Embed Size (px)
Citation preview
Succeeding with Hybrid SharePoint and Search:Strategy and Implementation
Jeff FriedCTO, BA Insight
SPS BostonJune 2015
Hybrid SharePoint - Promise and Reality of Hybrid Adoption Hybrid SharePoint and Search - Top 7 Scenarios: Strategy and ConfigurationsSucceeding With Hybrid SharePoint and Search - Projects and Tools
SharePoint Growth & Evolution
SharePoint Releases Metadata
Content
Focused on Search and SharePoint since 2004
Longtime Search Nerd• CTO, BA Insight
• Senior PM, Microsoft
• VP, FAST
• SVP, LingoMotors
Who is this guy? Jeff Fried
Passionate About• Search
• SharePoint
• Search-driven applications
• Information Strategy
Blog: DoMoreWithSearch.com
Technet Column“A View from the Crawlspace”
About BA Insight We provide connectivity, classification, and application software that accelerates
and future-proofs the implementation of on-premise and cloud-based SharePoint portals.
– Secure connectivity to a wide variety of content systems
– Increased findability using auto-tagging, metadata generation, and text analytics
– Applications and UI components to help with the creation of knowledge centers
Hundreds of successful implementations at Global 5000 companies:
…and:
Reduce risk and increase flexibility
– Maintain existing on-premises systems and customizations
– Meet regulatory, performance, or functional requirements
– Migrate a step at a time
Why Hybrid?
On-Premises
Benefit from the cloud sooner
Move to the cloud without– Breaking customizations– Raising security concerns
Use features not available with SharePoint Online– extensibility models, search on external content, cross-site publishing….
Reduce risk by migrating in steps– Separation of workloads
Keep up with Microsoft’s cloud-first/cloud-only roadmap– and/or hedge your bets
Why Hybrid SharePoint?
7
Delve
PowerBIYammer
Next-Gen Portals
Office 365 APIs
Cloud-only
OneDrive
Office Video
Equivio Zoom(e-Discovery)
Strategies for Adopting Hybrid SharePoint
Split Workload
Exchange, SharePoint, LyncOneDrive, Yammer, PowerBI, Delve
Split User
Extranet, Mysites, Team Sites, Project SitesPortals, Intranet, Services/Applications
Migrate
Move everything to the cloud
at your own pace
Co-Exist
Maintain a hybrid model
Keep using On-Premises systems & customizations; mix according to need
Key Considerations for Hybrid: Workloads, Environment, Data, Customizations
Availability of features Online versus On-Premises on particular workloads
Significant investments in customization of On-Premises workloads
Concerns over global network performance with remote sites
Regulatory considerations
Manageability concerns
KCTCS (background)
Search Provides a Unified View
Seamless experience for users• Don’t need to know where content is• Effective for “split user” hybrid
Bring in content from many systems• Not “just” SharePoint• Tap Business Critical content where it lives• Secure; reduces load & risk on LoB systems
Unified Index drives the experience
Example: Using Search-First Migration with Hybrid
Cloud Service
Availability Sets
SharePoint Services Farm
Microsoft Azure
SharePoint Online
Site collections
Office 365 Tenant
SharePoint 2013 Content Farms
SharePoint 2010 Farm(s)
2) Migrate / UpgradeContent Farms
Each site collection can be moved independentlyCan be on-premises, in O365, or hosted in Azure
3) Decommission old farm(s)
1) Establish Search Service(using Azure IaaS)
Centralized Index vs. Virtual Index
Control relevance and navigation Control how often the index is updated Control what metadata is crawled Support content processing/enrichment Ensure speed of response Control the load on the source system
Advantages of crawling content Advantages of federating queries
Get at content that you can’t crawl No additional capacity requirements
for the content index Large Crawl processes do not
absorb Bandwidth
