share point 2010 in a multi-tenant and hosted environment
TRANSCRIPT
SharePoint 2010 in a Multi-tenant and Hosted environment
John Burkholder
Welcome to SharePoint Saturday – Washington DC
@N8ivWarrior
Welcome to SharePoint Saturday – Washington DC
• Please turn off all electronic devices or set them to vibrate.• If you must take a phone call, please do so in the hall so as not
to disturb others.• Open wireless access will time out after 40 minutes• Feel free to “tweet and blog” during the session• Thanks to our Platinum Sponsors:
Thank you for being a part of the largest SharePoint Saturday ever!
Agenda• Multi-tenant vs. Hosting• SharePoint 2007 vs. SharePoint 2010• Multi-tenant SharePoint 2010• Installation• Upgrades• Hosting• Tools and Options for Hoster’s• Looking forward
Multi-Tenant vs HostingMulti-Tenant vs Hosting• Multi-tenant:
– Isolation of data, functionality, administration, customizations, and operations.
– Multiple customers within the same shared set of resources.
– Corporate, on-premise deployments.
• Hosting:– Same as multi-tenant, plus an integration into
other multi-tenant services to include:• Exchange, OCS, Project, CRM, UMS, firewalls, control
panels, billing systems, and DNS to name a few.
SharePoint 2007 vs 2010• Multi-tenant MOSS 2007 was basically non-
existent.• Multi-tenant WSS 3.0 was available but
templates, and web parts were cross-platform.• URL Namespaces in multi-tenant was limited.• Inbound & Outbound email addresses were
limited.• No data isolation.
Multi-tenant SP 2010
Multi-tenant SP 2010Hosting Environments in SharePoint 2010 Products
Multitenancy
Overview of hosting features and concepts
Multi-tenant hosting farm
Company A
PeopleEnterprise Metadata
Search
Services
Excel Calculation Services
Enterprise Services Farm
PeopleEnterprise Metadata
Services
Business Data Connectivity
Content farm
Search farm
Search
Services
Site subscriptions
Service partitioning
Enterprise hosting environments Shared hosting environments
Services can be configured to share data across all tenants or to partition data for each tenant (that is, data isolation). Each service can be set up differently. Services can be created in partitioned mode by using Windows PowerShell or unpartitioned mode by using Windows PowerShell or Central Administration. They cannot be changed later. To achieve partitioning, both the service and the service connection must be deployed in partitioned mode. The service connection is called a proxy in Windows PowerShell.
Multitenancy refers to the ability to partition data of otherwise shared services or software in order to accommodate multiple tenants. This is in contrast to setting up separate hardware or even running multiple instances of a service. In Microsoft products and technologies, multitenancy of services creates a true hosting environment wherein server farm resources are maximized. Many of the multitenant features are deployed and managed using Windows PowerShell.
Before learning about hosting environments, it is important to understand the services architecture. The following models are prerequisite to this model:
· Services in SharePoint 2010 Products
· Cross-Farm Services in SharePoint 2010 Products
Multitenancy is tied to site subscriptions. A site subscription is a logical group of site collections that can share settings, features, and service data. Site collections for each tenant are brought together with a subscription ID. The subscription ID is used to map features, services, and sites to tenants and also to partition service data according to tenant. The Subscription Settings service keeps track of multitenant services and subscription IDs.
Here's how it works:
· Farm administrators deploy services to the farm, including the Subscription Settings service. Service applications can either be deployed as partitioned (data is isolated for each tenant) or unpartitioned (data is shared across all tenants). Some services do not store tenant data and can be shared across all tenants without being partitioned.
· Farm administrators deploy a Tenant Administration site for each tenant (using Windows PowerShell). The Tenant Administration site is associated with a subscription ID. Administrators deploy additional site collections for each tenant that is tied to the subscription ID.
· All service applications that are connected at the Web application level are available for site collections within the Web application. Administrators choose which services to offer and activate for each tenant. The subscription ID for a tenant is used to map services to the site collections.
· Tenant administrators manage their own site collections using their assigned Tenant Administration site.
· Site collections for multiple site subscriptions can be hosted in a single Web application.
· Multiple site subscriptions can share a content database, or a site subscription can include content across multiple content databases.
· All site collections for a single site subscription must reside on the same farm, but can be spread across Web applications.
Hosting and tenant administrationFarm administrators can host multiple tenants on the same farm and centrally manage the deployment of services and features. Tenant administrators can manage the configuration of administrator-delegated features and control the functionality of their sites.
SharePoint Server 2010 aligns administrative functionality with common hosting roles, as summarized in the following table.
Role Description
Hosting company (Farm administrator)
· Manages the farm-level settings and hardware.
· Controls database configurations.
