Presentation is loading. Please wait.

Presentation is loading. Please wait.

SharePoint 2016/2013: Plan for SharePoint Services Farm

Published byVincent Robbins Modified over 7 years ago

Similar presentations

Presentation on theme: "SharePoint 2016/2013: Plan for SharePoint Services Farm"— Presentation transcript:

0

1 SharePoint 2016/2013: Plan for SharePoint Services Farm
POC - SharePoint 2016 Search Publishing Consuming Scenario Rishabh Y Mathur

2 Objective POC – Granular details on the publishing consuming services farm scenario. POC Environment Setup Supported scenarios Federated Search Implementation Demo

3 Environment setup 3 SharePoint Farms for this POC (all onprem)
SharePoint 2016 Services Farm – SP2016 SharePoint 2013 Content Farm #1 – SP SharePoint 2013 Content Farm #2 – SP2 Note: the consumer could be a 2010 farm as well. Office 365 tenant (if setting up hybrid)

4 Supported service applications and scenarios
You can publish the following service applications in a SharePoint 2013 farm: Business Data Connectivity Machine Translation Managed Metadata User Profile Search Secure Store If the server farms are located in different domains, the User Profile service application requires both domains to trust one another.

5 Cont’d The User Profile service must reside in the same datacenter as the content it supports — The performance of social features require the User Profile service application to be located in the same datacenter as My Sites, team sites, and community sites. For the Business Data Connectivity service and Secure Store service application administration features to work from the consuming farm, the domain of the publishing farm must trust the domain of the consuming farm. Other cross-farm service applications work without a trust requirement between domains.

6 Big picture view – steps involved
Step 1: Exchange trust certificates between the farms. Step 2: On the publishing farm, publish the service application. Step 3: On the consuming farm, set the permission to the appropriate service applications Step 4: On the consuming farm, connect to the remote service application. Step 5: Add the shared service application to a Web application proxy group on the consuming farm. Step 6: Configure server-to-server authentication between the publishing and consuming farms.

7 Step 1: Exchange trust certificates between farms
2 part Process Exporting and copying certificates Managing trust certificates Step 1.1 : Exporting and copying certificates To export the root certificate from the consuming farm $rootCert = (Get-SPCertificateAuthority).RootCertificate $rootCert.Export("Cert") | Set-Content C:\ConsumingFarmRoot.cer -Encoding byte   

8 Cont’d – Step 1.1 To export the STS certificate from the consuming farm $stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate $stsCert.Export("Cert") | Set-Content C:\ConsumingFarmSTS.cer -Encoding byte To export the root certificate from the publishing farm $rootCert = (Get-SPCertificateAuthority).RootCertificate $rootCert.Export("Cert") | Set-Content C:\PublishingFarmRoot.cer -Encoding byte

9 Step 1.1 - Copy the certificates
Copy the root certificate and the STS certificate from the server in the consuming farm to the server in the publishing farm. Copy the root certificate from the server in the publishing farm to a server in the consuming farm.

10 Step 1.2 : Managing trust certificates
Establishing trust on consuming farm To import the root certificate and create a trusted root authority on the consuming farm $trustCert = Get-PfxCertificate C:\PublishingFarmRoot.cer New-SPTrustedRootAuthority ServicesPublishingFarm -Certificate $trustCert

11 Cont’d Step 1.2 Establishing trust on the publishing farm
To import the root certificate and create a trusted root authority on the publishing farm $trustCert = Get-PfxCertificate "C:\sp certs\ConsumingFarmRoot.cer" New-SPTrustedRootAuthority ServicesConsumingFarmSP -Certificate $trustCert $trustCert = Get-PfxCertificate "C:\sp2 certs\ConsumingFarmRoot.cer" New-SPTrustedRootAuthority ServicesConsumingFarmSP2 -Certificate $trustCert

12 Cont’d Step 1.2 To import the STS certificate and create a trusted service token issuer on the publishing farm $stsCert = Get-PfxCertificate "c:\sp certs\ConsumingFarmSTS.cer" New-SPTrustedServiceTokenIssuer ServicesConsumingFarmSP -Certificate $stsCert    $stsCert = Get-PfxCertificate "c:\sp2 certs\ConsumingFarmSTS.cer" New-SPTrustedServiceTokenIssuer ServicesConsumingFarmSP2 -Certificate $stsCert

13 Step 2: Publish service applications
On the SharePoint Central Administration website, click Application Management, and then click Manage service applications. On the ribbon, click Publish. In the Publish Service Application dialog box: Select the Connection Type that you want from the drop-down list. If you want the service application to be available to remote farms, select the check box for Publish this Service Application to other farms. Copy the Published URL into Notepad

14 Step 3: Set permissions to published service applications
Set permission to the Application Discovery and Load Balancing Service Application and any other service application for a consuming farm Get Farm Id of the consuming farms Get-SPFarm | Select Id

15 Cont’d Step 3 On the SharePoint Central Administration (publishing), click Application Management, and then click Manage service applications. Click the row that contains Application Discovery and Load Balancing Service Application. On the ribbon, click Permissions.

16 Cont’d Step 3 In the Connection Permissions dialog box, do the following: Manually paste the ID of the consuming farm. Click Add. Select the consuming farm ID, and then select the Full Control. Repeat above steps for any published service applications for which you want to enable access from the consuming farm and assign the necessary permission.

