Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hybrid Search Planning Implementation.

Published byFrancis Barnett Modified over 6 years ago

Similar presentations

Presentation on theme: "Hybrid Search Planning Implementation."— Presentation transcript:

1 Hybrid Search Planning Implementation

2 Overview Implementation of hybrid search could be challenging or delayed if crucial resources are not available, not installed or not compatible with the hybrid search requirement. It’s always advisable to verify the configuration, installations and script execution is a trail environment. Hybrid search involves few critical implementations which should be configured/implemented during initial phase of implementation. During discovery phase, it’s very important to map the following hybrid search requirement with your current SharePoint environment and find the gaps and plan for it in advance. The following are the sections to complete discovery: Hybrid search : Pre-Requisite Office 365 Discovery and Planning SharePoint 2013 Discovery and Planning Identity Management Discovery and Planning

3 Pre-Requisites SharePoint Online SharePoint 2013 Enterprise On-premise
Must have a required subscription of SharePoint online with min build number. Must have a SharePoint 2013 farm with required services running. Active Directory (Windows Server 2003 R2 or later) with DirSync implemented. Users synchronized and licensed in SharePoint online Azure Active Directory. SharePoint Online Office 365 subscriptions with SharePoint Online licenses E1 or E3 license type Minimum Build Number: SharePoint 2013 Enterprise On-premise SSL-secured On-Premise deployment of SharePoint Server 2013 On-premise SharePoint Server license Running with Required Services Identity Management Cloud Identity or Synchronized Identity On-Premise Active Directory & DirSync Reverse Proxy

4 Cloud Discovery and Planning 1 of 2
During the discovery phase, it’s always beneficial to validate the following information. Need of this information will be in setting up hybrid search with multiple parameters. Verify Organization Domain: Office 365 admin credentials and SharePoint 2013 administrator level access Login to SharePoint Online Administration Portal with Office 365 admin credentials Go to Domains > Verify your domain from list of all domains Find out if you have Cloud only identity or Synchronized identity Verify DirSync settings and synched user profiles An organization must have DirSync as a minimum setup running and synchronization users account between SharePoint online and On-premise environment DirSync Status, last run Users and groups > Office 365 users and local AD users Verify minimum build number: Navigate to your site collection at Office 365 domain>/_vti_pvt/service.cnf Find the entry vti_extenderversion:SR and this is the value of build number Verify

5 Cloud Discovery and Planning 2 of 2
Verify Company Information using PowerShell: Run the following PowerShell commands: Login to any web/app server Run “Connect-MSOLService” with admin credentials Run “Get-MSOLCompanyInformation” The following information appears: Company Name and Address Directory Service Synchronization Enabled Last Dir Sync Time Password Synchronization Enabled Secure Channel SSL Certificate location and file name Required to help secure communication channel between SharePoint Online and Reverse Proxy with friendly name, expiry date and password (incase private key associated) Stockholders/Teams Involved: Project Sponsor/decision makers for necessary approvals and decisions Office 365 and SharePoint 2013/2016 administrators, Reverse Proxy Team (F5 or Windows Server Team)

6 On Premise Discovery and Planning
Verify Farm Information: Total Web Front Ends, Application Servers and SQL Servers Services Status The following services must be running in SharePoint 2013 environment: Search Service, User Profile Service, App Management Service Microsoft SharePoint Foundation Subscription Settings Service Verify the following: CU update August 2015 or later Web Application should be Integrated Windows Authentication NTLM Server Version : For password sync min should be 2008 R2 SP1 or later. User properties exist with attributes like “UserPrincipalName” and “ProxyAddress” (Work ) in user profile service settings. Web Application SSL Certificate location and file name with expiry date Tool Installations Install the following tools on WFE or APP Server The Microsoft Online Services Sign-In Assistant The Azure Active Directory Module for Windows PowerShell The SharePoint Online Management Shell