· Installs all new approved features and solutions.
· Can brand the Tenant Administrator pages.
Hosted company administrator (Tenant administrator)
· Purchases space, features, and bandwidth from hosting company.
· Controls the architecture of customer sites but not the content.
· Configure per-tenant settings.
· Reviews usage statistics.
Hosted company (Site administrator)
· Owns site collections.
· Configure site settings that are exposed by features and services.
· Reviews usage statistics.
Tenant administration is provided through a site template titled "Tenant Administration," which is associated with a subscription ID. This site template is hidden and the site can be created and given to tenant administrators only by a farm administrator. The following figure shows the Tenant Administration home page.
Tenant administrators can manage all site collections for their subscription from one place.
Enterprise hosting farm
http://finance
Application pool
Web application—Finance Web
Application pool
Division 1
http://companyweb
Division 2 Division 3
Web application—Company Web
http://my/personal/<user>
http://my
Web application—My Sites
Application pool
Enterprise Metadata
Secure Store Service
Default group
Enterprise Metadata
Business Data Connectivity
http://hrweb
Application pool
Web application—HRWeb
SearchPeople
I I S Web Site—“SharePoint Web Services”
Access Service
Visio Graphics Service
Excel Calculation Services
Word Services
Word Viewing
PowerPoint
Cross-farm services Single-farm services
Enterprise hosting farm
http://finance
Application pool
Web application—Finance Web
Application pool
Division 1
http://companyweb
Division 2 Division 3
Web application—Company Web
http://my/personal/<user>
http://my
Web application—My Sites
Application pool
Enterprise Metadata
http://hrweb
Application pool
Web application—HRWeb
I I S Web Site—“SharePoint Web Services”
Unpartitioned servicesPartitioned services
Mapping of Web applications to services
Mapping of site collections to the partitioned service
Enterprise Metadata
In this example, all services are offered through the default group.
There are two instances of the Enterprise Metadata service:
· Centrally managed instance— All data is shared and centrally managed.
· Partitioned instance — Data is partitioned based on site subscriptions for individual departments or teams.
This approach allows autonomy for individual departments to manage and consume their own data while at the same time providing a central store for organization-wide terms, keywords, content types, and other data.
The data for all other services is shared across the organization (the services are unpartitioned).
In this example, services are hosted on the same farm as the content. Optionally, the services can be hosted on a dedicated services farm or on different farms. Cross-farm and single-farm services are delineated.
While the service connection is configured at the Web application level, subscription IDs map services for specific site collections.
This illustrations shows how site collections are mapped to the partitioned instance of the Enterprise Metadata service. The dotted lines represent different subscription IDs.
· HRWeb — A single site subscription for all sites beneath the root site collection.
· CompanyWeb — A different site subscription for each division site collection. No site subscription for the top-level site collection.
· MySites — Not mapped to the partitioned instance.
· FinanceWeb — A single site subscription.
Subsites that are created in the Tenant Administration site are included in the tenant subscription.
Partitioned instance
Centrally managed instance
Access Service
Visio Graphics Service
Excel Calculation Services
Word Services
Word Viewing
PowerPointSecure Store Service
Business Data Connectivity
SearchPeople
People Managed Metadata
Business Data Connectivity
Search
Secure Store Service
Access Service
State Service
Visio Graphics Service
Word Services
Usage and Health Data Collection
Services that store tenant data
Services that do not store tenant data
In a multitenant environment, these services should be deployed as partitioned.
In a multitenant environment, these services can be shared without being partitioned.
* Excel Calculation Services does not include the ability to partition.
Client-related services
Most commonly partitioned services
Excel Calculation Services *
Word Viewing
PowerPoint
Project
Word Services
PowerPoint
NotpartitionedPartitioned services
Company B Authenticated sites (collaboration) Anonymous Internet sites (published)
Company E
Team Sites My Sites Published intranet content
Company C Company D Company E
When combining multiple tenants in a single Web application, use a dedicated Web application for all authenticated content and a separate dedicated Web application for all anonymous published-content. This will require two separate subscriptions IDs for tenants with both types of content. This will also simplify licensing.
Do not allow full-trust code to be deployed to sites. Do not allow customizations that affect shared resources, such as the Web.config file.
Use host-named site collections to create multiple root-level site collections (domain-named sites) within a Web application.
In SharePoint 2010 Products, you can use both host-name site collections and managed paths in the same Web application.
In the example above (Authenticated sites), a different host-named site collection is used for each company. Company C includes two different host-named site collections. Beneath each top-level host-named site collection, a managed path is used to create a second tier of top-level site collections for sites such as team sites, my sites, published intranet content, or separate divisional sites (example left).
Use a dedicated Application Pool per customer only if needed to satisfy requirements for isolation.
