This document summarizes a presentation about evaluating SharePoint in the cloud. It discusses why organizations are moving SharePoint to the cloud, including lower upfront costs, pay-per-use models, and cloud providers leveraging scale. It also covers cloud models for SharePoint, such as Office 365, concerns around security, privacy and cost modeling in the cloud. The presentation evaluated key considerations around migrating SharePoint to cloud providers like Microsoft Azure and Amazon.
3. SharePoint User Group
• SharePoint
• End Users
• Administrators
• Architects
• Developers
• IT Pros
• Meetings: 2nd Tuesday of the month, Microsoft Malvern, 5:30-8 pm
WEB: www.TriStateSharePoint.org
EMAIL: info@TriStateSharePoint.org
TWITTER: @tristateSP
#SPSPhilly @RHarbridge
4. SharePoint Network
• Are you an independent consultant or remote worker
who deals with SharePoint, Office or Office365?
• Do you sometimes feel cut off from the rest of the
SharePoint world?
• Do you need help with technical or business issues, or
just want the chance to socialize with others?
If so, then the SharePoint Network might be for you!
www.SharePointNetwork.org
#SPSPhilly @RHarbridge
5. Who am I?
Boston
Washington
#SPSPhilly @RHarbridge
9. What Will We Cover Today?
• Why is SharePoint in the Cloud?
• What is SharePoint in the Cloud?
• What is Office 365?
• Concerns in the Cloud?
• Evaluating Cloud Providers
#SPSPhilly @RHarbridge
21. SharePoint Extranet
On Premise Hosted Externally Hosted
Environment Environment
You Manage Firewall They Manage Firewall
Exceptions/Access to Exceptions (most cases fully
Environment public facing)/Access to
Environment.
You provision a new identity They provision an identity
store. You manage two store. You still may manage
identity stores. aspects of it based on
business need.
You support the environment They typically support the
infrastructure. environment infrastructure.
You plan for and invest in You pay for what you use
sizable up front costs installing under their planned structures
and configuring the (typically OPEX vs CAPEX).
environment.
#SPSPhilly @RHarbridge
24. What is Office 365?
(Standard/Shared Hosting)
#SPSPhilly @RHarbridge
25. Getting Office 365 (or BPOS)
Dedicated Evaluation Criteria
• Do you have less than 5000 people?
Not for you.
#SPSPhilly @RHarbridge
26. But You Still Want Dedicated?
• SPLA (Server Provider License
Agreement) – Means hosting
companies can offer competitive
‘dedicated’ hosting scenarios at
lower costs.
This is for you.
#SPSPhilly @RHarbridge
28. What does moving to Office365 mean?
• Single Architecture
• Initial deploy is still required to migrate data to Office 365
• AD clean up and network upgrade is often required
• Hybrid phasing is often prolonged period of discomfort.
• Balance between continuous innovations and minimize change
• Customer controls IT policies but not feature availability
• Understand your internal security and privacy requirements
#SPSPhilly @RHarbridge
29. Office 365 Feature Parity (Before 2013)
Now Available with some caveats…
• No external data search
• No rich client integration
• No profile pages
• No direct connectivity to SQL Azure without a WCF endpoint.
#SPSPhilly @RHarbridge
30. More Stuff Missing? (Before 2013)
• Project Server
• Power Pivot
• Secure Store Service
• Full Trust Solutions
• Not all Sandbox Solutions work? *
#SPSPhilly @RHarbridge -
* Maurice Prather
http://www.bluedoglimited.com/SharePointThoughts/ViewPost.aspx?ID=331
31. SharePoint Online Grows up in in the
coming release
Gest BCS
Links Translation
Improvem eDiscovery
Workflow ents
2013 Services
(Direct to
SQL Azure)
deep
exchange online, lync online &
New Cloud link
office subscription
UX app
Hybrid model
Search Power all new
Shell features Quick SkyDrive
+
Records
designed for Preview Pro
Center the Cloud
MDS PowerPiv
Quick ot /
Edit Power Mobile
View apps
Dev
OData Site Site
Project Mailbox
refiners
Online
… and more.
#SPSPhilly @RHarbridge
32. So What is Still Different in 2013?
SharePoint Online Feature Availability -
http://technet.microsoft.com/en-
SharePoint Online us/library/jj819267.aspx SharePoint 2013
Analytics,
BI Excel Services, Power View, PowerPivot
PerformancePoint
Deep refinement,
Search People/Expertise, hover card, enterprise search
enhance relevancy
Developer Cloud app model, Sandbox, CSOM, BCS Full-trust code, BCS+
Admin Tenant-level, PowerShell, IRM, Recycle Bin Central Administration
Cross-site scripting,
Internet Public Website, Design Manager, apps/store
content by search
eDiscovery, Records Center, Site Mailbox, Mobile, Newsfeed, Follow, #, @
ECM / Social
dot dot dot
#SPSPhilly @RHarbridge
33. Hybrid Co-Existence
Scenario Works Out of Box?
SharePoint: Search Yes (Federated)
SharePoint: BCS Yes (WCF Effort Required, No
Profiles and BCS Search)
SharePoint: Other Services No (Though Guidance Coming)
(MMS, Workflow etc)
Exchange Integration Limited (eDiscovery, Site
Mailboxes, Task Synch – Read
Documentation)
Lync Integration Yes (Presence etc)
#SPSPhilly @RHarbridge
38. Quick Example
100 Users… Business Wants…
• SharePoint 2010 Enterprise
E3 - $20 per user per month… • Lync 2010
• Exchange 2010
$24,000.00 per year… • Office 2010 Professional
Office 365 E3 Over 3 Years On Premises On Prem Costs (2010):
Year 1 $24,000.00 Year 1 $88,708.00 • $3,500.00 in Services
(Installation/Config)
Year 2 $24,000.00 Year 2 $0.00 • $6,000.00 - Two Servers
Year 3 $24,000.00 Year 3 $0.00 • $79,208.00 – Licensing
Total $72,000.00 Total $88,708.00
Quick Total: $88,708.00
At +4 years = more expensive. Big investment?
