Get your head in the cloud: Hybrid for SharePoint Server 2013/Office 365
With the release of SharePoint Server 2013 and the new Office 365, SharePoint is increasingly moving towards an “integrated services” architecture in which on-premises SharePoint Server features can be integrated with SharePoint Online to create what is commonly called a “hybrid” SharePoint environment. In this blog post, we’ll talk a little about what constitutes a hybrid environment, why you might need one, and how to find updated guidance to help you plan, design and configure your own.
What is a “hybrid SharePoint environment” anyway? And why would I need one?
Cloud services such as SharePoint Online in Office 365 can be an attractive alternative to on-premises SharePoint business solutions, but for a variety of reasons, you might need to deploy specific solutions in the cloud while still maintaining your on-premises SharePoint farm. New functionality in SharePoint Server 2013 and SharePoint Online enables you to integrate services like search, Business Connectivity Services, and Duet Enterprise Online across the on-prem/cloud boundary.
In a hybrid SharePoint Server 2013/Office 365 environment, you can configure single sign-on (SSO) to federate your on-premises Active Directory Domain Services (AD DS) domain with your Office 365 Enterprise tenant, just like you could in SharePoint Server 2010. SharePoint Server 2013 also includes native support for OAuth 2.0 to enable server-to-server trust relationships between SharePoint Server and SharePoint Online. A hybrid SharePoint environment uses this server-to-server trust relationship at the service level to deliver cross-boundary functionality and content on behalf of authenticated users.
To understand what this kind of integration looks like at a functional level, here’s an example of how a company might use hybrid SharePoint search.
Company A wants to keep using their existing on-premises SharePoint environment, but also wants to use SharePoint Online to provide a collaboration solution for remote/branch office users and employees of partners or vendors (Company B and Company C). They also want to make it possible for all of their SharePoint Online users to search both SharePoint Online and on-premises SharePoint content to which those users have permissions.
In such a case, Company A can effectively extend their on-premises SharePoint farm by configuring a hybrid solution that integrates on-premises SharePoint Server 2013 and SharePoint Online search services.
This hybrid search solution enables functionality like the following:
- Company A remote and branch office users can use SSO to log in to Company A’s SharePoint Online tenant (https://CompanyA.sharepoint.com) using their AD DS credentials (such as firstname.lastname@example.org). When Company A users search for content, their search results include both content from https://CompanyA.sharepoint.com, and the same on-premises SharePoint content they would see if they were to search only the on-premises SharePoint farm.
- Company B users can log in to the SharePoint Online tenant (https://CompanyA.sharepoint.com) using AD DS credentials provided by Company A. Company B user’s search results include content from both https://CompanyA.sharepoint.com and on-premises SharePoint, restricted to content which they are explicitly authorized to view.
- Company C users are only given accounts in Office 365, so their search results do not include any on-premises SharePoint content.
Updated end-to-end hybrid SharePoint guidance
In late 2012, the SharePoint Server content team released white papers that described the end-to-end configuration of hybrid search for SharePoint Server 2013 and SharePoint Online. The content in these white papers represented the best guidance we could assemble for this very complex configuration process at the time.
Using information gleaned from additional first-hand testing and feedback from subject matter experts and customers alike, we have been working hard to improve our guidance overall. We have greatly expanded the original content with additional details explaining the purpose and implications of each step, conceptual and topology diagrams, better context and validation at the procedure level, and new guidance for testing and troubleshooting. We’ve republished this revised content as a modular series of TechNet topics, and included topics that contain specific guidance for each supported SharePoint Server 2013 hybrid solution.
We start with a topic that describes the overall hybrid solution:
- Overview: Hybrid for SharePoint Server 2013
Based on lessons we learned from our own first-hand experience as well as customer feedback, we chose a modular content structure that breaks down the end-to-end hybrid configuration process into three phases:
- Phase 1: Configure the hybrid environment infrastructure. Phase 1 guides you through the configuration of the basic infrastructure for a hybrid environment. This article prepares you with the information you need to plan your deployment, and helps you to configure your Office 365 tenant and your on-premises AD DS domain, network, and SharePoint Server 2013 environments to support the authentication topology that best suits your business needs.
- Phase 2: Configure the hybrid identity management infrastructure. In Phase 2, you configure the identity management infrastructure, including SSO, directory synchronization and server-to-server trust. This phase helps you to federate your AD DS domain, and to establish the server-to-server trust relationship that enables your environment to support the hybrid solutions in Phase 3.
- Phase 3: Configure a hybrid solution. In Phase 3, you extend the hybrid infrastructure you configured in phases 1 and 2 by configuring a hybrid solution for Search, Business Connectivity Services or Duet Enterprise Online, or any combination. This phase helps you to configure service integration between the supported services in SharePoint Server 2013 and SharePoint Online.
By splitting the content up into modules, we reuse the common building blocks used in every hybrid solution (Phases 1 and 2), and provide separate configuration articles for the specific hybrid solutions that you want in Phase 3.
We’re interested to hear your thoughts about our approach to the content structure, and whether or not it’s more useful than a comprehensive document. We’re also interested to get opinions about where we should focus our content efforts.
Please send feedback to email@example.com.