Embed Size (px)
Citation preview
Succeeding with Hybrid SharePoint and Search:Strategy and Implementation
Jeff Fried
CTO, BA Insight
SPS Boston
June 2015
SharePoint Growth & Evolution
SharePoint ReleasesMetadata
Content
Focused on Search and
SharePoint since 2004
Longtime
Search Nerd
• CTO, BA Insight
• Senior PM, Microsoft
• VP, FAST
• SVP, LingoMotors
Who is this guy? Jeff Fried
Passionate About
• Search
• SharePoint
• Search-driven
applications
• Information Strategy
Blog:
DoMoreWithSearch.com
Technet Column
“A View from the
Crawlspace”
About BA Insight
– Secure connectivity
– Increased findability
– Applications and UI components
…and:
–
–
–
Why Hybrid?
On-Premises
–
–
–
–
–
Why Hybrid SharePoint?
7
Delve
PowerBIYammer
Next-Gen Portals
Office 365 APIs
Cloud-only
OneDrive
Office Video
Equivio Zoom
(e-Discovery)
Strategies for Adopting Hybrid SharePoint
Split Workload
Exchange, SharePoint, Lync
OneDrive, Yammer, PowerBI, Delve
Split User
Extranet, Mysites, Team Sites, Project Sites
Portals, Intranet, Services/Applications
Migrate
Move everything to the cloud
at your own pace
Co-Exist
Maintain a hybrid model
Keep using On-Premises systems &
customizations; mix according to need
Key Considerations for Hybrid: Workloads, Environment, Data, Customizations
Availability of features Online versus
On-Premises on particular workloads
Significant investments in
customization of On-Premises
workloads
Concerns over global network
performance with remote sites
Regulatory
considerations
Manageability concerns
KCTCS (background)
Search Provides a Unified View
Example: Using Search-First Migration with Hybrid
Cloud Service
Availability Sets
SharePoint Services Farm
Microsoft Azure
SharePoint Online
Site collections
Office 365 Tenant
SharePoint 2013 Content Farms
SharePoint 2010 Farm(s)
2) Migrate / UpgradeContent Farms
Each site collection can be moved independentlyCan be on-premises, in O365, or hosted in Azure
3) Decommission old farm(s)
1) Establish Search Service(using Azure IaaS)
Centralized Index vs. Virtual Index
Hybrid SharePoint OOB
Great material and training on Technet• http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx
SharePoint Hybrid Infrastructure
Search: Bidirectional
Business Connectivity Services: Supported
Duet Enterprise for SharePoint and SAP: Supported
IntranetMicrosoft data center Internet
Microsoft Office 365 tenant
SharePoint Online
Federated
search results
Site collection
SharePoint Online can query SharePoint Server
SharePoint Server 2013
SharePoint
Primary
web app
Federated
search results
SharePoint Server can query SharePoint Online
Outbound
Inbound
Customer network
Perimeter network
17
Essential building block:Authentication with Hybrid SharePoint
SharePoint 2013 Search Architecture
Public API
Unit of scale/role boundary
Extensibility Points
Not
Multi-tenant
SharePoint 2013 Search and O365
Limitations:
• Cannot crawl external content from O365
• CEWS not available from O365
• Cannot Crawl O365 from On-prem with OOB Connector
OOB Federated Search User Experience
Results from Cloud
Results from SharePoint On-Premise
Refiners from Cloud only
No termset
synchronization
Result Blocks
(not interleaved)
Hybrid SharePoint Patterns
7 Top Scenarios
3.5 Common Configurations
On-Premises
1.
2.
3.
Top 7 Scenarios
4.
5.
6.
7.
Hybrid Configurations: Index and Portal
Online
On-Prem
1.
2.
Portal On-Premises:Hybrid Configuration with Portals in SharePoint Server
Primary Portal On-Prem(Centralized On-Premises Index)
Online
On-Prem
Crawl with
SharePoint Online
Connector
KCTCS (background)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
BA Insight ConnectorsMailbox and Archiving Systems• Microsoft Exchange
• Microsoft Exchange Online
• IBM Lotus Notes
• Symantex Evault
• Autonomy EAS / (Zantaz)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
ERP and Portal Systems•
•
•
•
•
•
•
•
•
•
•
•
Plus a proven architecture and process for creating new
connectors to complex systems
1. Existing portals, with new content added online
2. Existing portals with content moving online
3.
