HITP10 Getting Cozy with Service ApplicationsTodd Klindt and Shane Young

SharePoint911

Objectives

Learn about SharePoint’s new Service Application architectureUnderstand planning and operational impact of the new architectureNew management tools

Session Outline

Overview of ServicesWhat’s new in SharePoint 2010IT Pro experienceDeveloper StoryExample Topologies

OVERVIEW

What is a Service Application?

Service Application: A configured logical instance of a ServiceProvides data or computing resourcesExposes administrative interfacesUses resources• Service Database• Application Pool

Service Instances: Running physical instance of a service

How is a Service Application used?

Features, such as web parts, on a Web App use Service ApplicationsWeb application Proxy Group SA Proxy Service Application Service Instance• A Service Application Proxy connects a Web App

to a Service app• Associations determined by administrators, can

be changed any time• Connections can be managed individually or in

groups (‘Service Application Proxy Group’)

Browser

Web Front End Server

Application Server

~~~~~~~~~~~~~

~~~~~~~~~~~~~

Service WorkflowFor a typical service

WHAT’S NEW IN SHAREPOINT 2010

Service Application Group

Service Application Connection

Service Application

Service Application Service(s)

Service Application Databases(s) (Not all SASs have databases)

Shared Service Provider

SharePoint

Search

Excel Calc Service

Business Data Catalog

User Profile Service

ContentConfig Workflow

SharePoint Server

Search

Excel Calc Service

Business Data Catalog

User Profiles

ContentConfig Workflow

2010 2007

Windows SharePoint Services

SharePoint Service Applications

SharePoint 2010

Search

Excel Calc Service

Business Data Connection

User Profiles

SharePoint Foundation

ContentConfig Workflow

SharePoint ServerShared Service Provider

Windows SharePoint Services

SharePoint Service Applications

SharePoint 2010

Search

Excel Calc Service

Business Data Connectivity

User Profiles

SharePoint Foundation

ContentConfig Workflow

SharePoint Server

Sandboxed Code Service

Usage & Health Logging

Word Conversion

Service

PowerPoint Broadcast

Service

PerformancePoint

Visio Graphics Service

Access Service

Web Analytics Managed Metadata

3rd party services…

SSP => Service Application

SSPs are replaced with Service Apps• A la carte, ‘unboxed’ services• Integrated administration model• 3rd party extensibility• And much more…

SSP services split out into service applications• User Profiles • Search Service App• Excel Service App• Business Connectivity Service App• And the new services in MOSS SKUs

MOSS 2007 SSPs upgrade into SharePoint Server 2010 Service Applications

What’s New – Framework

Extensible platform• Framework incorporated into SharePoint Foundation• 3rd parties can build and ship services

Lots of new in-box Services:• SharePoint Server has nearly 20 services• Other products like Office Web Apps, Project Server, SQL

‘Gemini’ ship services

What’s New - Administration

Simplified administration model• Managed via Central admin and PowerShell

A la carte consumption• Increased flexibility in deployment

Fault Tolerant Round-robin Load Balancing • Support for hardware load balancing

Flexible, secure cross-farm federation• Trust-based security• Share to anyone and consume from anywhere• WCF-based web services for communication• No direct DB Access

What’s New - Security

Improved security model• Claims based authorization within the farm• Communication via WCF-based web services• Support for SSL/transport security

Application isolation• Each service app uses separate database and

optionally, separate app pool• Support for multiple service applications for a service

with different accounts and databases

Multi-tenancy• Most services are multi-tenant capable• Application-level security for content isolation

MANAGING SERVICE APPLICATIONS

Managing a Service

Services are managed through Central Admin• Services plug their management UI into Service

Management page

Service Admins• Delegated admins with Central Admin access

• Manages one or more Service Applications

• Central Admin UI is trimmed to only the pages that the Service Admin has rights to access

• Some services have their own additional specialized admin roles

Services are also managed through PowerShell

Demo

Service Application Administration

Deployment Farm Config Wizard• Creates all Service Applications with default settings• Bad, bad, bad

Manually• Use the ‘New’ dropdown in the Manage Service Applications

page • Specify custom application pool, database locations etc…• Creates service apps and their proxies

• For most control, use PowerShell• New-SP*ServiceApplication• New-SP*ServiceApplicationProxy• Create each piece individually (e.g. in Service-only farms)• Necessary for Usage and State Service

