Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SharePoint In The CloudEvaluating Impact, Pros, and Cons                         Presented By: Richard Harbridge          ...
Thanks To Our Sponsors!#SPSPhilly @RHarbridge
SharePoint User Group            • SharePoint                • End Users                • Administrators                • ...
SharePoint Network  • Are you an independent consultant or remote worker    who deals with SharePoint, Office or Office365...
Who am I?                                       Boston                                     Washington#SPSPhilly @RHarbridge
Our Goal Today…                From Here   To Here#SPSPhilly @RHarbridge
#SPSPhilly @RHarbridge
#SPSPhilly @RHarbridge
What Will We Cover Today?•     Why is SharePoint in the Cloud?•     What is SharePoint in the Cloud?     •    What is Offi...
Why is SharePoint                     in the Cloud?#SPSPhilly @RHarbridge
#SPSPhilly @RHarbridge
Minimal Entry Cost#SPSPhilly @RHarbridge
Pay Per Use#SPSPhilly @RHarbridge
Shift From CAPEX to OPEX#SPSPhilly @RHarbridge
Providers Leverage Scale for Discounts#SPSPhilly @RHarbridge
The Outcome     Cloud enables on-demand computing    resources to be rapidly provisioned with         minimal management e...
What to watch out for…     While cloud is for everyone, it is not for     everything (until solutions, usage and          ...
What is SharePoint                     in the Cloud?#SPSPhilly @RHarbridge
SharePoint Cloud Models                                   Trusted                  Un-trusted          All-in             ...
#SPSPhilly @RHarbridge
SharePoint Extranet             On Premise Hosted                Externally Hosted             Environment                ...
Amazon and SharePoint#SPSPhilly @RHarbridge
Azure and SharePoint#SPSPhilly @RHarbridge
What is Office 365?           (Standard/Shared Hosting)#SPSPhilly @RHarbridge
Getting Office 365 (or BPOS)        Dedicated Evaluation Criteria  • Do you have less than 5000 people?                   ...
But You Still Want Dedicated?  • SPLA (Server Provider License    Agreement) – Means hosting    companies can offer compet...
Office 365 Marketing?#SPSPhilly @RHarbridge
What does moving to Office365 mean?         • Single Architecture         • Initial deploy is still required to migrate da...
Office 365 Feature Parity (Before 2013)                 Now Available with some caveats…                 •   No external d...
More Stuff Missing? (Before 2013)     •   Project Server     •   Power Pivot     •   Secure Store Service     •   Full Tru...
SharePoint Online Grows up in in the  coming release Gest                                                            BCS L...
So What is Still Different in 2013?                                   SharePoint Online Feature Availability -            ...
Hybrid Co-Existence   Scenario                     Works Out of Box?   SharePoint: Search           Yes (Federated)   Shar...
Configuration Overview (High Level)                                     Office 365       Reverse Proxy and        Certific...
Licensing Matters#SPSPhilly @RHarbridge
Licensing SummaryName               Price (Per User/Month) DetailsP – Professional   $6.00and Small Biz                 P ...
Choosing Enterprise#SPSPhilly @RHarbridge                         Only Enterprise has SSL (Both have it on sign in process.)
Quick Example 100 Users…                                                   Business Wants…                                ...
What About SharePoint Standalone?   Office 365 offers two Standalone plans for SharePoint.                                ...
External Users Subscription LicensesSharePoint Online Partner Access LicenseThe first 10,000 PAL licenses are free. Beyond...
Understand Additional Costs                                                                  Coming soon – Small Business ...
The Outcome      We barely scratched the surface with    SharePoint in the Cloud but have already    seen many ‘trade off’...
What to watch out for…        Without careful planning cloud     providers can cause considerable cost    due to new chall...
Concerns                         In The Cloud#SPSPhilly @RHarbridge
BPOS to Office 365?   Microsoft is responsible for any changes that happen in its  1. Customers will not have to migrateda...
Office 365 – 2013 Upgrade#SPSPhilly @RHarbridge
Identity Options in the Cloud#SPSPhilly @RHarbridge
Unique Development Challenges                         How do you deploy a site                         structure to #Offic...
Search Challenges (Before 2013)    No search usage statistics?                         Remember!                         W...
A Few Problems After 2013…#SPSPhilly @RHarbridge
#SPSPhilly @RHarbridge
Cost Modeling#SPSPhilly @RHarbridge
Security Can be an issue, but most of the time is not. The real issue is lack of standards and accountability… If it’s a b...
Security Program            “We ended up with around 800 preventive, detective and            corrective controls that wer...
Privacy Program#SPSPhilly @RHarbridge
What is more reliable?#SPSPhilly @RHarbridge
#SPSPhilly @RHarbridge
What is the Offline Story?#SPSPhilly @RHarbridge
Service Level Agreements#SPSPhilly @RHarbridge
Support Is ImportantAs an example Microsoft provides 24/7 support.Google also provides 24/7 support.However Google Apps ha...
