This is a Sample Template that you can work in without installing the Corporate Design Template

SharePoint Admin in a Hybrid WorldJason Himmelstein, Microsoft MVPOffice 365 Advisory Services Manager@sharepointlhornhttp://www.sharepointlonghorn.com

www.rackspace.comJason HimmelsteinOffice 365 Advisory Services Manager, RackspaceOffice Servers & Services MVP

jase@sharepointlonghorn.comhttp://www.sharepointlonghorn.com@sharepointlhorn

Jason2

DefinitionHistoryChangesTopologiesIdentityConsiderations

Agenda

www.rackspace.comDefinition

www.rackspace.comWhat is hybrid?

www.rackspace.comIs everything really going to the cloud?

www.rackspace.comWhat should go where?

www.rackspace.comHistory

www.rackspace.comHistory lesson

www.rackspace.com

The dark days The mid 90s

www.rackspace.comNT 3.5 brings Server\Workstation modelExchange 5.0 Outlook Web AccessExchange 5.5 Microsoft Outlook

10

Innovation! late 90s

www.rackspace.comExchange 2000 gets rid of its own directory service & starts using Active DirectoryExchange Instant Messenger Service is bornSharePoint is born11

Google it! early 00s

www.rackspace.comSharePoint becomes a real product as Microsoft SharePoint Portal Server 2003 Exchange breaks out Instant Messaging into Office Live Communications ServerExchange added several basic filtering methodsActive Directory adds better Management capabilites12

Age of high speed Internet mid 00s

www.rackspace.comMicrosoft Office SharePoint Server 2007Exchange 2007 shift to 64bit architectureWindows Domains mature: Active Directory Domain Services & Active Directory Federation Services13

Age of enlightenment late 00s early 10s

www.rackspace.comExchange 2010: change to topology (Mailbox Server, Client Access Server (CAS), Unified Messaging Server, Hub Transport Server, Edge Server roles)SharePoint 2010: Introduction of "Service Applications" SOA model & MySitesLync 2010Domain Functional Level 2008 R2: Active Directory Rights Management Services & ActiveDirectory Recycle Bin

Exchange 2013: public folders are now part of mailbox databases and high availability is achieved using Database Availability Groups (DAG).SharePoint 2013: Service Applications & OneDrive (SkyDrive)Lync 2013Domain Functional Level 2012: Virtualize first & A new claims-based authorization platform that enhances, not replaces, the existing model14

15www.rackspace.comThe future is here

www.rackspace.comSharePoint 2016Exchange 2016Windows Server 2016Azure Active Directory15

Changes

www.rackspace.comWhat has changed?

www.rackspace.comIT vs Users

www.rackspace.comWhat has changed?

www.rackspace.comUser Experience first, IT needs second

Features first, Administration second

Users do not care where things live, they just want the tools that they want to do their work with as little impact as possible

20What does this all mean?www.rackspace.com

www.rackspace.comA little bit here, a little bit there

Location of data needs to be invisible to the user

Security concerns are paramount, but Users want one user name & password

The ability to have both onPrem & Cloud solutions is imperative

What does the future look like?

www.rackspace.comHow is it different for small vs large companies?

www.rackspace.comTopologies

www.rackspace.com

Physical Architecture - Small Farm

www.rackspace.comPhysical Architecture - Scaled Farm Architecture

www.rackspace.comPhysical Architecture - Large Farm Architecture

www.rackspace.comSharePoint & Office 365 Coexistence

www.rackspace.comSharePoint & Office 365 Coexistence

www.rackspace.comSharePoint & Office 365 Coexistence

www.rackspace.comSharePoint & Office 365 Coexistence

www.rackspace.comIdentity

www.rackspace.comAzure AD Connect: Your Identity Bridge

SaaS Apps

BoxCitrix ConcurGoToMeetingConcurDocusign

Azure AD Connect(sync + sign on)Active DirectoryLDAP

Other identity storesDropBoxGoogle appsJiveSalesforceServicenowWorkday

Your Custom Apps

User

DeviceCommonSign on

www.rackspace.com

Microsoft Ignite 2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.6/30/2016 2:30 PM32

