Plan for Global My Sites and User Profiles
[Updated on 2009-10-11 to include link to User Profile Replication Engine]
If you have multiple farms (or simply one farm with two or more SSPs) and you want to set-up User Profiles and My Sites that are shared between SSPs, this post is for you.
Introduction and Sample Scenario
Let me describe a sample scenario with geographically distributed farms. In this scenario, users work in different regions, each of which uses a different SSP. Some users have to collaborate across regions, and must have access to multiple SSPs. This is particularly common if an employee in a global deployment moves between geographic locations.
Suppose that, as usually, users of each farm are configured in the same forest.
If you want to give users the possibility to see other users’ profiles you have to configure in each farm the import of profiles from Active Directory and if you want that users in a region can see profile of users of other regions you have to import all users profiles in each farm.
This works well and in each farm you can see all users details but what happen if you want to give users the possibility to update their details (like skills, blog site and so on)? Let me show you an example: MyLinks. MyUser1 is browsing a site collection located in Farm 1 and adds a shortcut to a page with MyLinks OOB functionality. This link is recorded in a property of the user profile on SSP1. If the same user MyUser1 goes to a different site collection hosted on Farm 2 and looks at the list of his links he cannot find the previous added link on Farm 1. This happens because of Farm 2 is using a different SSP and user profiles are not synchronized between SSPs.
We have a similar behavior with My sites. Each SSP hosts My Sites, so if a user click on MySite link from a site on Farm 1 he is redirected to the MySite hosted on SSP1 but if the same user click on MySite link from a site on Farm 2 he is redirected to a different MySite hosted on SSP2.
Ok, it seems quite bad but… MOSS has My Site Host Locations! If you don’t know what host locations are, you can read the following two paragraphs (from technet).
My Site host locations
As the name says, a My Site host location is the location where My Sites reside. A My Site host location is created automatically when a Shared Services Provider (SSP) is created. The host location is created in its own site collection on the default Web application, and all personal sites are stored in that location. In most scenarios, this is the only My Site host location for the entire deployment of Microsoft Office SharePoint Server 2007. Users can view My Sites if the SSP for the My Site host location imports their user profile information from directory services, and only if they have the Create personal site permission enabled. Individual personal sites are created when individual users click the My Site link on the top link bar of the site.
Managing multiple My Site host locations over multiple SSPs
In some cases, like our scenario, users can be members of two or more sites that use different SSPs and different My Site host locations. In that case, by default, the user can see the My Sites in the host location used for the SSP of the current site. My Sites in other host locations cannot be seen, and the personalization features of those sites cannot be used. This configuration results in an unpredictable My Site experience. Each user's My Site changes depending upon the site, and the My Sites of other users are not reliably available on each site.
To avoid this situation, it is usually a good practice to limit each user to one SSP. However, in our scenario, this is not possible and it is a good idea to think through the reasons for multiple SSPs and then create a predictable experience for My Sites and personalized content.
To enable users to view My Sites and use personal features on multiple host locations, each host location must enable support for global deployments on the My Site Settings page. This makes personalized content on each host location available across SSPs, but only if the host location is trusted by an SSP. Each SSP has a list of trusted My Site host locations links. Each link can be targeted so that only users in selected audiences can view My Sites in a particular host location. Profile information for all targeted users is replicated to each SSP and is available to all sites on the SSP. My Site host locations are used by each SSP in the order of the trusted My Site host locations list. If a user is a member of an audience targeted by one host location link, then that My Site host location is used for that SSP and the later host locations are ignored. This results in one set of personalized content for each user being made available to all targeted users in each SSP.
Configuration and Interface Behavior
Coming back to our sample scenario, to appropriately configure My Site host locations we have to enable on each SSP support for global deployments and define for each SSP the following host locations:
- Host Location 1 (Region 1), targeted to audience “Users of Region 1”
- Host Location 2 (Region 2), targeted to audience “Users of Region 2”
- Host Location 3 (Region 3), targeted to audience “Users of Region 3”
After that the My Site link in each site of each farm will point to the My Site in the SSP where the user belongs. Furthermore, the “Add Link” and “Manage Links” links are targeted to the same (correct) SSP. All other functionalities that show profile information (such as the list of links defined by the user) are instead targeted to the SSP which is related to the current site. This underlines the needs of a profile replication mechanism (described later in this post).
This picture illustrates MOSS behavior for a user belonging to Region 2:
The following picture shows the option to be enabled in My Site Settings page of each SSP
This picture shows the Add new My Sit Host Location form:
Replication of User Profiles
To keep MOSS 2007 profile data across three worldwide regions consistent for People Search and Audiences targeting we need a Geo Replication mechanism.
Each farm hosts only a subset of user’s MySites/Profiles and can be consider as “Master” on this subset of users for the other farms. So the replication engine should replicate user profiles from each Master farm versus other farms.
Microsoft has released the Sharepoint Administration Toolkit which include User Profile Replication Engine, a tool that does replication of user profiles.
The replication mechanism can be represented by this picture:
Comments
Anonymous
February 13, 2009
Great job this is so much better then the technet articale http://technet.microsoft.com/en-us/library/cc263115.aspxAnonymous
December 10, 2009
Thanks for the article - but I do have a couple of questions - in your example of configuring the profile replication you show that the sources all 'push' their profiles to the other SSPs - Is that mandatory, or can the recipient's 'pull' the desired profiles? In my scenario, I'd feel better doing PULL, rather than trusting the admins of the other Farms to push only the proper data. Also, is it required to specify the LOCAL mysite host in the Trusted Mysite Host Locations? your note says each SSP must have all 3 entries, which is a bit confusing because the page where you specify trusted mysite locations specifically says "Use this list to identify trusted my site host locations, serviced by OTHER Shared Service Providers." (my emphasis on 'other') ThanksAnonymous
January 13, 2010
Hi John, I'm not sure I've undestood your first question. The replication engine uses change logs to perform replication in the way I've described. If you are planning to write your own custom replication mechanism, remember that using change logs is a good way to optimize the process. To obtain more granularity you have to implement a more complex subscription infrastructure which synchronize only a subset of profile data. As regarding Mysite host locations, you are right but the local one is needed by the replication tool if I'm not wrong. DarioAnonymous
March 12, 2012
Hi Dario, what if the user updated his personal info on an alien region, for instance region 2, and his "My Site" is in region 1, will his "My Site" in region 1 be sync and updated according to the change in region 2? Thanks.