Termination/Suspension of Service#SPSPhilly @RHarbridge
Other Issues?     • Since the startup costs are lower organizations       can run the risk of not doing enough planning.  ...
On Integration#SPSPhilly @RHarbridge
LAN vs WAN#SPSPhilly @RHarbridge
The Outcome     Offloading some management activities     to another provider results in additional           planning and...
What to watch out for…      Challenges and concerns are different            for every cloud provider.#SPSPhilly @RHarbridge
Evaluating                         Cloud Providers#SPSPhilly @RHarbridge
Questions To Ask    Security    • How do I know if my cloud is secure?    • Who will have access to my sensitive data?    ...
Questions To Ask    Storage    • Where will my data be stored?        • Will my data be replicated to any other datacenter...
Questions To Ask    Identity & Access    • Do you offer single sign-on for your services?    • Can I get flexible role-bas...
Questions To Ask    Reliability & Support    • What is your Disaster Recovery and Business Continuity strategy?        • H...
Questions To Ask    Performance    • How fast is the local network?    • What is the storage architecture?        • Usuall...
Questions To Ask    Flexibility (Part 1)    • Am I able to load my own VMs?        • Am I able to install software?    • W...
Questions To Ask    Flexibility (Part 2)    • What configuration options do I have?        • Can I add memory?        • Ca...
Questions To Ask    Flexibility (Part 3)    • Do you offer on-premise, web-based, or mixed environments?    • Will the sol...
Questions To Ask    Costs    • Can I get predictable service costs that still allow me to scale when I need      to?    • ...
Tools You Can Use#SPSPhilly @RHarbridge
Service Management Index    Carnegie Mellon launched an initiative for standardized risk and benefit    comparisons.    It...
Cloud Sleuth Viewers#SPSPhilly @RHarbridge              Global Provider View                              Cloud Performanc...
Cloud Harmony Benchmarks#SPSPhilly @RHarbridge
Consensus Assessments Initiative#SPSPhilly @RHarbridge
The Outcome        You now have an arsenal of key   questions/tools you can use to evaluate a          cloud provider effe...
What to watch out for…           Trust but verify. Carefully review            policies, terms, conditions, and           ...
Thank YouOrganizers, Sponsors and You for Making this Possible.Questions? Ideas? Feedback? Contact me: Twitter: @RHarbrid...
Appendix/Resources#SPSPhilly @RHarbridge
Main SharePoint Online marketing site:    http://sharepoint.microsoft.com/en-us/SharePoint-Online/Pages/default.aspxPrimar...
Microsoft Privacy Guidelines for Developing Software Products and Serviceshttp://www.microsoft.com/download/en/details.asp...
Sign Up For Office365 Developer Site (2013)http://msdn.microsoft.com/en-us/library/fp179924%28v=office.15%29.aspxOffice an...
Evolution?#SPSPhilly @RHarbridge                                  Elasticity is not cloud computing…
Evolution?#SPSPhilly @RHarbridge                                  Elasticity is not cloud computing…
Evolution?#SPSPhilly @RHarbridge                                  Elasticity is not cloud computing…
Cloud = Hosting (Not New)#SPSPhilly @RHarbridge
#SPSPhilly @RHarbridge
Transitioning to the Cloud    •    •    •    •    •#SPSPhilly @RHarbridge
SharePoint 2013 Features#SPSPhilly @RHarbridge
SharePoint – Intranet - Feature Tiering#SPSPhilly @RHarbridge
Reverse Proxy and Authentication*When using hybrid features o365 sends requests from              Office 365sites in the c...
Reverse Proxy Requirements                                                                                 Office 365A rev...
Reverse Proxy ConfigurationThese are the high level steps for configuring UAG for                              Office 365h...
Identity Provider                                                                       Office 365In order to have a singl...
MSOL ToolsYou will need tools from MS Online (MSOL) in order to                                                           ...
SSO with o365                                                                                            Office 365Install...
DirSync with o365                                                                                                  Office ...
SharePoint Configuration TasksThese things need to be configured in SharePoint to supporthybrid:New SharePoint STS Token S...
New SharePoint STS Token Signing CertificateYou need to replace the default token signing certificate for theSharePoint ST...
Configure Trust Between SharePoint and ACSPreviously you created a federated trust for users to sign into o365Now you need...
Configure Secure StoreThe Secure Store Service is used to create an application that storesthe certificate used to authent...
Configure UPAIt’s critically important that you:    Have a UPA up and running    Have it populated with current data from ...
BCS Hybrid Scenario#SPSPhilly @RHarbridge
#SPSPhilly @RHarbridge
Thank YouOrganizers, Sponsors and You for Making this Possible.Questions? Ideas? Feedback? Contact me: Twitter: @RHarbrid...