Portal On-Premises:Hybrid Configuration with Portals in SharePoint Server
Primary Portal On-Prem(MultiSearch: Query Federation , Interleaved Results)
Online
On-Prem
Interleaving
Federator
BA Insight Federator
4.
5.
Portal Online:Hybrid Configuration with Portals in SharePoint Online
34
SharePoint Online external users’ rights
External users can
Create personal sites
Edit user profiles
Use SkyDrive Pro document libraries
See company-wide newsfeeds
View aggregated tasks
Serve as site collection administrators
View site mailboxes
Use Office Web Apps
Inherit rights of a user who extends an
invitation
Inherit granular rights
Navigate to subsites
View site feeds
See other users
Design public websites
Search only within a site
External users cannot
Secondary Portal On-Line(Remote Result Source from On-Prem Index)
Online
On-Prem
Remote
Result Source
Challenge: Search was in silos, inconsistent, or incomplete
Users finding content in disparate searches couldn’t
connect the dots, were missing the context and only
found incomplete content sets
No document
found
Incomplete
document sets
Inconsistent filing &
metadata
Collapse into 2 Cloud + 3 on-premises repositories
Connect through Connectors
Standardizewith Classification & Taxonomy Framework
Search
On-Premises
Office 365
Solution:
OnLine
Primary Portal On-Line(Depends on Microsoft Cloud SSA)
Online
On-Prem
Microsoft
Cloud SSA
(future)
BAI Hybrid
Connectivity
Engine
Directory Synchronization of
AD users and groups
SharePoint Server with
Cloud Search service application
2013 or 2016
Hybrid environment with Office 365
Basic hybrid search requirements
Additional requirements for search previews
Reverse proxy back to
on-premises WAC server
DirSync
SP 2013 SP 2010 SP 2007 Fileshares BCS
Cloud SSA
SPO
Search Index
1
2
34
5
67
Logical architecture: crawling
Corporate
network
Office 365
SP 2013
Cloud SSA
SPO
Search Index
Logical architecture: query
Corporate network
SP 2010
1
2a
Jaden issues a query from Office 365.
Her user token contains her online identity and group memberships.
1
Jaden isues a query from a site on-premises. This sends over her on-premises claims to SPO
Her user token gets rehydrated with her online claims as she is authenticated against Office 365.
2a
2b
2b
Office 365
Crawl Link
On Prem On Line
6.
7.
“Pure Cloud”:Cloud Configuration with Portals in SharePoint Online
44
SharePoint Server in Azurein hybrid configuration with O365 Tenant
Virtual Network
Cloud Service
Availability Set
Active Directory & DNS
Cloud Service Cloud Service
Availability Set
Front End
Availability Set
App server
Availability Set
Database
Microsoft Azure
Gatewaysubnet
Active VPN
On-premises environment
Optional!
46
Customer Example: ACE
Built on SharePoint 2013 using the Knowledge Integration Platform
–
–
–
–
How to Succeed with Hybrid SharePoint
48
Hybrid can include cross-version, multiway, ..
