Plan networking services for SharePoint Online

Planning networking services for SharePoint Online

With the arrival of Office 365, the ability to extend corporate SharePoint infrastructures to the cloud became reality. SharePoint 2010 provided basic federation between on-premise Active Directory and cloud authentication, but provided no further service connectivity.

SharePoint 2013 integration

SharePoint 2013 and the newest version of Office 365 now provide three levels of integration: domain federation, server-to-server (S2S) trust and identity management, and service integration.

■■ As with SharePoint 2010, federated authentication and account synchronization is available between on-premise Active Directory and Windows Azure Active Directory. Besides providing authentication services, Windows Azure also acts as a trusted token issuer between the two environments.

■■ Using the OAuth 2.0 protocol, a trusted communication channel is established between a SharePoint Online installation and SharePoint Server 2013. Additionally, federated users can be authenticated using this functionality.

■■ Services such as Search, BCS, and Duet Enterprise Online can now be integrated between SharePoint Server 2013 and SharePoint Online.

SharePoint hybrid topologies

There are three hybrid topologies that can be used to configure the relationship between onpremise and cloud installations of SharePoint. The authentication topology you choose will then determine the services you can support:

■■ One-way outbound supports SharePoint Server 2013 queries of online site collections, returning the federated results to the on-premise SharePoint Server 2013 search.

■■ One-way inbound supports SharePoint Online queries of on-premise SharePoint Server 2013 site collections, returning the federated results to SharePoint Online search. It also supports SharePoint Online BCS connectivity to an on-premise SharePoint BCS installation.

■■ Two-way (bidirectional) topology supports SharePoint Server 2013 Search, BCS, and Duet Enterprise Online connections between on-premise and cloud-based installations of SharePoint.

MORE INFO IMPLEMENTATION PHASES FOR SHAREPOINT HYBRIDIZATION

Configuring a hybrid on-premise and cloud-based installation of SharePoint requires a significant amount of planning and configuration effort. This effort is broken into three phases: configuration of the basic environment, identity management infrastructure, and service configuration. The hybridization of SharePoint is covered in the TechNet article “Hybrid for SharePoint Server 2013” at http://technet.microsoft.com/en-us/library/jj838715.

aspx.

Thought experiment

Deploying the office client

In the following thought experiment, apply what you’ve learned about this objective. You can find answers to these questions in the “Answers” section at the back of this chapter.

Your organization is planning to move its core infrastructure to Office 365. Core services such as SharePoint and Exchange are required going forward. Management wants to absorb the cost of purchasing and deploying Office 2013 as part of the solution you propose. Which subscription of Office 365 would you select?

Plan security for SharePoint Online

Planning security for SharePoint Online

There are two aspects to securing any system: authentication and authorization.

authentication versus authorization

Authentication is the process of determining the identity of a principal (a person trying to log in to your environment). When a principal tries to authenticate to a system, credentials are provided (such as a password) to verify the principal’s identity.

Authorization is the process of verifying an authenticated user’s access to a system. This access is usually associated with some sort of ACL.

When a user tries to access SharePoint Online, the user name is checked against the permissions of the site (either as an individual or as a member of a permissions group). If no permissions have been granted, access is denied to the site.

Office 365 authentication

There are two distinct authentication methods present in Office 365: Microsoft Online IDs and Federated IDs.

Microsoft IDs are issued and maintained by Microsoft—you might already have one of these in the form of an Office 365, Hotmail, SkyDrive, or Xbox Live account.

Using a Microsoft ID, a user can authenticate to multiple systems (Office 365 included) using a single user name and password.

Identity federation (also called single sign-on) is a mechanism for enabling users within your organization to use their standard Active Directory corporate user name and password to access Office 365.

Federation with Office 365 requires the use of Active Directory Federation Services (ADFS) 2.0. After this configuration has been completed, all identities are managed only on-premises.

EXAM TIP

authentication is the process of determining the identity of a principal; authorization is the

process of verifying an authenticated user’s access to a system.

Plan customizations and solutions

Planning customizations and solutions

As with an on-premise installation of SharePoint, SharePoint Online can be heavily modified to suit the requirements of your business users. These modifications can vary in scope from customizations produced for a small grouping of users to solutions that can be applied to major segments of your SharePoint Online environment.

There are three major customization levels present in a SharePoint farm: browser-based, tool-based, and developer-based.

Browser-based customizations

SharePoint users with the appropriate permission level can make customizations to any SharePoint site using nothing more than their web browser. These customizations do not require much technical expertise and are scoped to a particular site or site collection.

Browser-based customizations include the following:

■■ Changing the site theme to one of 18 available themes (“What’s your style?”)

■■ Adding a logo and description to your site (“Your site. Your brand.”)