Consistent cost? More features/flexibility.
#SPSPhilly @RHarbridge
*This is meant as only a simplified example scenario
39. What About SharePoint Standalone?
Office 365 offers two Standalone plans for SharePoint.
$4.00
$8.00
SP Online P1 Over 3 Years SP Standard On Premises On Prem Costs (2010):
Year 1 $4,800.00 Year 1 $30,849.00 • $2,000.00 in Services
• $6,000.00 - Two Servers
Year 2 $4,800.00 Year 2 $0.00 • $22,849.00 – Max Licensing
Year 3 $4,800.00 Year 3 $0.00
Total $14,400.00
#SPSPhilly @RHarbridge Total $30,849.00 100 Users…
*This is meant as only a simplified example scenario
40. External Users Subscription Licenses
SharePoint Online Partner Access License
The first 10,000 PAL licenses are free. Beyond this there are
negotiated prices/sometimes exceptions are made, etc.
SP Online Over 3 Years SP On Premises
Year 1 $0.00 Year 1 $0.00 (2013)
Year 2 $0.00 Year 2 $0.00
Year 3 $0.00 Year 3 $0.00
Total $0.00 Total $0.00
#SPSPhilly @RHarbridge
*This is meant as only a simplified example scenario
41. Understand Additional Costs
Coming soon – Small Business Coming soon – Midmarket Coming soon – Enterprise
Item In-Market - Enterprise
1-50 users 1-250 users 1-500,000+ users
Base tenancy storage allocation 10 GB 10GB 10GB 10GB
Storage per Standard E & P (allocated
to tenant pool) 500 MB/user 500MB/user 500MB/user 500MB/user
SkyDrive Pro
(does not contribute to overall pool) 500 MB/user 7 GB 7 GB 7 GB
Storage per Kiosk Worker 0 0 0 0
Storage per External User 0 0 0 0
Site Collection storage quotas Up to 100 GB Up to 100 GB Up to 100 GB Up to 100 GB
Total max storage per tenant Up to 25 TB Up to 35GB Up to 1.25 TB Up to 25TB
Maximum file upload size 250MB Designing for 2GB Designing for 2GB Designing for 2GB
Site collections (total #)* 300 1 20 3,000
Additional storage $2.50
(per GB per month) $0.20/GB/month $0.20/GB/month $0.20/GB/month
0.20/GB/month*
*Price lowered in the second service update of Office 365 SharePoint Online.
#SPSPhilly @RHarbridge
42. The Outcome
We barely scratched the surface with
SharePoint in the Cloud but have already
seen many ‘trade off’ decision points we
should be aware of.
#SPSPhilly @RHarbridge
43. What to watch out for…
Without careful planning cloud
providers can cause considerable cost
due to new challenges such as migration
and identity federation.
#SPSPhilly @RHarbridge
45. BPOS to Office 365?
Microsoft is responsible for any changes that happen in its
1. Customers will not have to migratedata; data.
datacenters. Customers will not have to migrate any any
however, customers will be responsible for making sure that
2. client software is have SharePoint 2010
their You need to compliant with the system
requirements. See Office 365 system requirements
compatible client software/systems.
download.microsoft.com/download/A/6/4/A6479925-C7D2-
4C4C-A21B-48BCCF8887A9/FAQ_EN_101010.docx.
3. You have to train users on
the new 2010 interface.
Customers will also be responsible for end-user training and
configuring any new features and capabilities that will be
delivered by Office 365.
#SPSPhilly @RHarbridge
http://www.microsoft.com/online/transition-center.aspx
48. Unique Development Challenges
How do you deploy a site
structure to #Office365?
• Limited/No PowerShell
• No Console Apps
• No Content Database Copy
Site Templates and Migration
Tools Could Work…
#SPSPhilly @RHarbridge
53. Security
Can be an issue, but most of the time is not.
The real issue is lack of standards and accountability…
If it’s a bigger and more respectable hosting provider
expect a better level of accountability and security
planning/activity.
#SPSPhilly @RHarbridge
54. Security Program
“We ended up with around 800 preventive, detective and
corrective controls that were physical, administrative and
technical. Then we took the defense-in-depth approach
and put the controls throughout the stack.”
#SPSPhilly @RHarbridge
- John Howie, Microsoft
60. Support Is Important
As an example Microsoft provides 24/7 support.
Google also provides 24/7 support.
However Google Apps has a rule where only system critical events
that affect more than 50% of users can use their phone support.
Don’t forget that with all cloud based providers – you are also adding
another layer between IT and the business users.
Example Issue:
Can a you put a stop to a providers maintenance schedule so that a
#SPSPhilly @RHarbridge finish a critical deliverable without interruption?
business team can
62. Other Issues?
• Since the startup costs are lower organizations
can run the risk of not doing enough planning.
• Migrating content can be
extremely difficult depending
on what options are provided
by the ‘cloud provider’.
#SPSPhilly @RHarbridge
68. Questions To Ask
Security
• How do I know if my cloud is secure?
• Who will have access to my sensitive data?
• Do I have full ownership of my data?
• What type of employee / contractor screening you do, before you hire
them?
• How do you detect if an application is being attacked (hacked), and
how is that reported to me and my employees?
• How do you control administrator access to the service?
• What firewalls are in place?
• What anti-virus technology is in place?
• Can I get virtual layer 2 networking and a stateful virtual firewall?
#SPSPhilly @RHarbridge
Evaluating Cloud Providers
69. Questions To Ask
Storage
• Where will my data be stored?
