Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
Download as PPTX, PDF1 like1,133 views
The document discusses webinar notes on configuring hybrid SharePoint environments with Office 365 and on-premise SharePoint 2013. It highlights identity management infrastructure, server-to-server authentication, and considerations for migration, including advantages and disadvantages of both cloud-based and on-premise systems. The session also emphasizes the necessity of Single Sign-On (SSO) and other authentication options, with a focus on practical implementation strategies.
Hybrid SharePoint - Office 365 & On-prem SharePoint 2013 -part2
- 1. Office 365 and On-Premise SharePoint 2013 - Part 2 Notes: If you experience audio issues during the webinar, you can dial in through telephone details provided to you in your registration confirmation email. Please feel free to post questions in the questions dialog and we will try to answer as many as we can at the end. Recording of this session will be shared in next 24-48 hours. You can also write to us at marketing@winwire.com for any clarifications or information.
- 3. © 2010 WinWire Technologies Agenda WHAT,WHY, Hybrid? Considerations Recap of previous webinar Configure identity management for a hybrid topology in SharePoint Server 2013 What are some limitations and considerations when moving to the cloud? Who We are?
- 4. IT solutions company making information actionable for the enterprises in the mobile-cloud world Collaborative and Analytics solutions leveraging pre-built solution accelerators Cloud, Collaboration & Analytics Technologies Mobility, Who We Are
- 5. © 2010 WinWire Technologies Recap of our previous Webinar Hybrid SharePoint Offers benefits of moving to the cloud quickly with a reduced time to market with lower risk and increased flexibility. Strategies for Adoption: • Migrate or coexist • Split Workloads or Split User base Key considerations • Split Workloads & Split User functions • Environment Management • Data privacy • Customizations Hybrid is the new reality as it provides the “ best of both worlds” and allow organizations to scale to meet changing business needs.
- 6. © 2010 WinWire Technologies Hybrid Identity Management Infrastructure SharePoint 2013 On premise Identity Management Solution SharePoint Office 365 For SharePoint 2013 On premise to be aware of SharePoint Office 365 environment, an identity management solution needs to be configured
- 7. © 2010 WinWire Technologies Preparing the Identity Architecture : Office 365 WinWire Customer Premises 1. Microsoft Online IDs AD Microsoft Online Directory Sync Identity Platform Provisioning Platform Lync Online SharePoint Online Exchange Online Federation Gateway AD FS 2.0 Trust IdP Directory Store Admin Portal Authentication Platform IdP Office 365 Desktop Setup Microsoft Online Services 2. Microsoft Online IDs and DirSync 3. Federated IDs and DirSync
- 8. © 2010 WinWire Technologies Configuring Identity Management Infrastructure Configure SSO or Password Sync Synchronize your on-premises users to Office 365 Configure server-to-server authentication between SharePoint Server 2013 and SharePoint Online For SharePoint 2013 On premise to be aware of your SharePoint Office 365 environment, an identity management solution needs to be configured.
- 9. © 2010 WinWire Technologies Setting Up Active Directory Federation Services : Office365 Set Up ADFS Servers Set Up ADFS Proxies Implement Load Balancing Register DNS Directory synchronization is done with the Azure Active Directory Sync tool.
- 10. © 2010 WinWire Technologies Configure SSO or Password Sync Step 1: Prepare for single sign-on Step 2: Set up your on- premises security token service • Active Directory Federation Services (AD FS) • Other third-party identity providers • https://msdn.microsoft.com/en- us/library/azure/jj679342.aspx Step 3: Verify single sign-on • From a domain-joined computer • From a non-domain-joined computer inside the corporate network • From a roaming domain-joined computer outside the corporate network • From the different operating systems that you use in your company • From a home computer • From an Internet kiosk (test access to the cloud service through a browser only) • From a smart phone (for example, a smart phone that uses Microsoft Exchange ActiveSync)
- 11. © 2010 WinWire Technologies Server-to-Server Authentication (SharePoint Server 2013 and SharePoint Online) Configure the Security Token Service (STS) in SharePoint Server 2013: • Create a new STS certificate. • Replace the default STS certificate on each server in your SharePoint Server 2013 farm. Install online service management tools on a web server in your SharePoint Server 2013 farm. Configure server-to-server authentication • Set variables • Upload the new on-premises STS certificate to SharePoint Online. • Add a Service Principal Name (SPN) to Azure. • Register the SharePoint Online application principal object ID with on- premises SharePoint Server 2013. • Configure a common authentication realm between your on-premises SharePoint Server 2013 farm and SharePoint Online. • Configure an Azure Active Directory application proxy on-premises. https://technet.microsoft.com/en-us/library/dn197169.aspx
- 12. © 2010 WinWire Technologies Preparing the Identity Architecture : Office 365 WinWire Customer Premises 1. Microsoft Online IDs AD Microsoft Online Directory Sync Identity Platform Provisioning Platform Lync Online SharePoint Online Exchange Online Federation Gateway AD FS 2.0 Trust IdP Directory Store Admin Portal Authentication Platform IdP Office 365 Desktop Setup Microsoft Online Services 2. Microsoft Online IDs and DirSync 3. Federated IDs and DirSync
- 13. © 2010 WinWire Technologies Authentication Options : Office 365 Federated IDs Microsoft Online IDs End user sign-in experience • Users sign in with corporate ID • Authentication takes place on-premises • Users have a single credential to provide SSO for on-premises and cloud services • Users get true SSO • Microsoft Online IDs • Users sign in with cloud identity • Authentication takes place in the cloud • Users have two IDs—one to access on-premises services & one for cloud services • Users prompted for credentials
- 14. © 2010 WinWire Technologies Authentication Options : Office 365 IT Administrator Considerations
- 15. © 2010 WinWire Technologies SharePoint 2013 Migration Made Easy Upcoming Webinar March 25th at 8AM to 9AM PT
- 16. © 2010 WinWire Technologies Questions?