Note: federation is only as strong as the weakest link
Generally: index when you can, federate when you can’t index
Hybrid SharePoint OOBGreat material and training on Technet
• http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx
SharePoint Hybrid Infrastructure
Search: Bidirectional
Business Connectivity Services: Supported
Duet Enterprise for SharePoint and SAP: Supported
IntranetMicrosoft data center Internet
Microsoft Office 365 tenant
SharePoint Online
Federated search results
Site collection
SharePoint Online can query SharePoint Server
SharePoint Server 2013
SharePoint
Primary web app
Federated search results
SharePoint Server can query SharePoint Online
Outbound
Inbound
Customer network
Perimeter network
17
Essential building block:Authentication with Hybrid SharePoint
http://blogs.office.com/2014/05/13/choosing-a-sign-in-model-for-office-365/
SharePoint 2013 Search Architecture
Content UXCrawlContentProcessing Index
QueryProcessing WFE
AP
I
FAST Search Index
ContentEnrichmentWeb Service
ContentConnectors
RemoteResultSources
Public API
Unit of scale/role boundary
Extensibility Points
Not Multi-tenant
SharePoint 2013 Search and O365
Content UXCrawlContentProcessing Index
QueryProcessing WFE
AP
I
FAST Search Index
ContentEnrichmentWeb Service
ContentConnectors
RemoteResultSources
Limitations: • Cannot crawl external content from O365• CEWS not available from O365• Cannot Crawl O365 from On-prem with OOB Connector
OOB Federated Search User Experience
Results from Cloud
Results from SharePoint On-Premise
Refiners from Cloud only
No termsetsynchronization
Result Blocks(not interleaved)
Hybrid SharePoint Patterns
7 Top Scenarios 3.5 Common Configurations
On-Premises
Existing portals (On-Premises)1. with new content added online2. with content moving online3. across security or compliance boundaries
Top 7 Scenarios
Online portals 4. externally-facing and extranets5. ‘cloud-only’ but including on-premises content
“Pure Cloud” Portals6. with content outside of SharePoint Online7. where user experience is essential
Hybrid Configurations: Index and PortalPortal Index Content
Online
On-Prem
1. Existing portals with new content added online
2. Existing portals with content moving online
Portal On-Premises:Hybrid Configuration with Portals in SharePoint Server
Primary Portal On-Prem(Centralized On-Premises Index)
Portal Index Content
Online
On-Prem
Crawl with SharePoint Online
Connector
Smart PreviewsVisual Refiners
ConnectorsAutoClassifier
KCTCS (background)
Content and Collaboration Systems• EMC Documentum• EMC eRoom• HP Trim• IBM Filenet F8• IBM Content Manager• IBM Connections• Objective DMS• OpenText LiveLink/RM• OpenText Hummingbird / eDocs• Oracle CMS/Stellent• IBM Lotus Notes • Xerox DocuShare• Confluence• Alfresco• Jive• CuadraSTAR
BA Insight ConnectorsMailbox and Archiving Systems• Microsoft Exchange • Microsoft Exchange Online• IBM Lotus Notes • Symantex Evault• Autonomy EAS / (Zantaz)
Practice Management Systems• Aderant Practice Management• Autonomy Worksite (iManage)• Elite/3E• KnowledgeMill OnePlace• LegalKey • NetDocuments• Practical Law • AutoElite Prolaw • RealPractice
CRM Systems• Salesforce.com/Force.com• Microsoft Dynamics CRM• LexisNexis Interaction CRM• Any SQL Based CRM
Databases• Microsoft SQL Server• MySQL• IBM DB2• Oracle Databases
ERP and Portal Systems• SAP Business Suite• SAP DMS• IBM WebSphere• Oracle WebCenter • Interaction (PlumTree
Search and Cloud Systems• Microsoft SharePoint Online• Google Drive• SharePoint 2013, 2010, 2007,
FAST Search for SharePoint• Microsoft Search Server• Box• Scopus• PharmaCircle
Plus a proven architecture and process for creating new connectors to complex systems
1. Existing portals, with new content added online
2. Existing portals with content moving online
3. Unified Portals across security or compliance boundaries
