Fast Learner Module: Hybrid for SharePoint Server 2013 and Office 365

Fast Learner Module: Hybrid for SharePoint Server 2013 and Office 365

Objective: To understand the identity management infrastructure requirements and key scenarios for hybrid in SharePoint Server 2013 and Office 365.

Hybrid for SharePoint Server 2013 and Office 365 overview video [4 mins] (transcript)

After viewing the video, use the following to practice and review: 

  Review questions

See SharePoint 2013: Fast Learner Modules for Claims Authentication for additional Fast Learner Modules for SharePoint 2013.

SharePoint 2013 Hybrid Resources

Review Questions

1. What is the central problem with having two identity providers in a hybrid environment? How does the combination of directory synchronization and identity federation solve this problem?


2. What is the key new feature of SharePoint 2013 that allows for cross-farm, hybrid scenarios?


3. True or False: Hybrid for SharePoint 2010 also supports federated search results, provided you configure a cross-farm service application trust for the Search service application on each farm.


4. Does the BCS hybrid scenario allow on-premises users access to the SharePoint app or external list that is hosted by the SharePoint Online BCS service?


For the answers to these review questions, click here.

Video Transcript

Let’s take a look at hybrid for SharePoint Server 2013 and Office 365.

A hybrid SharePoint environment is composed of a SharePoint Server farm, typically deployed on-premises, and Microsoft Office 365 – SharePoint Online. A user can access either farm from an on-premises location or the Internet.

One challenge that arises from this configuration is identity management, as there are now two identity providers; the on-premises Active Directory Domain Services, or AD DS, and the online Azure AD.

To prevent the maintenance of two sets of user accounts and credentials, you can create a single sign-on, or SSO, experience. With SSO, users always use their AD DS credentials, regardless of whether they are on-premises or on the Internet and accessing either farm. You deploy a Directory Synchronization server, which synchronizes the accounts in AD DS to the accounts in Azure AD, and an identity federation server, such as Active Directory Federation Services 2.0, or AD FS.

Here’s an example of how SSO works.

  1. An on-premises user requests a page in the Office 365 SharePoint farm.
  2. Assuming authentication has not previously been done, the Office 365 SharePoint farm refers the user’s computer to the AD FS server for authentication.
  3. The user’s computer requests authentication from the AD FS server.
  4. Which forwards the credentials to Azure AD, the identity provider for Office 365.
  5. Azure AD sends back verification of authentication to AD FS.
  6. Which then sends the results to the user’s computer.
  7. The user’s computer sends a new request with the authentication verification results to the Office 365 SharePoint farm.
  8. Which sends the requested page to the user’s computer.

It is important to note that SharePoint 2010 also supports SSO with Directory Synchronization and access to the resources on either farm from on-premises or the Internet. However, with SharePoint 2010, there is no integration, such as cross-farm sharing of data or services, between the farms. For example, there are no federated search results, in which the search results from both farms are gathered. Users must navigate to and search each farm separately.

SharePoint 2013 supports the Open Authorization, or, OAuth 2.0, protocol and server-to-server authentication. With OAuth, in addition to federated identities, hybrid for SharePoint 2013 supports the configuration of a server-to-server trust relationship between the two farms. Requests for cross-farm resources are in the form of claims-based security tokens.

With the server-to-server trust relationship in place, the on-premises SharePoint farm can trust security tokens sent from the online SharePoint farm. Similarly, the online farm can trust security tokens sent from the on-premises farm.

Now, let’s examine the key hybrid scenarios for SharePoint 2013.

With federated search, users can obtain search results for resources on both farms. For example, the SharePoint Online user can see the on-premises search results and the online search results. Similarly, the on-premises user can see SharePoint Online search results and on-premises search results.

For Business Connectivity Services, or BCS, a SharePoint app or an external list that is installed on a SharePoint Online site collection can use the SharePoint Online BCS service to connect to the BCS service of an on-premises SharePoint Server 2013 farm, which brokers the connection for both read and write operations to on-premises OData Service endpoints.

With Duet Enterprise Online, either using a SharePoint app that is installed on a SharePoint Online site collection, or by enabling a Duet Enterprise Online feature, SharePoint Online users can perform both read and write operations against an on-premises SAP system.

For additional information about hybrid for SharePoint Server 2013 and Office 365, see aka.ms/sphyb.

For more information about SharePoint, see office.com/sharepoint.


Answers to Review Questions

1. What is the central problem with having two identity providers in a hybrid environment? How does the combination of directory synchronization and identity federation solve this problem?

Answer: With two identity providers, there are now two sets or accounts and their credentials (such as passwords) that must be used and maintained by users. Users can manually synchronize their names and passwords, but must maintain them in two separate account stores, which might have different password length, complexity, and expiration policies.

With directory synchronization, there is now a single account per user, shared by both farms. With identity federation, a single, trusted server brokers the authentication process for both identity providers.

2. What is the key new feature of SharePoint 2013 that allows for cross-farm, hybrid scenarios?

Answer:  The support of the Open Authorization, or, OAuth 2.0, protocol and server-to-server authentication.

3. True or False: Hybrid for SharePoint 2010 also supports federated search results, provided you configure a cross-farm service application trust for the Search service application on each farm.

Answer:  False. Hybrid for SharePoint 2010 does not support federated search. Users must navigate to and search each farm separately.

4. Does the BCS hybrid scenario allow on-premises users access to the SharePoint app or external list that is hosted by the SharePoint Online BCS service?

Answer: No. The BCS hybrid scenario only allows data from the SharePoint Online BCS service to the BCS service of an on-premises SharePoint Server 2013 farm. 



Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (1 items)