Administration UI

Manage Service Application page:• Create/Delete Service Apps• Manage Service App ‘metadata’• Connect to remote Service Apps• Publish and Secure Service Apps

Service-specific management UI:• Service App specific settings• Dashboards showing search crawl status, profile import

status etc…

Manage Service Associations page:• Control web app to service app association

Manage Services on Server page:• Start/stop instances on specific servers

Windows PowerShell

All Admin operations are PowerShell enabled.Only Farm admins and Shell Admins can use PowerShellUse PowerShell to:• Create and Delete Service Applications

New-SPStateServiceApplication -Name "State Service Application"

• Share Service Applications

Publish-SPServiceApplication 2cf98d54-78b5-4afb-8edf-25e1d1fbd329

• Start and Stop InstancesStart-SPServiceInstance 0d5206ec-3312-41e8-a141-b20764100537

• Perform Bulk OperationsGet-SPServiceApplication | Get-SPServiceApplicationSecurity | Grant-SPObjectSecurity –Principal “domain\user” –Rights “full control”

Associations

By default, all Service Applications in a farm are associated with all Web Applications• Associations are not direct, but connect through a proxy

The default association can be changed so that Service App Proxy Web App associations are managed on a case-by-case basisUse the ‘manage service associations’ UI in CA to manage associations

Publishing

‘Publishing’ a Service Application makes it available outside the farm‘Published’ Service Applications can be discovered and consumed by remote FarmsAll standard security policies still apply• i.e., Publishing doesn’t set or remove access• Cross-farm trust via certificate exchange

Security

Security is managed per Service ApplicationAdmin Security:• Specifies who has admin rights over a Service App• Used for security trimming• By default, all farm admins included

Access Security• Specifies claims principals that have access to the service• By default, the ‘farm claim’ has access• Some services may define more granular access rights (i.e.

read-only vs. read-write)

SAMPLE TOPOLOGIES

Deployment Scenarios

Single FarmIsolated HostingShared Resource Farm

http://my/personal/<user>

http://my

Application pool

HR

Http://woodgrove/

Application pool

Facilities Purchasing

Team 1

http://team

Team 2 Team 3

Web application—Published Intranet Content Web application—My Sites Web application—Team Sites

Application pool

User ProfileManaged Metadata

SearchSecure Store Service

Access Services

I I S Web Site—“SharePoint Web Services”

Excel Calculation Services

Business Data Connectivity

http://finance

Application pool

Web application—Finance Web

Application pool

Division 1

http://fabrikam

Division 2 Division 3

Web application—Company Web

http://my/personal/<user>

http://my

Web application—My Sites

Application pool

Managed Metadata

Secure Store Service

Default group Custom group

Access Services

Managed Metadata

http://hrweb

Application pool

Web application—HRWeb

Search

Custom group

Excel Calculation Services

Excel Calculation Services

User Profile

I IS Web Site—“SharePoint Web Services”

Business Data Connectivity

Business Data Connectivity

Enterprise services farm

Application pool

User Profile Managed Metadata

HR

http://Fabrikam

Application pool

Facilities Purchasing

Published content farm

Web application—Published Intranet Content

http://my/personal/<user>

http://my

Application pool

Team 1

http://team

Team 2 Team 3

Collaboration farm

Web application—My Sites Web application—Team Sites

Application pool

Access Services

PowerPoint Word Viewing

Visio Graphics Service

Word Automation Services

Usage and Health Data Collection

InfoPath

Search Secure Store Service

Mix of local and remote services

I I S Web Site—“SharePoint Web Services”

I I S Web Site—“SharePoint Web Services”

Excel Services

Default group

Default group

Business Data Connectivity

No Services

Application pool

My Site farm

Default group

No Services

http://my/personal/<user>

http://my

Web application—My Sites

Application pool

http://department

Departmental farm

Web application—Specialized Department Sites

Application pool

PowerPoint Word Viewing

Visio Graphics Service

Usage and Health Data Collection

Managed Metadata

Default group

Deployment of services for a specialized department farm

I I S Web Site—“SharePoint Web Services”

Excel Services

Summary

SharePoint 2010 has a new, flexible, extensible services architecture for middle-tier applicationsAdministrative improvements make managing services easier through PowerShell and UICustomizable, flexible topologies to suit your organizational needs

Thanks

Please fill out your evaluations

And turn yourself around