Sam Hassani Principal Consultant BrightStarr SPC339 Introductions Who am I Principal Consultant at BrightStarr Microsoft Certified Master SharePoint 2010 Microsoft Certified Solutions Master SharePoint ID: 483821
Download Presentation The PPT/PDF document "SharePoint 2013 hybrid end-to-end" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
SharePoint 2013 hybrid end-to-end
Sam HassaniPrincipal ConsultantBrightStarr
SPC339Slide3
Introductions…
Who am I?Principal Consultant at BrightStarr
Microsoft Certified Master:
SharePoint 2010
Microsoft Certified Solutions Master: SharePointSharePoint 2013 Beta EngineerContact detailsTwitter: @samhassaEmail: sam.hassani@brightstarr.comWeb: www.brightstarr.comWeb: www.samhassani.comYammer: Operations and Management GroupSlide4
Hybrid at SPCSlide5
Agenda
Why Hybrid?Configuring HybridIdentity Management
Choosing a Hybrid Topology
SharePoint Configuration
Hybrid ChallengesResourcesQuestionsSlide6
Why Hybrid?Slide7
Benefit from the latest and greatest
Focus on the core business and easily scale up and
down
SharePoint Online is attractive
More easily collaborate with external partnersSlide8
SharePoint Online has limitations
Existing investments with lots of data and customizations
But my business runs on premises
Protect sensitive dataSlide9
“Leverage the strengths of both parts while minimizing the components’ weaknesses”Slide10
A Hybrid DeploymentSlide11
Get started in the cloud
Migrate existing workloads in a phased approach
Supplement cloud
environments
Rapid provisioning of new workloads
Common Hybrid ScenariosSlide12
SharePoint Hybrid Options
SearchGet Search Results in SharePoint On-Premises or in SharePoint Online from the SharePoint On-Premises or SharePoint Online search indexes
Business
Connectivity Services (BCS)
Enable a SharePoint Online site collection to work with data in an on-premises OData serviceDuet Enterprise Online Enable SharePoint Online users to perform both read and write operations against an on-premises SAP system.Identity ManagementProvide a single identity and single sign on experienceSlide13
Results from the Cloud
Results from On PremisesSlide14
Identity Management
Cloud
Identity
Single identity in the cloud
Windows Azure Active Directory
On-Premises Identity
Dirsync
& Password Sync
Directory Synchronization
Single identity
Windows Azure Active Directory
Federated Identity (SSO)
On-Premises Identity
Federation
Single federated identity
Windows Azure Active Directory
Directory SyncSlide15
Configuring HybridSlide16
Directory synchronization
Synchronization of objects for on-premises AD to Azure ADLimited to 50,000 objects, can be increased by engaging Microsoft
Synchronization occurs every 3 hours by default, can be initiated manually
Can filter based on OU, Domain or User Attribute
This is a requirement for SharePoint Hybrid scenarios including SearchWhen a user issues a query from On-premises to SP Online, SP Online must rehydrates the user’s identityThe rehydration process looks up attributes in the SP Online profile storeIf no or multiple profiles exist the query will fail rather than security trimmed results being returnedSlide17
Add on-premises domain to Office 365
Determine and register public domain nameAdd domain in Office 365Provide name
Create verification record with DNS hosting provider
Verify domain name ownershipSlide18
Activate Directory Synchronization
Activate Active Directory Synchronization for your Office 365 TenantSlide19
Configure Directory Synchronization
Download and install DirSync tool on a member server in on-premises environmentSlide20
Configure Directory Synchronization
Run DirSync tool on server where installedSlide21
Configure SSO
Prepare Active DirectoryWindows Server 2003 R2 functional level at a minimumUPNs are correctly
set (if public domain differs to corporate domain name)
Deploy
ADFS 2.0Install Microsoft Online Services Sign in Assistant and Windows Azure AD PowerShell ModulesSet up a trust between ADFS and Windows Azure ADConnect-
MSOLService
Set-MSOLADFSContext
Convert-MsolDomainToFederated
–
DomainName
<domain>Slide22
Demo EnvironmentSlide23
Demo
DirSync and SSO with Office 365Slide24
One-way outbound
topologySlide25
One-way
inbound topologySlide26
Two-way bi-directional topologySlide27
Reverse Proxy Device options
Only required for ‘Inbound’ Hybrid topologye.g. Users issuing queries from a Search Center
in SharePoint Online attempting to retrieve search results from an on-premises farm
Reverse Proxy Device Requirements
Support client certificate authentication with a wildcard of SAN SSL certificateSupport pass-through authentication for OAuth 2.0Accept unsolicited inbound traffic on TCP port 443 (HTTPS)Bind a wildcard or SAN SSL certificate to a published endpointRelay traffic to an on-premises SharePoint 2013 farm without rewriting any packet headersSupported Reverse Proxy DevicesForefront Threat management Gateway (TMG) 2010Windows Server 2012 R2 with Web Application Proxy (WAP)F5 BIG-IPSlide28
