Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SharePoint In The Cloud: Evaluating Impact, Pros, and Cons - SPLive360


Published on

Published in: Technology
  • Be the first to comment

SharePoint In The Cloud: Evaluating Impact, Pros, and Cons - SPLive360

  1. 1. SharePoint In The CloudEvaluating Impact, Pros, and Cons Richard Harbridge Sr. SharePoint Architect/Evangelist Level: Beginner/Intermediate
  2. 2. SharePoint In The CloudEvaluating Impact, Pros, and Cons Presented By: Richard Harbridge #SPLive360 @RHarbridge#SPLive360 @RHarbridge
  3. 3. Who am I? Boston Washington#SPLive360 @RHarbridge
  4. 4. Our Goal Today… From Here To Here#SPLive360 @RHarbridge
  5. 5. #SPLive360 @RHarbridge
  6. 6. #SPLive360 @RHarbridge
  7. 7. What Will We Cover Today?• Why is SharePoint in the Cloud?• What is SharePoint in the Cloud? • What is Office 365?• Concerns in the Cloud?• Evaluating Cloud Providers#SPLive360 @RHarbridge
  8. 8. Why is SharePoint in the Cloud?#SPLive360 @RHarbridge
  9. 9. More Customizations Important Concepts Software as a Service (SaaS) Less Complexity Platform as a Service (PaaS) Infrastructure as a Service (IaaS)#SPLive360 @RHarbridge
  10. 10. Minimal Entry Cost#SPLive360 @RHarbridge
  11. 11. Pay Per Use#SPLive360 @RHarbridge
  12. 12. Shift From CAPEX to OPEX#SPLive360 @RHarbridge
  13. 13. Providers Leverage Scale for Discounts#SPLive360 @RHarbridge
  14. 14. The Outcome Cloud enables on-demand computing resources to be rapidly provisioned with minimal management effort.#SPLive360 @RHarbridge
  15. 15. What to watch out for… While cloud is for everyone, it is not for everything (until solutions, usage and standards mature).#SPLive360 @RHarbridge
  16. 16. What is SharePoint in the Cloud?#SPLive360 @RHarbridge
  17. 17. SharePoint Cloud Models Trusted Un-trusted All-in Hybrid Hybrid SharePoint 2010 Collaboration Scenarios Exchange 2010 Doc Management Exchange 2010 Lync 2010 MySites Lync 2010 Extranet Extranet Public Facing Websites Public Facing Websites Demo/Dev/Test/Prod Demo/Dev/Test/Prod Demo/Dev/Test External Identity Provider Single Sign On (ADFS) External Identity Provider Dedicated/Shared#SPLive360 @RHarbridge Dedicated/Shared Dedicated/Shared
  18. 18. Stuff we manage in our SharePoint Containment Hierarchy Dedicated SharePoint cloud. Farm Servers Services Stuff we manage in our Web Applications Shared SharePoint cloud. Databases Site Collections Sites Libraries and Lists Folders and Document Sets#SPLive360 @RHarbridge Documents, Items and Pages
  19. 19. SharePoint Extranet On Premise Hosted Externally Hosted Environment Environment You Manage Firewall They Manage Firewall Exceptions/Access to Exceptions (most cases fully Environment public facing)/Access to Environment. You provision a new identity They provision an identity store. You manage two store. You still may manage identity stores. aspects of it based on business need. You support the environment They typically support the infrastructure. environment infrastructure. You plan for and invest in You pay for what you use sizable up front costs installing under their planned structures and configuring the (typically OPEX vs CAPEX). environment.#SPLive360 @RHarbridge
  20. 20. Amazon and SharePoint#SPLive360 @RHarbridge
  21. 21. Azure and SharePoint#SPLive360 @RHarbridge
  22. 22. What is Office 365? (Standard/Shared Hosting)#SPLive360 @RHarbridge
  23. 23. Getting Office 365 (or BPOS) Dedicated Evaluation Criteria • Do you have less than 5000 people? Not for you. #SPLive360 @RHarbridge