Upcoming SlideShare
Loading in …5
×

SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Saturday Philly

3,658 views

Published on

Published in: Technology
  • Be the first to comment

SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Saturday Philly

  1. 1. SharePoint In The CloudEvaluating Impact, Pros, and Cons Presented By: Richard Harbridge #SPSPhilly @RHarbridge#SPSPhilly @RHarbridge
  2. 2. Thanks To Our Sponsors!#SPSPhilly @RHarbridge
  3. 3. SharePoint User Group • SharePoint • End Users • Administrators • Architects • Developers • IT Pros • Meetings: 2nd Tuesday of the month, Microsoft Malvern, 5:30-8 pm WEB: www.TriStateSharePoint.org EMAIL: info@TriStateSharePoint.org TWITTER: @tristateSP#SPSPhilly @RHarbridge
  4. 4. SharePoint Network • Are you an independent consultant or remote worker who deals with SharePoint, Office or Office365? • Do you sometimes feel cut off from the rest of the SharePoint world? • Do you need help with technical or business issues, or just want the chance to socialize with others? If so, then the SharePoint Network might be for you! www.SharePointNetwork.org#SPSPhilly @RHarbridge
  5. 5. Who am I? Boston Washington#SPSPhilly @RHarbridge
  6. 6. Our Goal Today… From Here To Here#SPSPhilly @RHarbridge
  7. 7. #SPSPhilly @RHarbridge
  8. 8. #SPSPhilly @RHarbridge
  9. 9. What Will We Cover Today?• Why is SharePoint in the Cloud?• What is SharePoint in the Cloud? • What is Office 365?• Concerns in the Cloud?• Evaluating Cloud Providers#SPSPhilly @RHarbridge
  10. 10. Why is SharePoint in the Cloud?#SPSPhilly @RHarbridge
  11. 11. #SPSPhilly @RHarbridge
  12. 12. Minimal Entry Cost#SPSPhilly @RHarbridge
  13. 13. Pay Per Use#SPSPhilly @RHarbridge
  14. 14. Shift From CAPEX to OPEX#SPSPhilly @RHarbridge
  15. 15. Providers Leverage Scale for Discounts#SPSPhilly @RHarbridge
  16. 16. The Outcome Cloud enables on-demand computing resources to be rapidly provisioned with minimal management effort.#SPSPhilly @RHarbridge
  17. 17. What to watch out for… While cloud is for everyone, it is not for everything (until solutions, usage and standards mature).#SPSPhilly @RHarbridge
  18. 18. What is SharePoint in the Cloud?#SPSPhilly @RHarbridge
  19. 19. SharePoint Cloud Models Trusted Un-trusted All-in Hybrid Hybrid SharePoint 2010 Collaboration Scenarios Exchange 2010 Doc Management Exchange 2010 Lync 2010 MySites Lync 2010 Extranet Extranet Public Facing Websites Public Facing Websites Demo/Dev/Test/Prod Demo/Dev/Test/Prod Demo/Dev/Test External Identity Provider Single Sign On (ADFS) External Identity Provider Dedicated/Shared#SPSPhilly @RHarbridge Dedicated/Shared Dedicated/Shared
  20. 20. #SPSPhilly @RHarbridge
  21. 21. SharePoint Extranet On Premise Hosted Externally Hosted Environment Environment You Manage Firewall They Manage Firewall Exceptions/Access to Exceptions (most cases fully Environment public facing)/Access to Environment. You provision a new identity They provision an identity store. You manage two store. You still may manage identity stores. aspects of it based on business need. You support the environment They typically support the infrastructure. environment infrastructure. You plan for and invest in You pay for what you use sizable up front costs installing under their planned structures and configuring the (typically OPEX vs CAPEX). environment.#SPSPhilly @RHarbridge
  22. 22. Amazon and SharePoint#SPSPhilly @RHarbridge
  23. 23. Azure and SharePoint#SPSPhilly @RHarbridge
  24. 24. What is Office 365? (Standard/Shared Hosting)#SPSPhilly @RHarbridge
  25. 25. Getting Office 365 (or BPOS) Dedicated Evaluation Criteria • Do you have less than 5000 people? Not for you. #SPSPhilly @RHarbridge
  26. 26. But You Still Want Dedicated? • SPLA (Server Provider License Agreement) – Means hosting companies can offer competitive ‘dedicated’ hosting scenarios at lower costs. This is for you. #SPSPhilly @RHarbridge
  27. 27. Office 365 Marketing?#SPSPhilly @RHarbridge
  28. 28. What does moving to Office365 mean? • Single Architecture • Initial deploy is still required to migrate data to Office 365 • AD clean up and network upgrade is often required • Hybrid phasing is often prolonged period of discomfort. • Balance between continuous innovations and minimize change • Customer controls IT policies but not feature availability • Understand your internal security and privacy requirements#SPSPhilly @RHarbridge
  29. 29. Office 365 Feature Parity (Before 2013) Now Available with some caveats… • No external data search • No rich client integration • No profile pages • No direct connectivity to SQL Azure without a WCF endpoint.#SPSPhilly @RHarbridge
  30. 30. More Stuff Missing? (Before 2013) • Project Server • Power Pivot • Secure Store Service • Full Trust Solutions • Not all Sandbox Solutions work? *#SPSPhilly @RHarbridge - * Maurice Prather http://www.bluedoglimited.com/SharePointThoughts/ViewPost.aspx?ID=331