■■ Editing site pages, choosing customizing the appearance of web parts and other content to be displayed

■■ Altering the global and current navigation elements of a site

■■ Creating and altering the appearance of list and library views

tool-based customizations

Sometimes the modifications available through the browser are not adequate; if the person making the changes is technically adept (but not a software developer), the next available option is using a tool-based customization.

These sorts of modifications are made using SharePoint tools such as InfoPath Designer for developing customized InfoPath forms; SharePoint Designer (SPD) for making more-detailed site modifications such as altering/creating page layouts and creating workflows; or any of the Office 2013 client tools such as Microsoft Access, Microsoft Excel, or Microsoft Visio 2013.

Developer-based customizations

The last option for making modifications to a SharePoint Online installation is to build custom code solutions. Solutions developed using Visual Studio 2012 can be activated on your SharePoint Online installation and run in the site’s sandboxed solution environment.

Plan site collections

Planning site collection

Site collections in SharePoint Online are very similar to their on-premise counterparts. As we discussed at the beginning of this chapter, a site collection is nothing more than a grouping of sites that are functionally, navigationally, and administratively related to one another (see Figure 1-32).

FIGURE 1-32 Sites within a site collection.

Site collection admin center

Creating a new SharePoint online site collection is accomplished within the Site Collections menu of the SharePoint admin center (see Figure 1-33).

FIGURE 1-33

SharePoint admin center.

From this console, you can build a private site collection or a public web site.

Site collection types

Two types of site collections can be created within SharePoint Online: multiple private site collections and a single public web site.

■■ Each Office 365 subscription enables you to create a single public web site for your business; after this site has been created, the option to create it becomes grayed out.

■■ All SharePoint Online site collections (except the public web site) are initially created as private site collections. After creation, external users can be added to these site collections.

Before building a new site collection, you will want to consider factors such as the target audience of the site collection and how much data will be stored in the site collection.

Site collection administrators (SCas)

In an on-premise SharePoint installation, each site collection has primary administrators and SCAs. Although others can be assigned the same permission levels, they do not receive SCA quota e-mail, for instance.

SharePoint Online site collections have a single designated SCA. This tenant administrator retains full control and is responsible for the administration of a site collection.

Other SCAs can be added as backups for the primary site collection admin. Additionally, external support partners can be given access to the site collection from a help desk or administrative perspective.

Storage quotas

There is a maximum amount of space that is given to a SharePoint Online subscription. A dedicated amount of this space can be given to each new site collection as a quota that limits the overall size for the site collection. There is no default amount of space issued—the quota is assigned as part of the site creation process.

Optionally, an e-mail can be sent to SCAs when a certain percentage of the overall quota size has been consumed.

Server resource quotas

Each SharePoint Online installation is granted a server resource quota. This amount represents the memory and processor resources that are utilized by the entirety of all site collections in the installation.

As a new site collection is created, it is assigned a percentage of the resources for use; the idea of this quota is to prohibit a single site collection from consuming all available resources within an installation. Adding new sandboxed solutions or apps to the site collection can cause this number to increase.

Sharing

Although site collections are created for private use, external users can be added to the permissions structure. These users can be granted reader, contributor, and even owner permissions.

Sharing is enabled on a per-site collection basis. Within the SharePoint admin console, there are three options for sharing:

■■ Don’t Allow Sharing Outside Of Your Organization

■■ Allow External Users Who Accept Sharing Invitations And Sign In As Authenticated Users

■■ Allow Both External Users Who Accept Sharing Invitations And Anonymous Guest Links

After sharing is enabled, users can share an entire site or individual documents on a site.

These users are fully authenticated, signing in with either a Microsoft account or a Microsoft Office 365 ID. If anonymous guest links have been enabled, users can share individual documents anonymously.

Plan service applications

Planning service applications

Because SharePoint Online is a multitenant application within Office 365 (meaning that your SharePoint environment is contained in a series of farms that serve other Microsoft customers), there are some differences between the service applications that would be found in an on-premise environment and in SharePoint Online.

SharePoint services in Office 365

Not all SharePoint services in an on-premise installation of SharePoint have a matching analog within the SharePoint Online product line.

Table 1-5 shows a listing of the service applications found in SharePoint 2013 and the services available within SharePoint Online.