  24. 24. But You Still Want Dedicated? • SPLA (Server Provider License Agreement) – Means hosting companies can offer competitive ‘dedicated’ hosting scenarios at lower costs. This is for you. #SPLive360 @RHarbridge
  25. 25. Office 365 Marketing?#SPLive360 @RHarbridge
  26. 26. What does moving to Office365 mean? • Single Architecture • Initial deploy is still required to migrate data to Office 365 • AD clean up and network upgrade is often required • Hybrid phasing is often prolonged period of discomfort. • Balance between continuous innovations and minimize change • Customer controls IT policies but not feature availability • Understand your internal security and privacy requirements#SPLive360 @RHarbridge
  27. 27. Office 365 Feature Parity (Before 2013) Now Available with some caveats… • No external data search • No rich client integration • No profile pages • No direct connectivity to SQL Azure without a WCF endpoint.#SPLive360 @RHarbridge
  28. 28. More Stuff Missing? (Before 2013) • Project Server • Power Pivot • Secure Store Service • Full Trust Solutions • Not all Sandbox Solutions work? *#SPLive360 @RHarbridge - * Maurice Prather
  29. 29. SharePoint Online Grows up in in the coming release Gest BCS Links Translation Improvem eDiscovery Workflow ents 2013 Services (Direct to SQL Azure) deep exchange online, lync online & New Cloud link office subscription UX app Hybrid model Search Power all new Shell features Quick SkyDrive + Records designed for Preview Pro Center the Cloud MDS PowerPiv Quick ot / Edit Power Mobile View apps Dev OData Site Site Project Mailbox refiners Online … and more.#SPLive360 @RHarbridge
  30. 30. So What is Still Different in 2013? SharePoint Online SharePoint 2013 Analytics, BI Excel Services, Power View, PowerPivot PerformancePoint Deep refinement, Search People/Expertise, hover card, enterprise search enhance relevancy Developer Cloud app model, Sandbox, CSOM, BCS Full-trust code, BCS+ Admin Tenant-level, PowerShell, IRM, Recycle Bin Central Administration Cross-site scripting, Internet Public Website, Design Manager, apps/store content by search eDiscovery, Records Center, Site Mailbox, Mobile, Newsfeed, Follow, #, @ ECM / Social dot dot dot#SPLive360 @RHarbridge
  31. 31. Hybrid Co-Existence Scenario Works Out of Box? SharePoint: Search Yes (Federated) SharePoint: BCS Yes (WCF Effort Required, No Profiles and BCS Search) SharePoint: Other Services No (Though Guidance Coming) (MMS, Workflow etc) Exchange Integration Limited (eDiscovery, Site Mailboxes, Task Synch – Read Documentation) Lync Integration Yes (Presence etc)#SPLive360 @RHarbridge
  32. 32. Configuration Overview (High Level) Office 365 Reverse Proxy and Certificate Auth UAG Dirsync MSOL Tools Identity Provider Dirsync and Tools Servers 2013 MSOL Tools ADFS Servers#SPLive360 @RHarbridge Config Secure Store oAuth Trust SharePoint Servers
  33. 33. Licensing Matters#SPLive360 @RHarbridge
  34. 34. Licensing SummaryName Price (Per User/Month) DetailsP – Professional $6.00and Small Biz P = Limited toLync, SharePoint, Office users. Exchange, Apps less than 50 WebE1 – Enterprise $8.00 Exchange, Lync, SharePoint, Yammer EntE2 – Enterprise $14.00 E1 + Office Web AppsE3 – Enterprise $20.00 E2 + Office Pro Plus, BCS, Excel Services, InfoPath Services, Visio Services, & Access ServicesE4 – Enterprise $22.00 E3 + Voice Capabilities (VOIP Stuff)K1 – Kiosk Worker $4.00 Exchange, SharePoint, Office Web Apps (View Only)K2 – Kiosk Worker $8.00 Exchange, SharePoint, Office Web Apps E/K - You can split your users (for cost savings).#SPLive360 @RHarbridge
  35. 35. Choosing Enterprise#SPLive360 @RHarbridge Only Enterprise has SSL (Both have it on sign in process.)
