SharePoint Hybrid Cloud Identity Considerations Infrastructure Considerations Topology...

Overview of SharePoint 2013 and Office 365 Hybrid Scenarios and FuturesBill BaerSenior Technical Product Manager (SharePoint)Microsoft

• SharePoint Hybrid Cloud• Identity Considerations• Infrastructure Considerations• Topology Considerations• Workload Considerations• Resources

Agenda

Overview of SharePoint 2013 and Office 365 Hybrid

Why hybrid?

On-Premises

of enterprise customers are “on the road” to cloud

26%

Flexibility

On-Premises customization

Significant footprint in Remote locations

Regulatory reasons

Manageability

Hybrid scenarios and benefits

4

Migrate at their own pace to the cloud with little or no disruption to existing service

Pilot Online Service with a subset of users

Migration to the cloud

Continue to maintain Hybrid Model providing Services On-Premises or Online based on the Organization needs

Continue to use existing customizations On-Premise

Easily off-board Exchange mailboxes from cloud to On-Premises

Maintaining a hybrid model

Two scenarios of hybrid model in an Enterprise

Migrate remote users physically distant from On-Premise deployment to Online for better experienceHost certain data in particular locations Online for Compliance or data sovereignty reasons

Advantage of moving to cloud infrastructure ((TCO) where ever possible


Agenda


Click to insert photo.

Identity ConsiderationsCloud Identity

Directory Synchronization

Active Directory Federation Services

Identity CrisisCloud Identity

Single identity in the cloud Suitable for small organizations with no integration to on-premises directories

Directory & Password Synchronization*

Single identitysuitable for medium and large organizations without federation*

Federated Identity

Single federated identity and credentials suitable for medium and large organizations

Implemented to extend on-premises Active Directory

Provides SSO experience

Enables MFA

Azure Active Directory

8

Cloud Identity

Spreadsheet

CSV Import

Office Activation Service

Office 365 Admin Portal

Exchange Mailbox Access

…

Windows Azure Active Directory

OAuth2

SAML-P

WS-Federation

Metadata

Graph API

Authentication

Auth

ori

zati

on

Integrates with Azure AD replicating on-premises users, groups, and contacts

Provides use of on-premises user name across environments

Directory Synchronization

10

Password Synchronization

Low barrier to entry

Reduces TTS (Time to Solution)

No changes needed to existing AD servers

Does not provide Single Sign-On experience

Requires additional authentication

Does not support custom 2 factor authentication mechanisms deployed on-premises

Does enable policy based access control decisions

Single Point of Failure11

Extends Directory Synchronization to provide Same Sign-On experience

On Premises

Directory & Password Sync

Active Directory

DirectorySync


OAuth2

SAML-P

WS-Federation

Metadata

Graph API




…

Authentication

Auth

ori

zati

on

Provides an open and interoperable claims-based model for integration

AD FS

13

On Premises

Federated Identity

Active Directory

DirectorySync


OAuth2

SAML-P

WS-Federation

Metadata

Graph API

Active Directory Federation Services

One way trust




…

Authentication

Auth

ori

zati

on


Agenda



Infrastructure ConsiderationsReverse Proxy Devices

Secure Channel Certificates

Retrieves resources on behalf of a client from one or more servers

Documented RP solutionsUAG/TMGWeb Application ProxyF5 Big-IP

Validated RP solutionsUAG/TMGWeb Application ProxyF5 Big-IPCitrix Netscalar

Overview

17

Required in Inbound and Bidirectional environments

Scenarios

18


Agenda



Topology ConsiderationsOutbound

Inbound

Bidrectional

Primary web app

SharePoint Online

InternetMicrosoft data center Intranet

One-way outbound topology

12

Local search results only Site collection

Microsoft Office 365 tenant

SharePoint

SharePoint Online cannot querySharePoint Server

• Search: One-way outbound

• Business Connectivity Services: Not supported

• Duet Enterprise for SharePoint and SAP: Not supported

SharePoint Server 2013

SharePoint Server can query SharePoint Online

Federated search results

Outbound

Inbound

On-premises SharePoint Server 2013 Enterprise Search portal: Local and remote search results are available

SharePoint Online search portal: Local search results are available

Local search results onlyPrimary web app

SharePoint Online


One-way inbound topology

14

Federated search results Site collection

Office 365 tenant

SharePoint

SharePoint Online can query SharePoint Server

• Search: Search: One-way inbound

• Business Connectivity Services: Supported

• Duet Enterprise for SharePoint and SAP: Supported


SharePoint Server cannot query SharePoint Online

Inbound

On-premises SharePoint Server 2013 Enterprise Search portal: Local search results are available

SharePoint Online search portal: Local and remote search results are available

Perimeter network

Customer network

Outbound

Reverse proxy

Federated search resultsPrimary web app

SharePoint Online


Two-way (bidirectional) topology

16

Federated search results Site collection

Office 365 tenant

SharePoint

SharePoint Online can query SharePoint Server

• Search: Bidirectional

• Business Connectivity Services: Supported

• Duet Enterprise for SharePoint and SAP: Supported


SharePoint Server can query SharePoint Online

Inbound

On-premises SharePoint Server 2013 Enterprise Search portal and SharePoint Online search portal: Local and remote search results are available. If extranet authentication services are configured, extranet users can log in remotely through an on-premises Active Directory account and use all available hybrid functionality.

