Understanding SharePoint 2013 Code Deployment Models - Apps vs. Solutions
Nik Patel
Lead Solutions Architect, Slalom Consulting, Chicago Practice
Session Goals
Session Level - 200
Audience – SharePoint Architects and SharePoint Developers
Simple Goal – Understanding where Apps fits in SharePoint 2013 Development Landscape
2
About Me
Nik Patel • Lead Solutions Architect, Slalom Consulting
• Working with SharePoint 2010 since Summer 2009 TAP
• Master in Computer Science from IIT, Chicago
Contact Info • Email – [email protected]
• Blog – Nik Patel’s SharePoint World -
http://nikspatel.wordpress.com/
• Twitter - @nikxpatel
• LinkedIn - linkedin.com/in/nikspatel
• Slideshare - slideshare.net/patenik2
3
Session Agenda
Why New Code Deployment Model – SharePoint 2013 Apps?
Revisit Farm Solutions and Sandbox Solutions Models
Introducing SharePoint Apps as Code Deployment Model
Quick walkthrough of SharePoint Hosted Apps
In-depth Comparison of Solutions vs. Apps
Prescriptive Guidance of when to use SharePoint Solutions vs. Apps
Questions and Answers
4
SharePoint 2013 Apps – Rumors, Humors, Opinions, and Level Set It’s too early to say how organization will adopt Apps Model
Apps are Crapps
Apps are not magic button
Both solutions and Apps are valid options
Apps supports No Server side code, Lots of Client side scripting
Don’t be confused with Server Side Code with SharePoint Server Side APIs
This is true for SharePoint Hosted Apps but you can have server side code in Cloud hosted Apps
Sandbox Solutions are deprecated
Microsoft’s meaning for deprecated is – Not preferred
Apps are preferred option over Sandbox Solutions
5
Don’t listen to early opinions, Try it by yourself to decide..
What are SharePoint 2013 Apps? Independent, Self-contained, Scenario-based Applications
6
Hmmm.. It’s self-
contained piece of
functionality that extend
the capabilities of a
SharePoint website!!!
Yeah..It’s a widget
or application I can
acquire to perform
my work or run
business regardless
of what technology
it is!!!
It’s an application whose interface is surfaced through
SharePoint but code runs somewhere elsewhere away from Servers or
Browser!!!
Solution Architect Developer Business User
Where can I Find Apps in SharePoint 2013? Independent, Self-contained, Scenario-based Applications
Everything in SharePoint 2013 are Apps including SharePoint Lists & Libraries (Kind of!!)
7
Demo
8
Quick walkthrough of SharePoint Apps
Why SharePoint 2013 Apps? It’s a fundamental shift from the traditional SharePoint customization and deployment model
All about End-Users – Consumerization through Apps Catalogs
Allows end-users to extend their sites without going through IT Channels
All about IT Pro - Stabilize the SharePoint Environment
Keep custom code away from Servers, Improved Outage & Upgrade stories
Orgs with At least 1 version upgrade with highly customized environment would appreciate Apps
All about Developers - Pieces to Packages
Apps trying to focus back on fully packaged and ready to use assembled custom solutions
All about Cross-Platform - Use Existing Skills to extend SharePoint
Rather than reinventing wheels in SharePoint, use existing technologies & skills to build new apps e.g. Bing Apps
9
Apps are here to stay.. Embrace It with Caution..
Understanding SharePoint 2013 Custom Development Landscape Journey from SharePoint 2007 to SharePoint 2013
10
Revisit SharePoint Farm Level Solutions SharePoint’s First Generation Code Execution Model
What are they?
Supports Full Trust Code Model
Supports Full Server Side Object Model and Client Side Object Model APIs
Requires Solutions Run on the Server
Major limitations
Supported in On-Premises only, Not supported in SharePoint Online
No Marketplace
Requires big server touch, customizations deployed on servers
Root cause of most of SharePoint outages – Performance and Stability Concerns
Huge concerns for SharePoint Upgrade strategy
11
Revisit SharePoint Sandbox Solutions SharePoint’s Second Generation Code Execution Model Microsoft’s first attempt to get away from Farm Level Solutions
What are they?