TABLE 1-5 SharePoint Online service comparison

Service Application	SharePoint Online Plan	Subscription Level	Note
Access Service	All plans	All levels	Not configurable
Access Service 2010	Not available	Not available	-----
App Management Service	All plans	All levels	-----
Business Data Catalog Service	Plan 2 only	E3 and E4 only	Configurable from the SharePoint Admin Center web site
Excel Service Application	Plan 2 only	E3 and E4 only	Not configurable
Machine Translation Service	All plans	All levels	Not configurable
PerformancePoint Service	Not available	Not available	-----
PowerPoint Automation Service	Not available	Not available	-----
Managed Metadata Service	All plans	All levels	Configurable from the SharePoint Admin Center web site
Search Service	All plans	All levels	Configurable from the SharePoint Admin Center web site
Secure Store Service	Plan 2 only	E3 and E4 only	Configurable from the SharePoint Admin Center web site
State Service	Not available	Not available	-----
User and Health Data Collection Service	Not available	Not available	The Office 365 admin console provides health information on a per-service basis
User Profile Service	All plans	All levels	Configurable from the SharePoint Admin Center web site
Visio Graphics Service	Plan 1 and 2	E1 through E4	-----
Word Automation Services	Not available	Not available	-----
Work Management Service	Not available	Not available	-----
Microsoft SharePoint Foundation Subscription Settings Service	Not available	Not available	-----

 

Evaluate service offerings

Evaluating service offerings
The previous Office 365 offering focused heavily on business clients in two subscription types:
Small Business Plan (Plan P1) and two Midsize Business and Enterprise plans (Plan E1 and Plan E3). These types provided varying functionality, but focused on four core service offerings, all of which were cloud-based:
■■ Microsoft Exchange Online
■■ SharePoint Online
■■ Lync Online
■■ Microsoft Office Professional Plus
There are a total of four subscription types in this newest Office 365 platform. Small Business Premium and Enterprise continue to support business users; Home Premium and ProPlus extend the Office client in the cloud to the home and businesses that want to simply deploy Office without Exchange, SharePoint, and so on.
IMPORTANT SHAREPOINT IN OFFICE 365 SUBSCRIPTIONS
Neither Office 365 Home Premium nor Office 365 ProPlus includes any type of SharePoint offering in their subscription types. As in the previous Office 365, SharePoint is included within the Small Business and Enterprise subscription types and includes services that vary on the type of plan chosen.
SharePoint plans and subscription levels
Before discussing the major subscription types, it should be stated that there are individual plan levels that apply to the online components (SharePoint, Exchange, and Lync) within each subscription.
Although the combinations of plans, subscriptions, and levels can seem to be confusing (and occasionally overwhelming), the resulting customizability of each enables an organization to truly tailor the type of online environment that is required.
There are two plan levels that specifically apply to a SharePoint Online environment: Plan
1 and Plan 2. Additionally, Enterprise external users are also discussed as Enterprise levels (E1– E4 levels of SharePoint Online) allow for external collaboration with users not located within your organization.
MORE INFO PLANS, SUBSCRIPTIONS, AND LEVELS
A very thorough listing of each component’s availability within each level of the SharePoint Online offering can be found at http://technet.microsoft.com/en-us/library/jj819267.aspx.
Office 365 home Premium
The Home Premium subscription focuses on the availability of client services to users, providing access to Office 2013, SkyDrive, and Skype Services; it does not include Exchange Online, SharePoint Online, Lync Online, Project Online, or Visio Online services.
This subscription includes the following:
■■ The ability to install Office on up to five PCs, Macs, or tablets, shared among all users in the home
■■ Core Office applications: Microsoft Word, Excel, PowerPoint, and OneNote
■■ E-mail, publishing, and database applications: Microsoft Outlook, Publisher, and Access
■■ Office on Demand: Streaming versions of Office applications, requiring Windows 7 or 8 and an Internet connection
■■ Skype services, offering 60 minutes of free calling to 40-plus countries worldwide
■■ An additional 20 GB of SkyDrive online storage
Office 365 ProPlus
The ProPlus subscription focuses purely on the Microsoft Office client suite, omitting webbased services such as SharePoint, Exchange, and so on; if desired, these services can be purchased separately.
One of the more interesting components of this subscription is called Click-to-Run. Using this type of installation (instead of a traditional Windows Installer-based [*.msi]), users can begin using a program before it is completely downloaded.
This subscription includes the following:
■■ The ability to install Office on up to five PCs, Macs, or tablets per licensed user
■■ Core Office applications: Word, Excel, PowerPoint, and OneNote
■■ E-mail, publishing and database applications: Outlook, Publisher, and Access
■■ Unified communications and forms: Lync and InfoPath
■■ Office on Demand: Streaming versions of Office applications, requiring Windows 7 or 8 and an Internet connection
■■ Access to Enterprise features via Active Directory Domain Services (AD DS):
■■ Single sign-on/identity federation
■■ Active Directory synchronization
■■ Domains
Office 365 Small Business Premium
Office Small Business Premium is the least-expensive subscription that offers SharePoint Online and is designed for small businesses with up to 10 employees. This subscription does not include either the Skype services or the additional SkyDrive storage granted by the Home Premium subscription, but does include the following:
■■ The ability to install Office on up to five PCs, Macs, or tablets per licensed user
■■ Core Office applications: Word, Excel, PowerPoint, and OneNote
■■ E-mail, publishing and database applications: Outlook, Publisher, and Access
■■ Unified communications and forms: Lync and InfoPath
■■ Office on Demand: Streaming versions of Office applications, requiring Windows 7 or 8 and an Internet connection
■■ A 25 GB Outlook mailbox, shared calendar, contact manager, scheduling, and task-list tools; and 10 GB of cloud-based storage (plus 500 MB per licensed user)
■■ The ability to set up, build, and maintain a public-facing web site with no additional hosting fees (SharePoint)
■■ Access to Lync Online (Plan 1)
■■ Access to SharePoint Online (Plan 1)
■■ Access to Exchange Online (Plan 1)
Office 365 enterprise
The Enterprise subscription level of Office 365 is the top of the line, basically including the entire Office stack, both online and offline. This product provides functionality normally associated with on-premise installations, including information rights management, federation, and enterprise records management.
This subscription includes the following:
■■ The ability to install Office on up to five PCs, Macs, or tablets per licensed user
■■ Core Office applications: Word, Excel, PowerPoint, and OneNote
■■ E-mail, publishing and database applications: Outlook, Publisher, and Access
■■ Unified communications and forms: Lync and InfoPath
■■ Office on Demand: Streaming versions of Office applications, requiring Windows 7 or 8 and an Internet connection
■■ A 25 GB Outlook mailbox, shared calendar, contact manager, scheduling and task-list tools, and 10 GB of cloud-based storage (plus 500 MB per licensed user)
■■ The ability to set up, build, and maintain a public-facing web site with no additional hosting fees (SharePoint)
■■ Access to Lync Online (Plan 2)
■■ Access to Exchange Online (Plan 2)
■■ Data loss prevention that is compliant with regulatory standards ■■ Access to SharePoint Online (Plan 2), including the following:
■■ Site mailboxes to enhance collaboration
■■ Archiving, eDiscovery venter to identify, hold, and analyze information from Exchange, SharePoint, and Lync
EXAM TIP
although it might seem trivial at first, knowing which functionality is available at each subscription level is a critical component of your Office 365 design and planning effort.