Portal On-Premises:Hybrid Configuration with Portals in SharePoint Server
Primary Portal On-Prem(MultiSearch: Query Federation , Interleaved Results)
Portal Index Content
Online
On-Prem
Interleaving Federator
Smart PreviewsVisual Refiners
ConnectorsAutoClassifier
AutoClassifierfor SharePoint Online
BA Insight Federator
34
4. Externally-facing portals and extranets
5. Cloud-only applications with on-prem content
Portal Online:Hybrid Configuration with Portals in SharePoint Online
SharePoint Online external users’ rightsExternal users
canCreate personal sites
Edit user profiles
Use SkyDrive Pro document libraries
See company-wide newsfeeds
View aggregated tasks
Serve as site collection administrators
View site mailboxes
Use Office Web Apps
Inherit rights of a user who extends an invitation
Inherit granular rights
Navigate to subsites
View site feeds
See other users
Design public websites
Search only within a site
External users cannot
Secondary Portal On-Line(Remote Result Source from On-Prem Index)
Portal Index Content
Online
On-Prem
Remote Result Source
ConnectorsAutoClassifier
Preview Generation
Smart Previews Visual Refiners
App versions (future)
Challenge: Search was in silos, inconsistent, or incomplete
Users finding content in disparate searches couldn’t connect the dots, were missing the context and only found incomplete content
sets
No document found
Incomplete document sets
Inconsistent filing & metadata
Collapse into 2 Cloud + 3 on-premises repositories
Connect through Connectors
Standardize with Classification & Taxonomy Framework
Search
On-Premises
Office 365
Solution:
OnLine
Primary Portal On-Line(Depends on Microsoft Cloud SSA)
Portal Index Content
Online
On-Prem
Microsoft Cloud SSA
(future)
AutoClassifierfor SharePoint OnlineSmart Previews
Visual RefinersApp versions (future)
ConnectorsAutoClassifier
Preview Generation
BAI HybridConnectivity
Engine
Cloud SSA: new upcoming index-in-O365 option
Directory Synchronization of AD users and groups
Supported content sourcesSharePoint Server 2007, 2010 or 2013
Fileshares, BCS connectors*
SharePoint Server withCloud Search service
application2013 or 2016
Office 365 subscription that includes SharePoint +
Activated Users
Hybrid environment with Office 365
Basic hybrid search requirements
Comin
g by
end of
2015
Additional requirements for search previews
Reverse proxy back to on-premises WAC server
AD
AAD
DirSync
SP 2013 SP 2010 SP 2007 Fileshares BCS
Cloud SSA
Content processing SPO
Search IndexItem queue
Parsed content
ACL mapping
1
2
34
5
6 7
Logical architecture: crawling
Corporate network
Office 365
Crawling and parsing
SP 2013
Cloud SSA
SPOSearch Index
Logical architecture: query
Corporate network
SP 2010
1
2a
Jaden issues a query from Office 365.Her user token contains her online identity and group memberships.
1
Jaden isues a query from a site on-premises. This sends over her on-premises claims to SPOHer user token gets rehydrated with her online claims as she is authenticated against Office 365.
2a
2b
2b
Office 365
Cloud SSA
Crawl
ContentProcessing
Part 2 Index
AnalyticsProcessing
Crawl Link
FAST Search Index
ContentEnrichmentWeb Service
BA InsightConnectors
ContentProcessing
Part 1
OOBConnectors
Indexable Text +
Metadata
On Prem On Line
OOB Limitations:- No custom content enrichment- No custom security trimming- No previews outside SP2013/SPO
Resolved with BA Insight
44
6. Portals including content outside of SharePoint
7. Hosted Portals, with all content online
“Pure Cloud”:Cloud Configuration with Portals in SharePoint Online
SharePoint Server in Azurein hybrid configuration with O365 Tenant
Virtual Network
Cloud Service
Availability Set
Active Directory & DNS
Cloud Service Cloud Service
Availability Set
Front End
Availability Set
App server
Availability Set
Database
Microsoft Azure
Gatewaysubnet
Active VPN
On-premises environment
Optional!