Available in both SharePoint Online & On-Premises
Requires Partial Trust Code Model
Major Benefits over Farm Solutions
Code runs on sandbox, Doesn’t require Access to Server
Can’t harm the SharePoint server, ideal for hosted environments
Major limitations
Just like Farm Solutions, No Marketplace
Severe restrictions and limited SharePoint APIs – No Database, No File System, No Web Services
Scoped only at the Site Collection Level, No Cross-Site Collection Access
Runs only under current user context, Can’t run code with administrative elevated privileges
Runs under complex resource monitoring system - Outage of Application if Resource Quota is exceeded
12
Introducing SharePoint App Model – What are they? SharePoint’s Third Generation Code Execution Model Microsoft’s second attempt to get away from Farm Level Solutions
Major Benefits over Solutions Model
Based on a proven and familiar app model used in Mobile technologies
SharePoint business logic no longer live in SharePoint
Apps custom code executes in the client, cloud or on-premises
Apps can live in Public Marketplace or Private Corporate Marketplace
Apps have efficient end-user lifecycle – Install, Use, Manage, Upgrade, Remove
Apps will have better SharePoint Upgrade story – decoupled from SharePoint
13
Apps Primer - Major Discussion Points Apps Building Blocks - Basics
App Models – What kind of Apps can be developed?
App User Experience
App Shapes – How does App integrated or consumed with SharePoint?
App Scopes – Where does App runs? Can App access data from other sites?
App Branding – How does App looks like when integrated with SharePoint – UX, Navigation, Seamless Experience?
App Interaction with SharePoint
App Integration – How does App access with SharePoint Data?
App Rights – How does App granted rights to consume SharePoint data?
14
App Primer – App Hosting Models Three different approaches
SharePoint Hosted Apps
Apps hosted in SharePoint as isolated App web, SharePoint acts as file store to host Apps components like HTML, CSS, or JavaScript
No Server side code, business logic runs on JavaScript
Provider Hosted Apps
Apps hosted outside of SharePoint in IIS, Windows Azure, or other dedicated self-hosted Infrastructure
Apps can be built using ASP.NET or any other technologies like Java or PHP
Azure Auto Hosted Apps
Supported only in Office 365 at this moment, Azure subscription tied to Office 365
Auto provisions Azure web site and SQL Azure during Apps installation process
Note - Diagram from MSDN
15
App Primer – App Experience via Shapes Three different ways to interact with Apps
• Takes entire browser & UI screen
• Stand-alone business solution e.g.
Office Web Apps, SharePoint Search
Site, My Site etc.
Part App Custom Action App
16
• Action menu on Ribbon or ECB
to trigger App interaction
• Same as SharePoint 2010
• Behave in SharePoint just like
Web Parts e.g. Stocks App,
Weather App, Maps App
• Surfaced in SharePoint as Iframe
Immersive App
App Primer – App Experience (Continued ..) Seamless UI integration is key for successful App implementation
App Scopes
Apps are isolated and can’t communicate directly with each other
Web Scope
Apps resources live in App Web, can be deployed at Site or Site Collection level
Can use or register resources at Site or Site Collection Level
Tenant Scope
Only supported in cloud-hosted
Supports multi-tenancy and interaction with multiple site collections
17
App Branding and UI Integration
App Templates
Default option when creating apps in VS
App page pulls CSS from hosting SharePoint
Chrome Control
Ideal for Cloud hosted Apps
JavaScript based control that allows custom apps to consume the CSS and styling of the parent App Web
Custom Branding
Full control over unique branding, Like SharePoint Search and My Site
App Primer – App Interaction with SharePoint Secure interaction with SharePoint
App Interaction
Apps can communicate with SharePoint using CSOM and REST based APIs
REST/CSOM supports now Taxonomy, Search, Publishing, User Profile, and many more APIs
App Rights
Apps can authenticate into SharePoint using OAuth or STS
SharePoint 2013 has new authentication model to authenticate SharePoint apps
App Permission request read/write/manage/full control maps to SharePoint permission levels read/contribute/design/full control
18
Demo
19
Quick Experience of SharePoint Hosted Apps
Apps vs. Solutions – Decision Time Multi-faceted in-depth comparison
Comparing Apps with Solutions from 6 different perspective
Architectural level
Custom Development Level
Deployment, Packaging, and Maintenance Level
Infrastructure Level
Business Strategy and Direction
Usability Perspective
20
No clear winner.. It depends!!!!..
