Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
About Me 
•Principal Consultant, Slalom Consulting, Chicago 
•Current focus area SharePoint 2013 and Office 365 
Contact I...
 
 
 
 

What is SharePoint Hybrid?
Federated identity and directory synchronization 
Enables consistent single sign-on experience across SharePoint online an...
Why SharePoint Hybrid?
Cloud-first strategy easily scale up and down easilycollaborate
inability to have full control 
Existing investments 
Protect sensitive data
Leverage the strengths of both parts on-premises flexibility with cloud agility
Decision Matrix for SharePoint Hybrid
Workloads 
Identity 
Infrastructure 
Topology
One-way 
outbound 
Enables SharePoint Server 2013 
on-premises server farm to 
connect to SharePoint Online 
One-way 
inbo...
Corporate 
Data Centers 
Allows you to fully control the 
SharePoint environment including 
server and network updates 
Th...
CloudIdentity 
Single identity in the cloud 
Synchronized Identity 
Single identity across both cloud and on-premises 
Fed...
•External Sharing 
•Collaboration 
•Communication and Publishing 
•Social Conversations 
•Personal Storage 
•Digital Asset...
Configuring SharePoint Hybrid
 Operational AD DS 
 Internet routable AD 
domains, DNS, and 
SSL certificates 
 Office 365 Enterprise 
Subscription 
...
DOMAIN CONTROLLER 
DOMAIN.NET 
DOMAIN.COM 
EXTERNAL USERS INTERNAL USERS 
NETWORK LOAD BALANCER 
NETWORK LOAD BALANCER

 


 

DOMAIN CONTROLLER 
DOMAIN.NET 
DOMAIN.COM 
WINDOWS AZURE ACTIVE DIRECTORY 
DOMAIN.SHAREPOINT.COM 
EXTERNAL USERS INTERNAL ...
Choose level of subscription –E1-E4, you can mix these licenses 
Specify the unique tenant name and Global admin User id...
Specify a domain name and confirm ownership (e.g. chipchybrid.com) 
Set the domain purpose of which services (e.g. Lync ...
DOMAIN CONTROLLER 
DOMAIN.NET 
DOMAIN.COM 
WINDOWS AZURE ACTIVE DIRECTORY 
DOMAIN.SHAREPOINT.COM 
EXTERNAL USERS INTERNAL ...
Configure SharePoint 2013 SP1 on-premises environments at minimum: SP1 allows Yammer and OneDrive for Business redirection...
DOMAIN CONTROLLER 
DOMAIN.NET 
DOMAIN.COM 
WINDOWS AZURE ACTIVE DIRECTORY 
DOMAIN.SHAREPOINT.COM 
EXTERNAL USERS INTERNAL ...
 
 
 
 
 
 
Windows Azure Active Directory 
User 
On-Premises Identity 
(chipchybridnpatel) 
Directory Synchronizati...
 

 
 
 


 
 
 
 
 
 
http://blogs.technet.com/b/ad/archive/2014/09/16/azure-active-directory-sync-is-now-ga.aspx
DOMAIN CONTROLLER 
DOMAIN.NET 
DOMAIN.COM 
WINDOWS AZURE ACTIVE DIRECTORY 
DOMAIN.SHAREPOINT.COM 
ADFS1 
ADFS2 
WID/SQL 
A...
Federation is optional for Outbound or Inbound Hybrid Topologies buts recommended to configure for SSO user experience 
...
Steve Peschka’sguide 
SharePoint and ADFS SAML limitations and how to overcome UPS & Search 

