規劃 SharePoint Server 的應用程式Plan for apps for SharePoint Server

摘要: 規劃 SharePoint 應用程式,其中包括 應用程式目錄 以及如何監視和授權應用程式。Summary: Plan for apps for SharePoint, including the App Catalog and how to monitor and license apps.

如果想要在您的環境中使用 SharePoint 應用程式,有數個必要條件和其他規劃考量必須牢記在心。本文章涵蓋您在開始使用實際組態之前需要規劃的項目。If you want to use apps for SharePoint in your environment, there are several prerequisites and other planning considerations to keep in mind. This article covers what you need to plan for before you get started with the actual configuration.

必要條件Prerequisites

設定 SharePoint 應用程式 需要下列條件:Configuring apps for SharePoint requires the following:

  • 如果想要監視應用程式,必須設定搜尋。If you want to monitor apps, then Search must be configured.

  • 如果您是使用 SSL 來保護流量,則將需要 SSL 憑證。您必須建立一個萬用字元憑證,供所有應用程式 URL 使用。You'll need SSL Certificates If you are using SSL to help secure traffic. You must create a wildcard certificate to use for all app URLs.

  • 安裝每一個 SharePoint 相關應用程式時,都會在應用程式安裝所在的網站下建立子網站,並使用自己的 URL。亦即,包含許多 SharePoint 相關應用程式的環境中,也會有許多額外的子網站。在規劃伺服器陣列的容量時,請務必將這部分一併考慮。Each app for SharePoint that is installed creates a subweb under the site on which it is installed with its own URL. This means that environments that contain many apps for SharePoint will have many additional subwebs. Be sure to consider this when planning for capacity for your farm.

此外,使用 SharePoint 的應用程式還需要個別的 DNS 網域組態 (下述),以及訂閱設定和應用程式管理服務應用程式。我們會在 SharePoint 相關應用程式組態文章/中討論如何設定個別的應用程式網域和服務應用程式。Additionally, using SharePoint_apps_plural requires a separate DNS domain configuration (discussed below), as well as the Subscription Settings and App Management service applications. We cover how to configure the separate app domain and the service applications in the apps for SharePoint configuration article/

規劃應用程式組態設定Plan app configuration settings

透過 SharePoint 應用程式,應用程式會使用獨特的網域名稱部署到自己的網站,而不會使用伺服器陣列的網域名稱。處理序會在該網域名稱下執行,對 SharePoint 網站沒有影響。差異化網域名稱有助於區隔應用程式。With apps for SharePoint, apps are deployed to their own web site in a special, isolated domain name, instead of in the same domain name as your farm. Processes run under that domain name and do not affect the SharePoint sites. This difference in domain names provides a layer of isolation for the apps.

您必須設定網域名稱服務 (DNS) 網域名稱,為已安裝的應用程式提供一個主機名稱。藉由使用個別的網域名稱,SharePoint 的應用程式會與 SharePoint 網站隔開,以防止使用者資料遭到未經授權的存取,並降低跨網站指令碼攻擊的可能性。You must set up a Domain Name Services (DNS) domain name to provide a host name for the installed apps. By using a separate domain name, apps for SharePoint are separated from SharePoint sites to prevent unauthorized access to user data and to reduce the possibility of cross-site scripting attacks.

您需要 DNS 記錄,以便可以正確地解析網域名稱。您可以為 SharePoint 相關應用程式 URL 建立下列兩種 DNS 記錄類型的其中一種:You need a DNS record so that the domain name can get correctly resolved. You can create one of two of the following types of DNS records for app for SharePoint URLs:

  • 萬用字元標準名稱 (CNAME) 記錄會指向指派給 SharePoint Server 伺服器陣列的主機網域。A wildcard Canonical Name (CNAME) record that points to the host domain assigned to the SharePoint Server farm.

  • 指向 SharePoint Server 伺服器陣列之 IP 位址的萬用字元 A 記錄。A wildcard A record that points to the IP address for the SharePoint Server farm.

選擇從應用程式網域指向 SharePoint Server 伺服器陣列網域所使用的記錄類型。Choose the type of record to use to point from the app domain to the SharePoint Server farm domain.

如何設定應用程式網域的詳細資料會在<設定 SharePoint Server 相關應用程式的環境>中加以討論。The details of how to configure the app domain are covered in Configure an environment for apps for SharePoint Server.