Apps Model is Not Magic Pill
Apps vs. Solutions – Architecture Decisions
Farm Level
Solution Sandbox Solutions
SharePoint
Hosted Apps Provider
Hosted Apps Azure Hosted Apps
Supported
Environment
On-Premises Only,
No SharePoint
Online (Supported
in Dedicated SPO)
SharePoint Online and
On-Premises SharePoint Online
and On-Premises
SharePoint
Online and On-
Premises SharePoint Online Only
Code Execution
Model Full Trust Partial Trust Isolated Domain Isolated Domain Isolated Domain
Business Logic Runs
Under what Context? Browser or
SharePoint Context Browser or SharePoint
Context Only Browser
Context
Browser or Non-
SharePoint
Hosted Platform
Context
Browser or Non-SharePoint
Hosted Platform Context
Architectural
Complexity -
Requires Additional
Configuration to run
code?
Not Much (Only
Service Application
needs to be
activated)
Not Much (Only
Service Application
needs to be activated)
Yes, Little Bit
(Configure App
Domain)
Yes, Very Much
(Configure both
IIS and App
Domain)
Yes, Very Much (Requires
Windows Azure Skills as
well)
21
Apps vs. Solutions – Architecture Decisions (Continued …)
Farm Level
Solution Sandbox Solutions
SharePoint
Hosted Apps Provider Hosted
Apps Azure Hosted Apps
Code Scope Farm
Site Collection (Can't
cross site collection,
limited APIs within Site
Collection as well)
App Web (only web
or site collection)
App Web (only
web or site
collection) or
Tenant (can cross-
site collection in
same tenant)
App Web (only web or site
collection) or Tenant (can
cross-site collection in
same tenant)
Authentication &
Interaction with
SharePoint APIs
No Authentication
Required, Can run
on User or Admin
context
No Authentication
Required, can run only
in User Context
No Authentication
Required, can run
in App Context
OAuth or STS
Authentication
required
OAuth authentication is
required
Malicious Attack or
harm of SharePoint
environment due to
bad code
Yes (runs in same
process) No (runs in isolated
safe process)
May be (May be
too early to say
how OAuth will
work)
May be (May be
too early to say
how OAuth will
work)
May be (May be too early
to say how OAuth will
work)
22
Apps vs. Solutions – Architecture Decisions (Continued …)
Farm Level
Solution Sandbox Solutions
SharePoint
Hosted Apps Provider Hosted
Apps Azure Hosted Apps
Performance for
SharePoint Data
Access
High - Very efficient,
runs in main
application process
Medium - Runs in
dedicated isolated
Sandbox Process
Medium-Low
(Network & cloud
latency, Requires
CSOM or REST
connection points )
Medium-Low
(Network & cloud
latency, Requires
CSOM or REST
connection points )
Medium-Low (Network &
cloud latency, Requires
CSOM or REST
connection points )
Supports deep
integration with
SharePoint UI and
Look & Feel
Components
Yes Yes Partially (with web
parts and chrome
controls)
Partially (with web
parts and chrome
controls)
Partially (with web parts
and chrome controls)
Supports deep
integration with
SharePoint
Components &
Content (Lists,
Content Types,
fields, page layouts,
pages etc.)
