SHAREPOINT HYBRIDAND IMPLICATIONS OF 2016Copyright 2016 Total Solutions Inc. All Rights Reserved.Dan CharltonSenior ConsultantMCSE, MCSA, MCP
COMPANY OVERVIEWCopyright 2016 Total Solutions Inc. All Rights Reserved.
TOTAL SOLUTIONS – OVERVIEW SharePoint Consulting & Development Organization Design Development Administration Management Consulting Clients International government agencies Major universities Fortune 100 organizations Family owned and operatedCopyright 2016 Total Solutions Inc. All Rights Reserved.
TOTAL SOLUTIONS – SERVICES Project Types Design & ConsultingIntranets & ExtranetsCollaborationEnterprise Content ManagementApplication / Workflow DevelopmentReporting & DashboardsGovernance & Security FrameworksBranding & UI / UXBusiness Process ManagementMigrationsSystems IntegrationCopyright 2016 Total Solutions Inc. All Rights Reserved.
TOTAL SOLUTIONS – DANIEL CHARLTON Graduated from Michigan State University in December 2007 Worked in IT 5 years Worked at Total Solutions 3 years Microsoft Certified Professional Microsoft Certified Solutions Associate: Office 365 Microsoft Certified Solutions Expert: SharePoint Certified Scrum Master Certified Scrum Product OwnerCopyright 2016 Total Solutions Inc. All Rights Reserved.
INTRO TO HYBRIDCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT IS SHAREPOINT HYBRID?“With SharePoint Server 2013 hybrid, productivity services in SharePointOnline can be integrated with on-premises SharePoint Server 2013 to provideunified functionality and access to data. For enterprises that want to graduallymove their existing on-premises SharePoint Server 2013 services to the cloud,SharePoint Server 2013 hybrid provides a staged migration path by extendinghigh-impact SharePoint Server 2013 workloads to SharePoint Online.”--TechNetCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT DOES THAT ACTUALLY MEAN?SharePoint Hybrid environments consist of some main elements: Common Identity Management Integrated Services (Search, Business Connectivity, Duet Enterprise) New for 2016: Extending cloud-only services (like Delve) to on-premise contentWhat is this NOT? A unified navigation solution A means of data replication A means of high availability or failover capacityCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHY WOULD MY COMPANY WANT HYBRID? We want to do away with on-premises resources over time. We have regulatory constraints that require us to keep certain data in-house. We want our users to have better access to enterprise content. We have a ton of data that would make full-cloud too expensive. We want to reduce unsanctioned tech usage. We can’t get enough of techie buzz terms like ‘hybrid’ and ‘cloud’.Copyright 2016 Total Solutions Inc. All Rights Reserved.
TOPOLOGYCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT TYPES OF HYBRID ARE AVAILABLE?An outbound authentication topologylets the on-premises SharePoint Server2013 farm make authenticatedconnections to SharePoint Online.Connections to SharePoint Online thatoriginate from SharePoint Server 2013are referred to as outboundconnections.Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT TYPES OF HYBRID ARE AVAILABLE?An inbound authentication topology letsSharePoint Online make authenticatedconnections to the on-premisesSharePoint Server 2013 farm.Connections to SharePoint Server 2013that originate from SharePoint Onlineare referred to as inboundconnections.Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT TYPES OF HYBRID ARE AVAILABLE?A two-way authentication topology letsSharePoint Online make authenticatedconnections to the on-premisesSharePoint Server 2013 farm and letsthe on-premises SharePoint Server2013 farm make authenticatedconnections to SharePoint Online.Copyright 2016 Total Solutions Inc. All Rights Reserved.
HOW DO TOPOLOGIES WORK IN PRACTICE? Outbound: Using SharePoint Online for external user portals Isolating secure content for access on-premise (or over VPN) only Isolating only specific content as available for cloud users Inbound: SharePoint Server used only for searching on-premise content (i.e. file shares) Maintaining existing Server Side Object Model applications Making on-premise database content available to SharePoint Online Two-Way: Everything can be available to both environments Risks over-exposing content or interfering with the user experienceCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT TOPOLOGY IS RIGHT FOR MY BUSINESS? Do your users need to be able to search, find, and use on-premises content anddata while they’re in the field or at a branch office? Do your remote users need to securely access data from existing on-premisesbusiness systems? Is it more cost effective to deploy a hybrid environment or to move your SharePointcontent and applications to the cloud entirely? Are there legal or regulatory considerations that could affect your decision onwhere to store business data? Does your SharePoint Server 2013 farm contain custom code that cannot be easilymigrated to SharePoint Online?Copyright 2016 Total Solutions Inc. All Rights Reserved.
INTEGRATIONCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT SERVICES CAN INTEGRATE?SharePoint Search Service Provides a single, central location to manage search across both online and on-premises content.Allows integration with legacy SharePoint deployments (2007, 2010, 2013, or 2016).Integration with search-driven cloud-only services like Delve and Office-Graph.Allows query processing and index hosting to be offloaded to the cloud, reducing the on-premise workload.Relies on on-premise servers to index on-premise content and supplies the index to cloud-based services.Unified relevancy ranking of all indexed content from all locations (including, potentially, multiple onpremise SharePoint farms).Business Connectivity Services Allows users in the cloud to connect to an on-premises ODBC data source for both read and writeoperations. Most effective means of securely surfacing on-premises databases in SharePoint Online without resorting tocustom code.Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT SERVICES CAN INTEGRATE?Duet Enterprise Online Allows users in the cloud to connect to an on-premises SAP system for both read and write operations. Only Microsoft-backed means of connecting SAP content to SharePoint Online.On-premise Exchange and/or Lync Deployments Allows SharePoint Online to fall back on on-premises Office-suite resources rather than the nativeOffice 365 counterparts. Allows for additional (potentially legally required) control over the Exchange or Lync configuration. Only Microsoft-backed means of integrating Lync-backed phone systems with SharePoint Online. Presence information permeates across both environments.Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT SERVICES CAN INTEGRATE?OneDrive for Business Allows all OneDrive for business content (i.e. the user’s personal files) to be hosted in the cloud.Includes 1TB of storage per user.Ensures users can access their files from anywhere.Provides secure means of making files available to external users.New for 2016: Site Folders provides integrated location for browsing all SharePoint files.Social and User Profiles Allows all user profiles to exist in the cloud (rather than a separate profile for each environment).New for 2016: unification of followed sites.New for 2016: unification of Delve content.New for 2016: integration with Microsoft Identity Manager 2016.Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT ELSE CAN IT DO (NEW FOR 2016)? Improved Information Rights Management spanning both pieces of hybrid Search and identify sensitive content across SharePoint Server, SharePoint Online, and OneDrive forBusiness. Apply IRM policies that persist across the locally synced content divide of One Drive for Business. New Compliance Center and In-Place Policy Hold Center sites provide improved methods fordefining, applying, and auditing IRM operations. UI Changes bring more consistent experience On-premise document libraries gain the 365 extra buttons. On-premise sites gain the App launcher and can add additional business applications that persist inboth environments. Suite bar can be themed in both environments.Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT CAN NOT INTEGRATE? Web Applications, Site Collections, Sites, Lists/Libraries Office Online Managed Metadata Managed Metadata based navigation Content Type Hubs Server Side Object Model Solutions (sort of) Workflow Features (sort of)Copyright 2016 Total Solutions Inc. All Rights Reserved.
OTHER HYBRID CONSIDERATIONSCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT DO WE NEED FOR HYBRID?The Obvious: SSL-secured On-Premise deployment of SharePoint Server 2013 Office 365 subscriptions with SharePoint Online licenses On-premise SharePoint Server licenseThe Technical: Common Identity Management: On-Premise deployment of Active Directory On-Premise deployment of DirSync On-Premise deployment of ADFS Integrated Services: Reverse Proxy Server Server-to-Server (STS) certificate trustCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT IS COMMON IDENTITY MANAGEMENT?If you have existing user accounts in an on-premisesdirectory, you don't want to re-create all of thoseaccounts in Office 365 and risk introducingdifferences or errors between the environments.Directory synchronization helps you mirror thoseaccounts between your online and on-premisesenvironments.Copyright 2016 Total Solutions Inc. All Rights Reserved.If you want users to be able to log on to Office365 with their on-premises credentials, you canalso configure SSO. With SSO, Office 365 isconfigured to trust the on-premises environmentfor user authentication. SSO requires animplementation of ADFS 2.0.
