Configuring Hybrid Search with SharePoint 2013 and SharePoint ...

Configuring Hybrid Search with SharePoint 2013 and SharePoint ...

SPC320 Hybrid Search: Configure Outbound Hybrid Search in SharePoint Online with Password Sync Manas Biswas, Senior Support Escalation Engineer, GBS India Neil Hodgkinson, Senior Program Manager, CXP CAT Session Objectives And Takeaways Session Objectives: Cover the common configurations and tools used to setup the Hybrid environment and infrastructure Prepare for conversations with customers and partners on the implementation of hybrid search Evangelize the benefits of hybrid as a stepping stone towards a full cloud migration Key Takeaways Discuss the configuration experience for Outbound Hybrid with Password Sync and understand the critical components in the setup

Agenda SharePoint Hybrid Scenarios Hybrid Components and Configuration Hybrid Deployment Configuring Hybrid Search & Query Rules What is Hybrid? And why ? Hybrid Solution SharePoint Hybrid Scenarios BCS Search Duet for Enterprises Read/write access to external data from

line-of-business (LOB) systems Security trimmed Search results from both Sharepoint Online & On premise Extend the reach of your SAP data into the Microsoft cloud SharePoint Hybrid Scenarios BCS Search Duet for Enterprises

Read/write access to external data from line-of-business (LOB) systems, Web services, databases Security trimmed Search results from both Sharepoint Online & On premises Extend the reach of your SAP data into the Microsoft cloud Hybrid Search One-way outbound topology Microsoft data center

Internet Microsoft Office 365 tenant Customer network Intranet SharePoint Server 2013 Farm Outbound SharePoint Online Local search results only Site collection SharePoint Online cannot query

SharePoint Server SharePoint Inbound Primary web app Hybrid search results SharePoint Server can query SharePoint Online On-premises SharePoint Server 2013 Enterprise Search portal: Local and remote search results are available SharePoint Online search portal: Local search results are available 12 One-way inbound topology Microsoft data center

Internet Microsoft Office 365 tenant Perimeter network Customer network Intranet SharePoint Server 2013 Farm Outbound SharePoint Online Hybrid search

results Site collection SharePoint Inbound SharePoint Online can query SharePoint Server Reverse proxy Primary web app Local search results only SharePoint Server cannot query SharePoint Online

On-premises SharePoint Server 2013 Enterprise Search portal: Local search results are available SharePoint Online search portal: Local and remote search results are available 14 Two-way (bidirectional) topology Microsoft data center Internet Microsoft Office 365 tenant Perimeter network Customer network Intranet

SharePoint Server 2013 Farm Outbound SharePoint Online Hybrid search results Site collection SharePoint Inbound SharePoint Online can query SharePoint Server Reverse proxy Primary web app

Hybrid search results SharePoint Server can query SharePoint Online On-premises SharePoint Server 2013 Enterprise Search portal and SharePoint Online search portal: Local and remote search results are available. 16 User Experience Results from Cloud Results from SharePoint

OnPremise Query Flow On Premise Search Center SharePoint User Profile Service App Query Processing Component Online Index Component Index Component SharePoint On Premises ?

? On Premises Search Center Authenticated User Query Processing Component Index Component Index Component Deployment - Phases Deployment - Phases Infrastructure Setup Directory Synchronisation

S2S Trust & Identity Management Search Service Integration Infrastructure Deployment Microsoft data center Office 365 tenant Internet Perimeter network Customer network Intranet

On Premises Infrastructure Identity Platform Federation Gateway ADFS Proxy ADFS Servers AD Servers User Profile Sync Service DirSync Server

Azure AD Directory Service SharePoint Secure Store Target App SharePoint SharePoin t STS Reverse Proxy ACS Trust Azure AD Tenant Azure AD Proxy

Infrastructure for Outbound Hybrid with Password Sync Intranet Internet Perimeter Microsoft data center Customer network network On Premises Infrastructure Identity Platform Office 365 tenant

Federation Gateway AD Servers User Profile Sync Service DirSync Server with Password Sync Azure AD Directory Service

SharePoint SharePoint SharePoin t STS ACS Trust Azure AD Tenant Azure AD Proxy Core identity scenarios with Office Cloud Identity Federated Identity 365 Directory & Password Synchronization* Windows Azure Active Directory

Windows Azure Active Directory DirSync & Password Sync* Single identity in the cloud Suitable for small organizations with no integration to on-premises directories Windows Azure Active Directory Federation Directory Sync On-Premises Identity On-Premises Identity

