Configuring Cross-Farm Services in Microsoft SharePoint 2010

Shannon BrayTechnical Architect | Training DirectorPlanet Technologies

Shannon Bray

MCT, MCPD(e), MCITP, MCSD, MCAD, …SharePoint 2010 Microsoft Certified Master CandidateAutomating SharePoint 2010 with Windows PowerShell 2.0Technical Architect | Training DirectorPresident of Colorado SharePoint User’s Group

In this session you will learn to:

Understand the Service Application ArchitectureUnderstand Key ConceptsUnderstand Service Federation and How it WorksThe Steps Include …Troubleshoot the Federated Service EnvironmentTest the Federated Service Environment

To Start Out With …

Two Farmshttp://enterprise.teched.localhttp://internet.teched.local

No SharePoint Service AccountsNo SharePoint Service ApplicationsNo SharePoint Content Databases in SQL Server

To Start Out With …

Two Farmshttp://enterprise.teched.localhttp://internet.teched.local

No SharePoint Service AccountsNo SharePoint Service ApplicationsNo SharePoint Content Databases in SQL Server

Everything will be built during the presentation!!!

demo

Build Core Infrastructures

Shannon BrayTechnical Architect | Training DirectorPlanet Technologies

Understand the SA Architecture

Services can be consumed “a la carte”The service architecture is extensibleServices are supported on SharePoint FoundationServices can be scaled outServices can be resilient \ redundantServices can be Federated

Understand Key Concepts

ServiceService Machine InstanceService ApplicationService Application ProxyService ConsumerService Proxy GroupsDeploying Service ApplicationsAutomatic Services

Understand Federation and How it Works

Automatic ServicesServices that Support FederationFarm Level TrustService Application PermissionsDomain Level Trust

Automatic Services

Application Discovery and Load Balancer Service ApplicationSecurity Token Service Application

demo

Automatic Services

Shannon BrayTechnical Architect | Training DirectorPlanet Technologies

Enterprise Services Farm

The Steps Include …

Create the Publishing CertificateCreate the Consumer CertificatesExchange the CertificatesImport the Consumer Certificates on PublisherImport the Publishing Certificate on the ConsumerConfigure Trust with Consumer Farm IDPublish the Service(s)Consume the Service(s)

Create the Publishing Certificate

$rootCert = (Get-SPCertificateAuthority).RootCertificate

$rootCert.Export("Cert") | Set-Content "C:\Certs\EnterpriseServicesRootCert.cer" -Encoding byte

Create the Consumer Certificates

$rootCert = (Get-SPCertificateAuthority).RootCertificate $rootCert.Export("Cert") | Set-Content "C:\Certs\InternetRootCert.cer" -Encoding byte

$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate $stsCert.Export("Cert") | Set-Content "C:\Certs\InternetSTSCert.cer" -Encoding byte

Get the Consumer Farm ID

$farmID = (Get-SPFarm).Id

New-Item C:\Certs\internetConsumerFarmID.txt -type file -force -value "$farmID“

Swap ‘Em

Copy-Item \\$consumer\c$\Certs\InternetConsumerFarmID.txt \\$publisher\c$\Certs

Copy-Item \\$publisher\c$\Certs\EnterpriseServicesRootCert.cer \\$iconsumer\c$\CertsCopy-Item \\$iconsumer\c$\Certs\InternetRootCert.cer \\$publisher\c$\CertsCopy-Item \\$iconsumer\c$\Certs\InternetSTSCert.cer \\$publisher\c$\Certs

Import the Certs on Publishing

$trustCert = Get-PfxCertificate "C:\certs\InternetRootCert.cer" New-SPTrustedRootAuthority Internet -Certificate $trustCert

$stsCert = Get-PfxCertificate "c:\certs\InternetSTSCert.cer" New-SPTrustedServiceTokenIssuer Internet -Certificate $stsCert

Import the Certs on Consumer

$trustCert = Get-PfxCertificate "C:\Certs\EnterpriseServicesRootCert.cer"

New-SPTrustedRootAuthority EnterpriseServices -Certificate $trustCert

Permissions to the Consumer Farm

$farmID = Get-Content C:\Certs\InternetConsumerFarmID.txt

$security = Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity

$claimProvider = (Get-SPClaimProvider System).ClaimProvider

Topology Discovery

$principal = New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimProvider -ClaimValue $farmID

Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"

Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security

demo

The Steps Include…

Shannon BrayTechnical Architect | Training DirectorPlanet Technologies

Test the Federated Service Environment

Managed Metadata Service from Consumer Farm

Troubleshoot the Environment

Ensure Domain TrustConsumer has permission to Topology ServiceCheck the ACLFQDNCertificates

demo

Test and Troubleshoot the Federated ServicesShannon BrayTechnical Architect | Training DirectorPlanet Technologies

Related Content

OSP310 - Virtualizing Your SharePoint Farm ArchitectureOSP201 - The Ten Immutable Laws of Microsoft SharePoint Security

BOF18 – Advanced Architectures for Microsoft SharePoint 2010

Product Demo Stations for SharePoint 2010

Find Me Later At…BOF18 – Advanced Architectures for Microsoft SharePoint 2010SharePoint Booth@NoIdentity29 – Follow me… to follow me.

Resources

www.microsoft.com/teched

Sessions On-Demand & Community Microsoft Certification & Training Resources

Resources for IT Professionals Resources for Developers

www.microsoft.com/learning

http://microsoft.com/technet http://microsoft.com/msdn

Learning

www.northamerica.msteched.com

Connect. Share. Discuss.

Complete an evaluation on CommNet and enter to win!

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.