• Will my data be replicated to any other datacenters around the world (If
yes, then which ones)?
• What controls do you have in place to ensure safety for my data while it is
stored in your environment?
• Can you tell me where my data physically resides?
• Data Center Location?
• How many live copies of my data are there?
• What happens to my data if I cancel my service?
#SPSPhilly @RHarbridge
Evaluating Cloud Providers
70. Questions To Ask
Identity & Access
• Do you offer single sign-on for your services?
• Can I get flexible role-based access control synchronized with my
enterprise directory?
• Do all of my users have to rely on solely web based tools?
• Can users work offline?
• Do you offer a way for me to run your application locally and how
quickly I can revert to the local installation?
#SPSPhilly @RHarbridge
Evaluating Cloud Providers
71. Questions To Ask
Reliability & Support
• What is your Disaster Recovery and Business Continuity strategy?
• How do you back up data?
• What is the retention period and recovery granularity?
• Is your Cloud Computing service SAS70 compliant?
• What measures do you provide to assist compliance and minimize legal
risk?
• Who do I contact for support?
• What types of support do you offer?
• Are there additional support options available to me?
#SPSPhilly @RHarbridge
Evaluating Cloud Providers
72. Questions To Ask
Performance
• How fast is the local network?
• What is the storage architecture?
• Usually storage will be the slowest link.
• How can I ensure global consistency across cloud service providers?
• How many locations do you have and how are they connected?
• How many IOPS can I expect at each I/O performance level?
• How does your memory access score on the STREAM benchmark?
• How does your virtualization system score on the SPECvirt benchmark?
#SPSPhilly @RHarbridge
Evaluating Cloud Providers
73. Questions To Ask
Flexibility (Part 1)
• Am I able to load my own VMs?
• Am I able to install software?
• What virtualization technology is being used?
• Are there additional abstraction layers?
• Can I dynamically add memory and CPU to a cloud VM while it’s running?
• How can I ensure CPU and memory are guaranteed?
• What access protocols are available?
• RDP, VNC, ICA, Console, SSH…
• Over non standard ports?
#SPSPhilly @RHarbridge
Evaluating Cloud Providers
74. Questions To Ask
Flexibility (Part 2)
• What configuration options do I have?
• Can I add memory?
• Can I add storage?
• Can I use public IPs?
• What domain name mapping options do I have?
• Can I have multiple environments per user?
• Can I archive environments?
• What supporting tools are there?
• Active directory integration
• User management
#SPSPhilly @RHarbridge
Evaluating Cloud Providers
75. Questions To Ask
Flexibility (Part 3)
• Do you offer on-premise, web-based, or mixed environments?
• Will the solution work with what I have in place today?
• What pricing, licensing, and payment options are available to me?
• What are the client requirements?
• How often do these change?
Example: Must I upgrade my browser to take advantage of new
features?
#SPSPhilly @RHarbridge
Evaluating Cloud Providers
76. Questions To Ask
Costs
• Can I get predictable service costs that still allow me to scale when I need
to?
• How can I get the cost benefits of multi-tenancy but still access dedicated
infrastructure when I need it?
• How do you define a processor / virtual core / Compute Unit?
• What are your SLAs and how do you compensate when it is not met?
• During maintenance windows? Planned vs surprises
• What happens when there is over subscription?
• Can I leverage my existing Agreements?
#SPSPhilly @RHarbridge
Evaluating Cloud Providers
78. Service Management Index
Carnegie Mellon launched an initiative for standardized risk and benefit
comparisons.
It’s called the Cloud Service Measurement Initiative Consortium (CSMIC)
#SPSPhilly @RHarbridge
Service Management Index
86. Main SharePoint Online marketing site:
http://sharepoint.microsoft.com/en-us/SharePoint-Online/Pages/default.aspx
Primary Office 365 marketing site:
http://www.office365.com
Trials, 100-200 level customer-facing info
Contains info about BPOS suite and SPO
30-Day trial
SharePoint Online developer resource center (MSDN):
http://go.microsoft.com/fwlink/?LinkId=203983
SharePoint Online Administration resource center (TechNet):
http://technet.microsoft.com/sharepoint/gg144571.aspx
‘Help and How-to’ for SharePoint Online (Office.com):
http://office.microsoft.com/redir/FX102052854.aspx
#SPSPhilly @RHarbridge
87. Microsoft Privacy Guidelines for Developing Software Products and Services
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16048
Cloud Computing Security Considerations paper (by Microsoft) can be found here:
http://go.microsoft.com/?linkid=9708479
Office 365: Addressing Cloud Computing Security Considerations
http://download.microsoft.com/download%2F2%2F2%2F0%2F220AE513-4A01-4D95-
9275-11E71215A0C2%2FCloudSecurityConsiderations_MicrosoftOffice365.pdf
Pain Point:
http://community.office365.com/en-us/f/148/t/3388.aspx
#SPSPhilly @RHarbridge
88. Sign Up For Office365 Developer Site (2013)
http://msdn.microsoft.com/en-us/library/fp179924%28v=office.15%29.aspx
Office and SharePoint App Development:
http://msdn.microsoft.com/en-us/library/jj220038%28v=office.15%29.aspx
Available on TechNet - http://aka.ms/oht1dx
On-premises -> SPO configuration steps
Additional details for non-SharePoint steps
Identity provider and SSO
DirSync
MSOL Sign-In Assistant
MSOL Module for Windows PowerShell
#SPSPhilly @RHarbridge
97. Reverse Proxy and Authentication*
When using hybrid features o365 sends requests from Office 365
sites in the cloud to your on-prem farm
You need to establish a reverse proxy for these calls to
be channeled through to secure the process
Those requests can be authenticated at the reverse UAG
proxy before they are forwarded to SharePoint
SharePoint supports using a certificate for Dirsync and Tools Servers
authenticating to the reverse proxy server when ADFS Servers
sending a request SharePoint Servers
#SPSPhilly @RHarbridge
98. Reverse Proxy Requirements
Office 365
A reverse proxy used for hybrid must support the
following requirements:
2 network cards - one connected to the Internet and the other to
the internal company network UAG
Route inbound SSL traffic to the on-premises SharePoint farm
without rewriting packet headers
Support SSL termination
Dirsync and Tools Servers
We currently support two reverse proxy servers:
ADFS Servers
Microsoft - Forefront Unified Access Gateway (UAG)
SharePoint Servers
F5 - Big IP
We plan to add more as they are tested for compatibility
#SPSPhilly @RHarbridge
99. Reverse Proxy Configuration
These are the high level steps for configuring UAG for Office 365
hybrid:
Configure the network in UAG using the Getting Started Wizard
Add an HTTPS trunk
Install an SSL certificate for the endpoint; it must: UAG
Support the names for both the public HTTPS trunk and
SharePoint site
Use 2048 bit length encryption; shorter lengths WILL NOT WORK!