Publish ADFS through Reverse Proxy for external access 
Create a Public DNS record for publishing to internet (e.g. adfs...
Set up a trust between ADFS and Office 365 and Windows Azure AD 
Install Microsoft Online Services Sign in Assistant and...
Server-to-server trust between SharePoint Online and SharePoint On-Premises: The trust relationship between SharePoint on-...
Create a new security token service (STS) certificate (at least 2038 bit) 
Either Self-Signed or Public CA certificate s...
#Import the SharePoint Management PowerShell 
#Replace the STS certificate for the on-premises environment 
Create a new ...
# Load PowerShell Modules 
# Configure Remoting in PowerShell 
# Log on to SharePoint Online tenant (use credentials of a ...
# Setup variables 
# Upload the new on-premises STS certificate to SharePoint Online 
# Add service principal name (SPN) f...
# Register SharePoint Online application principal object ID as a trusted provider in SharePoint On-Premises farm 
# Set t...
http://governance.codeplex.com/releases/view/120702
Enable Search Service on SharePoint on-premises services 
Create crawled content in SharePoint on-premises and SharePoin...
Protocol: Remote SharePoint 
Remote Service URL: SharePoint Online root site URL 
Credentials: Default Authentication -...
 
 
 
 
 
 
 
 
 
http://technet.microsoft.com/en-us/library/dn607304.aspx#devices 
 
 
 

 
 https://intranet.chipchybrid.com 
 https://intranetext.chipchybrid.com 
WINDOWS AZURE 
ACTIVE DIRECTORY 
DOMAIN.SHAR...
 
 

 

 
 
 
 
 
 

Create crawled content in SharePoint on-premises and SharePoint Online 
Verify search on both SharePoint on-premises and...
Protocol: Remote SharePoint 
Remote Service URL: Reverse-proxy address of the SharePoint on-premises primary web applica...
Hybrid Challenges
Hybrid Story is still evolving 
HandlingSocial Experience 
Change Management and Operations 
UserExperience and Navigation
Wrap Up
Q&A 
•Blog-http://nikpatel.net/ 
•Twitter-@nikxpatel 
•Slideshare-slideshare.net/patenik2
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuratio...
Upcoming SlideShare
Loading in …5
×

SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuration Blueprint

17,830 views

Published on

Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuration Blueprint

Published in: Technology
  • ★★ How Long Does She Want You to Last? ★★ A recent study proved that the average man lasts just 2-5 minutes in bed (during intercourse). The study also showed that many women need at least 7-10 minutes of intercourse to reach "The Big O" - and, worse still... 30% of women never get there during intercourse. Clearly, most men are NOT fulfilling there women's needs in bed. Now, as I've said many times - how long you can last is no guarantee of being a GREAT LOVER. But, not being able to last 20, 30 minutes or more, is definitely a sign that you're not going to "set your woman's world on fire" between the sheets. Question is: "What can you do to last longer?" Well, one of the best recommendations I can give you today is to read THIS report. In it, you'll discover a detailed guide to an Ancient Taoist Thrusting Technique that can help any man to last much longer in bed. I can vouch 100% for the technique because my husband has been using it for years :) Here's the link to the report ■■■ http://ishbv.com/rockhardx/pdf★★ How Long Does She Want You to Last? ★★ A recent study proved that the average man lasts just 2-5 minutes in bed (during intercourse). The study also showed that many women need at least 7-10 minutes of intercourse to reach "The Big O" - and, worse still... 30% of women never get there during intercourse. Clearly, most men are NOT fulfilling there women's needs in bed. Now, as I've said many times - how long you can last is no guarantee of being a GREAT LOVER. But, not being able to last 20, 30 minutes or more, is definitely a sign that you're not going to "set your woman's world on fire" between the sheets. Question is: "What can you do to last longer?" Well, one of the best recommendations I can give you today is to read THIS report. In it, you'll discover a detailed guide to an Ancient Taoist Thrusting Technique that can help any man to last much longer in bed. I can vouch 100% for the technique because my husband has been using it for years :) Here's the link to the report ♣♣♣ http://ishbv.com/rockhardx/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

SharePoint Fest Chicago 2014 - Anatomy of SharePoint and Office 365 Hybrid Deployment – Real-world End-to-End Configuration Blueprint