  31. 31. SharePoint Online Grows up in in the coming release Gest BCS Links Translation Improvem eDiscovery Workflow ents 2013 Services (Direct to SQL Azure) deep exchange online, lync online & New Cloud link office subscription UX app Hybrid model Search Power all new Shell features Quick SkyDrive + Records designed for Preview Pro Center the Cloud MDS PowerPiv Quick ot / Edit Power Mobile View apps Dev OData Site Site Project Mailbox refiners Online … and more.#SPSPhilly @RHarbridge
  32. 32. So What is Still Different in 2013? SharePoint Online Feature Availability - http://technet.microsoft.com/en- SharePoint Online us/library/jj819267.aspx SharePoint 2013 Analytics, BI Excel Services, Power View, PowerPivot PerformancePoint Deep refinement, Search People/Expertise, hover card, enterprise search enhance relevancy Developer Cloud app model, Sandbox, CSOM, BCS Full-trust code, BCS+ Admin Tenant-level, PowerShell, IRM, Recycle Bin Central Administration Cross-site scripting, Internet Public Website, Design Manager, apps/store content by search eDiscovery, Records Center, Site Mailbox, Mobile, Newsfeed, Follow, #, @ ECM / Social dot dot dot#SPSPhilly @RHarbridge
  33. 33. Hybrid Co-Existence Scenario Works Out of Box? SharePoint: Search Yes (Federated) SharePoint: BCS Yes (WCF Effort Required, No Profiles and BCS Search) SharePoint: Other Services No (Though Guidance Coming) (MMS, Workflow etc) Exchange Integration Limited (eDiscovery, Site Mailboxes, Task Synch – Read Documentation) Lync Integration Yes (Presence etc)#SPSPhilly @RHarbridge
  34. 34. Configuration Overview (High Level) Office 365 Reverse Proxy and Certificate Auth UAG Dirsync MSOL Tools Identity Provider Dirsync and Tools Servers 2013 MSOL Tools ADFS Servers#SPSPhilly @RHarbridge Config Secure Store oAuth Trust SharePoint Servers
  35. 35. Licensing Matters#SPSPhilly @RHarbridge
  36. 36. Licensing SummaryName Price (Per User/Month) DetailsP – Professional $6.00and Small Biz P = Limited toLync, SharePoint, Office users. Exchange, Apps less than 50 WebE1 – Enterprise $8.00 Exchange, Lync, SharePoint, Yammer EntE2 – Enterprise $14.00 E1 + Office Web AppsE3 – Enterprise $20.00 E2 + Office Pro Plus, BCS, Excel Services, InfoPath Services, Visio Services, & Access ServicesE4 – Enterprise $22.00 E3 + Voice Capabilities (VOIP Stuff)K1 – Kiosk Worker $4.00 Exchange, SharePoint, Office Web Apps (View Only)K2 – Kiosk Worker $8.00 Exchange, SharePoint, Office Web Apps E/K - You can split your users (for cost savings).#SPSPhilly @RHarbridge
  37. 37. Choosing Enterprise#SPSPhilly @RHarbridge Only Enterprise has SSL (Both have it on sign in process.)
  38. 38. Quick Example 100 Users… Business Wants… • SharePoint 2010 Enterprise E3 - $20 per user per month… • Lync 2010 • Exchange 2010 $24,000.00 per year… • Office 2010 ProfessionalOffice 365 E3 Over 3 Years On Premises On Prem Costs (2010):Year 1 $24,000.00 Year 1 $88,708.00 • $3,500.00 in Services (Installation/Config)Year 2 $24,000.00 Year 2 $0.00 • $6,000.00 - Two ServersYear 3 $24,000.00 Year 3 $0.00 • $79,208.00 – LicensingTotal $72,000.00 Total $88,708.00 Quick Total: $88,708.00At +4 years = more expensive. Big investment?Consistent cost? More features/flexibility.#SPSPhilly @RHarbridge *This is meant as only a simplified example scenario
  39. 39. What About SharePoint Standalone? Office 365 offers two Standalone plans for SharePoint. $4.00 $8.00SP Online P1 Over 3 Years SP Standard On Premises On Prem Costs (2010):Year 1 $4,800.00 Year 1 $30,849.00 • $2,000.00 in Services • $6,000.00 - Two ServersYear 2 $4,800.00 Year 2 $0.00 • $22,849.00 – Max LicensingYear 3 $4,800.00 Year 3 $0.00 Total $14,400.00#SPSPhilly @RHarbridge Total $30,849.00 100 Users… *This is meant as only a simplified example scenario
  40. 40. External Users Subscription LicensesSharePoint Online Partner Access LicenseThe first 10,000 PAL licenses are free. Beyond this there arenegotiated prices/sometimes exceptions are made, etc. SP Online Over 3 Years SP On Premises Year 1 $0.00 Year 1 $0.00 (2013) Year 2 $0.00 Year 2 $0.00 Year 3 $0.00 Year 3 $0.00 Total $0.00 Total $0.00#SPSPhilly @RHarbridge *This is meant as only a simplified example scenario
  41. 41. Understand Additional Costs Coming soon – Small Business Coming soon – Midmarket Coming soon – Enterprise Item In-Market - Enterprise 1-50 users 1-250 users 1-500,000+ usersBase tenancy storage allocation 10 GB 10GB 10GB 10GBStorage per Standard E & P (allocatedto tenant pool) 500 MB/user 500MB/user 500MB/user 500MB/userSkyDrive Pro(does not contribute to overall pool) 500 MB/user 7 GB 7 GB 7 GBStorage per Kiosk Worker 0 0 0 0Storage per External User 0 0 0 0Site Collection storage quotas Up to 100 GB Up to 100 GB Up to 100 GB Up to 100 GBTotal max storage per tenant Up to 25 TB Up to 35GB Up to 1.25 TB Up to 25TBMaximum file upload size 250MB Designing for 2GB Designing for 2GB Designing for 2GBSite collections (total #)* 300 1 20 3,000Additional storage $2.50(per GB per month) $0.20/GB/month $0.20/GB/month $0.20/GB/month 0.20/GB/month* *Price lowered in the second service update of Office 365 SharePoint Online. #SPSPhilly @RHarbridge