Single identity suitable for medium and large organizations without federation* Single federated identity and credentials suitable for medium and large organizations Core identity scenarios with Office Cloud Identity Federated Identity 365 Directory & Password Synchronization* Windows Azure Active Directory

Windows Azure Active Directory DirSync & Password Sync* Single identity in the cloud Suitable for small organizations with no integration to on-premises directories Windows Azure Active Directory Federation Directory Sync On-Premises Identity On-Premises Identity

Single identity suitable for medium and large organizations without federation* Single federated identity and credentials suitable for medium and large organizations Directory Synchronization Directory synchronization between Features on-premises and online Windows Azure Active Directory Identities are created and managed on-premises and synchronized to the cloud

Single identity and credentials but no single Sign-On for on-premises and Office 365 services Directory Synchronizati on AD Cloud Identity Ex: [email protected] On-Premises Identity Ex: Domain\Alice User

Steps to configure Directory Sync Activate Directory Synchronization in your tenant Activate Add Domain Add on-premises domain to O365 tenant TXT or MX records Update DNS records Install & Configure Run the wizard and start the sync Sync

Activate Users In O365 Dashboard User Management validate Users and Groups import Activate Users and grant licenses For detailed configuration see: http Demo Synchronisation of User Account Deployment -Phases Infrastructure Setup S2S Trust & Identity Management Replace SP STS Token Signing Certificate ACS Trust Setup Validate UPA

Search Service Integration Establish Server To Server For Remote Index to work we need to establish an Authentication OAuth Trust with ACS between SharePoint On-Premises and Online. This enables S2S Authentication. 1. Replace the security token signing certificate across all SharePoint 2. 3. 4. 5. 6. 7. servers in on-premises farm Deploy Windows Azure AD powershell with the pre-requisite of Microsoft

Sign-in Assistant Establish trust between on-premises SP Farm and SP Online by replacing certificate Add service principal name for the on-premises domain. (Eg.000000030000-0ff1-ce00-000000000000/*.spc.spocloud.com) Register SP Online application principal as a trusted provider in SP onpremises Set authentication realm for SP Configure a proxy in the on-premise farm for Azure AD Replace SharePoint STS Token Signing Certificate Options: RECOMMENDED: Manager SUPPORTED: Self-signed certificate that you can create in the IIS Certificate issued by a public certificate authority DOES NOT WORK: Domain-issued certificate

Use the Set-SPSecurityTokenServiceConfig with ImportSigningCertificate flag to change the token signing certificate Validate User Profile Service App On the SharePoint on-premises farm validate: UP Service Application is configured and running User Profiles are synced with AD for the same set of users as specified for DirSync Validate user profile attributes are correctly populated, key ones are: User principal name (UPN) Name Identifier (most commonly this is Windows Security Identifier (SID)) Simple Mail Transfer Protocol (SMTP) address Session Initiation Protocol (SIP) address Demo Setup S2S Authentication and ACS Trust

Infrastructure for Outbound Hybrid with Password Sync Intranet Internet Perimeter Microsoft data center Customer network network On Premises Infrastructure Identity Platform Office 365 tenant

Federation Gateway AD Servers User Profile Sync Service DirSync Server with Password Sync Azure AD Directory Service

SharePoint SharePoint SharePoin t STS ACS Trust Azure AD Tenant Azure AD Proxy Deployment -Phases Infrastructure Setup S2S Trust & Identity Management Search Service Integration Configure Result Source Create a Query Rule Validate Search Configuration

Demo Configure Result Source and Query Rule Configure Result Source On Protocol should be chosen Premises as Remote SharePoint SPO URL should be specified as Tenant Root Site URL (https://tenant.sharepoint.c om) For Credentials

information select Default Authentication Create A Query Rule On From Result Source drop-down list, select the specified result source Premises Under Query is performed on these sources, if you select One of these sources, make sure to select the result source you created Query Conditions section, click Remove Condition so that the rule will fire for every query Within Edit Result Block choose This block is always shown above core results Validate your Search

Launch Query Builder from the Configuration Query Rule youve created Click on the Test tab and then Click the Show more link Type some query terms in the {subjectTerms}: edit box Click the Test query button You should see search results from SharePoint Online or a detailed error message See the Results With all components in place you will see Search results form both verticals. Results from Cloud

Results from Cloud Results Results from from SharePoi SharePoint nt OnOn-Premise Premise Questions Related Sessions Monday SharePoint 2013 Hybrid End to End Sam Hassani Tuesday