Dirsync and Tools Servers
Add the PFX in the UAG’s local certificate store
Publish the SharePoint site collection; use the SharePoint Server ADFS Servers
2010 Web type SharePoint Servers
See your Reverse Proxy s/w documentation for full
details
#SPSPhilly @RHarbridge
100. Identity Provider
Office 365
In order to have a single-sign on experience, you need
a federated identity provider like ADFS
This requires the following:
2 or more load balanced ADFS servers UAG
An SSL certificate for the ADFS site
A proxy device, like the ADFS proxy server
For details on planning and implementation options see Dirsync and Tools Servers
http://technet.microsoft.com/en-us/library/jj151794 ADFS Servers
All users must have a UPN of a registered domain (i.e. SharePoint Servers
“.local” or similar suffixes will not work)
#SPSPhilly @RHarbridge
101. MSOL Tools
You will need tools from MS Online (MSOL) in order to
Office 365
complete the next set of tasks:
Microsoft Online Services Sign-In Assistant
Microsoft Online Services Module for Windows
PowerShell (MSOL PS)
UAG
The Directory Synchronization Tool (dirsync)
NOTE: This cannot be installed on a domain controller
You will need to run these on a SharePoint server to Dirsync and Tools Servers
configure trust with ACS ADFS Servers
Setting up dirsync and SSO trust is typically done on its SharePoint Servers
own server
#SPSPhilly @RHarbridge
102. SSO with o365
Office 365
Install the MSOL PS snap-in to a local server; can be the
same server being used for dirsync
Set up a federation trust between o365 and ADFS using
MSOL PS
Use the Connect-MsolService cmdlet to authenticate and connect to o365 UAG
Use the New-MsolFederatedDomain to start the process to establish the trust
Update DNS as instructed by the cmdlet
Or alternatively: Dirsync and Tools Servers
Use the Office 365 Admin web page to create a new domain trust – follow the
instructions in the domains section ADFS Servers
Use MSOL PS to run the Convert-MsolDomainToFederated cmdlet
For more info see http://technet.microsoft.com/en- SharePoint Servers
us/library/jj151794
#SPSPhilly @RHarbridge
103. DirSync with o365
Office 365
UAG
Dirsync and Tools Servers
• Grant accounts licenses to SharePoint, etc. ADFS Servers
• Log out then login as an Active Directory user using your Identity Provider (i.e.
SharePoint Servers
ADFS)
http://technet.microsoft.com/en-
us/library/hh967642.aspx
#SPSPhilly @RHarbridge
104. SharePoint Configuration Tasks
These things need to be configured in SharePoint to support
hybrid:
New SharePoint STS Token Signing Certificate
Configure a trust between SharePoint on-prem and ACS
Configure Secure Store
Configure UPA
Try out Search or BCS!
#SPSPhilly @RHarbridge
105. New SharePoint STS Token Signing Certificate
You need to replace the default token signing certificate for the
SharePoint STS because Access Control Service (ACS) will not trust it
You can replace it with:
A certificate issued by a public certificate authority like Verisign, GoDaddy, Thawte, etc.
– RECOMMENDED
A new self-signed certificate that you can create in the IIS Manager
Domain-issued certificates DO NOT WORK
Use the Set-SPSecurityTokenServiceConfig with the –
ImportSigningCertificate flag to change the token signing certificate
#SPSPhilly @RHarbridge
106. Configure Trust Between SharePoint and ACS
Previously you created a federated trust for users to sign into o365
Now you need to create an OAuth trust for applications to exchange
data between o365 and on-prem
Using MSOL PowerShell (on prem):
Create an AppPrincipal using New-MsolServicePrincipalCredential
Create a proxy to ACS using New-SPAzureAccessControlServiceApplicationProxy
Complete the trust using New-SPTrustedSecurityTokenIssuer
Complete detailed instructions are available in the documentation
described at the end of this session
#SPSPhilly @RHarbridge
107. Configure Secure Store
The Secure Store Service is used to create an application that stores
the certificate used to authenticate with the UAG HTTPS trunk
In o365 create a new Secure Store Service target application
Save the Target Application ID name because you will use that when
configuring a result source
In the credentials field configure it as a Certificate Password
Click the Set button for the Credentials
Browse to the certificate CER file that was used for the UAG HTTPS trunk; leave the
password fields blank
Complete detailed instructions are available in the documentation
described at the end of this session
#SPSPhilly @RHarbridge
108. Configure UPA
It’s critically important that you:
Have a UPA up and running
Have it populated with current data from Active Directory
We use the UPA on the local farm to determine what rights a user has –
what claims they have, what groups they belong to, etc.