SharePoint 如何使用網域How SharePoint uses the domain

每個 SharePoint 相關應用程式 都有唯一的 URL,是由應用程式網域加上前置詞及 Apphash 組成。格式如下:前置詞-Apphash.網域.com。Apphash 是針對每個 SharePoint 相關應用程式 所任意指派的唯一識別碼。這些 URL 會根據您指定的設定自動產生。無須個別建立或管理這些 URL;只要在 DNS 中設定一個萬用字元項目,即可為所有應用程式提供 URL。Each app for SharePoint has a unique URL, which is made up of the app domain plus a prefix and an Apphash. The format is as follows: prefix-Apphash.domain.com. The Apphash is an arbitrarily-assigned unique identifier for each app for SharePoint. These URLs are generated automatically depending on the settings that you specify. You do not have to create or manage these URLs separately; instead you configure a wildcard entry in DNS to provide the URLs for all apps.

將應用程式安裝至網站時,會建立該網站的子 Web 來主控應用程式內容。在階層中,應用程式的子 Web 是在網站集合之下,但具有單獨唯一的主機標頭,而不是在網站的 URL 之下。下圖顯示網站 URL 和應用程式 URL 之間的關係:When you install an app to a site, a subweb of that site is created to host the app content. The subweb for the app is hierarchically below the site collection, but has an isolated unique host header instead of being under the site's URL. The following diagram shows the relationship between the site's URL and the app's URL:

SharePoint 相關應用程式 URL 的說明Illustration of URL for an app for SharePoint

獨立於 SharePoint 網站 URL 之外的應用程式 URL

在此圖表中,主要 SharePoint 網站是使用者安裝應用程式所在的網站。App1 SharePoint 網站是包含應用程式及其元件之主要網站的子 Web。App1 SharePoint 網站的 URL 是以主要 SharePoint 網站的 URL 為基礎。不過,它是在不同的網域中、其開頭具有前置詞 Apphash,並具有子 Web 名稱結尾處的應用程式名稱。In this diagram, the Main SharePoint Site is the site on which the user installed the app. The App1 SharePoint Site is a subweb of the Main site that contains the app and its components. The URL for the App1 SharePoint site is based on that of the Main SharePoint site. However, it is in a different domain, has a prefix-apphash at the beginning, and has an app name at the end for the subweb name.

決定要使用的網域名稱Determine the domain name to use

選擇用於環境的網域名稱及前置詞時,請考慮下列項目:When you choose the domain name and prefixes to use for your environment, consider the following:

  • 使用唯一的網域名稱,而不是子網域Use a unique domain name, not a subdomain

    基於安全性考量,我們強烈建議您不要使用主控 SharePoint Server 或其他應用程式之根網域名稱的子網域。例如,如果 SharePoint 網站是在 Contoso.com 中,請不要使用 Apps.Contoso.com。請改用唯一名稱,例如 Contoso-Apps.com。這是因為在該主機名稱下執行的其他應用程式可能含有敏感資訊,儲存在可能未受到保護的 Cookie 中。For security reasons, we highly recommend that you not use a subdomain of the root domain name that hosts SharePoint Server or other applications. For example, if the SharePoint sites are at Contoso.com, do not use Apps.Contoso.com. Instead use a unique name such as Contoso-Apps.com. This is because other applications that run under that host name might contain sensitive information that is stored in cookies that might not be protected.

  • 應用程式網域應位於 Internet Explorer 的 [網際網路] 或[限制的網站] 安全性區域The app domain should be in the Internet or Restricted sites security zone in Internet Explorer

    基於安全性因素,建議您在 Internet Explorer 選項中將應用程式網域設定為位於 [網際網路] 或 [限制的網站] 安全性區域,非而 [內部網路] 區域或 [信任的網站] 區域。Internet Explorer 中 [內部網路] 區域或 [信任的網站] 區域的安全性設定,並未在 SharePoint 網站中為應用程式與使用者資料提供足夠程度的隔離。For security reasons, we recommend that you configure the app domain to be in either the Internet or Restricted sites security zone in Internet Explorer options, and not in the Intranet zone or Trusted sites zone. Internet Explorer security settings for the Intranet zone or Trusted sites zone do not provide a sufficient level of isolation of apps from user data in SharePoint sites.

  • 對於多重租賃環境,請針對每位承租人的應用程式使用唯一的前置詞For multi-tenancy environments, use unique prefixes for each tenant's apps

    如果您的環境有多個租用戶 (換句話說,您主控多個用戶端的 SharePoint 網站),則您必須能夠識別您環境中的每個租用戶所使用的 URL。我們建議您設定 URL 前置詞,以指出用戶端的名稱或用戶端的網站名稱。If your environment has multiple tenants (in other words, you host SharePoint sites for multiple clients), you must be able to identify the URLs that each tenant or client in your environment uses. We suggest that you set the URL prefix to indicate the client's name or the client's site's name.