- 17. © 2010 WinWire TechnologiesWinWire Technologies, Inc. Confidential WinWire Technologies, Inc. Confidential Thank You
- 18. © 2010 WinWire Technologies APPENDIX
- 19. © 2010 WinWire Technologies Considerations for Office 365 Advantages Disadvantages Package of solutions included (Exchange, Lync and SharePoint). If you are migrating other solutions, moving SharePoint to Office 365 will be very easy to use There is no way to know where your data is stored, making it potentially susceptible to other countries’ laws. Private and sensitive data resides outside your firewall. Reduced time to market. Difficult migration from on premise to Office 365 without 3rd party tools. Accessible anytime and anywhere the Internet is available because it is cloud-based. Difficult to integrate with 3rd party software that requires server installation Excellent performance and reliability. Office 365 offers 99.9% uptime on their services, which means you don’t have to worry about your site going down. Developers are limited to Sandbox solutions, restricting them to a single site collection. No maintenance required, everything is taken care of by Microsoft. Full Enterprise features of SharePoint are not available and therefore key items like metrics and usage analysis are impossible to do at the site level. Pay as you go model. This allows you to be up and running quickly without the high cost of infrastructure.
- 20. © 2010 WinWire Technologies Considerations for On-Premise Advantages Disadvantages The hardware belongs to you. The hardware belongs to you. If problems occur, they are your responsibility. Easier to integrate with external systems that will work with SharePoint (e.g. SAP, etc.) Costs for hardware and licenses (SQL Servers, SharePoint Servers, Client Access). You control where your data is stored. Server maintenance is required. Restart, backup, shutdown and update servers anytime at your convenience. Additional IT skills required to support the servers and infrastructure. SharePoint can touch AD, SQL, DNS, IIS and of course SharePoint itself. Developers have full access; no limitations. Enhanced performance thanks to server proximity. No slow internet connections.
Editor's Notes
- #7: Your organization probably has an existing body of users in its on-premises directory service. To enable the users to use hybrid services, you must synchronize these users with the Office 365 user directory, which is Azure Active Directory in the cloud. These accounts are maintained and managed on-premises, and changes are synchronized up to the cloud. Directory synchronization is done with the Azure Active Directory Sync tool. If you have decided not to implement SSO, you can configure the Azure Active Directory Sync tool to synchronize your on-premises user account passwords to SharePoint Online. You can set up directory synchronization to filter which users are synchronized with Office 365. For example, you can place all the users whom you want to be able to use hybrid features in a single organizational unit (OU) in Active Directory and then configure filtering to synchronize only that OU You can validate that directory synchronization is working by verifying that the People Picker tool for SharePoint Online can find federated users and groups in AD DS (users who are synchronized with Azure Active Directory).
- #9: Your organization probably has an existing body of users in its on-premises directory service. To enable the users to use hybrid services, you must synchronize these users with the Office 365 user directory, which is Azure Active Directory in the cloud. These accounts are maintained and managed on-premises, and changes are synchronized up to the cloud. Directory synchronization is done with the Azure Active Directory Sync tool. If you have decided not to implement SSO, you can configure the Azure Active Directory Sync tool to synchronize your on-premises user account passwords to SharePoint Online. You can set up directory synchronization to filter which users are synchronized with Office 365. For example, you can place all the users whom you want to be able to use hybrid features in a single organizational unit (OU) in Active Directory and then configure filtering to synchronize only that OU You can validate that directory synchronization is working by verifying that the People Picker tool for SharePoint Online can find federated users and groups in AD DS (users who are synchronized with Azure Active Directory).
- #11: To prepare, you must make sure your environment meets the requirements for SSO and verify that your Active Directory and Azure Active Directory tenant is set up in a way that is compatible with single sign-on requirements. Example version of AD is supported by the tenant etc.