Office 365 and SharePoint 2013 Hybrid Environments

1. Office 365 and SharePoint 2013 Hybrid Environments Rene Modery Singapore

2. What will we talk about today? • What are Hybrid Environments • Why implement one? • What are the requirements? • How to implement it

3. Who am I? • Rene Modery • German • More than 6 years in Singapore • Expertise: SharePoint • Office 365 MVP • http://modery.net • @modery

4. Hybrid Overview

5. Hybrid Environment SharePoint 2013 Office 365

6. Why do we want/need a hybrid? • Moving to the cloud to • Reduce Costs • Increase Flexibility Temporary Hybrid • Collaboration with Externals • Separation of workloads • Scalable

7. Preparing for a hybrid – Planning and Governance

8. It’s not about the technology! People Processes Governance

9. Partitioning: What goes where User Type Workload Organisation Date

10. When and what to migrate? • Content - Gradual migration • By department • By Location • By Type • Solutions • Identify what can be migrated • Test it in the cloud • Services

11. Who gets access to what? • Permanent access • On-demand access • Projects; temporary workloads • Approval process • Regular verification if still needed

12. How do I know where I am?

13. How do I know where I am?

14. What’s possible - General Requirements - SharePoint Requirements Setting up a Hybrid Environment

15. What is possible? Source: Microsoft, SPC12

16. Not without your own Domain • Needed for • UPN • DNS • Certificates (SSL, STS) • Reverse Proxy • …

17. Active Directory Requirements • Single Forest • You need to able to verify every domain • Users need proper UPN • john@MyAwesomeCompany.local won’t work! • john@MyAwesomeCompany.com.sg is what we need

18. Active Directory Federation Services (ADFS) • Sign-In on local server instead of MSOL • Recommendation: 2 ADFS servers, 2 ADFS proxies

19. DirSync • Synchronise your AD users with Office 365 • Allow your users to log in to Office 365 with the same username • Cannot be installed on a Domain Controller • AD Synchronisation also needs to be activated in Office 365 UI • Doesn’t grant access, still need to add licenses

20. DirSync

21. Other tools • Powershell & Microsoft Online / Office 365 cmdlets • Single-Sign On Assistant

22. Reverse Proxy • Only needed if Office 365 needs to consume on-prem data • Only selected reverse proxy servers supported

23. SharePoint 2013 • Any flavor • Foundation / Standard / Enterprise • Any location • In-house • Hosted • Azure / AWS • …

24. Configure trust with ACS 1/3 • Install Office 365 Sign-on Assistant & PowerShell cmdlets • Replace default STS Certificate • Issued by public Certification Authority (recommended) or self-signed • SP: Set-SPSecurityTokenServiceConfig

25. Configure trust with ACS 2/3 • Upload certificate to Office 365 (PS) • MSOL: New-MsolServicePrincipalCredential • Add host-name of SP server to SP principal object of Office 365 tenancy (PS) • MSOL: Set-MsolServicePrincipal • Register SPO S2S principal object with on-prem SP STS • SP: Register-SPAppPrincipal

26. Configure trust with ACS 3/3 • Set SharePoint authentication realm to context ID of Office 365 tenant • SP:Register-SPAppPrincipal • Configure on-prem ACS proxy and set up trust with ACS • SP:New-SPAzureAccessControlServiceApplicationProxy • SP:New-SPTrustedSecurityTokenIssuer

27. Configure Search Create a Result Source

28. Configure Search Create a Query Rule

29. Configure Search Configure searchresults page(s)

30. demo Hybrid overview & search demo

31. I want my own hybrid environment! • Lots of good content from MS available on • Hybrid in general • One-way setup • Two-way setup • BCS • Whitepapers from Axceler, Quest, …  http://hybridoffice365.com

32. Evaluate! Evaluate this session and all others at http://tinyurl.com/spcsea

33. Connect! Meet speakers here We are here

34. Thank you to our sponsors