BA Insight
Apps
46
Customer Example: ACE
Built on SharePoint 2013 using the Knowledge Integration Platform
48
Plan and define your strategy and approach
– Understand your scenarios and select the appropriate configuration and implementation options up front
Take advantage of your move to improve
– Don’t just ‘lift and shift’; do smart migration
Ready your team for the change before you execute
– Test and Train with Azure & O365
Continually analyze, gather feedback and adjust
– Content, Queries, and Microsoft Offerings change continually
How to Succeed with Hybrid SharePoint
Hybrid can include cross-version, multiway, ..
On-Premises
Customized Business Process
Document/ Records Management
Cloud
Online Storage
Extranet
Social
Identity/ Authentication
On-Premises
Team Sites
Intranet
Identity/ Authentication
2013Migrate at their own pace to the cloud with little or no disruption to existing service
Pilot Online Service with a subset of users
2016 ->Continue to maintain hybrid model providing services on-premises or online based on the organization needs
Continue to use existing customizations on-premise
Subscribe to cloud innovation, on demand, on your terms
Taking Hybrid Forward…
52
53
http://www.cleverworkarounds.com/2014/09/10/help-me-visualise-the-pros-and-cons-of-hybrid-sharepoint-2013/
Resources (just a few)
Want to succeed in a hybrid world? Get a great start with these 10 resources http://bit.ly/1sr15P8 Office 365 SharePoint hybrid – what you DO and DO NOT get http://bit.ly/1h4EL99 Office 365 and Hybrid Solutions http://slidesha.re/1AiLkgF SharePoint On-Premises Or In The Cloud? Why not both? http://bit.ly/1pvKo4Z Hybrid for SharePoint Server 2013 http://bit.ly/1t1fnVX BA Insight Hybrid pagehttp://bainsight.com/hybrid-cloud-for-sharepoint What is Infrastructure as a Service? http://bit.ly/1ecuEdw Understand and evaluate hosting options for SharePoint farms http://bit.ly/1AiLqF3 Governance and Administration for Hybrid Deployments http://bit.ly/XmqBIc AIIM Trendscape: Content and the Cloud http://bit.ly/1f26hFm
Hybrid SharePoint - Promise and Reality of Hybrid Adoption Hybrid SharePoint and Search - Top 7 Scenarios: Strategy and ConfigurationsSucceeding With Hybrid SharePoint and Search - Projects and Tools
57
Essential building block:Authentication with Hybrid SharePoint
http://blogs.office.com/2014/05/13/choosing-a-sign-in-model-for-office-365/
Identity crisisFederated identityCloud identity
Directory & password synchronization
Single identity in the cloud
Suitable for small organizations with no integration to on-premises directories
Single identity
Suitable for medium and large organizations without federation
Single federated identity and credentials
Suitable for medium and large organizations
Beware of: IaIA
acronym courtesy of Adam Levithan
Infrastructure as Information Architecture
Prerequisites for using Office 365 hybrid search
Directory Synchronization of AD users and groups
Supported content sourcesSharePoint Server 2007, 2010 or 2013
Fileshares, BCS connectors*
SharePoint Server withCloud Search service
application2013 or 2016
Office 365 subscription that includes SharePoint +
Activated Users
Hybrid environment with Office 365
Basic hybrid search requirements
Comin
g by
end of
2015
Additional requirements for search previews
Reverse proxy back to on-premises WAC server
AD
AAD
DirSync
SP 2013 SP 2010 SP 2007 Fileshares BCS
Cloud SSA
Content processing SPO
Search IndexItem queue
Parsed content
ACL mapping
1
2
34
5
6 7
Logical architecture: crawling
Corporate network
Office 365
Crawling and parsing
Directory Synchronization
• Security principals can be managed on-premises and synched to the cloud by using the DirSync tool.
• The object in the cloud (AAD) directory now mirrors the object in the on-premises (AD) directory.
AD AAD
AccountName
CORP\jaden
SID S-1-5-21-1212121212-1212121212-1212
AccountName
msOnline-OnPremiseSecurityIdentifier
S-1-5-21-1212121212-1212121212-1212
PUID PUID-XXXX-XXXXXXXXXX
Mapping of Access Control ListsAs items are indexed in Office 365, the access control entries are looked up in the cloud directory service.
