SharePoint 混合式的硬體及軟體需求Hardware and software requirements for SharePoint hybrid

摘要: 了解針對 SharePoint Server 設定混合式所需的必要條件。Summary: Learn what prerequisites you'll need to configure hybrid for SharePoint Server.

本文說明在 Office 365 企業版 的 SharePoint Server 和 SharePoint Online 之間部署 SharePoint 混合式解決方案所需的必要條件。This article describes the prerequisites that are required to deploy a SharePoint hybrid solution between SharePoint Server and SharePoint Online in Office 365 for enterprises.

硬體及軟體需求Hardware and software requirements

憑證需求Certificate requirements

混合式選擇器在設定混合式工作負載時,會將 SharePoint 伺服器陣列中的預設 STS 憑證用於建立權杖簽署信任。設定混合式工作負載時,建議使用內建的 STS 憑證。不過,如果您打算使用公開簽署的憑證,而不是內建的 STS 憑證,您必須遵循所提供的指引,使用自己的憑證取代內建的憑證。The default STS certificate in the SharePoint farm is used by the hybrid picker to establish the token signing trust when configuring hybrid workloads. Using the inbuilt STS certificate is the recommended approach when configuring hybrid workloads. If however, you intend to use a publicly signed certificate instead of the inbuilt STS one then you must replace the inbuilt certificate with your own following the provided guidance.

如需詳細資訊,請參閱取代 STS 憑證計劃For more information, see Replace the STS certificate.

輸入連線需求Inbound connectivity requirements

下列混合式解決方案需要從 Office 365 到 SharePoint Server 的輸入連線:The following hybrid solutions require inbound connectivity from Office 365 to SharePoint Server:

  • 輸入的混合式搜尋 (顯示 Office 365 中 SharePoint Server 的搜尋結果)Inbound hybrid search (displaying search results from SharePoint Server in Office 365)

  • 混合式 Business Connectivity ServicesHybrid Business Connectivity Services

  • 混合式 Duet Enterprise Online for Microsoft SharePoint and SAPHybrid Duet Enterprise Online for Microsoft SharePoint and SAP

下列各節中的需求適用於這些混合式解決方案。For each of these hybrid solutions, the requirements in the following sections apply.

其他硬體需求Additional hardware requirements

輸入連線需要以下項目:Inbound connectivity requires the following:

  • 反向 proxy 裝置。反向 proxy 裝置會使用 SSL 加密和用戶端憑證驗證的輸入流量提供安全端點。A reverse proxy device. The reverse proxy device provides a secure endpoint for inbound traffic using SSL encryption and client certificate authentication.

  • 網際網路網域 (例如 https://adventureworks.com),以及為該網域建立或編輯 DNS 記錄的權限。An Internet domain (such as https://adventureworks.com) and the permission to create or edit DNS records for that domain.

    注意

    此公用網域必須向網域註冊機構 (例如 GoDaddy.com) 登錄,且必須是與反向 Proxy 裝置外部端點 URL 相關聯的同一網域。This public domain must be registered by using a domain registrar, such as GoDaddy.com, and must be the same domain that the URL of the external endpoint of the reverse proxy device is associated with.

憑證需求Certificate requirements

本節將說明所需憑證,以設定從 Office 365 到 SharePoint Server 的輸入連線。This section describes the certificates you'll need to configure a inbound connectivity from Office 365 to SharePoint Server.

關於安全通道 SSL 憑證About the Secure Channel SSL certificate

此憑證提供反向 Proxy 裝置和 Office 365 之間的驗證和加密。憑證必須是萬用字元或 SAN 憑證,且由公開根憑證授權單位所發行。如需詳細資訊,請參閱<關於安全通道 SSL 憑證>和<取得安全通道 SSL 憑證>。This certificate provides authentication and encryption between the reverse proxy device and Office 365. It must be either a wildcard or a SAN certificate and be issued by a public root certification authority. For more information, see About Secure Channel SSL certificates and Get a Secure Channel SSL certificate.

關於內部部署 SharePoint SSL 憑證About the on-premises SharePoint SSL certificate

若要設定主要 Web 應用程式使用 SSL (也就是在已設定為混合式之內部部署 SharePoint 伺服器陣列上的 Web 應用程式),您必須將 SSL 憑證繫結至主要 Web 應用程式。If you'll configure your primary web application to use SSL (which is the web application on the on-premises SharePoint farm that's configured for hybrid), you'll have to bind an SSL certificate to the primary web application.