  1. 1. About Me •Principal Consultant, Slalom Consulting, Chicago •Current focus area SharePoint 2013 and Office 365 Contact Info •Email-patenik2@yahoo.com •Blog-Nik Patel’s SharePoint World -http://nikpatel.net/ •Twitter-@nikxpatel, @slalomchicago •LinkedIn-linkedin.com/in/nikspatel •Slideshare-slideshare.net/patenik2
  2. 2.     
  3. 3. What is SharePoint Hybrid?
  4. 4. Federated identity and directory synchronization Enables consistent single sign-on experience across SharePoint online and on-premises SharePointOn-premises Hosting critical business data and applications with full control over ownership and change management cycle SharePointOnline Microsoft’s Mobile-First, Cloud- First, and Productivity-First model with innovations delivered more frequently SharePoint Hybrid Contents and workloads spanning to both on-premises and on the cloud
  5. 5. Why SharePoint Hybrid?
  6. 6. Cloud-first strategy easily scale up and down easilycollaborate
  7. 7. inability to have full control Existing investments Protect sensitive data
  8. 8. Leverage the strengths of both parts on-premises flexibility with cloud agility
  9. 9. Decision Matrix for SharePoint Hybrid
  10. 10. Workloads Identity Infrastructure Topology
  11. 11. One-way outbound Enables SharePoint Server 2013 on-premises server farm to connect to SharePoint Online One-way inbound Enables SharePoint Online to connect to SharePoint Server 2013 through a reverse-proxy device Two-way (bidirectional) Enables connections between SharePoint Online and SharePoint Server 2013 from both systems
  12. 12. Corporate Data Centers Allows you to fully control the SharePoint environment including server and network updates Third-party Data Centers Allows you to outsource SharePoint environment as dedicated service including server and network updates Windows Azure or Amazon IaaS Allows you to host SharePoint environment to public cloud service and offload server and network maintenance tasks
  13. 13. CloudIdentity Single identity in the cloud Synchronized Identity Single identity across both cloud and on-premises Federated Identity (SSO) Single federated identity across both cloud and on-premises
  14. 14. •External Sharing •Collaboration •Communication and Publishing •Social Conversations •Personal Storage •Digital Asset Management •Personalized Insights •Self-Service BI •Hybrid Search •Custom Applications Integration with BCS •Managed Metadata and Terms •User Profiles and personalized preferences •Web Content Management •Record Management •Enterprise BI
  15. 15. Configuring SharePoint Hybrid
  16. 16.  Operational AD DS  Internet routable AD domains, DNS, and SSL certificates  Office 365 Enterprise Subscription  SharePoint Server 2013 Enterprise on-premises farm  Directory Synchronization  Directory Federation with ADFS  Reverse Proxy Appliances  Good bandwidth and Internet connectivity  Network Optimization Appliances DOMAIN CONTROLLER DOMAIN.NET DOMAIN.COM WINDOWS AZURE ACTIVE DIRECTORY DOMAIN.SHAREPOINT.COM ADFS1 ADFS2 WID/SQL ADFS.DOMAIN.COM EXTERNAL USERS INTERNAL USERS SP SQL2 WAC1 WAC2 SP APP1 SP APP2 SP WEB1 SP WEB2 SP SQL1 SHAREPOINT.DOMAIN.COM AZURE ACTIVE DIRECTORY SYNC WID/SQL Directory Synchronization NETWORK LOAD BALANCER WAP1 WAP2 NETWORK LOAD BALANCER
  17. 17. DOMAIN CONTROLLER DOMAIN.NET DOMAIN.COM EXTERNAL USERS INTERNAL USERS NETWORK LOAD BALANCER NETWORK LOAD BALANCER
  18. 18.
  19. 19.  
  20. 20.
  21. 21.  
  22. 22. DOMAIN CONTROLLER DOMAIN.NET DOMAIN.COM WINDOWS AZURE ACTIVE DIRECTORY DOMAIN.SHAREPOINT.COM EXTERNAL USERS INTERNAL USERS NETWORK LOAD BALANCER NETWORK LOAD BALANCER
