Heirlooms and Hybrids - Governance and Design Practices for Cloud Business Scenarios
Chris McNulty
March 9, 2015
#CollabCon
Share your ideas and feedback on Twitter
$250 Future Shop gift card for most #CollabCon mentions
15 years in SharePoint, 20+ in IT
MVP MCP MCSE MCTS VTSP MSA
Meet Chris McNulty @cmcnulty2000
3 children (Devin,
Nate, Rachel) and
my wife Hayley
Cryptzone: Three Layers Of DefenseAccess Control • Application & Content Security • Content Governance
APPLICATION & CONTENT SECURITY
HiSoftware Security Sheriff ®
HiSoftware Site Sheriff ®
SEP® Secured EmailSEP® Secured Files & FoldersSEP® Secured eUSB
CONTENT GOVERNANCE
Compliance Sheriff ®
CRYPTZONE SOLUTIONS
ACCESS CONTROL
AppGate® Secure Access
Presentation governance In scope
Cloud technologies and
2013 Administration “Core”
Out Of Scope On premises
Deployment deepdives
Rules Demos are cloud based
Move fast, PowerPoint is shared
Questions – time permitting during session
Any time after session – email etc. - @cmcnulty2000
Cloud Models On Premises
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You
man
ag
e
Infrastructure(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Man
ag
ed
by P
rovid
er
You
man
ag
e
Platform(as a Service)
Man
ag
ed
by P
rovid
er
You
man
ag
e
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a Service)
Man
ag
ed
by P
rovid
er
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
CONTROL
CO
ST
-E
FFIC
IEN
CY
SharePoint (On-premises)
• SharePoint
Value Prop:• Full h/w control – size/scale
• Roll-your-own HA/DR/scale
Value Prop:• 100% of API surface area
• Easy migration of existing apps
• Roll-your-own HA/DR/scale
SharePoint (IaaS)• Hosted SharePoint
Value Prop:• Auto HA, Fault-Tolerance
• Friction-free scale
• Self-provisioning, mgmt. @ scale
• SharePoint Service
Office 365 (SaaS)
One way inbound
• SharePoint Online users need a hybrid experience
• Search, DMG/Power BI
One way outbound
• On premises users need hybrid
• Search, Yammer, OneDrive
Two way
• Both need hybrid experience
• Search, Duet, BCS, Yammer, OneDrive
Local search
results onlyPrimary web app
SharePoint Online
InternetMicrosoft data center Intranet
Federated search
results Site collection
Office 365 tenant
SharePoint
SharePoint Online can query SharePoint Server
• Search: One-way inbound
• Business Connectivity Services: Supported
• Duet Enterprise for SharePoint and SAP: Supported
SharePoint Server 2013
SharePoint Server cannot query SharePoint Online
Inbound
On-premises SharePoint Server 2013 Enterprise Search portal: Local search results are available
SharePoint Online search portal: Local and remote search results are available
Perimeter
network
Customer network
Outbound
Reverse proxy
Primary web app
SharePoint Online
InternetMicrosoft data center Intranet
Local search
results only Site collection
Microsoft Office 365 tenant
SharePoint
SharePoint Online cannot query
SharePoint Server
• Search: One-way outbound
• Business Connectivity Services: Not supported
• Duet Enterprise for SharePoint and SAP: Not supported
SharePoint Server 2013
SharePoint Server can query SharePoint Online
Federated search
results
Outbound
Inbound
On-premises SharePoint Server 2013 Enterprise Search portal: Local and remote search results are available
SharePoint Online search portal: Local search results are available
Federated search
resultsPrimary web app
SharePoint Online
InternetMicrosoft data center Intranet
Federated search
results Site collection
Office 365 tenant
SharePoint
SharePoint Online can query SharePoint Server
• Search: Bidirectional
• Business Connectivity Services: Supported
• Duet Enterprise for SharePoint and SAP: Supported
SharePoint Server 2013
SharePoint Server can query SharePoint Online
Inbound
On-premises SharePoint Server 2013 Enterprise Search portal and SharePoint Online search portal: Local and remote
search results are available. If extranet authentication services are configured, extranet users can log in remotely through
an on-premises Active Directory account and use all available hybrid functionality.