  42. 42. The Outcome We barely scratched the surface with SharePoint in the Cloud but have already seen many ‘trade off’ decision points we should be aware of.#SPSPhilly @RHarbridge
  43. 43. What to watch out for… Without careful planning cloud providers can cause considerable cost due to new challenges such as migration and identity federation.#SPSPhilly @RHarbridge
  44. 44. Concerns In The Cloud#SPSPhilly @RHarbridge
  45. 45. BPOS to Office 365? Microsoft is responsible for any changes that happen in its 1. Customers will not have to migratedata; data. datacenters. Customers will not have to migrate any any however, customers will be responsible for making sure that 2. client software is have SharePoint 2010 their You need to compliant with the system requirements. See Office 365 system requirements compatible client software/systems. download.microsoft.com/download/A/6/4/A6479925-C7D2- 4C4C-A21B-48BCCF8887A9/FAQ_EN_101010.docx. 3. You have to train users on the new 2010 interface. Customers will also be responsible for end-user training and configuring any new features and capabilities that will be delivered by Office 365.#SPSPhilly @RHarbridge http://www.microsoft.com/online/transition-center.aspx
  46. 46. Office 365 – 2013 Upgrade#SPSPhilly @RHarbridge
  47. 47. Identity Options in the Cloud#SPSPhilly @RHarbridge
  48. 48. Unique Development Challenges How do you deploy a site structure to #Office365? • Limited/No PowerShell • No Console Apps • No Content Database Copy Site Templates and Migration Tools Could Work…#SPSPhilly @RHarbridge
  49. 49. Search Challenges (Before 2013) No search usage statistics? Remember! We#SPSPhilly @RHarbridge .
  50. 50. A Few Problems After 2013…#SPSPhilly @RHarbridge
  51. 51. #SPSPhilly @RHarbridge
  52. 52. Cost Modeling#SPSPhilly @RHarbridge
  53. 53. Security Can be an issue, but most of the time is not. The real issue is lack of standards and accountability… If it’s a bigger and more respectable hosting provider expect a better level of accountability and security planning/activity.#SPSPhilly @RHarbridge
  54. 54. Security Program “We ended up with around 800 preventive, detective and corrective controls that were physical, administrative and technical. Then we took the defense-in-depth approach and put the controls throughout the stack.”#SPSPhilly @RHarbridge - John Howie, Microsoft
  55. 55. Privacy Program#SPSPhilly @RHarbridge
  56. 56. What is more reliable?#SPSPhilly @RHarbridge
  57. 57. #SPSPhilly @RHarbridge
  58. 58. What is the Offline Story?#SPSPhilly @RHarbridge
  59. 59. Service Level Agreements#SPSPhilly @RHarbridge
  60. 60. Support Is ImportantAs an example Microsoft provides 24/7 support.Google also provides 24/7 support.However Google Apps has a rule where only system critical eventsthat affect more than 50% of users can use their phone support.Don’t forget that with all cloud based providers – you are also addinganother layer between IT and the business users. Example Issue: Can a you put a stop to a providers maintenance schedule so that a#SPSPhilly @RHarbridge finish a critical deliverable without interruption? business team can
  61. 61. Termination/Suspension of Service#SPSPhilly @RHarbridge
  62. 62. Other Issues? • Since the startup costs are lower organizations can run the risk of not doing enough planning. • Migrating content can be extremely difficult depending on what options are provided by the ‘cloud provider’.#SPSPhilly @RHarbridge
  63. 63. On Integration#SPSPhilly @RHarbridge
  64. 64. LAN vs WAN#SPSPhilly @RHarbridge
  65. 65. The Outcome Offloading some management activities to another provider results in additional planning and consideration.#SPSPhilly @RHarbridge
  66. 66. What to watch out for… Challenges and concerns are different for every cloud provider.#SPSPhilly @RHarbridge
  67. 67. Evaluating Cloud Providers#SPSPhilly @RHarbridge
  68. 68. Questions To Ask Security • How do I know if my cloud is secure? • Who will have access to my sensitive data? • Do I have full ownership of my data? • What type of employee / contractor screening you do, before you hire them? • How do you detect if an application is being attacked (hacked), and how is that reported to me and my employees? • How do you control administrator access to the service? • What firewalls are in place? • What anti-virus technology is in place? • Can I get virtual layer 2 networking and a stateful virtual firewall?#SPSPhilly @RHarbridge Evaluating Cloud Providers