FSMO roles, AD DNS, WINS, NETBIOS, etc

Dirty, dirty directories

2003 (Everyone group) --> 2008 (Authenticated Users group)

IsCriticalSystemObject objects not synced (like Domain Users)

UPN issues around migration

Schema extensions

Active Directory Core Concepts & Concerns

www.rackspace.com

Schema master, Domain naming master, RID master, PDC emulator, Infrastructure master https://support.microsoft.com/en-us/kb/197132

33

ADFS Coexistence

www.rackspace.comConsiderations

www.rackspace.comSharePoint Hybrid Sites and search at a glanceFeatureNon-hybridHybridOneDrive for BusinessOneDrive for Business is available in Office 365 but there is no link to it from SharePoint Server. If you've deployed MySites, users may have a second OneDrive for Business in SharePoint Server.OneDrive links are provided in SharePoint Server which direct users to OneDrive for Business in Office 365.Site followingThe followed sites list in Office 365 tracks followed SharePoint Online sites. If you've deployed MySites, a second followed sites list in SharePoint Server tracks followed SharePoint Server sites.Followed sites from both locations are consolidated in the SharePoint Online followed sites list. SharePoint Server links to the followed sites list redirect users to the SharePoint Online followed sites list.Document followingIf you've deployed MySites, the followed documents list in SharePoint Server tracks followed SharePoint Server documents.Hybrid document following is not available. If you use hybrid OneDrive for Business, the SharePoint Server followed documents list will be hidden from users. (Note that if you configure hybrid search and you have Delve, you can favorite SharePoint Server documents.)ProfilesUsers have separate profiles in SharePoint Server and in Office 365.Profiles exist in both locations, but SharePoint Server links to users' profiles redirect profiles in Office 365.Extensible app launcher (SharePoint Server 2016 only)Users see a different app launcher in Office 365 and in SharePoint Server.There are still separate app launchers, but the SharePoint Server app launcher includes several tiles from Office 365.SearchSeparate search indexes and search centers for SharePoint Server and Office 365. Users must search from SharePoint Server to find items stored there and they must search form Office 365 to find items stored there.Search results between the two locations are combined in one of two ways. Cloud hybrid search crawls on-premises content and indexes it in the search index in Office 365. Users can search the Office 365 index from either location. Hybrid federated search combines search results from each search index in a single search center.

Referenced from https://support.office.com/en-us/article/SharePoint-hybrid-sites-and-search-5ff7e56a-7af2-4511-adec-1e043afe244e?ui=en-US&rs=en-US&ad=US

www.rackspace.comSeveral hybrid features are bundled together to help ease deployment. The two feature bundles are:Hybrid OneDrive for BusinessHybrid sites features

The following table shows which hybrid features are included with each option.

Hybrid Sites features and OneDrive for BusinessFeatureHybrid OneDrive for BusinessHybrid sites featuresOneDrive for BusinessXXSite followingXProfilesXXExtensible app launcherX

Referenced from https://support.office.com/en-us/article/SharePoint-hybrid-sites-and-search-5ff7e56a-7af2-4511-adec-1e043afe244e?ui=en-US&rs=en-US&ad=US

www.rackspace.comPlan, Plan, Plan, Plan and then

Follow the Principle of Least Privilege

SharePoint onPrem installationsPLAN SOME MORE!SharePoint ServicesSQL Servicessp_installsql_serversp_farmsql_serverAgentsp_webappsql_olapservicesp_serviceappssql_reportserversp_searchsql_dtsserversp_userprofilesp_superusersp_superreader

www.rackspace.comExchange Co-Existence

www.rackspace.comQ & A

www.rackspace.com

Blog: www.sharepointlonghorn.com

Twitter: @sharepointlhorn

LinkedIn: www.linkedin.com/in/jasonhimmelstein

SlideShare: http://www.slideshare.net/jasonhimmelstein

Email: jase@sharepointlonghorn.com

Contact me

www.rackspace.com