  36. 36. Quick Example 100 Users… Business Wants… • SharePoint 2010 Enterprise E3 - $20 per user per month… • Lync 2010 • Exchange 2010 $24,000.00 per year… • Office 2010 ProfessionalOffice 365 E3 Over 3 Years On Premises On Prem Costs (2010):Year 1 $24,000.00 Year 1 $88,708.00 • $3,500.00 in Services (Installation/Config)Year 2 $24,000.00 Year 2 $0.00 • $6,000.00 - Two ServersYear 3 $24,000.00 Year 3 $0.00 • $79,208.00 – LicensingTotal $72,000.00 Total $88,708.00 Quick Total: $88,708.00At +4 years = more expensive. Big investment?Consistent cost? More features/flexibility.#SPLive360 @RHarbridge *This is meant as only a simplified example scenario
  37. 37. What About SharePoint Standalone? Office 365 offers two Standalone plans for SharePoint. $4.00 $8.00SP Online P1 Over 3 Years SP Standard On Premises On Prem Costs (2010):Year 1 $4,800.00 Year 1 $30,849.00 • $2,000.00 in Services • $6,000.00 - Two ServersYear 2 $4,800.00 Year 2 $0.00 • $22,849.00 – Max LicensingYear 3 $4,800.00 Year 3 $0.00#SPLive360 $14,400.00 Total @RHarbridge Total $30,849.00 100 Users… *This is meant as only a simplified example scenario
  38. 38. External Users Subscription LicensesSharePoint Online Partner Access LicenseThe first 10,000 PAL licenses are free. Beyond this there arenegotiated prices/sometimes exceptions are made, etc. SP Online Over 3 Years SP On Premises Year 1 $0.00 Year 1 $0.00 (2013) Year 2 $0.00 Year 2 $0.00 Year 3 $0.00 Year 3 $0.00 Total $0.00 Total $0.00#SPLive360 @RHarbridge *This is meant as only a simplified example scenario
  39. 39. Understand Additional Costs Coming soon – Small Business Coming soon – Midmarket Coming soon – Enterprise Item In-Market - Enterprise 1-50 users 1-250 users 1-500,000+ usersBase tenancy storage allocation 10 GB 10GB 10GB 10GBStorage per Standard E & P (allocatedto tenant pool) 500 MB/user 500MB/user 500MB/user 500MB/userSkyDrive Pro(does not contribute to overall pool) 500 MB/user 7 GB 7 GB 7 GBStorage per Kiosk Worker 0 0 0 0Storage per External User 0 0 0 0Site Collection storage quotas Up to 100 GB Up to 100 GB Up to 100 GB Up to 100 GBTotal max storage per tenant Up to 25 TB Up to 35GB Up to 1.25 TB Up to 25TBMaximum file upload size 250MB Designing for 2GB Designing for 2GB Designing for 2GBSite collections (total #)* 300 1 20 3,000Additional storage $2.50(per GB per month) $0.20/GB/month $0.20/GB/month $0.20/GB/month 0.20/GB/month* *Price lowered in the second service update of Office 365 SharePoint Online. #SPLive360 @RHarbridge
  40. 40. The Outcome We barely scratched the surface with SharePoint in the Cloud but have already seen many ‘trade off’ decision points we should be aware of.#SPLive360 @RHarbridge
  41. 41. What to watch out for… Without careful planning cloud providers can cause considerable cost due to new challenges such as migration and identity federation.#SPLive360 @RHarbridge
  42. 42. Concerns In The Cloud#SPLive360 @RHarbridge
  43. 43. BPOS to Office 365? Microsoft is responsible for any changes that happen in its 1. Customers will not have to migratedata; data. datacenters. Customers will not have to migrate any any however, customers will be responsible for making sure that 2. client software is have SharePoint 2010 their You need to compliant with the system requirements. See Office 365 system requirements compatible client software/systems. 4C4C-A21B-48BCCF8887A9/FAQ_EN_101010.docx. 3. You have to train users on the new 2010 interface. Customers will also be responsible for end-user training and configuring any new features and capabilities that will be delivered by Office 365.#SPLive360 @RHarbridge
  44. 44. Office 365 – 2013 Upgrade#SPLive360 @RHarbridge
  45. 45. Identity Options in the Cloud#SPLive360 @RHarbridge
  46. 46. Unique Development Challenges How do you deploy a site structure to #Office365? • Limited/No PowerShell • No Console Apps • No Content Database Copy Site Templates and Migration Tools Could Work…#SPLive360 @RHarbridge
  47. 47. Search Challenges (Before 2013) No search usage statistics? Remember! We#SPLive360 @RHarbridge .