Configure SharePoint Environment
Ensure SharePoint services are started and configuredUser Profile ServiceApp Management Service
Subscription Settings Service
Establish a trust relationship between on-premises farm and SharePoint Online (S2S authentication)
Create a new STS certificate, replace in on-premises farm and upload to SharePoint OnlineRegister the on-premises STS as a service principal in Office 365Establish a trust between on-premises farm and Windows Azure AD
Publish SharePoint web applications through reverse-proxy device Slide29
Configure server-to-server (S2S) authentication
$cer.Import
("C:\SelfSignedSTS.cer")
$
binCert = $cer.GetRawCertData()$credValue = [System.Convert]::ToBase64String($binCert);New-MsolServicePrincipalCredential -AppPrincipalId $spoappid -Type asymmetric -Usage Verify -Value $credValue
-StartDate $cer.GetEffectiveDateString() -EndDate
$cer.GetExpirationDateString()$SharePoint = Get-MsolServicePrincipal -AppPrincipalId $spoappid$
spns = $SharePoint.ServicePrincipalNames$spns.Add("$spoappid/*.hassanionprem.com")Set-MsolServicePrincipal
-
AppPrincipalId
$
spoappid
-
ServicePrincipalNames
$
spns
$site=Get-
Spsite
"https://intranet.hassanionprem.com"
$
appPrincipal = Register-SPAppPrincipal -site $site.rootweb -nameIdentifier "00000003-0000-0ff1-ce00-000000000000@bce49a51-dea4-44c3-8da0-0af70dbd186a" -displayName "SharePoint Online"Set-SPAuthenticationRealm
-realm bce49a51-dea4-44c3-8da0-0af70dbd186aNew-SPAzureAccessControlServiceApplicationProxy -Name "ACS" -MetadataServiceEndpointUri "https://accounts.accesscontrol.windows.net/bce49a51-dea4-44c3-8da0-0af70dbd186a/metadata/json/1" -DefaultProxyGroupNew-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://accounts.accesscontrol.windows.net/bce49a51-dea4-44c3-8da0-0af70dbd186a/metadata/json/1" -IsTrustBroker
-Name "ACS" Slide30
Configure SharePoint For Hybrid Search
Configure result source
In this case as a remote SharePoint index
URL
of remote locationSecure Store (for client certificate authentication)*Configure Query rule to show remote resultsChoose context of Query ruleCan add a condition or fire on any query textDetermine search vertical e.g. Results block, promoted resultEnsure results block points to a specific results source (remote index)Slide31
Demo
Search Hybrid User Experience and ConfigurationSlide32
Hybrid ChallengesSlide33
Handling the Social experience
Application Lifecycle Management
User Experience and Transitions
Business Continuity Management and Operations
Hybrid ChallengesSlide34
Handling the Social Experience
Users work in sites in both SharePoint On-premises and SharePoint OnlineE.g. Intranet On-premises, and Project/Collaboration sites Online
Which social experience should users be presented with?
Editing Profile?
Newsfeed?OneDrive for Business?Slide35
Demo
Consistent Social Experience in a Hybrid EnvironmentSlide36
Handling the Social Experience
Users work in sites in both SharePoint On-premises and SharePoint OnlineE.g. Intranet On-premises, and Project/Collaboration sites Online
Which social experience should users be presented with?
Editing Profile?
Newsfeed?SkyDrive Pro?What about the rest of the social experience?@mentions, tags, notes, following, commenting capability are stored in social/content databasesNo way Out of the box to replicate this informationSlide37
Application Lifecycle Management
Rapid, incremental updates to SharePoint onlineTesting is important
Invest in test and development automation
Automated nightly builds
Automation involves site and content recreation, solution deployment, managed property creation, etc.Only one test tenant per AD??You can use multiple dirsync servers syncing to each unique tenantYou cannot sync the same objects into different tenants – use dirsync filteringSlide38
BCM and Operations
Operations don’t stop because services are in the cloudHow do you integrate Online operations and support with your own?
IT Operations to consider:
Monitoring and Alerting
Support DesksBackup and RestoreService Level AgreementsSlide39
User Experience and TransitionsSlide40
Final Thoughts
Hybrid allows you to move to the cloud on your own termsHybrid is not the answer to every business requirement
Understand the strengths and weakness of Hybrid
Plan a phased transition of appropriate workloads to the cloudSlide41
Resources
Hybrid for SharePoint Server 2013:http
://technet.microsoft.com/en-us/library/jj838715.aspx
Windows Azure AD PowerShell
http://technet.microsoft.com/en-us/library/jj151815.aspxOffice 365 Communities and Wikis http://community.office365.com/en-us/default.aspxYour CommunitySlide42
MySPC
Sponsored by
connect.
reimagine.
transform.
Evaluate sessions
on
MySPC
using your
laptop or mobile device:
m
yspc.sharepointconference.comSlide43
©
2014
Microsoft Corporation. All rights reserved. Microsoft, Windows,
and
other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.