With a hybrid solution, anything that you grant rights to needs to be in the
profile system
E.g., if you augment claims on-prem and use a custom claims provider to grant
rights to content using those claims, an o365 user would not see that data
because those custom claims are not added when you login to o365
More details at
http://blogs.technet.com/b/speschka/archive/2012/08/15/oauth-and-the-
rehydrated-user-in-sharepoint-2013-how-d-they-do-that-and-what-do-i-need-
to-know.aspx
#SPSPhilly @RHarbridge
111. Thank You
Organizers, Sponsors and You for Making this Possible.
Questions? Ideas? Feedback? Contact me:
Twitter: @RHarbridge
Blog: http://www.RHarbridge.com
Email: Richard@RHarbridge.com
Resources:
700+ SharePoint IA Slides at.. PracticalIntranet.com
130+ SharePoint Standards at.. SPStandards.com
80+ Downloadable Presentations.. SlideShare.com/RHarbridge
#SPSPhilly @RHarbridge
Editor's Notes
Please encourage folks to visit the sponsors in the lobby. Everyone should have a sponsor bingo card. If they get initials from each sponsor they can be entered in our drawings to win great prizes, including Kindles, and a Surface RT.
This is the local Philly SharePoint user group. We cover a range of topics for all audiences.
This is a local group that is just getting started as an adjunct to the user group. As the slide says, it is a support and social group for independent and remote workers in the Philly area. More information is available on the website.
Software as a Service (SaaS)- Finished Apps that customers rent and customize. Examples are Salesforce.com, Office365, etc.Infrastructure as a Service (IaaS) Standardized and virtualized infrastructure hardware, software and services that can operate any set of appsExamples: Amazons Elastic Cloud Computing (EC2) PlatformPlatform as a Service (PaaS)Standardized dev and app platform that abstracts the infrasturcture, OS, and middleware to drive dev productivity. Examples: Azure Services…
Keep your attention on traditional outsourcing models. Issues of technology maturity, security, legacy systems, licensing, data ownership, and weak or absent standards are still significant today, and these hurdles to cloud adoption will ensure a long life for traditional outsourced IT service delivery. Rapid changes in this space mean that IT services clients should consider cloud options now and in the future, but traditional service models will remain.
Early Adopter - Aggressively move ‘all’ content to the cloud ASAPRisk Averse - Sign up for SPO trial; Evaluate experience and ROITypical - Freeze on-premises site creation; Move some content
The way we use them now – ExtranetCreate Machines on DemandSpot Instances Allow For Bid On CapacitySpot Price HistoryExtremely Fast Provisioning of Machine < 10 MinutesFull Admin Rights (RDP)Random Unique Password GeneratedLatest Version of WindowsSQL Database ServicesLatest Version of SQLRemote Powershell EnabledCustom Firewall PortsIIS Enabled By DefaultIntegrated MonitoringDownload and Install Any AppVM Snapshots On DemandVM Snapshot Status
The way we use them now – ExtranetCreate Machines on DemandSpot Instances Allow For Bid On CapacitySpot Price HistoryExtremely Fast Provisioning of Machine < 10 MinutesFull Admin Rights (RDP)Random Unique Password GeneratedLatest Version of WindowsSQL Database ServicesLatest Version of SQLRemote Powershell EnabledCustom Firewall PortsIIS Enabled By DefaultIntegrated MonitoringDownload and Install Any AppVM Snapshots On DemandVM Snapshot Status
If you are over 5000 note that you can have Microsoft potentially be your SharePoint dedicated hosting provider. This however has a premium cost (with some advantages).
Microsoft® Office 365delivers the power of cloud productivity to businesses of all sizes, helping to save time, money and free up valued resources. Office 365 combines the familiar Office desktop suite with cloud-based versions of Microsoft’s next-generation communications and collaboration services: Exchange Online, SharePoint Online and Lync Online. Office 365 is simple to use and easy to administer – all backed by the robust security and guaranteed reliability you expect from a world-class service provider.Microsoft Office 365 Includes:Microsoft® Office Professional PlusThe world’s leading productivity tool now seamlessly connected and delivered with cloud services – for the best productivity experience across the PC, Phone and Browser.Exchange OnlineCloud-based email, calendar and contacts with always-up-to-date protection from viruses and spam.SharePoint OnlineCloud-based service for creating sites to connect colleagues, partners and customers.Lync OnlineCloud-based instant messaging, presence, and online meeting experiences with PC-audio, video conferencing and screen sharing. Key Microsoft Office 365 Benefits:Anywhere-access to email, documents, contacts, and calendars on nearly any device Work seamlessly with Microsoft Office and the other programs your users already count on everydayBusiness-class features including IT-level phone support, guaranteed 99.9% uptime, geo-redundancy, and disaster recoveryPay-as-you-go pricing options which give you predictability and flexibility for all or part of your organizationLatest version of Business Productivity Online Suite (BPOS), which has millions of business users today Microsoft® Office 365 for small businesses offers an easy-to-use set of web-enabled tools for small businesses, independent consultants and professionals looking for business-class productivity services. Working with the tools people know and use today, Office 365 provides anywhere access to email, important documents, contacts, and calendars on nearly any device. It’s free for the first 30 days and then just $6 per user per month. Microsoft® Office 365 for enterprises brings together cloud versions of our trusted communications and collaboration software with our familiar Office Professional Plus desktop suite. It is designed to help meet your IT needs for robust security, 24/7 reliability, and user productivity.We have a variety of plans to meet the needs of businesses of all sizes and varying IT needs. Priced from $2 - $28 per month per user, each plan has the same 99.9% uptime guarantee and includes the security and support you expect from Microsoft. Office 365 offers great flexibility by allowing businesses to provide users access to only the services they need and pay-as-you-go pricing options.