  48. 48. A Few Problems After 2013…#SPLive360 @RHarbridge
  49. 49. #SPLive360 @RHarbridge
  50. 50. Cost Modeling#SPLive360 @RHarbridge
  51. 51. SecurityCan be an issue, but most of the time is not.The real issue is lack of standards and accountability…If it’s a bigger and more respectable hosting providerexpect a better level of accountability and securityplanning/activity.#SPLive360 @RHarbridge
  52. 52. Security Program “We ended up with around 800 preventive, detective and corrective controls that were physical, administrative and technical. Then we took the defense-in-depth approach and put the controls throughout the stack.”#SPLive360 @RHarbridge - John Howie, Microsoft
  53. 53. Privacy Program#SPLive360 @RHarbridge
  54. 54. What is more reliable?#SPLive360 @RHarbridge
  55. 55. #SPLive360 @RHarbridge
  56. 56. What is the Offline Story?#SPLive360 @RHarbridge
  57. 57. Service Level Agreements#SPLive360 @RHarbridge
  58. 58. Support Is ImportantAs an example Microsoft provides 24/7 support.Google also provides 24/7 support.However Google Apps has a rule where only system critical eventsthat affect more than 50% of users can use their phone support.Don’t forget that with all cloud based providers – you are also addinganother layer between IT and the business users. Example Issue: Can a you put a stop to a providers maintenance schedule so that a#SPLive360 @RHarbridge finish a critical deliverable without interruption? business team can
  59. 59. Termination/Suspension of Service#SPLive360 @RHarbridge
  60. 60. Other Issues? • Since the startup costs are lower organizations can run the risk of not doing enough planning. • Migrating content can be extremely difficult depending on what options are provided by the ‘cloud provider’.#SPLive360 @RHarbridge
  61. 61. On Integration#SPLive360 @RHarbridge
  62. 62. LAN vs WAN#SPLive360 @RHarbridge
  63. 63. The Outcome Offloading some management activities to another provider results in additional planning and consideration.#SPLive360 @RHarbridge
  64. 64. What to watch out for… Challenges and concerns are different for every cloud provider.#SPLive360 @RHarbridge
  65. 65. Evaluating Cloud Providers#SPLive360 @RHarbridge
  66. 66. Questions To Ask Security • How do I know if my cloud is secure? • Who will have access to my sensitive data? • Do I have full ownership of my data? • What type of employee / contractor screening you do, before you hire them? • How do you detect if an application is being attacked (hacked), and how is that reported to me and my employees? • How do you control administrator access to the service? • What firewalls are in place? • What anti-virus technology is in place? • Can I get virtual layer 2 networking and a stateful virtual firewall?#SPLive360 @RHarbridge Evaluating Cloud Providers
  67. 67. Questions To Ask Storage • Where will my data be stored? • Will my data be replicated to any other datacenters around the world (If yes, then which ones)? • What controls do you have in place to ensure safety for my data while it is stored in your environment? • Can you tell me where my data physically resides? • Data Center Location? • How many live copies of my data are there? • What happens to my data if I cancel my service?#SPLive360 @RHarbridge Evaluating Cloud Providers
  68. 68. Questions To Ask Identity & Access • Do you offer single sign-on for your services? • Can I get flexible role-based access control synchronized with my enterprise directory? • Do all of my users have to rely on solely web based tools? • Can users work offline? • Do you offer a way for me to run your application locally and how quickly I can revert to the local installation?#SPLive360 @RHarbridge Evaluating Cloud Providers
  69. 69. Questions To Ask Reliability & Support • What is your Disaster Recovery and Business Continuity strategy? • How do you back up data? • What is the retention period and recovery granularity? • Is your Cloud Computing service SAS70 compliant? • What measures do you provide to assist compliance and minimize legal risk? • Who do I contact for support? • What types of support do you offer? • Are there additional support options available to me?#SPLive360 @RHarbridge Evaluating Cloud Providers