Yes Yes Not Advisable
(CSOM and REST
APIs be limited)
Not Advisable
(CSOM and REST
APIs be limited)
Not Advisable (CSOM and
REST APIs be limited)
23
Apps vs. Solutions – Custom Development Support
Farm Level
Solution Sandbox
Solutions SharePoint Hosted
Apps Provider Hosted
Apps Azure Hosted Apps
Requires code running on
Server Yes Yes No No No
SharePoint Farm level
Administrative API Yes No No No No
Supported APIs - Server
Side Object Model Full
Partial - Subset
of Full Trust API No No No
Supported APIs - Managed
Client Side Object Model Yes Yes No Yes Yes
Supported APIs -
JavaScript Client Side
Object Model & REST APIs Yes Yes Yes Yes Yes
Server Side Code - C# Yes Yes No Yes Yes
24
Apps vs. Solutions – Custom Development Support (Continued…)
Farm Level
Solution Sandbox
Solutions SharePoint Hosted
Apps Provider Hosted
Apps Azure Hosted Apps
Security - Run code with
administrative privileges Yes No
Yes (New App
Rights) Yes (New App
Rights) Yes (New App Rights)
Apart from .NET, any Non-
Microsoft Server Side
technologies Supported (e.g.
Java, PHP, LAMP etc.)
No No N/A Yes Limited (Azure supports
only .NET Framework,
Java, PHP & Node.js)
Allows you to take benefits on
latest/future Sever Side
technologies - newer version of
ASP.NET MVC or .NET
No No No Yes Yes
Allows you to take benefits on
latest/future Client Side
technologies - newer version of
ASP.NET MVC or .NET
Yes Yes Yes Yes Yes
25
Apps vs. Solutions – Custom Development Support (Continued…)
Farm Level
Solution Sandbox Solutions
SharePoint
Hosted Apps Provider Hosted
Apps Azure Hosted Apps
Requires Local Farm or
Development Environment
for Developers Yes Yes No No No
Remote deployment and
debugging from Visual
Studio No No Yes Yes Yes
Developer Productivity,
less complex moving
parts High High
Medium (New
Technology)
Medium (New
Technology)
Medium (New Technology)
Custom Timer Jobs or
Farm Integration Yes No No No No
26
Apps vs. Solutions – Deployment, Packaging, and Maintenance
Farm Level Solution Sandbox Solutions SharePoint
Hosted Apps Provider Hosted
Apps Azure Hosted Apps
Requires Server Access
for customizations Yes No No No No
Requires outage of
Application during
deployment
Yes, requires IIS
Reset Partially, During Upgrade
Partially, During
Upgrade Partially, During
Upgrade Partially, During
Upgrade
Upgrade Concerns Yes No No No No
Maintenance Story -
Install/Upgrade/Uninstall Good (Requires
disciplined approach)
OK (Better than farm level
but requires discipline for
large # of Site Collections) Great Great Great
Terminates the Process
in case of failure
Yes (code runs under
same IIS worker
process)
Yes (site collection locks
down if resource quota
exceeded)
No (Only
functionality
outage)
No (Only
functionality outage) No (Only
functionality outage)
IT Pros Concerns High (farm solutions
may cause damage
and server touch)
Medium (can't affect
server resources, depends
on resource quota)
Low (No Server
Side code)
Low (Hosted on
Non-SharePoint
environment)
Low (Hosted on Non-
SharePoint
environment
27
Apps vs. Solutions – Infrastructure
28
Farm Level
Solution Sandbox
Solutions SharePoint Hosted
Apps Provider Hosted Apps Azure Hosted Apps
Additional Hardware,
Software, and Licensing No No
No (hosted in
SharePoint) Yes (App Domain on
dedicated server) Yes (Windows Azure
Subscription)
Additional Capacity
Planning No No
Yes (But stored in the
same site collection
content database)
Yes (Additional data
storage) Yes (Additional data
storage)
Business Continuity -
DR, Backup-Restore
SP Backup &
File System for
Customizations SP Backup Only SP Backup Only
Requires Additional
Consideration Requires Additional
Consideration
Load-balancing &
Redundancy SharePoint
Farm SharePoint
Farm SP Backup Only
Requires Additional
Consideration Requires Additional
Consideration
Additional Subscription
Fees No No No
Yes (only for OAuth for