$2.3B+ Investment in cloud infrastructureGeo-Redundant Data CentersLocations in North America, Europe, and Asia to provide optimal performance99.9% guaranteed uptime (99.95% actual) – ~9 hours a yearSecure Infrastructure – ISO27001 and SAS70 certifiedBuilt from the ground up to be environmentally sustainable
Office 365 Services Can Not Be Customized. As a standard service, Office 365 cannot accommodate change requests or customizations that deviate from our Office 365 service descriptions. If customizations are required to solve the business problem, an on-premises or partner-hosted solution might be a good customer fit. Be Transparent with Customers Regarding Real Deployment Timelines and Migration Costs. While customers know to expect lower total overall IT costs with cloud services, they need to be better informed about cloud deployment costs. Office 365 deployments range from straightforward to highly complex, depending upon variables like the complexity of their environment. Office 365 Services Are Not the Sameas On-Premises Solutions. Our world-class offerings provide customers with the best productivity experience across the PC, phone and browser. Office 365 services give customers access to the most commonly used business productivity features and capabilities, supported by standardized operational processes. This model achieves the economies of scale required to pass cost savings through to our service customers.
‘Unified’ Search results combining online and customer site sources. (Targeted for W15)FAST Search which includes features such as thumbnails, previews, contextual search, visual best bets, and deep search refinement. Targeted for W15.PerformancePoint Services. Targeted for W15.PowerPivot is unable to connect to external services. Targeted for release in FY12.Sandbox Solutions are targeted at the site collection level. Alternatives to higher-end custom solutions (full-trust code) are targeted for FY12 and W15.
Search Improvements (Federation) - Connector so query goes to both indexes.GEST Links (Cloud Only) - Only DocumentsPower Shell enhancementsImproved BCS - Direct to SQL AzureNative Mobile Apps (Windows Phone App - SP News Feed App from MS)Powerview and PowerPivot in SP OnlineProject Online!NAPA - Developer Site Collection (For Developer Scenarios)Anonymous Access - Public Sites - 1 Public Site Per TenantSkydrive Pro (Sync Personal Library, etc) - Will go to 7GB from 500MBBI - Powerview, PowerPivot, Excel Services - Issue is using these services on data stored off cloud... (this feature set basically doesn't work for online - based on transfer ratesPowerPivot Gallery (not supported).WCF EndPoint (Translation Talk Between Both) - Wiring Up BCS - Then Model for Talking to Source SystemBCS for Profile - BCS for search - both not in o365Site Collection Deletion can be restored by tenant now (no support call!)Promoted SitesSite Collection Recycling BinBetter External SharingAdjust User Profile Properties/Level Of Self-ManagementSend To Connections for RMWay More Search ManagementIRM... Self Service Site Creation...
Flexibility Note: Some Businesses are deploying MySites on Office365 in Trusted scenarios but having the primary document management and collaboration on premises.
ADFS get’s expensive fast. First you have 2-4 additional servers. You need 2 for availability and if your AD is being connected to any one elses AD you actually probably need 4 (though 2 of those might be paid for by the other party.)Next you need to understand and manage ADFS. Not a simple decision from an investment standpoint.Enteprise class feature etc.
These non-SharePoint things need to be configured to support hybrid:Reverse Proxy and certificate authentication*Identity Provider (ADFS or Shibboleth for o365)MSOL ToolsSSO with o365DirsyncOnly required if you are consuming on-prem data in o365 (Technically not 100% required, but the risk of DoS is there, so it would not make sense to not do this).
Going from Small Business to Enterprise…20 Users… Now 40 Users… Next Year 52 Users…Manual Migration?! You can split these. Example: Internal vs external can have different plans. E1 for external. E2, E3 for internal. Named licenses which means if you can have up to 500 users on a project you might need to scope for 500 licenses.
SharePoint Server – $4926.00 + Windows Server $726.00 x 2 + Minimum of $7,171.00 SQL license and then $9,300.00 in Standard CAL licenses.
http://download.microsoft.com/download/6/8/9/68964284-864d-4a6d-aed9-f2c1f8f23e14/Assessing_SharePoint_Server_Licensing.docxEvery Office 365 SharePoint Online customer (at the tenant level, not per subscription) includes 50 Partner Access Licenses (PALs) that can be leveraged for external sharing. Customers are not currently required to obtain additional PALs for external sharing beyond 50 users with a limit of 1000 until the next major update of the Office 365 service at which time Microsoft may choose to make it available as a paid add-on.Microsoft supports invited external users signing in to the service using a Microsoft Online Services ID.External sharing also supports Windows Live ID, including @Live.com, @Hotmail.com and @MSN.com user names, plus regional derivations of LiveID user names.EasiID, the portion of LiveID that allows external users to associate their business email address (ex: user@contoso.com) to the LiveID system, is not supported at this time.
Upgrade for 2013 is by choice for existing customers. Site collection by site collection upgrades. Or powershell etc.Eval Site Collection Copy Available (Queue data not available yet)Mysite Upgrade process is part of the core upgrade (for the MySite host then it goes through the rest in a queue process)
Navigation has to be planned – how do we create consistency between the SharePoint environments?By default the Office 365 top bar provides some additional quick access functions, so you have to determine how you want to deal with that.Each environment must have a UPA/User Profiles – Now we do have synching so that helps keep them connected, however it is entirely possible that you have two sets of social data/my sites. …
4… Result sets are in blocks, so due to ranking challenges and relevancy they are always treated as a block of results. Refiners etc all work, but still really a distinct set of results in a unified UI.5. Metadata is managed in one location, and with proxy/synching methods you can keep consistency, but this requires effort and planning.
Subscription costs do not include implementation costs.SharePoint is a platform. So it’s not just install and configure work that needs to be done. There are implementation costs of building out your site structure, or configuration work with the OOTB vanilla sites.Really you are just shifting the costs for handling cords and basic networking/infrastructure work. Not shifting the costs for permissions issues, authentication challenges, or recovering individual documents/items. Cost of storage is expensive (much higher than on premise).Enterprises are struggling with data growth and things like the Office 365 pricing model around storage.
