Office 365 and SharePoint 2013 Hybrid Environments Rene Modery Singapore 1

What will we talk about today? What are Hybrid Environments Why implement one? What are the requirements? How to implement it 2

3 Who am I? Rene Modery German More than 6 years in Singapore Expertise: SharePoint Office 365 MVP

Hybrid Overview 4

SharePoint 2013Office Hybrid Environment

Why do we want/need a hybrid? Moving to the cloud to Reduce Costs Increase Flexibility Temporary Hybrid 6 Collaboration with Externals Scalable Separation of workloads

Preparing for a hybrid – Planning and Governance 7

PeopleProcesses Governance Its not about the technology! 8

Partitioning: What goes where 9 User Type Organisation Workload Date

When and what to migrate? Content - Gradual migration By department By Location By Type Solutions Identify what can be migrated Test it in the cloud Services 10

Who gets access to what? Permanent access On-demand access Projects; temporary workloads Approval process Regular verification if still needed 11

How do I know where I am? 12

How do I know where I am? 13

Setting up a Hybrid Environment Whats possible - General Requirements - SharePoint Requirements 14

What is possible? ScenarioWorks Out of Box? SharePoint: SearchYes SharePoint: BCSYes SharePoint: Duet OnlineYes SharePoint: other servicesNo Exchange integrationLimited Lync integrationYes 15 Source: Microsoft, SPC12

Not without your own Domain Needed for UPN DNS Certificates (SSL, STS) Reverse Proxy … 16

Active Directory Requirements Single Forest You need to able to verify every domain Users need proper UPN wont work! is what we need 17

Active Directory Federation Services (ADFS) Sign-In on local server instead of MSOL Recommendation: 2 ADFS servers, 2 ADFS proxies 18

DirSync Synchronise your AD users with Office 365 Allow your users to log in to Office 365 with the same username Cannot be installed on a Domain Controller AD Synchronisation also needs to be activated in Office 365 UI Doesnt grant access, still need to add licenses 19

DirSync 20

Other tools Powershell & Microsoft Online / Office 365 cmdlets Single-Sign On Assistant 21

Reverse Proxy Only needed if Office 365 needs to consume on-prem data Only selected reverse proxy servers supported 22

SharePoint 2013 Any flavor Foundation / Standard / Enterprise Any location In-house Hosted Azure / AWS … 23

Configure trust with ACS 1/3 Install Office 365 Sign-on Assistant & PowerShell cmdlets Replace default STS Certificate Issued by public Certification Authority (recommended) or self-signed SP: Set-SPSecurityTokenServiceConfig 24

Configure trust with ACS 2/3 Upload certificate to Office 365 (PS) MSOL: New-MsolServicePrincipalCredential Add host-name of SP server to SP principal object of Office 365 tenancy (PS) MSOL: Set-MsolServicePrincipal Register SPO S2S principal object with on- prem SP STS SP: Register-SPAppPrincipal 25

Configure trust with ACS 3/3 Set SharePoint authentication realm to context ID of Office 365 tenant SP: Register-SPAppPrincipal Configure on-prem ACS proxy and set up trust with ACS SP: New-SPAzureAccessControlServiceApplicationProxy SP: New-SPTrustedSecurityTokenIssuer 26

Configure Search Create a Result Source 27

Configure Search Create a Query Rule 28

Configure Search Configure search results page(s) 29

demo

I want my own hybrid environment! Lots of good content from MS available on Hybrid in general One-way setup Two-way setup BCS Whitepapers from Axceler, Quest, …… 31

Evaluate! Evaluate this session and all others at 32

Connect! 33 We are here Meet speakers here

Thank you to our sponsors 34