Allow: S-1-5-21-1212121212-1212121212-1212
Allow: PUID-XXXX-XXXXXXXXXX
• User SIDs are mapped to PUIDs• Group SIDs are mapped to Object IDs• «Everyone» and «Authenticated users» are mapped to «Everyone except
external users»
SP 2013
Cloud SSA
SPOSearch Index
Logical architecture: query
Corporate network
SP 2010
1
2a
Jaden issues a query from Office 365.Her user token contains her online identity and group memberships.
1
Jaden isues a query from a site on-premises. This sends over her on-premises claims to SPOHer user token gets rehydrated with her online claims as she is authenticated against Office 365.
2a
2b
2b
Office 365
SP 2013
Cloud SSA
SPOSearch Index
Logical architecture w/ query federation
Corporate network
SP 2010
1
2a
2b
Office 365
SP 2013 search
3
Paul issues a query from the site with sensitive content.He gets back search results from on-premises and online as separate result sets
3
Reduced on-premises infrastructure cost by hosting most search components in the cloud
The Office 365 team keeps search running and up-to-date for you, 24/7
Brings together on-premises and cloud collaboration like never before with Delve
Smoother search experience, even during migration
Contoso did not have to upgrade their existing deployments to get started with Office 365 hybrid search
Summary
DLP Sensitive Data Search works with hybridSearch for sensitive data across on-premises and SharePoint Online
All Built-in sensitive types
Identification and export
Extends to data in OneDrive
Sensitive Information type detection through KQL searches
Get instant statistics
Preview & export results
Migrate remote users physically distant from On-Premise deployment to Online for better experience
Host certain data in particular locations Online for Compliance or data sovereignty reasons
Advantage of moving to cloud infrastructure ((TCO) where ever possible
SharePoint Hybrid Overview
Two scenarios of hybrid model in an Enterprise
Migration to the CloudMigrate at their own pace to the Cloud with little or no disruption to existing service
Pilot Online Service with a subset of users
Maintaining a hybrid modelContinue to maintain hybrid model providing services on-premises or online based on the organization needs
Continue to use existing customizations on-premise
Easily off-board exchange mailboxes from Cloud to on premises
Identity crisisFederated identityCloud identity
Directory & password synchronization
Single identity in the cloud
Suitable for small organizations with no integration to on-premises directories
Single identity
Suitable for medium and large organizations without federation
Single federated identity and credentials
Suitable for medium and large organizations
SharePoint Hybrid Infrastructure
Search: Bidirectional
Business Connectivity Services: Supported
Duet Enterprise for SharePoint and SAP: Supported
IntranetMicrosoft data center Internet
Microsoft Office 365 tenant
SharePoint Online
Federated search results
Site collection
SharePoint Online can query SharePoint Server
SharePoint Server 2013
SharePoint
Primary web app
Federated search results
SharePoint Server can query SharePoint Online
Outbound
Inbound
Customer network
Perimeter network
TWO-WAY HYBRID SETUP
TWO-WAY SETUP - DETAIL
ENVIRONMENT CONFIGURATION
NON-SharePoint Tasks
Reverse Proxy and Certificate
Auth
Identity Provider
MSOL Tools
Dirsync
UAG
ADFS Servers
SharePoint Servers
Office 365
Dirsync and Tools Servers
MSOL Tools
1. New STS Token Signing Certificate
2. Configure Trust between SP on Premise & ACS
3. Configure Secure Store
4. Configure UPA
5. Try it !
SharePoint 2013 Config
Hybrid Challenges
Regulatory / compliance risks
Photo Courtesy of U.S. Central Command
Downtime threatens key operations and
wastes money
Photo Courtesy of U.S. Central Command
Difficult to integrate content over multiple
technologies
Low bandwidth and high latency slow
worker performance
Image Courtesy of USAF Research Laboratory
Inability to quickly recover from outages
Moving to the Cloud on your terms
Of course, migrations could be faster
It depends…
With hybrid,fail to plan andyou should plan to fail