  69. 69. Questions To Ask Storage • Where will my data be stored? • Will my data be replicated to any other datacenters around the world (If yes, then which ones)? • What controls do you have in place to ensure safety for my data while it is stored in your environment? • Can you tell me where my data physically resides? • Data Center Location? • How many live copies of my data are there? • What happens to my data if I cancel my service?#SPSPhilly @RHarbridge Evaluating Cloud Providers
  70. 70. Questions To Ask Identity & Access • Do you offer single sign-on for your services? • Can I get flexible role-based access control synchronized with my enterprise directory? • Do all of my users have to rely on solely web based tools? • Can users work offline? • Do you offer a way for me to run your application locally and how quickly I can revert to the local installation?#SPSPhilly @RHarbridge Evaluating Cloud Providers
  71. 71. Questions To Ask Reliability & Support • What is your Disaster Recovery and Business Continuity strategy? • How do you back up data? • What is the retention period and recovery granularity? • Is your Cloud Computing service SAS70 compliant? • What measures do you provide to assist compliance and minimize legal risk? • Who do I contact for support? • What types of support do you offer? • Are there additional support options available to me?#SPSPhilly @RHarbridge Evaluating Cloud Providers
  72. 72. Questions To Ask Performance • How fast is the local network? • What is the storage architecture? • Usually storage will be the slowest link. • How can I ensure global consistency across cloud service providers? • How many locations do you have and how are they connected? • How many IOPS can I expect at each I/O performance level? • How does your memory access score on the STREAM benchmark? • How does your virtualization system score on the SPECvirt benchmark?#SPSPhilly @RHarbridge Evaluating Cloud Providers
  73. 73. Questions To Ask Flexibility (Part 1) • Am I able to load my own VMs? • Am I able to install software? • What virtualization technology is being used? • Are there additional abstraction layers? • Can I dynamically add memory and CPU to a cloud VM while it’s running? • How can I ensure CPU and memory are guaranteed? • What access protocols are available? • RDP, VNC, ICA, Console, SSH… • Over non standard ports?#SPSPhilly @RHarbridge Evaluating Cloud Providers
  74. 74. Questions To Ask Flexibility (Part 2) • What configuration options do I have? • Can I add memory? • Can I add storage? • Can I use public IPs? • What domain name mapping options do I have? • Can I have multiple environments per user? • Can I archive environments? • What supporting tools are there? • Active directory integration • User management#SPSPhilly @RHarbridge Evaluating Cloud Providers
  75. 75. Questions To Ask Flexibility (Part 3) • Do you offer on-premise, web-based, or mixed environments? • Will the solution work with what I have in place today? • What pricing, licensing, and payment options are available to me? • What are the client requirements? • How often do these change? Example: Must I upgrade my browser to take advantage of new features?#SPSPhilly @RHarbridge Evaluating Cloud Providers
  76. 76. Questions To Ask Costs • Can I get predictable service costs that still allow me to scale when I need to? • How can I get the cost benefits of multi-tenancy but still access dedicated infrastructure when I need it? • How do you define a processor / virtual core / Compute Unit? • What are your SLAs and how do you compensate when it is not met? • During maintenance windows? Planned vs surprises • What happens when there is over subscription? • Can I leverage my existing Agreements?#SPSPhilly @RHarbridge Evaluating Cloud Providers
  77. 77. Tools You Can Use#SPSPhilly @RHarbridge
  78. 78. Service Management Index Carnegie Mellon launched an initiative for standardized risk and benefit comparisons. It’s called the Cloud Service Measurement Initiative Consortium (CSMIC)#SPSPhilly @RHarbridge Service Management Index
  79. 79. Cloud Sleuth Viewers#SPSPhilly @RHarbridge Global Provider View Cloud Performance Analyzer
  80. 80. Cloud Harmony Benchmarks#SPSPhilly @RHarbridge
  81. 81. Consensus Assessments Initiative#SPSPhilly @RHarbridge
  82. 82. The Outcome You now have an arsenal of key questions/tools you can use to evaluate a cloud provider effectively.#SPSPhilly @RHarbridge
  83. 83. What to watch out for… Trust but verify. Carefully review policies, terms, conditions, and agreements.#SPSPhilly @RHarbridge