Use dedicated Web applications for tenants that require customizations that affect resources that are shared across a Web application, such as the Web.config file.
Business Data Connectivity
Word Services
I nfoPath Access Services
Subscription Settings Service
Word Viewing
Services
Excel Calculation Services
Word Services
PowerPoint Word Services
I nfoPath Access Services
Subscription Settings Service
Word Viewing
Company B Authenticated sites Anonymous sitesCompany A
Multi-farm hosting environmentCross-farm services can be hosted on dedicated farms to optimize farm resources for these services.
Company C
Tenant admin site Tenant site collections
Data
Partition B
Partition A
In an enterprise environment, some data is shared across the organization while other data can be partitioned. This example provides a practical implementation in which each team or department can manage their own metadata while sharing all other services.
In a multi-company hosting environment in which tenant data and administration are isolated, the configuration of partitioned and shared services is key. This example provides a practical implementation of partitioned services and also provides recommendations on deploying customer sites.
Mapping of Web applications to servicesIn this example:
· All services are offered through the default group.
· All services that can be partitioned are deployed in partitioned mode. This ensures that usage and diagnostic information reports tenant data correctly.
· Excel Calculation Services is the only service that is not partitioned. I f you choose to partition other services, be aware that some diagnostic information might not report tenant activity correctly.
Deploying customer site collectionsThis example provides the following ways in which customer sites can be deployed to a farm:
· Dedicated application pool and Web application
· Shared application pool and dedicated Web application
· Shared Web application
· Authenticated sites
· Unauthenticated sites
Scaling out a multitenant environmentYou can optimize resources by scaling out with specialized farms. Consider deploying multiple farms to:
· Divide administrative responsibilities.
· Implement different service level agreements for services versus content.
Scale out a hosted environment in the following ways:
· Services farm — The first scale-out action for a hosting environment is to create a dedicated services farm for all services that can be shared across farms.
· Search farm — Search is a resource-intensive service that may warrant a dedicated farm (in addition to a farm to host all other services).
· Tenant content farms — Tenant content farms can be scaled out in a similar way as the services. When a single farm approaches capacity, deploy an additional farm and connect it to the cross-farm services farm(s).
A tenant administration site is deployed as a separate site collection.
Deploying feature setsFeature sets are groups of features that are enabled by farm administrators for tenants to activate and use. The site collection (SPSite) and subsite (SPWeb) features that are exposed to tenants through the tenant administration site depends on which feature set is enabled for the tenant administrator by the farm administrator. The following list describes how feature sets work in a hosting environment:
· Feature sets are applied by using Windows PowerShell.
· Feature sets that correspond to the available licensing options will be available, allowing you to host multiple licensing standards on the same farm.
· You can create custom feature sets.
· By default, site templates that depend on features that are not activated for a tenant are not exposed. For example, the Enterprise Search Center template is not available to tenants that do not have the enterprise search feature. However, if site templates are manually deployed for tenants using Windows PowerShell, the templates will not work without the dependent features.
· Site templates filter non-dependent features that are not activated. For example, if My Sites are not activated for a tenant, the site templates used by the tenant will not show the My Site link.
· I f third-party features are added to a farm, the use of these features with feature sets should be tested to ensure that these do not add additional feature activation dependencies that are not honored within the feature set.
Web Analytics
Note: FAST Search Server 2010 for SharePoint cannot be partitioned.
Not all services need to be partitioned. Services that do not store tenant data, such as PowerPoint, do not need to be partitioned. These services can be shared across multiple tenants without risk of exposing tenant-specific data. However, the recommendation for out-hosting environments is to deploy all services as partitioned to ensure that reporting and diagnostic information is reported correctly.
Company C Company D Company E
I nfoPath
Subscription Settings
Windows PowerShell only. Must deployed if services are deployed in multitenant mode.
Subscription Settings
Subscription Settings
Single-farm services are hosted on each farm that hosts tenant content.
Scale out by adding multiple tenant farms.
Subscription IDs
This document supports a preliminary release of Microsoft® SharePoint® 2010 Products.© 2010 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at [email protected].