  70. 70. Questions To Ask Performance • How fast is the local network? • What is the storage architecture? • Usually storage will be the slowest link. • How can I ensure global consistency across cloud service providers? • How many locations do you have and how are they connected? • How many IOPS can I expect at each I/O performance level? • How does your memory access score on the STREAM benchmark? • How does your virtualization system score on the SPECvirt benchmark?#SPLive360 @RHarbridge Evaluating Cloud Providers
  71. 71. Questions To Ask Flexibility (Part 1) • Am I able to load my own VMs? • Am I able to install software? • What virtualization technology is being used? • Are there additional abstraction layers? • Can I dynamically add memory and CPU to a cloud VM while it’s running? • How can I ensure CPU and memory are guaranteed? • What access protocols are available? • RDP, VNC, ICA, Console, SSH… • Over non standard ports?#SPLive360 @RHarbridge Evaluating Cloud Providers
  72. 72. Questions To Ask Flexibility (Part 2) • What configuration options do I have? • Can I add memory? • Can I add storage? • Can I use public IPs? • What domain name mapping options do I have? • Can I have multiple environments per user? • Can I archive environments? • What supporting tools are there? • Active directory integration • User management#SPLive360 @RHarbridge Evaluating Cloud Providers
  73. 73. Questions To Ask Flexibility (Part 3) • Do you offer on-premise, web-based, or mixed environments? • Will the solution work with what I have in place today? • What pricing, licensing, and payment options are available to me? • What are the client requirements? • How often do these change? Example: Must I upgrade my browser to take advantage of new features?#SPLive360 @RHarbridge Evaluating Cloud Providers
  74. 74. Questions To Ask Costs • Can I get predictable service costs that still allow me to scale when I need to? • How can I get the cost benefits of multi-tenancy but still access dedicated infrastructure when I need it? • How do you define a processor / virtual core / Compute Unit? • What are your SLAs and how do you compensate when it is not met? • During maintenance windows? Planned vs surprises • What happens when there is over subscription? • Can I leverage my existing Agreements?#SPLive360 @RHarbridge Evaluating Cloud Providers
  75. 75. Tools You Can Use#SPLive360 @RHarbridge
  76. 76. Service Management Index Carnegie Mellon launched an initiative for standardized risk and benefit comparisons. It’s called the Cloud Service Measurement Initiative Consortium (CSMIC)#SPLive360 @RHarbridge Service Management Index
  77. 77. Cloud Sleuth Viewers#SPLive360 @RHarbridge Global Provider View Cloud Performance Analyzer
  78. 78. Cloud Harmony Benchmarks#SPLive360 @RHarbridge
  79. 79. Consensus Assessments Initiative#SPLive360 @RHarbridge
  80. 80. The Outcome You now have an arsenal of key questions/tools you can use to evaluate a cloud provider effectively.#SPLive360 @RHarbridge
  81. 81. What to watch out for… Trust but verify. Carefully review policies, terms, conditions, and agreements.#SPLive360 @RHarbridge
  82. 82. Thank YouOrganizers, Sponsors and You for Making this Possible.Questions? Ideas? Feedback? Contact me: Twitter: @RHarbridge Blog: Email: Resources:700+ SharePoint IA Slides at.. PracticalIntranet.com130+ SharePoint Standards at.. SPStandards.com15 Pages of Important Questions at.. @RHarbridge
  83. 83. Appendix/Resources#SPLive360 @RHarbridge
  84. 84. Main SharePoint Online marketing site: Office 365 marketing site: Trials, 100-200 level customer-facing info Contains info about BPOS suite and SPO 30-Day trialSharePoint Online developer resource center (MSDN): Online Administration resource center (TechNet):‘Help and How-to’ for SharePoint Online ( @RHarbridge