Perimeter network

Customer network

Outbound


Agenda



Workload ConsiderationsSearch

Business Connectivity Services

Collaboration

Social

Search

26

SharePoint on-premises

Search index can contain relevant content identified and gathered from “crawling” through local sites, file shares, and more

SharePoint Online Search index can contain relevant content identified and gathered from “crawling” through online sites

Authentication topology determines configuration

Hybrid search Users can view search results from both indexes in a single search

Business Connectivity Services

28

Enables users to publish on-premises data to a list or application external to SharePoint Online

Enables federated users to gain access to on-premises data from SharePoint Online

Requires a two-way authentication topology using an external URL published by reverse proxy

Connects only through OData source

OneDrive for Business Redirection

31

This is the first step in setting up users to use OneDrive in the cloud instead of OneDrive on premises

After this step, users’ OneDrive document library will be in the cloud

Rest of MySite stays on premises

Decision 1: Redirect OneDrive to cloud

If team sites are staying on premises, then you don’t want to redirect Sites to Office 365 yet

Do not redirect Sites at this time

Decision 2: Redirect Sites to cloud

You can choose to redirect all users’ OneDrive to use the cloud (Everyone)

Or if this is a “evaluation” period, you can choose to have select users evaluate OneDrive in Office 365 using an audience

Decision 3: Choose users to use OneDrive in Office 365

OneDrive for Business Redirection

32

Social

34

Users cannot act on (such as follow and tag) documents that are in SharePoint Online from SharePoint on-premises

Users cannot act on documents that are in SharePoint on-premises from SharePoint Online

Using on-premises and online social capabilities results in disconnected islands of information

Yammer connects information in a hybrid SharePoint environment

Yammer replaces the newsfeed and is embedded on SharePoint pages

Integrating Yammer into SharePoint resolves this disconnect

Technical data, resources, and examples

Implementing Hybrid Scenarios with Office 365 Courseware [http://channel9.msdn.com/series/SharePoint-Hybrid-Courseware-and-Curriculum]

Hybrid for SharePoint Server 2013 [http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx]

http://channel9.msdn.com/series/SharePoint-Hybrid-Courseware-and-Curriculum

http://channel9.msdn.com/series/SharePoint-Hybrid-Courseware-and-Curriculum

http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the US and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Agenda



Hybrid Cloud Overview

KEY SCENARIOS Compliance – corporateor regulatory

Very large application sizethat can’t be virtualized

I.e., large mission-critical, and data warehousing workloads

Compliance – corporateor regulatory

Applications can be virtualized

Improve infrastructure utilization, management, and operations

I.e., tier 2 and tier 3 OLTP,BI workloads

Idea to new application quickly

Variable demand in bursts,low latency

Don’t want to own or manage the infrastructure

I.e., consumer facing apps,BI in the Cloud

HYBRID APPLICATION

Cloud application with on-premise data source or on premise application extend to cloud (i.e., bursting)

Low latency not required

I.e., low cost data migration and backup; Cloud bursting, extended enterprise

Cloud on Your TermsPrivate CloudTraditional

Non-Virtualized Public Cloud

Scenarios

TCO (CAPEX and OPEX)

Scale on Demand

Time to Solution(new apps)

Time to Solution(existing apps)

Compliance(corporate or regulatory)

ON YOUR TERMSBusiness needs



* En

han

ced

by u

pco

min

g A

zure

IA

AS

featu

res

Good Better Best

*

*

Good Better Best Good Better Best

Good Better Best Good Better BestGood Better Best

Applications needs

Business Needs

Hybrid IT

MICROSOFTHybrid Cloud



Commons

• Active directory • Common development tools • Common management tools

Microsoft Hybrid Cloud



WHY MICROSOFTfor your Hybrid IT

application portfolioCommons

• Active directory • Common development tools • Common management tools

ON YOUR TERMSBusiness needs

* Enhance

d b

y u

pco

min

g A

zure

IA

AS

featu

res

Good Better Best

Scale on Demand

Compliance(corporate or regulatory) *

Good Better Best

TCO (CAPEX and OPEX)

Time to Solution(new apps)

Time to Solution(existing apps) *

Good Better Best

Good Better Best Good Better BestGood Better Best

Applications needs

KEY SCENARIOS Compliance – corporate or regulatoryVery large application size that can’t be virtualizedI.e., large mission-critical, and datawarehousing workloads

Compliance – corporate or regulatoryApplications can be virtualizedImprove infrastructure utilization, management, and operationsI.e., tier 2 and tier 3 OLTP, BI workloads

Idea to new application quicklyVariable demand in bursts, low latency Don’t want to own or manage the infrastructure I.e., consumer facing apps, BI in the Cloud

HYBRID APPLICATIONCloud application with on-premise data source or on premise application extend to cloud (i.e., bursting)Low latency not required I.e., low cost data migration and backup; Cloud bursting, extended enterprise

Hybrid Cloud

Title of Slide here.Subtitle copy here...Sed utperspiciatis unde omnisiste natus error sit.

Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.

Sed ut perspiciatis unde omnis iste natus error sit. voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

Slide Title Here...

Headline 1 here… Headline 2 here…

Sed ut perspiciatis unde omnis iste

natus error sit. voluptatem

accusantium doloremque laudantium,

totam rem aperiam, eaque ipsa quae

ab illo inventore veritatis et quasi

architecto beatae vitae dicta sunt

explicabo.

Nemo enim ipsam voluptatem quia

voluptas sit aspernatur aut odit aut

fugit, sed quia consequuntur magni

dolores eos qui ratione voluptatem

sequi nesciunt.



Title of Presentation

Title of Slide here.Subtitle copy here...Sed ut prrspiciatis

• Subtitle copy here...Sed voluptas sed quaia ut perspiciatis





Title of Slide here.Subtitle copy here...Sed utperspiciatis unde omnisiste natus error sit.




SharePoint Hybrid Cloud Identity Considerations Infrastructure Considerations Topology...

Documents

Transcript of SharePoint Hybrid Cloud Identity Considerations Infrastructure Considerations Topology...