  84. 84. Thank YouOrganizers, Sponsors and You for Making this Possible.Questions? Ideas? Feedback? Contact me: Twitter: @RHarbridge Blog: http://www.RHarbridge.com Email: Richard@RHarbridge.com Resources: 700+ SharePoint IA Slides at.. PracticalIntranet.com 130+ SharePoint Standards at.. SPStandards.com 80+ Downloadable Presentations.. SlideShare.com/RHarbridge#SPSPhilly @RHarbridge
  85. 85. Appendix/Resources#SPSPhilly @RHarbridge
  86. 86. Main SharePoint Online marketing site: http://sharepoint.microsoft.com/en-us/SharePoint-Online/Pages/default.aspxPrimary Office 365 marketing site: http://www.office365.com Trials, 100-200 level customer-facing info Contains info about BPOS suite and SPO 30-Day trialSharePoint Online developer resource center (MSDN):http://go.microsoft.com/fwlink/?LinkId=203983SharePoint Online Administration resource center (TechNet):http://technet.microsoft.com/sharepoint/gg144571.aspx‘Help and How-to’ for SharePoint Online (Office.com):http://office.microsoft.com/redir/FX102052854.aspx#SPSPhilly @RHarbridge
  87. 87. Microsoft Privacy Guidelines for Developing Software Products and Serviceshttp://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16048Cloud Computing Security Considerations paper (by Microsoft) can be found here:http://go.microsoft.com/?linkid=9708479Office 365: Addressing Cloud Computing Security Considerationshttp://download.microsoft.com/download%2F2%2F2%2F0%2F220AE513-4A01-4D95-9275-11E71215A0C2%2FCloudSecurityConsiderations_MicrosoftOffice365.pdfPain Point:http://community.office365.com/en-us/f/148/t/3388.aspx#SPSPhilly @RHarbridge
  88. 88. Sign Up For Office365 Developer Site (2013)http://msdn.microsoft.com/en-us/library/fp179924%28v=office.15%29.aspxOffice and SharePoint App Development:http://msdn.microsoft.com/en-us/library/jj220038%28v=office.15%29.aspxAvailable on TechNet - http://aka.ms/oht1dx On-premises -> SPO configuration steps Additional details for non-SharePoint steps Identity provider and SSO DirSync MSOL Sign-In Assistant MSOL Module for Windows PowerShell#SPSPhilly @RHarbridge
  89. 89. Evolution?#SPSPhilly @RHarbridge Elasticity is not cloud computing…
  90. 90. Evolution?#SPSPhilly @RHarbridge Elasticity is not cloud computing…
  91. 91. Evolution?#SPSPhilly @RHarbridge Elasticity is not cloud computing…
  92. 92. Cloud = Hosting (Not New)#SPSPhilly @RHarbridge
  93. 93. #SPSPhilly @RHarbridge
  94. 94. Transitioning to the Cloud • • • • •#SPSPhilly @RHarbridge
  95. 95. SharePoint 2013 Features#SPSPhilly @RHarbridge
  96. 96. SharePoint – Intranet - Feature Tiering#SPSPhilly @RHarbridge
  97. 97. Reverse Proxy and Authentication*When using hybrid features o365 sends requests from Office 365sites in the cloud to your on-prem farmYou need to establish a reverse proxy for these calls tobe channeled through to secure the processThose requests can be authenticated at the reverse UAGproxy before they are forwarded to SharePointSharePoint supports using a certificate for Dirsync and Tools Serversauthenticating to the reverse proxy server when ADFS Serverssending a request SharePoint Servers#SPSPhilly @RHarbridge
  98. 98. Reverse Proxy Requirements Office 365A reverse proxy used for hybrid must support thefollowing requirements: 2 network cards - one connected to the Internet and the other to the internal company network UAG Route inbound SSL traffic to the on-premises SharePoint farm without rewriting packet headers Support SSL termination Dirsync and Tools ServersWe currently support two reverse proxy servers: ADFS Servers Microsoft - Forefront Unified Access Gateway (UAG) SharePoint Servers F5 - Big IP We plan to add more as they are tested for compatibility#SPSPhilly @RHarbridge
  99. 99. Reverse Proxy ConfigurationThese are the high level steps for configuring UAG for Office 365hybrid: Configure the network in UAG using the Getting Started Wizard Add an HTTPS trunk Install an SSL certificate for the endpoint; it must: UAG Support the names for both the public HTTPS trunk and SharePoint site Use 2048 bit length encryption; shorter lengths WILL NOT WORK! Dirsync and Tools Servers Add the PFX in the UAG’s local certificate store Publish the SharePoint site collection; use the SharePoint Server ADFS Servers 2010 Web type SharePoint ServersSee your Reverse Proxy s/w documentation for fulldetails#SPSPhilly @RHarbridge
  100. 100. Identity Provider Office 365In order to have a single-sign on experience, you needa federated identity provider like ADFSThis requires the following: 2 or more load balanced ADFS servers UAG An SSL certificate for the ADFS site A proxy device, like the ADFS proxy server For details on planning and implementation options see Dirsync and Tools Servers http://technet.microsoft.com/en-us/library/jj151794 ADFS ServersAll users must have a UPN of a registered domain (i.e. SharePoint Servers“.local” or similar suffixes will not work)#SPSPhilly @RHarbridge
