granular group permissions (department and team memberships).

Where will the extranet be hosted?

  • On-premise deployment – i.e. dedicated servers installed and managed, either at the organisation or outsourced. Some may call the latter ‘private cloud’. I don’t. It’s a bad name because it confuses people and ignores the difference between managing your own servers versus subscribing to an ongoing service. You will incur hardware, software and maintenance costs as a minimum.  You choose when to upgrade/replace the hardware and software.
  • Online service / Cloud Computing – subscription(s) to services hosted over the Internet regardless of what servers are needed to run them. You incur monthly or annual subscription costs, usually per user but can also be per organisation.  Software running the service is automatically upgraded by the provider, you may get to choose when within a limited time period but the upgrade will happen.
  • Hybrid – combination of the above two.

An on-premise extranet is usually an expansion to an existing deployment, either a dedicated farm or ring-fenced area within the same farm to be able to apply different security policies.  It is currently the most popular scenario…

…however, growing in popularity is to keep the Intranet on-premise but consider hosting the extranet online, i.e. the hybrid. In this scenario, it’s important to have a strategy – do you tend to keep with the same vendor (e.g. SharePoint Server installed on-premise, SharePoint Online subscribed to online), or do you use different vendors (IBM Lotus on-premise, Salesforce online).  The choice will affect the features available to you, training requirements and total maintenance costs.

Security concerns with online services/cloud computing are a mute point for extranets. The same as they are the minute you send emails to recipients outside your organisation. There are three main criteria when evaluating on-premise vs online for extranets:

  • Cost comparison: including licences and server maintenance (online isn’t always cheaper…)
  • Feature comparision: Most online services are not identical to on-premise software products, even when provided by the same vendor. Training will need to be a consideration.
  • Strategic direction: If you already anticipate a future in cloud computing, the extranet and email services are the first two logical systems to start with, given content in them already flows in and out of the organisation.