CAN’T THIS ALL LIVE IN THE CLOUD? SharePoint 2016 supports Azure Active Directory (AAD) authentication by default. Azure Active Directory Services Preview allows for cloud-hosted domains. On-premise machines are able to join domain. Currently the standard implementation for Windows 10 installation when setup with an Office 365user account. SharePoint Server 2016 can be installed on Azure VMs or on premise and join anAzure-hosted domain. All authentication and identity management handled in Azure. Eliminates the need for on-premise Active Directory deployments.Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHY A REVERSE PROXY DEVICE?Reverse proxy devices play a role in thesecure configuration of a hybridSharePoint Server 2013 deploymentwhen inbound traffic from SharePointOnline needs to be relayed to your onpremises SharePoint Server 2013 farm.Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT REVERSE PROXIES ARE SUPPORTED?General Requirements: Support client certificate authentication with a wildcard or SAN SSL certificate. Support pass-through authentication for OAuth 2.0, including unlimited OAuth bearer tokentransactions. Accept unsolicited inbound traffic on TCP port 443 (HTTPS). Bind a wildcard or SAN SSL certificate to a published endpoint. Relay traffic to an on-premises SharePoint Server 2013 farm or load balancer without rewritingany packet headers.Specific Devices: Windows Server 2012 R2 with Web Application Proxy (WA-P) Forefront Threat Management Gateway (TMG) 2010 F5 BIG-IP Citrix NetScalerCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT ABOUT CERTIFICATE TRUSTS?When you set up server-to-serverauthentication for hybrid environments,you create a trustrelationship between your onpremises SharePoint farm andyour SharePoint Online tenant, whichuses Azure Active Directory as atrusted token signing service.Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHY DID WE WANT HYBRID AGAIN? Want to move to the cloud in the long term Want to maintain existing on-premise applications Want to improve off-premise accessibility Want to reduce on-premise resource requirements Want 1TB of user OneDrive storage without massive hard drive farms Want to stay on latest software without major re-investmentsCopyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT OTHER GOODIES ARE IN SHAREPOINT 2016? MinRoles Allows each server in the farm to serve a specific role Provides compliance monitoring and enforcement features Improved SMTP handling Allows for encrypted SMTP traffic Allows for traffic on ports other than 25 Zero downtime patching Patch services individually Install without stopping services Touch-enabled mobile view Encryption with TLS 1.2Copyright 2016 Total Solutions Inc. All Rights Reserved.
WHAT OTHER GOODIES ARE IN SHAREPOINT 2016? Durable Links with Office Online Server Increased boundaries Scale content DBs larger (current best practice is 250GB, this is likely to scale into the TBs) Up to 100,000 site collections per content DB List view threshold changes File size and name handling changes Files up to 10GB (up from 2GB) Removed file naming limitations Doubled search index size to 500 million items per index Faster site deployment Support for Open Document Format (ODF) filesCopyright 2016 Total Solutions Inc. All Rights Reserved.
RESOURCESOverview of hybrid SharePoint 2013 for technical decision makers 08.aspxOffice 365 integration with on-premises environments 8d-aa21-428b-aed3-2021837a4b65Integrating your on-premises identities with Azure Active Directory ticles/active-directory-aadconnect/Configure a reverse proxy device 04.aspxConfigure server-to-server authentication 69.aspxDisplay hybrid search results 74.aspx 73.aspxDeploy a Business Connectivity Services hybrid solution in SharePoint 2013 39.aspxConfigure hybrid Duet Enterprise Online 71.aspxCopyright 2016 Total Solutions Inc. All Rights Reserved.
QUESTIONS OR FEEDBACK?CONTACT: [email protected] 2016 Total Solutions Inc. All Rights Reserved.
Copyright 2016 Total Solutions Inc. All Rights Reserved.
Allows for additional (potentially legally required) control over the Exchange or Lync configuration. Only Microsoft-backed means of integrating Lync-backed phone systems with SharePoint Online. . Reverse proxy devices play a role in the secure co