  23. 23. Choose level of subscription –E1-E4, you can mix these licenses Specify the unique tenant name and Global admin User id/password Specify the country where your tenant will be located (unless your EA states otherwise)
  24. 24. Specify a domain name and confirm ownership (e.g. chipchybrid.com) Set the domain purpose of which services (e.g. Lync or Exchange) will be used Configure DNS by creating verification record with DNS hosting provider Complete the domain setup and choose default domain
  25. 25. DOMAIN CONTROLLER DOMAIN.NET DOMAIN.COM WINDOWS AZURE ACTIVE DIRECTORY DOMAIN.SHAREPOINT.COM EXTERNAL USERS INTERNAL USERS SP SQL2 WAC1 WAC2 SP APP1 SP APP2 SP WEB1 SP WEB2 SP SQL1 SHAREPOINT.DOMAIN.COM NETWORK LOAD BALANCER NETWORK LOAD BALANCER
  26. 26. Configure SharePoint 2013 SP1 on-premises environments at minimum: SP1 allows Yammer and OneDrive for Business redirection from on-premises Configure primary web applications and site collections For hybrid search, web application with Integrated Windows Authentication NTLM claims is required –this can be dedicated zone extended from default SAML Claims zone Enable SharePoint on-premises services for hybrid •Required Service Applications •User Profile Application (UPA) •App Management Service and Subscription Settings Service •Also it is recommended to enable •Managed Metadata Service •User Profile Sync Service (UPS)
  27. 27. DOMAIN CONTROLLER DOMAIN.NET DOMAIN.COM WINDOWS AZURE ACTIVE DIRECTORY DOMAIN.SHAREPOINT.COM EXTERNAL USERS INTERNAL USERS SP SQL2 WAC1 WAC2 SP APP1 SP APP2 SP WEB1 SP WEB2 SP SQL1 SHAREPOINT.DOMAIN.COM AZURE ACTIVE DIRECTORY SYNC WID/SQL Directory Synchronization NETWORK LOAD BALANCER NETWORK LOAD BALANCER
  28. 28.       Windows Azure Active Directory User On-Premises Identity (chipchybridnpatel) Directory Synchronization Cloud Identity (npatel@chipchybrid.com) AD
  29. 29.  
  30. 30.    
  31. 31.
  32. 32.       http://blogs.technet.com/b/ad/archive/2014/09/16/azure-active-directory-sync-is-now-ga.aspx
  33. 33. DOMAIN CONTROLLER DOMAIN.NET DOMAIN.COM WINDOWS AZURE ACTIVE DIRECTORY DOMAIN.SHAREPOINT.COM ADFS1 ADFS2 WID/SQL ADFS.DOMAIN.COM EXTERNAL USERS INTERNAL USERS SP SQL2 WAC1 WAC2 SP APP1 SP APP2 SP WEB1 SP WEB2 SP SQL1 SHAREPOINT.DOMAIN.COM AZURE ACTIVE DIRECTORY SYNC WID/SQL Directory Synchronization NETWORK LOAD BALANCER WAP1 WAP2 NETWORK LOAD BALANCER
  34. 34. Federation is optional for Outbound or Inbound Hybrid Topologies buts recommended to configure for SSO user experience Have dedicated ADFS service account and activate ADFS 3.0 role on Windows Server 2012 R2
  35. 35. Steve Peschka’sguide SharePoint and ADFS SAML limitations and how to overcome UPS & Search 
  36. 36. Publish ADFS through Reverse Proxy for external access Create a Public DNS record for publishing to internet (e.g. adfs.chipchybrid.com)
  37. 37. Set up a trust between ADFS and Office 365 and Windows Azure AD Install Microsoft Online Services Sign in Assistant and Windows Azure AD PowerShell Modules on ADFS server Run Convert-MsolDomainToFederated–DomainName<domain>
  38. 38. Server-to-server trust between SharePoint Online and SharePoint On-Premises: The trust relationship between SharePoint on-premises, SharePoint Online, and Windows Azure Active Directory Security tokens issued by Windows Azure Active Directory Access Control Services are trusted by both SharePoint on-premises and SharePoint Online grant access to resources for users SharePoint Online is registered as a high-trust application in SharePoint on- premises