On-Premises
Customized Business Process
Document/ Records Management
Cloud
Online Storage
Extranet
Social
Identity/ Authentication
On-Premises
Team Sites
Intranet
Identity/ Authentication
2013Migrate at their own pace to the cloud with little or no disruption to existing service
Pilot Online Service with a subset of users
2016 ->Continue to maintain hybrid model providing services on-premises or online based on the organization needs
Continue to use existing customizations on-premise
Subscribe to cloud innovation, on demand, on your terms
Taking Hybrid Forward…
52
53
http://www.cleverworkarounds.com/2014/09/10/help-me-visualise-the-pros-and-cons-of-hybrid-sharepoint-2013/
Resources (just a few)
http://bit.ly/1sr15P8
http://bit.ly/1h4EL99
http://slidesha.re/1AiLkgF
http://bit.ly/1pvKo4Z
http://bit.ly/1t1fnVX
http://bainsight.com/hybrid-cloud-for-sharepoint
http://bit.ly/1ecuEdw
http://bit.ly/1AiLqF3
http://bit.ly/XmqBIc
http://bit.ly/1f26hFm
57
Essential building block:Authentication with Hybrid SharePoint
Identity crisisFederated identityCloud identity Directory & password synchronization
Single identity in the cloud
Suitable for small organizations with no integration to on-premises directories
Single identity
Suitable for medium and large organizations without federation
Single federated identity and credentials
Suitable for medium and large organizations
Beware of: IaIA
acronym courtesy of Adam Levithan
Infrastructure as Information Architecture
Directory Synchronization of
AD users and groups
SharePoint Server with
Cloud Search service application
2013 or 2016
Hybrid environment with Office 365
Basic hybrid search requirements
Additional requirements for search previews
Reverse proxy back to
on-premises WAC server
DirSync
SP 2013 SP 2010 SP 2007 Fileshares BCS
Cloud SSA
SPO
Search Index
1
2
34
5
67
Logical architecture: crawling
Corporate
network
Office 365
•
•
SID S-1-5-21-1212121212-
1212121212-1212
msOnline-
OnPremiseSecurity
Identifier
S-1-5-21-1212121212-1212121212-
1212
PUID PUID-XXXX-XXXXXXXXXX
S-1-5-21-1212121212-1212121212-1212
PUID-XXXX-XXXXXXXXXX
• User SIDs are mapped to PUIDs
• Group SIDs are mapped to Object IDs
• «Everyone» and «Authenticated users» are mapped to «Everyone except external
users»
SP 2013
Cloud SSA
SPO
Search Index
Logical architecture: query
Corporate network
SP 2010
1
2a
Jaden issues a query from Office 365.
Her user token contains her online identity and group memberships.
1
Jaden isues a query from a site on-premises. This sends over her on-premises claims to SPO
Her user token gets rehydrated with her online claims as she is authenticated against Office 365.
2a
2b
2b
Office 365
SP 2013
Cloud SSA
SPO
Search Index
Logical architecture w/ query federation
Corporate network
SP 2010
1
2a
2b
Office 365
SP 2013 search
3
Paul issues a query from the site with sensitive content.
He gets back search results from on-premises and online as separate result sets
3
Contoso did not have to upgrade their existing deployments to get started with Office 365 hybrid search
DLP Sensitive Data Search works with hybrid
Migrate remote users physically distant from On-Premise deployment to Online for better experience
Host certain data in particular locations Online for Compliance or data sovereignty reasons
Advantage of moving to cloud infrastructure ((TCO) where ever possible
SharePoint Hybrid Overview
Two scenarios of hybrid model in an Enterprise
Migration to the Cloud
Migrate at their own pace to the Cloud with little or no disruption to existing service
Pilot Online Service with a subset of users
Maintaining a hybrid model
Continue to maintain hybrid model providing services on-premises or online based on the organization needs
Continue to use existing customizations on-premise
Easily off-board exchange mailboxes from Cloud to on premises
Identity crisisFederated identityCloud identity Directory & password synchronization
Single identity in the cloud
Suitable for small organizations with no integration to on-premises directories
Single identity
Suitable for medium and large organizations without federation
Single federated identity and credentials
Suitable for medium and large organizations
SharePoint Hybrid Infrastructure
Search: Bidirectional
Business Connectivity Services: Supported
Duet Enterprise for SharePoint and SAP: Supported
IntranetMicrosoft data center Internet
Microsoft Office 365 tenant
SharePoint Online
Federated
search results
Site collection
SharePoint Online can query SharePoint Server
SharePoint Server 2013
SharePoint
Primary
web app
Federated
search results
SharePoint Server can query SharePoint Online
Outbound
Inbound
Customer network
Perimeter network
TWO-WAY HYBRID SETUP
TWO-WAY SETUP - DETAIL
ENVIRONMENT CONFIGURATION
NON-SharePoint Tasks
Reverse Proxy and
Certificate Auth
Identity Provider
MSOL Tools
Dirsync
UAG
ADFS Servers
SharePoint Servers
Office 365
Dirsync and Tools Servers
MSOL Tools
1.
2.
3.
4.
5.
SharePoint 2013 Config
Hybrid Challenges
Regulatory / compliance risks
Photo Courtesy of U.S. Central
Command
Downtime threatens key
operations and wastes
money
Photo Courtesy of U.S. Central
Command
Difficult to integrate content
over multiple technologies
Low bandwidth and high
latency slow worker
performance
Image Courtesy of USAF
Research Laboratory
Inability to quickly recover
from outages
Of course, migrations could be faster
