Office Track: SharePoint Apps for the IT Pro - Thomas Vochten
Upcoming SlideShare
Loading in...5

Office Track: SharePoint Apps for the IT Pro - Thomas Vochten



SharePoint Apps for the IT Pro slides.

SharePoint Apps for the IT Pro slides.
ITPROceed 2014 Session by Thomas Vochten



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Office Track: SharePoint Apps for the IT Pro - Thomas Vochten Office Track: SharePoint Apps for the IT Pro - Thomas Vochten Presentation Transcript

  • SharePoint Apps for the IT Pro Thomas Vochten
  • About Me Thomas Vochten SharePoint MVP. Platform architect. Speaker. Trainer. Involuntary DBA. Consultant at Xylos. V-TSP at Microsoft. @thomasvochten
  • Agenda • Introduction to Apps • Preparing the infrastructure • Apps Security • Apps Management
  • The problem with Full Trust Code • Performance • Maintenance • Security • Upgrades • Supportability • …
  • Previous attempt to fix the problem Custom code in Sandboxed Solutions is deprecated with SharePoint 2013
  • More Frustrations SharePoint developers felt, well… a bit left behind
  • Welcome to the Cloud App Model • Apps don’t run on the SharePoint server • Can still interact with SharePoint • On-Premises and in the cloud • Free choice of tools, languages & platforms
  • The new Microsoft?
  • Everything is an App
  • SharePoint Hosted Apps • Run in the browser • Use client side technologies only • Relatively easy • Can interact with the host web • Use an app web with a funky URL • On-Premises and in the cloud • AuthZ with user privileges
  • Provider Hosted Apps • Bring your own hosting • Use any language or platform • Greater flexibility • Greater responsibility • Can interact with the host web
  • Provider Hosted Apps
  • Auto Hosted Apps • Web & Azure components are provisioned automatically • Can interact with the host web • Automagically provisioned provider- hosted apps
  • Apps Positioning
  • SharePoint Store
  • Who do you trust?
  • App Provisioning • Timer job kicks in • App web is provisioned • Permissions are configured
  • Full Page • Mimics SharePoint look and feel
  • UI Components Ribbon extensions App Parts
  • Demo Environment • Single farm • Single content application pool • Single services application pool • Single content web application • Host named site collections • No host headers • SSL Everywhere
  • “Host-named site collections are the preferred method to deploy sites in SharePoint 2013” From: TechNet
  • DNS Prerequisites • Choose your app domain • Request a wildcard or SAN certificate • Configure DNS with a wildcard record • Setup SharePoint & IIS to accommodate requests for your app domain
  • Choose an App Domain • Unique domain • No subdomains please • You need one…per farm!
  • Certificates Wildcard Certificate * Wildcard Certificate * SAN Certificate * *
  • Routing Web Application Routing Web App No host header
  • No Routing Web Application
  • Routing Web Application • When you need to use IIS host headers • Web application without a host header • Contains no site collections • Delete/disable the Default Website in IIS • Consider multiple IP addresses • Use the same application pool identity as your content application pool
  • SharePoint Prerequisites • Claims based authentication only • Subscription Settings Service Application Generates & manages App ID’s • App Management Service Application General settings App licensing
  • SharePoint Configuration • Provision service applications • Configure App domain • Configure App prefix • Configure App Catalog • Configure SharePoint Store settings
  • Considerations • You can use multiple zones for your app domain (needs March 2013 PU) $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService $contentService.SupportMultipleAppDomains = $true $contentService.Update() New-SPWebApplicationAppDomain -AppDomain <AppDomain> -WebApplication <WebApplicationID> - Zone <Zone> -Port <Port> -SecureSocketsLayer • Use SSL… everywhere!
  • Simple, Right? • Your environment is now ready to host SharePoint Hosted Apps • Office365 can use Provider Hosted Apps without extra configuration • Connecting on-premises farms to Provider Hosted Apps requires additional configuration!
  • Security Basics • User principals vs App principals • Authentication vs Authorization SharePoint 2013 can authenticate Apps!
  • App Identity using OAuth • Client Id of the app • Display name of the app • App domain where the remote app is hosted
  • App Authentication • Internal Authentication It just works • External Authentication using S2S Trusts • External Authentication using OAuth
  • Authentication Flowstart authentication does request target a CSOM/REST endpoint? does request carry a claims token? does request carry an access token? yes no end authentication No Authentication (anonymous access) no App Authentication (app and user identity) User Authentication does request target URL of an app web? does access token Carry user identity? App Only Authentication yes no yes yes yes no no
  • App Permissions • Granted by user approval • All or nothing • Default permissions (like app web control)
  • Low Trust vs High Trust • Low trust apps need ACS as trust broker (via Office365) • High trust apps need Server To Server trust (no need for Office365)
  • Low Trust vs High Trust SharePoint Remote App Trust broker On premises In cloud ACS, certificate On premises On premises ACS, certificate Office 365 In cloud ACS Office 365 On premises ACS You might need to open firewall ports towards ACS
  • Kerberos?
  • SAML Authentication • Identity provider should support: Wildcard return URL Wreply parameter • Supported by latest ADFS version
  • The G-Word
  • App Management • Timer Job: App Installation Service • Cmdlets: Import-SPAppPackage Install-SPApp Uninstall-SPAppInstance
  • Licensing • Timer Job: License renewal • Powershell for DR: $appProxy = Get-SPServiceApplicationProxy “AppManagementProxyId” $appProxy.GetDeploymentID() Set-SPAppManagementDeploymentID
  • Upgrade Apps • Site collection admin needs to upgrade apps • SharePoint manages notification state • Timer Jobs: App State Update Internal App State Update • Cmdlets: Get-SPAppStateUpdateInterval Get-SPAppStateSyncLastRunTime Set-SPAppStateUpdateInterval Update-SPAppInstance
  • Backup/Restore • Site exports do not include app assets: Export-SPWeb and Import-SPWeb • Site backup and restore: Backup-SPSite and Restore-SPSite • App exports: Export-SPAppPackage
  • SUMMARY • Apps are good for you • Don’t underestimate infrastructure impact • Understand the security model of apps • Strongly consider using host named site collections • Use SSL - Everywhere!
  • QUESTIONS ? @thomasvochten #itproceed
  • And take home the Lumia 1320 Present your feedback form when you exit the last session & go for the drink Give Me Feedback
  • Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter Be the first to know
  • Belgiums’ biggest IT PRO Conference