ACS integration, not for
STS or High-Trusted)
Yes (tied with Office
365 subscription)
Apart from IIS, any Non-
Microsoft Server Side
technologies Supported No No
No (hosted in
SharePoint) Yes (Any stack)
Yes, only Windows
Azure
Apps vs. Solutions – Business Direction
29
Farm Level
Solution Sandbox Solutions
SharePoint
Hosted Apps Provider Hosted
Apps Azure Hosted Apps
Distribution via
Marketplace No No Yes Yes Yes
Supports Business
Strategy - No Custom
Code on SharePoint No No Yes Yes Yes
Supports Business
Strategy - Less
Hardware, Software,
Licensing Budget &
Architecture Complexity
Yes Yes Yes No No
Decoupling business
solutions from
SharePoint No No Yes Yes Yes
Apps vs. Solutions – Usability Perspective
30
Farm Level
Solution Sandbox Solutions
SharePoint
Hosted Apps Provider Hosted
Apps Azure Hosted Apps
Who Installs and
Uninstalls Farm Admin Site Collection Admin
End-Users
(IT still required for
Administration)
End-Users
(IT still required for
Administration)
End-Users
(IT still required for
Administration)
Search Farm/App
Solutions Data Yes Yes
No (Search can’t
crawl App Web)
Yes (requires
additional
consideration)
Yes (requires additional
consideration)
Collaborative Solutions (Side by Side existence
of Applications and
Data)
Yes Yes No No No
Seamless Experience
while browsing Apps
and SharePoint Yes Yes No No No
Prescriptive Guidance of when to use SharePoint Solutions vs. Apps Golden rules when to use which APIs
Use Apps whenever you can – Requires philosophical change architecting SharePoint Applications
Keep in mind - Apps are limited to what CSOM and REST API Supports
Use Apps for decoupling independent business applications (e.g. scenario based applications)
Use SharePoint Hosted Apps for small, reusable standalone applications (e.g. stocks, maps, RSS feeds, social integrators etc.)
Use Provider Hosted Apps for large corporate business applications (e.g. Time sheet system, budget tracking application)
Use Azure Auto Hosted Apps for wide-reach, public market place, scalable solutions
Avoid Apps & Use Farm Level or Sandbox solutions for tight UI and features integration
Use Farm or Sandbox Solutions for SharePoint Deep Integrated Applications (e.g. Collaborative Applications)
Use Apps or Sandbox Solutions to take away code from server & minimize risk to the farm for better upgrade stories in future
Use Farm Level solutions for administrative interfaces to extend SharePoint functionalities
31
Additional Apps Resources
Microsoft
Developer Ignite Training Videos - http://msdn.microsoft.com/en-US/office/apps/fp123626
Build Apps for Office and SharePoint - http://msdn.microsoft.com/en-us/office/apps/fp160950.aspx
3 Parts Series of Inside apps for Office and SharePoint - http://channel9.msdn.com/Series/Inside-apps-for-Office-and-SharePoint
Community
Andrew Connell's Understanding SharePoint 2013 Apps -http://www.andrewconnell.com/blog/archive/2012/07/16/understanding-sharepoint-2013-apps-aka-apps-101.aspx
Ted Pattison's Apps Series - http://blog.tedpattison.net/Lists/Posts/Post.aspx?ID=14
Chris O' Brien's Series - SharePoint apps: working with the app web, and why you should - http://www.sharepointnutsandbolts.com/2012/09/sharepoint-apps-working-with-app-web.html
Analben Mehta’s 30 Articles series for Apps development for SharePoint - http://aanuwizard.wordpress.com/2012/09/16/30-articles-series-for-apps-development-for-sharepoint/
32
33
• Thanks for attending the session!! • Follow SharePoint Fest Chicago
• Twitter - @SharePointFest - https://twitter.com/sharepointfest
• Website - http://www.sharepointfest.com/Chicago/
© 2011 Slalom Corporation. All rights reserved. The information herein is for informational purposes only and represents the current view of Slalom Corporation as of the date of this presentation.
SLALOM MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.