  85. 85. Microsoft Privacy Guidelines for Developing Software Products and Services Computing Security Considerations paper (by Microsoft) can be found here: 365: Addressing Cloud Computing Security Considerations Point: @RHarbridge
  86. 86. Sign Up For Office365 Developer Site (2013) and SharePoint App Development: on TechNet - On-premises -> SPO configuration steps Additional details for non-SharePoint steps Identity provider and SSO DirSync MSOL Sign-In Assistant MSOL Module for Windows PowerShell#SPLive360 @RHarbridge
  87. 87. Evolution?#SPLive360 @RHarbridge Elasticity is not cloud computing…
  88. 88. Evolution?#SPLive360 @RHarbridge Elasticity is not cloud computing…
  89. 89. Evolution?#SPLive360 @RHarbridge Elasticity is not cloud computing…
  90. 90. Cloud = Hosting (Not New)#SPLive360 @RHarbridge
  91. 91. #SPLive360 @RHarbridge
  92. 92. Transitioning to the Cloud • • • • •#SPLive360 @RHarbridge
  93. 93. SharePoint 2013 Features#SPLive360 @RHarbridge
  94. 94. SharePoint – Intranet - Feature Tiering#SPLive360 @RHarbridge
  95. 95. Reverse Proxy and Authentication*When using hybrid features o365 sends requests from Office 365sites in the cloud to your on-prem farmYou need to establish a reverse proxy for these calls tobe channeled through to secure the processThose requests can be authenticated at the reverse UAGproxy before they are forwarded to SharePointSharePoint supports using a certificate for Dirsync and Tools Serversauthenticating to the reverse proxy server when ADFS Serverssending a request SharePoint Servers#SPLive360 @RHarbridge
  96. 96. Reverse Proxy Requirements Office 365A reverse proxy used for hybrid must support thefollowing requirements: 2 network cards - one connected to the Internet and the other to the internal company network UAG Route inbound SSL traffic to the on-premises SharePoint farm without rewriting packet headers Support SSL termination Dirsync and Tools ServersWe currently support two reverse proxy servers: ADFS Servers Microsoft - Forefront Unified Access Gateway (UAG) SharePoint Servers F5 - Big IP We plan to add more as they are tested for compatibility#SPLive360 @RHarbridge
  97. 97. Reverse Proxy ConfigurationThese are the high level steps for configuring UAG for Office 365hybrid: Configure the network in UAG using the Getting Started Wizard Add an HTTPS trunk Install an SSL certificate for the endpoint; it must: UAG Support the names for both the public HTTPS trunk and SharePoint site Use 2048 bit length encryption; shorter lengths WILL NOT WORK! Dirsync and Tools Servers Add the PFX in the UAG’s local certificate store Publish the SharePoint site collection; use the SharePoint Server ADFS Servers 2010 Web type SharePoint ServersSee your Reverse Proxy s/w documentation for fulldetails#SPLive360 @RHarbridge
  98. 98. Identity Provider Office 365In order to have a single-sign on experience, you needa federated identity provider like ADFSThis requires the following: 2 or more load balanced ADFS servers UAG An SSL certificate for the ADFS site A proxy device, like the ADFS proxy server For details on planning and implementation options see Dirsync and Tools Servers ADFS ServersAll users must have a UPN of a registered domain (i.e. SharePoint Servers“.local” or similar suffixes will not work)#SPLive360 @RHarbridge
  99. 99. MSOL ToolsYou will need tools from MS Online (MSOL) in order to Office 365complete the next set of tasks: Microsoft Online Services Sign-In Assistant Microsoft Online Services Module for Windows PowerShell (MSOL PS) UAG The Directory Synchronization Tool (dirsync) NOTE: This cannot be installed on a domain controllerYou will need to run these on a SharePoint server to Dirsync and Tools Serversconfigure trust with ACS ADFS ServersSetting up dirsync and SSO trust is typically done on its SharePoint Serversown server#SPLive360 @RHarbridge