  • 讓前置詞保持簡潔Keep prefixes short and simple

    前置詞必須少於 48 個字元且不得包含特殊字元或虛線。Prefixes must be less than 48 characters and cannot contain special characters or dashes.

最佳作法的建議為,在環境中使用單一 Web 應用程式,該 Web 應用程式採用已指定主機的網站集合 (主機標頭) ,而非使用採用按路徑命名的網站集合之多個 Web 應用程式。若使用多個 Web 應用程式和按路徑命名的網站集合,則可能必須完成其他步驟,才能保證 SharePoint 應用程式的要求會路由傳送至正確的 Web 應用程式。As a best practice, we recommend that you use a single web application that uses host-named site collections (host headers) instead of multiple web applications that use path-named site collections in your environment. When you use multiple web applications and path-named site collections you might have to complete additional configuration steps to guarantee that requests for apps for SharePoint are routed to the correct web application.

規劃 應用程式目錄Plan App Catalog

如果您決定要提供核准的 SharePoint 應用程式,供網站擁有者安裝,則必須設定 應用程式目錄 網站,以包含那些 SharePoint 應用程式。對於每一個您想要在其中主控 SharePoint 應用程式 的 Web 應用程式,您需要一個 應用程式目錄 網站。If you decide to provide approved apps for SharePoint for site owners to install, you must configure an App Catalog site to contain those apps for SharePoint. You need an App Catalog site for each web application where you want to host apps for SharePoint.

請參閱<在 SharePoint Server 中管理應用程式目錄>以開始。See Manage the App Catalog in SharePoint Server to get started.

監視應用程式的計畫Plan to monitor apps

伺服器陣列管理員可監視 SharePoint 應用程式 以追蹤流量資料和結果,以及任何發生的錯誤。伺服器陣列管理員必須在 管理中心 的 [監視應用程式] 頁面加入應用程式,應用程式才會顯示在清單中。[監視應用程式] 頁面上可監視的應用程式上限為 100。Farm administrators can monitor apps for SharePoint to track the usage data and results, and any errors that occur. The Farm administrator must add apps to the Monitor Apps page in Central Administration in order for the apps to appear in the list. The maximum number of apps that can be monitored on the Monitor Apps page is limited to 100.

請參閱<監控 SharePoint Server 的 SharePoint 相關應用程式>以開始。See Monitor apps for SharePoint for SharePoint Server to get started.

應用程式授權的計畫Plan for app licenses

SharePoint Server 不會強制執行應用程式授權。建立應用程式的開發人員必須新增可擷取授權資訊的程式碼,然後再定位使用者。SharePoint Server 提供儲存裝置連同 SharePoint 市集應用程式授權更新的 Web 服務。SharePoint 市集會處理授權的付款、核發正確的授權和提供驗證授權完整性的程序。請注意,授權只適用於透過 SharePoint 市集分散的應用程式。您從其他來源購買的應用程式和內部開發的應用程式必須實作其專屬的授權機制。SharePoint Server 支援下列應用程式授權格式:SharePoint Server does not enforce app licenses. Developers who build apps must add code that retrieves license information and then addresses users. SharePoint Server provides the storage and together with SharePoint Store web services the app license renewal. SharePoint Store handles payments for the licenses, issues the correct licenses, and provides the process to verify license integrity. Note that licensing only works for apps that are distributed through the SharePoint Store. Apps that you purchase from another source and apps that you develop internally must implement their own licensing mechanisms. SharePoint Server supports the following app licenses formats:

授權類型License Type 期間Duration 使用者限制User Limit
免費Free
永久Perpetual
無限制Unlimited
試用Trial
30、60、120 天,或無限制30, 60, 120 Days, or Unlimited
每個使用者數量或無限制Number per user or Unlimited
每個使用者付費Paid per user
永久Perpetual
每個使用者數量Number per user
付費無限制使用者 (網站授權)Paid unlimited users (site license)
永久Perpetual
無限制Unlimited

請參閱<監控及管理 SharePoint Server 中的應用程式授權>以開始。See Monitor and manage app licenses in SharePoint Server to get started.

另請參閱See also

概念Concepts

安裝及管理 SharePoint Server 的應用程式Install and manage apps for SharePoint Server

設定 SharePoint Server 相關應用程式的環境Configure an environment for apps for SharePoint Server