Perimeter
network
Customer network
Outbound
Option Summary
AD Sync User accts on premises copied to
cloud and passwords synced
DirSync, WAADC, Azure AD
Connect
Option Summary
AD Sync User accts on premises copied to
cloud and passwords synced
DirSync, WAADC, Azure AD
Connect
AD Federation “manual”, Azure AD Connect,
ADFS 2.0, certificates
Option Summary
AD Sync User accts on premises copied to
cloud and passwords synced
DirSync, WAADC, Azure AD
Connect
AD Federation “manual”, Azure AD Connect,
ADFS 2.0, certificates
Migration Migrate users to cloud and
remove on premises
Third party
Option Summary
AD Sync User accts on premises copied to
cloud and passwords synced
DirSync, WAADC, Azure AD
Connect
AD Federation “manual”, Azure AD Connect,
ADFS 2.0, certificates
Migration Migrate users to cloud and
remove on premises
Third party
Cloud only Users defined and live in Azure
AD only
Office 365
http://www.microsoft.com/en-us/download/details.aspx?id=39717
Power BI Data
Management
Gateway
SQL
Oracle
Excel table with connection string
Power BI / Power
Pivot
Cloud
•SQL Azure
•OData
•Azure Marketplace
On premises
•SQL, SSAS, Oracle, Teradata Sybase,
Informix, DB2, ODBC, SSAS, SSRS
Power BI Dashboards
(Preview)
Excel
Power BI Designer (import snapshot
SSAS
GitHub
Marketo
Dynamics CRM
Salesforce
Sendgrid
Intranet
Active Directory
Project Site
Collection
Project
Server
Intranet Site
Collection (s)
SharePoint
2013
Power Pivot
& SSRS
SQL
Office 365
Azure AD
YammerProject Site
CollectionsOneDrive
Intranet
Active
Directory
Intranet Site
Collection (s)
SharePoint 2013
Office 365
Azure AD
SharePointProject
Online
Project Site Collections
PowerBI
OData feed to
/PWA/_api/Projectdata
OneDrive
Intranet
Active Directory
Intranet Site
Collection (s)
SharePoint 2013
Office 365
Azure AD
Private team sites
Public facing
documents and
files
Yammer groups
and communities
Internet facing
support system
ZenDesk,
ServiceCloud,
custom Azure
SFDC Chatter a
possible alternative
to Yammer
Intranet
Active Directory
SharePoint 2013
SSRS, Performance Point,
Power Pivot
SQL 2014
Data Management Gateway
Office 365
Azure AD
Power BI
Cloud Service
Virtual Network
Windows Azure On Premises
Active Directory
Site developers and authors
VPN TunnelInternet Zone
Anonymous
Extranet Zone Default Zone
WindowsWindows
SAML
FBA
Partners and Customers
Visitors
Cloud Service
Virtual Network
Windows Azure
SQL DR1(A6)
SP DR1(Large)
AD1(X-Small)
SQL DR2(A6)
SP DR2(Large)
SP DR4(Large)
SP DR5(Large)
SP DR3(Large)
Visual Studio Online
Test Agents
Cloud Service
Virtual Network
Windows Azure
SQL DR1(A6)
SP DR1(Large)
AD1(X-Small)
On Premises
SQL DR2(A6)
SP DR2(Large)
SP DR4(Large)
SP DR5(Large)
SP DR3(Large)
VPN Tunnel
SQL Server Log Shipping
Session Evaluations
Go to Evaluations on the home page of www.collabcon.org
It is important to get your feedback
Please fill out evaluations for all the sessions you attend
Following the conference, a random drawing from all completed evaluations will be selected
The winner will receive a $250 Future Shop gift card, valid online or in store
http://www.chrismcnulty.net/blog