Differences MSF & MSS
SharePoint Foundation SharePoint Server Standard
SharePoint Server Enterprise
Access Services**
Business Data Connectivity**
Business Data Connectivity**
Business Data Connectivity**
Excel Calculation Services*
Managed Metadata~ Managed Metadata~
PerformancePoint**
Search** Search**
Secure Store Service** Secure Store Service**
State Service** State Service**
Usage and Health~ Usage and Health~ Usage and Health~
In a Multi-tenant environment -
* Not partitioned** Partitioned at Web Application~ Partitioned at Site Collection
Differences MSF & MSSIn a Multi-tenant environment -
* Not partitioned** Partitioned at Web Application~ Partitioned at Site Collection
SharePoint Foundation SharePoint Server Standard
SharePoint Server Enterprise
User Profile** User Profile**
Visio Graphics Service**
Web Analytics** Web Analytics**
Word Automation**
Subscription Settings Service~
Subscriptions Settings Service~
Subscriptions Settings Service~
Project Server Integration
Hardware & Data• Standard Multi-tenant advantages:
+ Tenant Administration+ Chargeback Capabilities+ Auditing and Reporting+ Better Security Controls+ Move SSL and Load Balancing off the Server
Host Header Collections
• Multiple root-level Site Collections within a Web Application. – Allows for “vanity” domain names.– Allows for “mix” &‟ match” URL namespaces.
• Host Header Site Collections now support Managed Paths – companyA.com, companyB.com.– companyA.com/sites/hr, companyA.com/hr.
SSL / Load Balancer
• SSL Termination Browser Load Balancer (SSL)Load Balancer SharePoint (HTTP).
• Incoming Email is still a masquerade.
Service Application Partitioning• Service Application can be
configured to partition data.― Use the same instance to
server multiple tenants.
• Both the Service Application and Service Application Proxy must be configured.
• Configured via PowerShell.– Partition Mode.
Service Application Partitioning
• CANNOT be changed after deployment.– Do NOT use the Farm Configuration Wizard.– Can’t go from un-partitioned to partitioned.
• Tenant specific Service Applications and Proxy no longer appear in Central Admin.
Service Application Partitioning
Feature Sets
• Groups of Site & Web Application scoped features.
• Enabled by Farm administrators only.• Configured in PowerShell.• Site Templates does not mean installed
features.
Installation
• Prerequisites:– At least 8GB memory (much more for fully utilized
server).– Windows 2008 R2.– SQL Server 2008 R2.
• Install SharePoint from the disk and…
Installation
Installation
• Run the PowerShell Script!Get-SPServiceInstance | where{$_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"} | Start-SPServiceInstance$acc = Get-SPManagedAccount “Specific Account Name” $appPool = New-SPIisWebServiceApplicationPool -Name SettingsServiceAppPool -Account $acc $app = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPool –Name SettingsServiceApp –DatabaseName SettingsServiceDB$proxy = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $app
Installation• Now you can create sites!
$pool = Get-SPIisWebServiceApplicationPool -Identity 'SharePoint Web Services Default'
$meta = New-SPMetadataServiceApplication -HubUri http://website -ApplicationPool $pool -Name 'Tenant Managed Metadata' -DatabaseName O14_TenantMetadataDB -DatabaseServer SP14B -PartitionMode -SyndicationErrorReportEnabled
$proxy = New-SPMetadataServiceApplicationProxy -PartitionMode -ContentTypePushdownEnabled -DefaultKeywordTaxonomy -DefaultSiteCollectionTaxonomy -Name 'Tenant Managed Metadata Proxy' -DefaultProxyGroup -ServiceApplication $meta
Upgrades
• Finally! You can upgrade from WSS 3.0 to SharePoint Foundation & SharePoint Server.
• Able to upgrade MOSS 2007 to Multi-tenant with Database attached.
• Able to add the 2010 look and feel to the newly upgraded sites.
Hosting• Not supported by HMC…nor will it ever be.• Most control panels do not yet support or
integrate with SharePoint 2010.• PowerShell allows for easier control panel
development.• Active Directory integration now allows for
custom incoming e-mail.• Manual provisioning through Tenant
Administration.
Tools and Options
• PowerShell!• Tenant administrator console.
Tools and Options
• Tenant administrator console requires PowerShell to install:– $tasite = new-spsite –url
“http://server/sites/tasite1” –template “tenantadmin#0” –owneralias domain\username. –sitesubscription $sub -AdministrationSiteType tenantadministration.
Looking Forward
• SharePoint not fully ready for hosting integration.
• Most control panels do not yet support or integrate with SharePoint 2010.
• PowerShell allows for easier control panel development.
• Microsoft SharePoint Online expected Sept. 2010…expect multi-tenant changes then.
Session Evaluation• Please complete and turn in
your Session Evaluation Form so we can improve future events.
• Presenter:– John Burkholder
• Session Name:– SharePoint 2010 in a multi-
tenant & hosted environment
Ongoing Activities• Remember to visit the Exhibit Hall
– Play Sponsor Bingo to be eligible for raffle prizes at the closing session!
• Visit the SharePoint Users’ Groups in the Lower Gallery and meet the Booth Babes!
• Talk with other SharePoint professionals in the Upper Gallery for “Ask the Experts”
• Watch a webcast of free Microsoft training in the Gymnasium
Thanks to our Sponsors