Plan a network infrastructure

Planning a network infrastructure

When planning the layout of a SharePoint farm, it is important to remember that the farm not only communicates with SharePoint users but also requires communications within the farm (to each tier) and communications to other servers in the network (such as Exchange or Lync servers). Effective network infrastructure planning requires that each of these connection types be considered in the overall design.

Interserver and end-user communication

There are two distinct types of network communication present within a SharePoint farm: user facing and interserver. Communications between servers within the farm can be quite intense at times; during these times, users might experience diminished performance if both types of communication take place across the same network interface.

As a result, servers in the web and application tiers of a SharePoint farm should have two distinct network interfaces:

■■ The first network interface card (NIC) handles user requests, routing traffic back and forth to users.

■■ The second NIC handles interserver connectivity, routing traffic back and forth between the SharePoint servers (web and app tier) and the data tier.

Network latency and stretched farms

Latency and bandwidth are concepts that go hand in hand. The best way to understand the relationship between these two is to imagine driving on a freeway. The speed limit (bandwidth) relates to how fast the traffic can travel on the freeway, whereas the traffic congestion present on the freeway can cause the commute time (latency) for any one car to increase.

SharePoint farm servers should be connected to each other with a minimum connectivity speed of 1 Gbps. Although it is possible to achieve this connection speed over a wide area network (WAN) connection, the network latency (time taken for a byte to travel from source to destination) often exceeds 1ms. Microsoft requires that the latency between SharePoint servers and the content database be less than 1 ms apart.

Unfortunately for system administrators, this latency requirement also prohibits the members of any one SharePoint farm from being located in two data centers (no matter how closely located these centers are). All servers belonging to a server farm must be physically located in the same datacenter to be supported.

EXAM TIP

the connection speed between all SharePoint servers in a farm must meet or exceed 1 Gbps. additionally, the network latency between the web/application tiers and the data tier should be less than 1 ms.

Internet Protocol (IP) support in SharePoint 2013

SharePoint 2013 fully supports IPv6, the latest revision of the Internet Protocol. Microsoft recommends that you leave IPv6 enabled on your SharePoint servers; if your network does not support IPv6, IPv4 will be used as a default.

Thought experiment

Minimizing farm hardware expense

In the following thought experiment, apply what you’ve learned about this objective. You can find answers to these questions in the “Answers” section at the back of this chapter.

You are designing a small SharePoint environment to support 2000 users. Because this environment is heavily utilized for day-to-day operations and workflow, highavailability is a must. Additionally, there are several departments that make extensive use of features such as Excel Services.

You have rather stringent budget specifications and must weigh the value of purchasing server hardware against the cost of purchasing other equipment. What server layout approach should you propose and how might you address availability requirements?