What are the best practices when it comes to building a SharePoint Extranet? Any good resources out there?
One question that I am particularly looking for some thoughts on is how to best create a water-proof separation between different customers on an Extranet. My experience tells me that it would be best to create a new site collection for each customer. But others in our project argue for a single site collection with a sub-site for each customer. Each sub-site will of course have separate permissions and navigation. They argue for one site collection in order to be able to roll-up shared content with the CQWP.
But in my world a shared site collection is, security wise, just too dangerous a design. The risk that one customer by accident gets access to the sub-site of another customer is just too big.
What is the best practice on this one?
Do not go the way of a single site collection or you will regret it. Look very closely at which resources are shared in a site collection before you do this because the "sites" do share some things like the recycle bin.
It is not a bad thing to make lots of small site collections.
In addition, because this is an extranet, you really do need to make security a priority over everything else or it will all come down like a house of cards if someone gets in and mines your customer data ( and customers' data) from it. Don't be shy to put a front end proxy in between Sharepoint and the network to implement URL rewriting/filtering rules.
Sorry that I can't point you to one good resource, but you should be able to answer any question by googling for
If you can't get a sense of best practices out of the first 3 pages of results, then you either have a bad choice of keywords or you are trying to push SP into areas that others are avoiding. Don't try to be a pioneer on an external facing site. Stick with what is fairly tried and true.
If CQWP does not do what you need, then it is better to build a special web part than to compromise your design because of a limitation in the CQWP.