O365 ID Federation using Windows Azure and Windows Azure AD Spencer Harbar Best Practice for Hybrid Search Deployments Brent Groom and Norm Lambert Configuring Hybrid BCS Services Fabian Williams Wednesday Get up and running with one drive for business Zeralina Murherjee Thursday SharePoint in the Clouds Christian Buckley Hybrid Search Scenarios - recap Outbound Search (most common) Outbound from customers network (SharePoint on premises) to SharePoint Online User that is in the customers network, on corpnet, searches from on premises. There is an outbound request to SPO to return results. Results from both are shown Inbound Search Inbound from SharePoint Online to customers network (SharePoint on premises) User that is not on customers network, but signed into SPO, searches. There is an inbound

request to customers network - SharePoint on prem to return results. Results from both are shown Two-way Search Search is setup both inbound and outbound as described above. Both scenarios are supported in that case whether user is on premises on corpnet, or only signed in to SharePoint Online Guidance: Start small with outbound search first. Then as needed, add inbound search Hybrid Key Components - recap DirSync - synchronizes users and groups from onpremises AD to Azure AD

Azure AD - cloud directory service, which provides the ability to store and manage the organizational identities in the cloud ACS cloud-based federation service which provides and easy way to authenticate users against identity providers and Azure AD OAuth open standard for authorization S2S Authentication OAuth implementation used to enable communication between servers Hybrid Key Components - recap Result Source - used to specify a provider to get search results from Query Rule - search customization feature which allows to read, transform and act on a user-entered

search term Reverse Proxy proxy server which directs incoming requests to the on-premises farm Sponsored by MySPC Evaluate sessions on MySPC using your laptop or mobile device: myspc.sharepointconference.com connect. reimagine. transform. 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recently Viewed Presentations

  • Pre-Practicum: Becoming a Professional

    Pre-Practicum: Becoming a Professional

    Professionalism: More Than Knowledge Professionalism has to do with the way in which one trained in clinical psychology conducts him or herself in using his or her professional skills. ... Competence Informed consent Avoid intrusion of your own issues Confidentiality...
  • Tall tale Tuesday - Plainfield East High School

    Tall tale Tuesday - Plainfield East High School

    A tale of two cities "There was a steaming mist in all the hollows, and it roamed in its forlornness up the hill, like an evil spirit, seeking rest and finding none. A clammy and intensely cold mist, it made...
  • Mae hen wlad fy nhadau yn annwyl i

    Mae hen wlad fy nhadau yn annwyl i

    Dros ryddid collasant eu gwaed. Gwlad, Gwlad, pleidiol wyf i'm gwlad, Tra môr yn fur i'r bur hoff bau, O bydded i'r heniaith barhau. Mae Hen Wlad Fy Nhadau Written by Evan James Presentation by www.communication4all.co.uk Animations available from www.animationfactory.com...
  • OOF-PCI: Physical Cell ID (PCI) Optimization using ONAP

    OOF-PCI: Physical Cell ID (PCI) Optimization using ONAP

    Center's research portfolio spans information theory, radio technology, wireless systems, mobile networks and computing Extensive experimental research infrastructure including ORBIT & GENI testbeds, SDR, SDN, …
  • Poe's Recurring Themes, Symbols, and Motifs

    Poe's Recurring Themes, Symbols, and Motifs

    Poe's Recurring Themes, Symbols, and Motifs Master of the Macabre HORROR Gothic = literature characterized by a gloomy setting, mysterious or violent events, and an atmosphere of degeneration and decay Where's a great place to get ideas?
  • Information Organization and Retrieval

    Information Organization and Retrieval

    Intranet vs internet. Index internal content. Serve internal clients and end-users. Vs web search or desktop search but can incorporate these. As opposed to companies "optimizing" search (SEO) of their organization on the Internet, which is more of an external,...
  • Multiprocessors Interconnection Networks An interconnection network could be

    Multiprocessors Interconnection Networks An interconnection network could be

    This network consists of log p stages, where p is the number of inputs (processing nodes) and also the number of outputs (memory banks). Each stage of the omega network consists of an interconnection pattern that connects p inputs and...
  • 8th Grade DOLS - calhoun.k12.al.us

    8th Grade DOLS - calhoun.k12.al.us

    8th Grade DOLS. DOL #1. ladies and gentlemen. please send me the following coins two wooden nickels one five dollar gold piece and three jefferson nickels. sincerely. ericcameron. DOL #2. us girls havent never tore that paper into peices.