7 Identity Management Planning
Verify Current Farm and Search Topology Current search load, crawling issues Search performance, query latency and search fault tolerance scenarios Check Current Security Certificates Run the following PowerShell Command on any SharePoint 2013 Server: (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate Expected Return: CN=SharePOint Security Token Service, OU= SharePoint, o = Microsoft, C= US Identity Federation The goal of identity federation is to enable resource access across completely unrelated security domains by sharing a limited amount of information, such as security identities and policies. Reverse Proxy Requirement When inbound traffic from SharePoint Online needs to be relayed to the on-premises SharePoint Server 2013 farm. When a federated user goes to a SharePoint Online Search portal that is configured to return hybrid search results, a reverse proxy device intercepts and pre-authenticates the request for on-premises SharePoint Server 2013 content and then relays it to SharePoint Server 2013. Supported Reverse Proxies Reverse proxy Options: Windows Server 2012 R2 with Web Application Proxy Forefront Threat Management Gateway (TMG) 2010 ( Limited Support until 2010) F5 Big IP with “Access Policy Manager” implemented for authentication

8 DirSync Role & Readiness Check
What is DirSync and why it’s important DirSync (Directory Synchronization) is a tool and responsible for provisioning directory objects from an on-premises Active Directory to Azure Active Directory. 64-bit edition of Windows Server 2008 R2 SP1 Standard or Enterprise or higher.  Most of the organization is pre-configured with SharePoint Online and On-premise environment and a DirSync already in-place and working profile synchronization. To make sure a DirSync is in-place, follow these steps: Browse to Office 365 Admin center  On the Microsoft Online Services page, in the Windows Live ID field, provide an account name that has  Global admin rights on your Office 365 subscription On the Home page, click Admin. On the Admin page, select Users, which is under the Management section on the left side. Under status column, you must see status “Synched with Active Directory”, it means the SharePoint 2013 users are synced with SharePoint online Azure AD.

9 Additional Checklist The below mentioned information is equally important while configuring the hybrid federated search. Information may vary based on the SharePoint environment, requirements and configuration required. On-Premise Web Application name and URL Identity Management Type (Cloud Identity, ADFS with SSO or DirSync with Password Sync) STS Certificate PFX file (with password) with start and end date and CER file with start and end date STS Certificate Friendly Name Teams SLAs UPN domain suffix SSL Certificate Location Network Requirements Farm and Server Information Network Ports

10 Design Considerations
MultiTenancy: SharePoint 2013 farm can only attach to a single tenant in SharePoint online. Ex: Check if active directory is not shared with trail tenant. Search Issues: If your SharePoint 2013 search has pre-existing search related issues with search crawl, index or end user search, it is highly recommended to correct it. Service Federation: Services shared across multiple farms or separate Search farm implementation can cause issues. Few SharePoint 2013 services can not be shared across farm in hybrid search implementation. Search Service Latency: Verify your search service latency and consider it to add more load after hybrid search implementation. It is advisable to scale out search infrastructure in such cases.

11 Thank You

Download ppt "Hybrid Search Planning Implementation."

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Physical Topology Logical Topology Authentication Licensing.

Physical Topology Logical Topology Authentication Licensing.
Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.

Hybrid Search with SharePoint 2013 and Office 365 Brendan Griffin.
Identity management integration options for Office 365

Identity management integration options for Office 365
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.

NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.
Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at

Introduction Please answer the survey questions posted at the end of this meeting. Let us know what sessions you want! Josh Topal at
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Module 8 Configuring and Securing SharePoint Services and Service Applications.

Module 8 Configuring and Securing SharePoint Services and Service Applications.
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
Terry Henry IS System Manager, SharePoint SME Micron Technology Inc.

Terry Henry IS System Manager, SharePoint SME Micron Technology Inc.
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium

Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium
New SharePoint 2016 Features

New SharePoint 2016 Features
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Similar presentations

Ads by Google