Cost-effective security via economies of scale (multiple clients share the cost of enterprisesecurity controls)Look at their current clients, policies…
The Security Program takes a risk-based, multi-dimensional approach to putting in place the necessary & adequate safeguards across all aspects of a service. The Program aims to define security requirements applicable to people, processes and technology, and implement corresponding controls & capabilities across the services themselves, the supporting platform and infrastructure components, as well as the hosting facilities and the hardware residing within them. Role & Responsibility of the Security Program: Help ensure services are developed in a secure manner. Microsoft’s Secure Development Lifecycle plays a critical role here. Help ensure the services are operated in a secure environment. Security controls exist across and within all layers of a given service, which supports the principle of defense-in-depth.Help ensure that services and infrastructure are monitored for configuration errors, vulnerabilities, security events and anomalous behavior.Help ensure incidents are promptly detected and a mature incident management process not only addresses the immediate issue, but identifies and corrects the cause.Help ensure personnel are adequately prepared and trained to identify security issues and provide notification through the appropriate procedure.
Australia and New Zealand – Hosted data must be in the country. Germany.
What is more reliable?Safety?Consistency?Weather effects both…
When the pipe goes down how can we still be productive? What if a cloud provider company goes out of business? What if a cloud provider decides to up its rates for service or reduces its level of service? What happens if due to some circumstance, the cloud provider looses all data that it has saved (with out having a reliable backup?) What's to keep a cloud provider (or someone else) from looking at your data? Is there insurance to cover this yet?
Note that SLAs are often merely an indication of the consequences when the service fails and not the service's actual reliability. A great example of this is GoGrid's 10,000% Guaranteed SLA. In other words, GoGrid offers a 100% uptime guarantee. Should it fail to meet that level of availability, it will compensate the customer with 100 times the fee paid for the downtime.Recovery SLAsTwo streams – the large concern is the Recovery Time Objective – P plan is backed up every 24 hours. On E plan it’s every 6 hours. The recovery time is 12 hours on P plan, and E plan it’s 1 hour. It should go without saying that the starting point should be the business case and intended use of the service, and not any legal document, such as a service level agreement (SLA). Understand what business problem the service will be solving; the intended internal and external users; when, where and how the service will be accessed; whether or not the service is business-critical; the practical consequences if the service is down or degraded for any period of time; and how the use of the service may change over time. Then, ensure the SLA reflects your needs. Almost invariably, SLAs will address availability, planned outages, critical and noncritical outages, service credits and termination rights. Typically, the sole remedy in case of a breach of the SLA is a service credit, which is usually capped based on some percentage of fees paid during the previous 12-month period. Customers should ask whether the credit is simply window dressing or actually a meaningful economic remedy that would deter the vendor from breaching the SLA.
Don’t forget that with all cloud based providers – you are also adding another layer between IT and the attorneys and paralegals.Can a law firm put a stop to a providers maintenance schedule so that a trial team can finish preparing for a case without interruption?
Termination or suspension of service. The software application and/or the data running or housed in the cloud may be critical to your business. Continuity of access and use (to both the application and data), especially when both are on a third-party server, are of utmost importance. To that end, does the cloud vendor in each instance notify you when any of the terms of the agreement may have been violated, and are you given an opportunity to remedy each violation? There is, of course, a delicate balance to be struck here. In a setting where there are multiple customers (tenants), the cloud vendor will have competing obligations to the other customers, and, inasmuch as the actions of one tenant may degrade performance for another, some level of flexibility is required. One approach is to distinguish between the service and the data; in the case of suspension, for example, agree not to lock down access to the data.
Content MigrationManually using Explorer/WebDav… doesn’t scale well.This is a question few companies ask - until it's too late. Porting data between cloud service providers is a relatively new capability and only a small number of service providers have implemented what will become a very necessary service.
The responses also indicated that this was increasing for each SharePoint version (not decreasing).50% of companies find that development of custom SharePoint solutions require more effort than expected.Support of More Complex applications was cited by 59% as a major scaling issue… along with administration.One of the best outcomes to increasing numbers of software vendors’ adoption of open interfaces and API standards in their software is customers’ ability to make the systems their organizations rely on to operate as a single system, rather than a collection of desperate applications. New business capabilities like business intelligence were now possible. What if an organization wanted this capability but relied on hosted services for some of its systems? Let’s say that an organization had an internal Active Directory and mail system, but made use of one vendors hosted ecommerce service and another vendor’s hosted CRM service. Seems reasonable so far? The organization wants to to answer a simple question: how many customers who have purchased from the organization within the past 6 months have emailed their sales representative directly after a purchase? This question requires data from the AD, email, ecommerce, and CRM systems. Getting to that data is hard, because the CRM and ecommerce systems must be accessed over a WAN connection. This makes the processes of getting to the vast data the systems hold very painful. We also hope that there is some way to correlate the various data entities between the systems: orders, customers, email addresses, sales people, etc.
WAN vs. LAN bandwidthHow much bandwidth do most organizations have on their LANs? Most have 1000 Mbps. How much bandwidth do these organizations have on their WANs? Usually less than 10 Mbps. That means that most organizations have roughly 100 times the bandwidth on the LANs as no their WANs. That’s important since the organizations’ users access cloud services through the WAN. Users will perceive even well-implemented cloud services as being much slower and unresponsive as compared to mediocrely implemented in0house services. The cloud service is slower, the problem lies with the users’ limited bandwidth in accessing the cloud service.WAN vs. LAN reliability How often does your LAN go down? How often does your WAN go down? Imagine losing access to all of your organization’s services in the event of an Internet connection loss? More is available in the previous section of this post titled “service availability”.
