Office Track: SharePoint Apps for the IT Pro - Thomas Vochten

534 views

Published on

SharePoint Apps for the IT Pro slides.
ITPROceed 2014 Session by Thomas Vochten

Published in: Software, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
534
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Office Track: SharePoint Apps for the IT Pro - Thomas Vochten

  1. 1. SharePoint Apps for the IT Pro Thomas Vochten
  2. 2. About Me Thomas Vochten SharePoint MVP. Platform architect. Speaker. Trainer. Involuntary DBA. Consultant at Xylos. V-TSP at Microsoft. @thomasvochten http://thomasvochten.com mail@thomasvochten.com
  3. 3. Agenda • Introduction to Apps • Preparing the infrastructure • Apps Security • Apps Management
  4. 4. INTRODUCTION TO APPS
  5. 5. The problem with Full Trust Code • Performance • Maintenance • Security • Upgrades • Supportability • …
  6. 6. Previous attempt to fix the problem Custom code in Sandboxed Solutions is deprecated with SharePoint 2013
  7. 7. More Frustrations SharePoint developers felt, well… a bit left behind
  8. 8. Welcome to the Cloud App Model • Apps don’t run on the SharePoint server • Can still interact with SharePoint • On-Premises and in the cloud • Free choice of tools, languages & platforms
  9. 9. The new Microsoft? http://officespdev.uservoice.com/ https://officeams.codeplex.com/
  10. 10. Everything is an App
  11. 11. TYPES OF APPS
  12. 12. SharePoint Hosted Apps • Run in the browser • Use client side technologies only • Relatively easy • Can interact with the host web • Use an app web with a funky URL • On-Premises and in the cloud • AuthZ with user privileges
  13. 13. Provider Hosted Apps • Bring your own hosting • Use any language or platform • Greater flexibility • Greater responsibility • Can interact with the host web
  14. 14. Provider Hosted Apps
  15. 15. Auto Hosted Apps • Web & Azure components are provisioned automatically • Can interact with the host web • Automagically provisioned provider- hosted apps
  16. 16. Apps Positioning
  17. 17. APPS USER EXPERIENCE
  18. 18. SharePoint Store
  19. 19. Who do you trust?
  20. 20. App Provisioning • Timer job kicks in • App web is provisioned • Permissions are configured
  21. 21. Full Page • Mimics SharePoint look and feel
  22. 22. UI Components Ribbon extensions App Parts
  23. 23. PREPARE THE INFRASTRUCTURE
  24. 24. Demo Environment • Single farm • Single content application pool • Single services application pool • Single content web application • Host named site collections • No host headers • SSL Everywhere
  25. 25. “Host-named site collections are the preferred method to deploy sites in SharePoint 2013” From: TechNet
  26. 26. DEMO | EXPLORE
  27. 27. DNS Prerequisites • Choose your app domain • Request a wildcard or SAN certificate • Configure DNS with a wildcard record • Setup SharePoint & IIS to accommodate requests for your app domain
  28. 28. Choose an App Domain • Unique domain • No subdomains please • You need one…per farm!
  29. 29. Certificates Wildcard Certificate *.contoso.com Wildcard Certificate *.contosoapps.com SAN Certificate *.contoso.com *.contosoapps.com
  30. 30. Routing Web Application https://app-bdf2016ea7dacb.contosoapps.com/... Routing Web App No host header
  31. 31. No Routing Web Application https://app-bdf2016ea7dacb.contosoapps.com/...
  32. 32. Routing Web Application • When you need to use IIS host headers • Web application without a host header • Contains no site collections • Delete/disable the Default Website in IIS • Consider multiple IP addresses • Use the same application pool identity as your content application pool
  33. 33. SharePoint Prerequisites • Claims based authentication only • Subscription Settings Service Application Generates & manages App ID’s • App Management Service Application General settings App licensing
  34. 34. SharePoint Configuration • Provision service applications • Configure App domain • Configure App prefix • Configure App Catalog • Configure SharePoint Store settings
  35. 35. Considerations • You can use multiple zones for your app domain (needs March 2013 PU) $contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService $contentService.SupportMultipleAppDomains = $true $contentService.Update() New-SPWebApplicationAppDomain -AppDomain <AppDomain> -WebApplication <WebApplicationID> - Zone <Zone> -Port <Port> -SecureSocketsLayer • Use SSL… everywhere!
  36. 36. DEMO | CONFIGURE
  37. 37. Simple, Right? • Your environment is now ready to host SharePoint Hosted Apps • Office365 can use Provider Hosted Apps without extra configuration • Connecting on-premises farms to Provider Hosted Apps requires additional configuration!
  38. 38. APPS SECURITY
  39. 39. Security Basics • User principals vs App principals • Authentication vs Authorization SharePoint 2013 can authenticate Apps!
  40. 40. App Identity using OAuth • Client Id of the app • Display name of the app • App domain where the remote app is hosted
  41. 41. App Authentication • Internal Authentication It just works • External Authentication using S2S Trusts • External Authentication using OAuth
  42. 42. Authentication Flowstart authentication does request target a CSOM/REST endpoint? does request carry a claims token? does request carry an access token? yes no end authentication No Authentication (anonymous access) no App Authentication (app and user identity) User Authentication does request target URL of an app web? does access token Carry user identity? App Only Authentication yes no yes yes yes no no
  43. 43. App Permissions • Granted by user approval • All or nothing • Default permissions (like app web control)
  44. 44. Low Trust vs High Trust • Low trust apps need ACS as trust broker (via Office365) • High trust apps need Server To Server trust (no need for Office365)
  45. 45. Low Trust vs High Trust SharePoint Remote App Trust broker On premises In cloud ACS, certificate On premises On premises ACS, certificate Office 365 In cloud ACS Office 365 On premises ACS You might need to open firewall ports towards ACS
  46. 46. Kerberos?
  47. 47. SAML Authentication • Identity provider should support: Wildcard return URL Wreply parameter • Supported by latest ADFS version
  48. 48. APPS MANAGEMENT
  49. 49. The G-Word
  50. 50. App Management • Timer Job: App Installation Service • Cmdlets: Import-SPAppPackage Install-SPApp Uninstall-SPAppInstance
  51. 51. Licensing • Timer Job: License renewal • Powershell for DR: $appProxy = Get-SPServiceApplicationProxy “AppManagementProxyId” $appProxy.GetDeploymentID() Set-SPAppManagementDeploymentID
  52. 52. Upgrade Apps • Site collection admin needs to upgrade apps • SharePoint manages notification state • Timer Jobs: App State Update Internal App State Update • Cmdlets: Get-SPAppStateUpdateInterval Get-SPAppStateSyncLastRunTime Set-SPAppStateUpdateInterval Update-SPAppInstance
  53. 53. Backup/Restore • Site exports do not include app assets: Export-SPWeb and Import-SPWeb • Site backup and restore: Backup-SPSite and Restore-SPSite • App exports: Export-SPAppPackage
  54. 54. DEMO | MANAGE
  55. 55. SUMMARY • Apps are good for you • Don’t underestimate infrastructure impact • Understand the security model of apps • Strongly consider using host named site collections • Use SSL - Everywhere!
  56. 56. QUESTIONS ? @thomasvochten #itproceed
  57. 57. And take home the Lumia 1320 Present your feedback form when you exit the last session & go for the drink Give Me Feedback
  58. 58. Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter aka.ms/benews Be the first to know
  59. 59. Belgiums’ biggest IT PRO Conference

×