Going to The Cloud(tm) doesn't mean we need to start over. Organisations big and small can leverage Office 365 with their on-premises systems, gaining the agility of a hosted solution that is always up-to-date while adhering to our current policies for compliance and security. If you've ever heard the term "Hybrid SharePoint", but want to understand what it really means and what you can really do with it when it comes to Office 365 and SharePoint Online, this is the session for you. We'll walk through the Hybrid models and the advantages and disadvantages of each.
In this session we'll discuss the various aspects of why an organization may wish to stay in a hybrid solution with both on-premises and cloud hosted solutions that are integrated with one another. Further, migration tips and tricks, planning techniques and processes will be discussed.
2024: Domino Containers - The Next Step. News from the Domino Container commu...
March Sydney Office 365 Meetup - Office 365 and Hybrid Solutions... what works for my organisation?
1. Office 365 and Hybrid Solutions
What works for my organisation?
Scott Hoag
Applied Information Sciences
2.
3. Agenda
3
• What is Hybrid SharePoint?
• Technical Goals
• Business Goals
• Planning Topologies
• Configuration
• Usage
4.
5. What is Hybrid SharePoint?
5
“Productivity services in SharePoint Online
which are securely integrated with on-premises
SharePoint Server 2013 to provide unified
functionality and access to data.”
11. Business Goals
11
• Search Online and on-premises systems simultaneously
• Singe source of truth for identity
• Access on-premises data sources from Online
• Single sign-on is necessary
11
15. 15
Synchronization Landscape
Feature Azure Active Directory
Synchronization Tool
(DirSync)
Azure Active Directory
Synchronization Services
(AAD Sync)
Azure Active Directory
Connect
Forefront Identity
Manager 2010 R2 (FIM)
Connect to single on-
premises AD forest
X X PP X
Connect to multiple on-
premises AD forests
X PP X
Connect to single on-
premises LDAP directory
CS X
Connect to multiple on-
premises LDAP directories
CS X
Connect to on-premises
AD and on-premises LDAP
directories
CS X
Connect to custom
systems (i.e. SQL, Oracle,
MySQL, etc.)
X
Synchronize customer
defined attributes
(directory extensions)
CS
18. One-way outbound requirements
• AD DS (2003 functional level or higher)
• An internet public domain name
• An O365 Enterprise tenant
• An operational SharePoint 2013 Enterprise farm on-premises
• An on-premises ADFS deployment (optional)
• An on-premises DirSync/AAD Sync server
• Replace the default STS certificate on-premises (S2S Trust)
18
19. One-way outbound requirements (more)
• SharePoint 2013 on-premises required services
‐ User Profile Service Application
‐ App Management Service Application
‐ Microsoft SharePoint Foundation Subscription Settings Service
• Web Application with IWA
• SSL for OAuth(optional)
19
21. One-way inbound requirements
• AD DS (Server 2003 or higher)
• An internet public domain name
• An O365 Enterprise tentant
• An operational SharePoint 2013 Enterprise farm on-premises
• An on-premises ADFS deployment (optional)
• An on-premises DirSync/AAD Sync server
• Replace the default STS certificate on-premises (S2S Trust)
21
22. One-way outbound requirements (more)
• SharePoint 2013 on-premises required services
‐ User Profile Service Application
‐ App Management Service Application
‐ Microsoft SharePoint Foundation Subscription Settings Service
• Web Application with IWA
• SSL for Oauth
• Create a target application for your on-premises cert in SPO
• Split DNS
• Deploy the May 2014 CU
22
26. Reverse Proxies
• Supported Devices
‐ Windows Server 2012 R2 with WA-P
‐ Forefront TMG 2010
‐ F5 BIG-IP
‐ Citrix Netscaler
• General Requirements
‐ Support client certificate authentication
‐ Support pass-through authentication for OAuth 2.0
‐ Accept unsolicited inbound traffic on TCP port 433
‐ Relay traffic to on-premises farm without rewriting any packet headers
30. Server-to-Server Authentication
• Create a new STS cert for on-premises (at least 2048 bit encryption)
• Replace the STS cert on all member servers
• Upload the STS cert to SPO
• Add a Service Principal Name (SPN) to Azure AD
• Register the SPO application principal object ID on-premises
• Ensure a common authentication realm between SPO and on-premises
• Configure an on-premises proxy for Azure AD (ACS token issuer)
30
34. Enterprise Metadata
34
• Taxonomies and Folksonomies are not shared*
• Information architecture dictates where content lives
‐ Similar content can (and should) be managed together
‐ Customisations & Dashboards for targeted content should be managed in a
single environment
34
35. OneDrive For Business Redirection
35
• Requires SharePoint 2013 Service Pack 1
• Relies on Audience compilation (UPA)
• Create one-way outbound for Search with query transforms
‐ path:https:// tenant_name -my.sharepoint.com/personal
• Redirect the Sites page
• Consider a Search Vertical
36. Resources
• Hybrid for SharePoint Server
2013
• Configure a Reverse Proxy
Device for SharePoint Server
2013 Hybrid
• Office 365 Hybrid – What you
DO and DO NOT get
• One-Way Outbound Hybrid
Search Step-by-Step and
OneDrive for Business
• Explore SharePoint 2013 Hybrid
• Glossary for Hybrid SharePoint
2013
• SharePoint Hybrid Scripts by
Fabian Williams
• Configure identity management
for a hybrid topology in
SharePoint Server 2013