  100. 100. SSO with o365 Office 365Install the MSOL PS snap-in to a local server; can be thesame server being used for dirsyncSet up a federation trust between o365 and ADFS usingMSOL PS Use the Connect-MsolService cmdlet to authenticate and connect to o365 UAG Use the New-MsolFederatedDomain to start the process to establish the trust Update DNS as instructed by the cmdletOr alternatively: Dirsync and Tools Servers Use the Office 365 Admin web page to create a new domain trust – follow the instructions in the domains section ADFS Servers Use MSOL PS to run the Convert-MsolDomainToFederated cmdletFor more info see SharePoint Serversus/library/jj151794#SPLive360 @RHarbridge
  101. 101. DirSync with o365 Office 365 UAG Dirsync and Tools Servers • Grant accounts licenses to SharePoint, etc. ADFS Servers • Log out then login as an Active Directory user using your Identity Provider (i.e. SharePoint Servers ADFS) us/library/hh967642.aspx#SPLive360 @RHarbridge
  102. 102. SharePoint Configuration TasksThese things need to be configured in SharePoint to supporthybrid:New SharePoint STS Token Signing CertificateConfigure a trust between SharePoint on-prem and ACSConfigure Secure StoreConfigure UPATry out Search or BCS!#SPLive360 @RHarbridge
  103. 103. New SharePoint STS Token Signing CertificateYou need to replace the default token signing certificate for theSharePoint STS because Access Control Service (ACS) will not trust itYou can replace it with: A certificate issued by a public certificate authority like Verisign, GoDaddy, Thawte, etc. – RECOMMENDED A new self-signed certificate that you can create in the IIS Manager Domain-issued certificates DO NOT WORKUse the Set-SPSecurityTokenServiceConfig with the –ImportSigningCertificate flag to change the token signing certificate#SPLive360 @RHarbridge
  104. 104. Configure Trust Between SharePoint and ACSPreviously you created a federated trust for users to sign into o365Now you need to create an OAuth trust for applications to exchangedata between o365 and on-premUsing MSOL PowerShell (on prem): Create an AppPrincipal using New-MsolServicePrincipalCredential Create a proxy to ACS using New-SPAzureAccessControlServiceApplicationProxy Complete the trust using New-SPTrustedSecurityTokenIssuerComplete detailed instructions are available in the documentationdescribed at the end of this session#SPLive360 @RHarbridge
  105. 105. Configure Secure StoreThe Secure Store Service is used to create an application that storesthe certificate used to authenticate with the UAG HTTPS trunkIn o365 create a new Secure Store Service target application Save the Target Application ID name because you will use that when configuring a result sourceIn the credentials field configure it as a Certificate PasswordClick the Set button for the Credentials Browse to the certificate CER file that was used for the UAG HTTPS trunk; leave the password fields blankComplete detailed instructions are available in the documentationdescribed at the end of this session#SPLive360 @RHarbridge
  106. 106. Configure UPAIt’s critically important that you: Have a UPA up and running Have it populated with current data from Active DirectoryWe use the UPA on the local farm to determine what rights a user has –what claims they have, what groups they belong to, etc.With a hybrid solution, anything that you grant rights to needs to be in theprofile system E.g., if you augment claims on-prem and use a custom claims provider to grant rights to content using those claims, an o365 user would not see that data because those custom claims are not added when you login to o365 More details at rehydrated-user-in-sharepoint-2013-how-d-they-do-that-and-what-do-i-need- to-know.aspx#SPLive360 @RHarbridge
  107. 107. BCS Hybrid Scenario#SPLive360 @RHarbridge
  108. 108. #SPLive360 @RHarbridge
  109. 109. Thank YouOrganizers, Sponsors and You for Making this Possible.Questions? Ideas? Feedback? Contact me: Twitter: @RHarbridge Blog: Email: Resources: 700+ SharePoint IA Slides at.. 130+ SharePoint Standards at.. 80+ Downloadable Presentations.. @RHarbridge