Unfortunately, not all clouds are created equal. It is very difficult to compare cloud service offerings as much of the detail is just not available. Take a look at the definitions of EC2 instance types and you will see terms like “virtual core”, EC2 Compute Unit (one EC2 Compute Unit provides the equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or 2007 Xeon processor. This is also the equivalent to an early-2006 1.7 GHz Xeon processor), and high/moderate/low I/O performance. These are less than precise measures. It makes it challenging to know what you are purchasing and even more difficult to compare with other providers.There are already several standards bodies involved in defining criteria and metrics for cloud computing. The wonderful thing about standards is that there are always plenty to choose from. Until they reach a consensus, the following list is an attempt at gathering enough information to be able to make a reasonable comparison between providers:The early cloud adopters have generally been software developers and other techies that don’t need much hand-holding. Today, enterprise officers need to know they can contact someone at their cloud provider when they experience problems. Some cloud providers bundle in support services while others offer various support tiers.
Keep in mind – if you have a matter team working late and against the clock – can you cancel/stop maintenance procedures from causing an interrupt?
A lot of this can seem daunting and I know one of the hardest things is figuring out how to do some of the things I have shown today. If you are interested in further training or assistance please let me know. Based on the number of people who are interested and the areas of interest we can schedule further training sessions to help everyone better use the SharePoint portal.It's our commitment to you that we will continue to hear your feedback and identify the issues. I encourage you to give us feedback during the coming months, and we will continue to deliver more and more functionality, more and more guidance to help you be successful with your application of SharePoint.Thank You for Reading/Listening
“75% of IT budget is spent on ‘keeping the lights on’ 25% is strategic growth/new solutions. The goal is to re-align this so that IT is focused on the business. (80/20 – apparently is another review – applications is the name for biz solution work).In Nick Carr’s famous book, Does IT Matter, he argued eloquently, providing copious examples, that most business infrastructure goes through a fairly common cycle. This cycle is well-understood and more of a force of nature than anything else. What we are seeing now with cloud computing is nothing more than this cycle replayed again with information technology (IT), just like it has with electricity, roads/highways, banking, and telecommunications before it.”
I’m not going to go into this matrix in detail right now, but whether you disagree with aspects or not, I’m certain you can see the trend occurring in the diagram. Cloud computing definitely appears to be an evolution of the way that we create IT.
Which brings me to the basic argument. If the following are true about cloud computing:It is something new …… developed by the giant web businesses in order to get to massive scale… and an evolution of how IT infrastructure is createdThen we have to look carefully at how and why an Amazon or Google did what they did. The diagram I used to explain during my keynote:Large Internet business needed scale, cost-efficiency, and agility to be competitive. Google is 1 Million servers. Amazon.com releases new code thousands of times per day. Microsoft runs 2,000 physical servers per headcount. Google runs 10,000 per headcount and aspires for 100,000. Google and Amazon use little or no ‘enterprise computing’ solutions.So what happened? The causation resulted in high levels of automation, a devops culture, use of standardized commodity hardware, a focus on homogeneity, etc. The end result is a system that lends itself to being turned into a utility (aka ‘utilitization‘. Hence the arrival of public clouds. One of the side-effects of using cloud computing techniques to build an IT infrastructure is that now those platforms or applications built on top of it can leverage the automation to get elasticity (benefit), pay-only-for-what-you-use with metering (benefit), and other autonomous functions (benefit).Again, these benefits are essentially side effects of cloud computing, not cloud computing itself. The gray section labeled results above represents a number of the core aspects and features of cloud computing. This is why the arguments about the existence of internal ‘private’ clouds can be so bitter[1]. From a public cloud provider perspective, an internal infrastructure cloud is simply an automated virtual server on-demand system, missing many of the aspects of cloud computing above.
An information worker logs on to their SharePoint Online tenancy and opens an app for SharePoint or external list that needs data from an on-premises OData data source.The external list creates a request for the data and sends it to Business Connectivity Services. BCS looks at the connection settings object and the external content type to see how to connect to the data source and what credentials to use.BCS retrieves the client SSL certificate from the Secure Store in SharePoint Online. This is used for SharePoint Online authentication to the reverse proxy. BCS retrieves an OAuth token from the Access Control Service. These are the user’s credentials used for user authentication to the SharePoint 2013 on-premises farm. The Access Control Service is part of every SharePoint Online subscription. It is a Security Token Service that manages security tokens for users of SharePoint Online. BCS sends an HTTPs request to the published endpoint for the data source. The request includes the client certificate from the Secure Store and the user’s OAuth security token as well as a request for the data. The reverse proxy authenticates the request by using the client certificate and forwards it to the CSOM pipeline of the on-premises SharePoint 2013 farm.The CSOM pipeline consults the User Profile Service to look for a mapping between the user’s OAuth security token from ACS and the user’s domain credentials from AD DS. If one exists, the user’s domain credentials are returned to the request.The user’s domain credentials are used to authenticate to the SharePoint on-premises site that receives Hybrid requests and the request is passed to the SharePoint on-premises BCS serviceThe SharePoint on-premises BCS retrieves the credentials that are used to authenticate to the external data source from the SharePoint on-premises Secure Store ServiceThe SharePoint on-premises BCS service passes the request for data along with the external data credentials to the OData service head which then performs the desired operations on the external data and returns the results to the SharePoint Online user.
A lot of this can seem daunting and I know one of the hardest things is figuring out how to do some of the things I have shown today. If you are interested in further training or assistance please let me know. Based on the number of people who are interested and the areas of interest we can schedule further training sessions to help everyone better use the SharePoint portal.It's our commitment to you that we will continue to hear your feedback and identify the issues. I encourage you to give us feedback during the coming months, and we will continue to deliver more and more functionality, more and more guidance to help you be successful with your application of SharePoint.Thank You for Reading/Listening