17 Step 4: Connect to service applications on remote farms
On a server in the consuming farm, on Central Administration, click Application Management, and then click Manage service applications. On the ribbon, click Connect. On the Connect drop-down menu, click the kind of service application to which you want to connect.

18 Cont’d - Step 4 On the Connect to a Remote Service Application page, paste the appropriate URL from step 2 in the Farm or Service Application address text box, and then click OK. Click the row that contains the name of the service application, and then select the check box to add the service application connection to the farm’s default list of service application connections (that is, the default proxy group). Click OK.

19 Step 5: Add service application connections from a web application
Nothing needs to be done here, just verify that the default proxy connection is associated to the web application.

20 Step 6: Configure server-to-server authentication between publishing and consuming farms
To configure the publishing farm for the common realm name, type the following command at the Windows PowerShell command prompt on a server in the publishing farm: Set-SPAuthenticationRealm -realm <RealmName> Note: RealmName is common to both pub and consuming farm. To configure the Name ID for the SharePoint Security Token Service (STS) on the publishing farm to include the common realm name, type the following commands at the Windows PowerShell command prompt on a server in the publishing farm:

21 Cont’d Step 6 $sts=Get-SPSecurityTokenServiceConfig
$Realm=Get-SpAuthenticationRealm $nameId = Write-Host "Setting STS NameId to $nameId" $sts.NameIdentifier = $nameId $sts.Update() To configure the consuming farm for the common realm name, type the following command at the Windows PowerShell command prompt on a server in the consuming farm: Set-SPAuthenticationRealm -realm <RealmName>

22 Cont’d Step 6 To configure the Name ID for the SharePoint STS on the consuming farm to include the common realm name, type the following commands at the Windows PowerShell command prompt on a server in the consuming farm: $sts=Get-SPSecurityTokenServiceConfig $Realm=Get-SpAuthenticationRealm $nameId = Write-Host "Setting STS NameId to $nameId" $sts.NameIdentifier = $nameId $sts.Update()

23 Cont’d Step 6 To configure the publishing farm for server-to-server authentication with the consuming farm, type the following command at the Windows PowerShell command prompt on a server in the publishing farm: Where: ConsumeHostName is the name and port of any SSL-enabled web application of the consuming farm. ConsumeFriendlyName is a friendly name for the consuming farm. This creates the server-to-server authentication trust with the consuming farm. New-SPTrustedSecurityTokenIssuer -MetadataEndpoint " -Name "<ConsumeFriendlyName>"

24 Cont’d Step 6 To configure the consuming farm for server-to-server authentication with the publishing farm, type the following command at the Windows PowerShell command prompt on a server in the consuming farm: Where: PublishHostName is the name and port of any SSL-enabled web application of the publishing farm. PublishFriendlyName is a friendly name for the publishing farm. This creates the server-to-server authentication trust with the publishing farm. New-SPTrustedSecurityTokenIssuer -MetadataEndpoint " -Name "<PublishFriendlyName>"

25 Recap

26 Resources Share service applications across farms in SharePoint Exchange trust certificates between farms in SharePoint Server Publish service applications Connect to service applications on remote farms Add or remove service application connections from a web application Configure server-to-server authentication between publishing and consuming farms

Download ppt "SharePoint 2016/2013: Plan for SharePoint Services Farm"

Similar presentations

RSDB Installation & Configuration

RSDB Installation & Configuration
©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.

©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.
Office 365 and SharePoint 2013 Hybrid Environments Rene Modery Singapore 1.

Office 365 and SharePoint 2013 Hybrid Environments Rene Modery Singapore 1.
MANAGE CONTENT WITH SHAREPOINT. An integrated Web-based system. An integrated Web-based system. Centrally store, manage and access documents using your.

MANAGE CONTENT WITH SHAREPOINT. An integrated Web-based system. An integrated Web-based system. Centrally store, manage and access documents using your.
Go to ‘Site Actions’ ‘View All Site Content ‘View All Site Content’

Go to ‘Site Actions’ ‘View All Site Content ‘View All Site Content’
Presentation Heading – font Arial

Presentation Heading – font Arial
Microsoft Office 2007 Microsoft Excel Collaboration Feature Using SharePoint and Excel Services.

Microsoft Office 2007 Microsoft Excel Collaboration Feature Using SharePoint and Excel Services.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Implementing and Administering AD FS

Implementing and Administering AD FS
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 of 3 Open Outlook 2007. On the Tools menu, click Account Settings. 1 Enable Outlook Anywhere 2 Click your Microsoft Exchange account, and then click.

1 of 3 Open Outlook On the Tools menu, click Account Settings. 1 Enable Outlook Anywhere 2 Click your Microsoft Exchange account, and then click.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
©2012 Microsoft Corporation. All rights reserved..

©2012 Microsoft Corporation. All rights reserved..
Fraser Technical Solutions, LLC

Fraser Technical Solutions, LLC
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
EPM 2007 Implementation and Upgrade Tips Summary June 18th, 2008 Brendan Giles, PMP, MCP.

EPM 2007 Implementation and Upgrade Tips Summary June 18th, 2008 Brendan Giles, PMP, MCP.
Guide to MCSE 70-290, Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
© 2008 The McGraw-Hill Companies, Inc. All rights reserved. M I C R O S O F T ® Preparing for Electronic Distribution Lesson 14.

© 2008 The McGraw-Hill Companies, Inc. All rights reserved. M I C R O S O F T ® Preparing for Electronic Distribution Lesson 14.

Similar presentations

Ads by Google