  101. 101. MSOL ToolsYou will need tools from MS Online (MSOL) in order to Office 365complete the next set of tasks: Microsoft Online Services Sign-In Assistant Microsoft Online Services Module for Windows PowerShell (MSOL PS) UAG The Directory Synchronization Tool (dirsync) NOTE: This cannot be installed on a domain controllerYou will need to run these on a SharePoint server to Dirsync and Tools Serversconfigure trust with ACS ADFS ServersSetting up dirsync and SSO trust is typically done on its SharePoint Serversown server#SPSPhilly @RHarbridge
  102. 102. SSO with o365 Office 365Install the MSOL PS snap-in to a local server; can be thesame server being used for dirsyncSet up a federation trust between o365 and ADFS usingMSOL PS Use the Connect-MsolService cmdlet to authenticate and connect to o365 UAG Use the New-MsolFederatedDomain to start the process to establish the trust Update DNS as instructed by the cmdletOr alternatively: Dirsync and Tools Servers Use the Office 365 Admin web page to create a new domain trust – follow the instructions in the domains section ADFS Servers Use MSOL PS to run the Convert-MsolDomainToFederated cmdletFor more info see http://technet.microsoft.com/en- SharePoint Serversus/library/jj151794#SPSPhilly @RHarbridge
  103. 103. DirSync with o365 Office 365 UAG Dirsync and Tools Servers • Grant accounts licenses to SharePoint, etc. ADFS Servers • Log out then login as an Active Directory user using your Identity Provider (i.e. SharePoint Servers ADFS) http://technet.microsoft.com/en- us/library/hh967642.aspx#SPSPhilly @RHarbridge
  104. 104. SharePoint Configuration TasksThese things need to be configured in SharePoint to supporthybrid:New SharePoint STS Token Signing CertificateConfigure a trust between SharePoint on-prem and ACSConfigure Secure StoreConfigure UPATry out Search or BCS!#SPSPhilly @RHarbridge
  105. 105. New SharePoint STS Token Signing CertificateYou need to replace the default token signing certificate for theSharePoint STS because Access Control Service (ACS) will not trust itYou can replace it with: A certificate issued by a public certificate authority like Verisign, GoDaddy, Thawte, etc. – RECOMMENDED A new self-signed certificate that you can create in the IIS Manager Domain-issued certificates DO NOT WORKUse the Set-SPSecurityTokenServiceConfig with the –ImportSigningCertificate flag to change the token signing certificate#SPSPhilly @RHarbridge
  106. 106. Configure Trust Between SharePoint and ACSPreviously you created a federated trust for users to sign into o365Now you need to create an OAuth trust for applications to exchangedata between o365 and on-premUsing MSOL PowerShell (on prem): Create an AppPrincipal using New-MsolServicePrincipalCredential Create a proxy to ACS using New-SPAzureAccessControlServiceApplicationProxy Complete the trust using New-SPTrustedSecurityTokenIssuerComplete detailed instructions are available in the documentationdescribed at the end of this session#SPSPhilly @RHarbridge
  107. 107. Configure Secure StoreThe Secure Store Service is used to create an application that storesthe certificate used to authenticate with the UAG HTTPS trunkIn o365 create a new Secure Store Service target application Save the Target Application ID name because you will use that when configuring a result sourceIn the credentials field configure it as a Certificate PasswordClick the Set button for the Credentials Browse to the certificate CER file that was used for the UAG HTTPS trunk; leave the password fields blankComplete detailed instructions are available in the documentationdescribed at the end of this session#SPSPhilly @RHarbridge
  108. 108. Configure UPAIt’s critically important that you: Have a UPA up and running Have it populated with current data from Active DirectoryWe use the UPA on the local farm to determine what rights a user has –what claims they have, what groups they belong to, etc.With a hybrid solution, anything that you grant rights to needs to be in theprofile system E.g., if you augment claims on-prem and use a custom claims provider to grant rights to content using those claims, an o365 user would not see that data because those custom claims are not added when you login to o365 More details at http://blogs.technet.com/b/speschka/archive/2012/08/15/oauth-and-the- rehydrated-user-in-sharepoint-2013-how-d-they-do-that-and-what-do-i-need- to-know.aspx#SPSPhilly @RHarbridge
  109. 109. BCS Hybrid Scenario#SPSPhilly @RHarbridge
  110. 110. #SPSPhilly @RHarbridge
  111. 111. Thank YouOrganizers, Sponsors and You for Making this Possible.Questions? Ideas? Feedback? Contact me: Twitter: @RHarbridge Blog: http://www.RHarbridge.com Email: Richard@RHarbridge.com Resources: 700+ SharePoint IA Slides at.. PracticalIntranet.com 130+ SharePoint Standards at.. SPStandards.com 80+ Downloadable Presentations.. SlideShare.com/RHarbridge#SPSPhilly @RHarbridge

×