  39. 39. Create a new security token service (STS) certificate (at least 2038 bit) Either Self-Signed or Public CA certificate supported but domain-issued cert is not supported
  40. 40. #Import the SharePoint Management PowerShell #Replace the STS certificate for the on-premises environment Create a new security token service (STS) certificate (at least 2038 bit) for Server-to-Server trust Either Self-Signed or Public CA certificate supported but domain-issued cert is not supported Replace the default STS certificate on all on-premises SharePoint servers in the farm
  41. 41. # Load PowerShell Modules # Configure Remoting in PowerShell # Log on to SharePoint Online tenant (use credentials of a tenant Global Administrator) Install the following tools on the Central Administration server The Microsoft Online Services Sign-In Assistant The Azure Active Directory Module for Windows PowerShell (64 bit version) The SharePoint Online Management Shell (64 bit version) Execute PowerShell to configure S2S trust between SharePoint on-premises and SharePoint Online You must logon to the central admin server with a Farm Admin account (e.g. sp_farm) to run PowerShell
  42. 42. # Setup variables # Upload the new on-premises STS certificate to SharePoint Online # Add service principal name (SPN) for public domain name in Azure AD
  43. 43. # Register SharePoint Online application principal object ID as a trusted provider in SharePoint On-Premises farm # Set the on-premises SharePoint authentication realm to the context ID of Office 365 tenancy # Establish a S2S trust relationship between SharePoint on-premises and Windows Azure AD # Configure an on-premises ACS proxy for Azure AD to validate OAuthrequests between SharePoint Online and SharePoint On-Premises, which will become a trusted token issuer for the on-premises farm # Fix SharePoint on-premises (if on-premises April 2014 CU or later) -See: http://support.microsoft.com/kb/3000380
  44. 44. http://governance.codeplex.com/releases/view/120702
  45. 45. Enable Search Service on SharePoint on-premises services Create crawled content in SharePoint on-premises and SharePoint Online Verify search in SharePoint on-premises and SharePoint Online for same user
  46. 46. Protocol: Remote SharePoint Remote Service URL: SharePoint Online root site URL Credentials: Default Authentication -SharePoint Online is configured to authenticate queries using Windows Azure Active Directory
  47. 47.          http://technet.microsoft.com/en-us/library/dn607304.aspx#devices    
  48. 48.   https://intranet.chipchybrid.com  https://intranetext.chipchybrid.com WINDOWS AZURE ACTIVE DIRECTORY DOMAIN.SHAREPOINT.COM EXTERNAL USERS INTERNAL USERS SP SQL2 WAC1 WAC2 SP APP1 SP APP2 SP WEB1 SP WEB2 SP SQL1 SHAREPOINT.DOMAIN.COM NETWORK LOAD BALANCER WAP1 WAP2 NETWORK LOAD BALANCER HTTPS Communication Office 365 S2S Communication
  49. 49.   
  50. 50.  
  51. 51.       
  52. 52. Create crawled content in SharePoint on-premises and SharePoint Online Verify search on both SharePoint on-premises and SharePoint Online for same user
  53. 53. Protocol: Remote SharePoint Remote Service URL: Reverse-proxy address of the SharePoint on-premises primary web application Credentials: SSO ID -To authenticate to the reverse proxy, enter the secure store target application ID that contains the Windows certificate
  54. 54. Hybrid Challenges
  55. 55. Hybrid Story is still evolving HandlingSocial Experience Change Management and Operations UserExperience and Navigation
  56. 56. Wrap Up
  57. 57. Q&A •Blog-http://nikpatel.net/ •Twitter-@nikxpatel •Slideshare-slideshare.net/patenik2

×