若此 Web 應用程式已經存在,且已設定使用 SSL,您就可以準備開始。否則就必須取得或建立憑證,以利上述用途。針對生產環境,此憑證應由公開憑證授權單位 (CA) 所發行。針對測試與開發環境,則可以是自我簽署憑證。If this web application already exists and is configured for SSL, you're ready to go. Otherwise you have to either obtain or create one for this purpose. For production environments, this certificate should be issued by a public certification authority (CA). For test and development environments, it can be a self-signed certificate.

如需詳細資訊,請參閱 <規劃 SSL 憑證For more information, see Plan SSL certificates.

支援的反向 Proxy 裝置Supported reverse proxy devices

下表列出 SharePoint Server 混合式部署目前支援的反向 Proxy 裝置。測試新裝置的支援性時,將會更新此清單。The following table lists the currently supported reverse proxy devices for SharePoint Server hybrid deployments. This list will be updated as new devices are tested for supportability.

支援的反向 Proxy 裝置Supported reverse proxy devices 設定文章Configuration article 其他資訊More information
Windows Server 2012 R2 (含 Web Application Proxy (WA-P))Windows Server 2012 R2 with Web Application Proxy (WA-P)
設定適用於混合式環境的 Web Application ProxyConfigure Web Application Proxy for a hybrid environment
Web Application Proxy (WA-P) 是 Windows Server 2012 R2 中發佈 Web 應用程式的遠端存取服務,而使用者可以從多種裝置與 Web 應用程式進行互動。Web Application Proxy (WA-P) is a Remote Access service in Windows Server 2012 R2 that publishes web applications that users can interact with from many devices.
> [!IMPORTANT]> 若要在混合式 SharePoint Server 環境中使用 Web Application Proxy 作為反向 Proxy 裝置,您還必須在 Windows Server 2012 R2 中部署 AD FS。舊版 Windows 不支援 Web 應用程式 Proxy> [!IMPORTANT]> To use Web Application Proxy as a reverse proxy device in a hybrid SharePoint Server environment, you must also deploy AD FS in Windows Server 2012 R2. Earlier versions of Windows don't support Web Application Proxy
Forefront Threat Management Gateway (TMG) 2010Forefront Threat Management Gateway (TMG) 2010
設定適用於混合式環境的 Forefront TMGConfigure Forefront TMG for a hybrid environment
Forefront TMG 2010 是提供安全反向 Proxy 功能的完整安全 Web 閘道解決方案。Forefront TMG 2010 is a comprehensive, secure, web gateway solution that provides secure reverse proxy functionality.
請注意,不再售出 microsoft Forefront TMG 2010,但會透過 4/14/2020年支援。如需詳細資訊,請參閱 < Forefront TMG 2010 的 Microsoft 支援生命週期資訊Note that Forefront TMG 2010 is no longer sold by Microsoft but will be supported through 4/14/2020. For more information, see Microsoft Support Lifecycle information for Forefront TMG 2010.
F5 BIG-IPF5 BIG-IP
以 BIG-IP 啟用 SharePoint 2013 混合式搜尋Enabling SharePoint 2013 Hybrid Search with the BIG-IP
這是由 F5 網路管理的外部內容。This is external content that's managed by F5 Networks.

一般反向 Proxy 需求General reverse proxy requirements

在混合式 SharePoint Server 案例中,反向 Proxy 必須可以:In a hybrid SharePoint Server scenario, the reverse proxy must be able to:

  • 支援具有萬用字元或 SAN SSL 憑證的用戶端憑證驗證。Support client certificate authentication with a wildcard or SAN SSL certificate.

  • 支援 OAuth 2.0 的透通驗證,包括無限制的 OAuth 承載 Token 交易。Support pass-through authentication for OAuth 2.0, including unlimited OAuth bearer token transactions.

  • 接受 TCP port 443 (HTTPS) 上來路不明的輸入流量。Accept unsolicited inbound traffic on TCP port 443 (HTTPS).

    提示

    外部反向 Proxy 端點上只需要開啟 TCP 443 連接埠,便可支援混合式連線。No ports other than TCP 443 have to be opened on the external reverse proxy endpoint to support hybrid connectivity.

  • 將萬用字元或 SAN SSL 憑證繫結至已發佈端點。Bind a wildcard or SAN SSL certificate to a published endpoint.

  • 將流量轉送至內部部署 SharePoint Server 伺服器陣列或負載平衡器,而不需要重新寫入任何封包標頭。Relay traffic to an on-premises SharePoint Server farm or load balancer without rewriting any packet headers.

如需 SharePoint 混合式拓撲中反向 Proxy 裝置的概觀,請參閱<設定 SharePoint Server 混合式的反向 proxy 裝置>。For an overview of reverse proxy devices in a SharePoint hybrid topology, see Configure a reverse proxy device for SharePoint Server hybrid.