Multi-tenancy with Service Farm
Service farm provide the following partitioned service applications: SSS, MMS, BCS, Search, UPA
Consuming farm one web application https://hosting.litware.local hosting several host header site collections for tenant
- Steps to create partitioned service applications
- PowerShell with either PartitionMode or Partitioned switch
- Publish service applications
- trust Root authority and STS cert from consuming farm
- grant consuming farm ID full trust to Application Discovery and Load Balancer Service App and related service apps to be published
- publish service applications from UI and get all Uri from the publishing screen
- Permissions
- UPA
setup account full control and administrators full control, consuming farm account and webapp account full control
- Search -
- BCS -
- SSS -
- MMS -
- UPA
- Consuming service applications
trust publishing farm Root authority cert
use powershell New-SPXXXProxy cmdlet with Partitioned or PartitionMode to create proxy, the –Uri is the Uri you got from the publishing screen
note: when connects to remote BCS and SSS you cannot specify partitionmode so you need to fix the proxy afterward using following scripts:
-- SSS
$proxy = Get-SPServiceApplicationProxy fb99edae-1b27-49c2-82bf-60bf6b9e91a
$prop = $proxy.Properties
$type = $prop["Microsoft.Office.Server.Utilities.SPPartitionOptions"].GetType()
$partition = [enum]::Parse( $type, 1 )
$prop["Microsoft.Office.Server.Utilities.SPPartitionOptions"] = $partition
$proxy.Update()-- BCS
$proxy = Get-SPServiceApplicationProxy db0f1f9f-aec4-45c1-a149-47f105278304
$prop = $proxy.Properties
$type = $prop["Microsoft.SharePoint.Utilities.SPPartitionOptions"].GetType()
$partition = [enum]::Parse( $type, 1 )
$prop["Microsoft.SharePoint.Utilities.SPPartitionOptions"] = $partition
$proxy.Update()
- Create a named proxy group to group all partitioned service proxy, then use UI to add those proxies into this named group
- New-SPServiceProxyGroup “Partioned Service Applications”
- associate the named proxy group to web application https://hosting.litware.local
- Turn on multi-tenancy
create Settings Service Application and start the service instance
Get-spserviceinstance | ? {$_.GetType().Name -eq "SPSubscriptionSettingsServiceInstance"} | Start-SPServiceInstance
$acc = Get-SPManagedAccount "LITWARE\sp_service"
$appPool = New-SPServiceApplicationPool -Name "Settings Service App Pool" -Account $acc
$app = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPool –Name "Settings Service App" -DatabaseServer LITSQL1 –DatabaseName Internet_SettingsServiceDB
$proxy = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $appcreate a host header site collection and test if the site collection is working before adding to subscription
- New-SPSite -Url https://aw.local -OwnerAlias "litware\aw1" -HostHeaderWebApplication "https://hosting.litware.local" -Template "STS#0"
- Note: To avoid manually creating IIS host header for host header site collections on the web application, you should not use host header when creating the web application that will be used for the host named site collections. What I did not make it work is to stop default website which is using the port 80, created a web application on port 80 (https://litsp1) and then create host header site collections using https://litsp1 and this works without manually adding host header to the IIS website; I further extended https://litsp1 to https://host2.litware.local to different zone, then I used the https://host2.litware.local to create host header site collection (https://pursca.local) and this works too – I checked the SPSite.WebApplication for https://pursca.local is still pointed to https://litsp1 even I used the https://host2.litware.local in the New-SPSite command to create the second site collection. So the question is how do we make host header site collections load balanced on multiple servers if the SPSite.WebApplication always pointed to the physical box name? (to be researched on this)
- good reading from Kirkk Evans on Host Named Site Collections
create subscription and add the site collection into subscription
- $sub = Get-SPSiteSubscription <Guid>
- $site = Get-SPSite https://aw.local
- $sub.Add($site)
create tenant management site
- New-SPSite -Url https://aw.local/sites/admin -OwnerAlias "litware\aw1" -AdministrationSiteType tenantAdministration -HostHeaderWebApplication "https://hosting.litware.local" -SiteSubscription $sub -Template "tenantadmin#0"
create hostheader managed path for mysite (https://aw.local/my) and a mysite host
- New-SPManagedPath “my” –hostheader –Explicit
- New-SPSite -Url https://aw.local/my -OwnerAlias "litware\aw1" -HostHeaderWebApplication "https://hosting.litware.local" -SiteSubscription $sub -Template "SPSMSITEHOST#0"
- new-spmanagedpath "/my/personal" -hostheader
create search center (if your aw.local is using publishing portal, you will have a subsite named as search so to avoid confusion you might want use /sites/searchcenter for cross site collections search)
- New-SPSite -Url https://aw.local/sites/search -OwnerAlias "litware\aw1" -HostHeaderWebApplication "https://hosting.litware.local" -SiteSubscription $sub -Template "SRCHCEN#0"
Import user profile after adding first tenant
- $sub = Get-SPSiteSubscription <Guid>
- $upaProxy = Get-SPServiceApplicationProxy <Guid>
- Add-SPSiteSubscriptionProfileConfig -id $sub –SynchronizationOU “AdventureWorks” –MySiteHostLocation "https://aw.local/my" -MySiteManagedPath "/my/personal" -SiteNamingConflictResolution "None" -ProfileServiceApplicationProxy $upaProxy
- note: by some reason the sp_farm are imported for each tenant as an user – need to do some investigation
MySite settings (https://aw.local/my/username)
enable self-site creation on https://hosting.litware.local – root site collection must be created before you can enable self-site creation
Search
- Content Search
- People Search
- sps3://aw.local
- sps3://con.local