SharePoint Hybrids are a compelling model for how SharePoint can work In a variety of new ways. There is more than one type of hybrid, a flavor for everyone in fact. There is the basic hybrid - SharePoint on-premises, on your own infrastructure, and Office 365. Other models also exist, however, for example what if one of your farms already exists in the cloud? What about geo-redundancy if your needs reach across the globe? What about app hybrids - a provider hosted app that works in 365 and on premises? A hybrid method to connect data on every device with one drive for business? Do you know what one way outbound hybrid search is? All of these are models that extend SharePoint from the traditional on premises model and into what can be called a hybrid.
Hybrids are very exciting in the new app ecosystem with Microsoft and in SharePoint 2013. While certainly not necessarily in the realm of the internet of things, it's something to pay attention to as the traditional client / server model evolves. We'll try to distill this information with some practical examples, and focus on key elements of this very broad topic.
5. WHY DOES HYBRID MATTER
User Reasons
Search for content in both SharePoint Server 2013 and SharePoint Online at once
Interact with on-premises business data from SharePoint Online
Access corporate SAP systems from SharePoint Online
Seamlessly access files and data in both SharePoint Server 2013 and SharePoint
Online
Technical Reasons
Standalone Application Farms (HR) – Connect to them
A place for your apps / solutions (think event receivers) and your upgrade lifecycle
Dev Ops (Not ALM / CI – think middleware and hybrids)
Regional storage legal requirements
One code base for on-prem and hybrid!
6. WHAT’S NEW AND WHAT’S NOT
New:
SP1 (365 in on-prem!)
Project Sienna (universal apps), Ibiza
Ondrive
BYO…X
Power BI
Azure apps ?
Not New:
Hybrids: SharePoint 2010 had it: Full Trust Proxies, External Content Types, Custom
Workflow Activities
Skydrive
SPN / Cross Forest Trust / PCNS
Excel
9. HYBRID TYPES
One-way outbound: An outbound authentication topology lets the
on-premises SharePoint Server 2013 farm make authenticated
connections to SharePoint Online.
One-way inbound: An inbound authentication topology lets
SharePoint Online make authenticated connections to the on-
premises SharePoint Server 2013 farm.
Two-way: A two-way authentication topology lets SharePoint Online
make authenticated connections to the on-premises SharePoint
Server 2013 farm and lets the on-premises SharePoint Server 2013
farm make authenticated connections to SharePoint Online
13. SHAREPOINT FARM ON AZURE – ON
PREM, IAAS
1. Register a DNS Server in Windows Azure
2. Define a Virtual Network in Windows Azure
3. Configure Windows Server Active Directory in a Windows Azure VM
4. Configure SQL Server 2012 in a Windows Azure VM
5. Configure SharePoint Server 2013 in a Windows Azure VM aa
17. HIGH TRUST VS LOW TRUST
High-trust apps
High-trust apps run on stand-alone servers on your intranet and use a signing
certificate to digitally sign the access tokens that the app generates. Typically
server to server.
Low-Trust apps
Low trust apps can run anywhere and run on an Oauth code flow to delegate
limited rights to apps to act as users. SharePoint and client application must trust
and communicate with an authentication provider such as azure active directory.
Page 17
18. TYPES OF APPS AND AUTH
Auto-hosted
Auto hosted apps run as a web role in Windows Azure and use the Windows Azure
Access Control Service (ACS) to obtain the access token.
Provider-hosted
Provider-hosted apps run on their own servers on the Internet or your intranet,
are registered with Windows Azure, and use ACS to obtain the access token*.
SharePoint-hosted
SharePoint hosted apps run in an appweb, can have client side code but not server
side code. Developer must use certificates or create their own trust
Page 18
http://msdn.microsoft.com/en-us/library/office/jj687470(v=office.15).aspx
Client accesses an app for SharePoint, and then directs it to a SharePoint site for data
The app redirects to the SharePoint site authorization URL
Once the user is signed in, the SharePoint site displays the consent page so the user can grant the app permissions
The SharePoint site requests a short-lived authorization code from the ACS server
The SharePoint site redirects to the app’s registered redirect URI, passing the authorization code to the app server
The app server uses the authorization code to request an access token from the ACS server. The ACS server validates the request, invalidates the authorization code, and then sends access and refresh tokens to the app server.
The app server can now use the access token to request data from the SharePoint site. The app server can then pass that data to the client