SharePoint Online in a hybrid environment
Update August 23th: The whitepaper "Hybrid SharePoint Environments with Office 365” that is mentioned a few times in this article has been heavily revised. This revisions focus on:
- Broad updates on patterns & practices for hybridization
- Asserts how Business Connectivity Services (BCS) increases reach of hybrid scenarios
- A new segment on leveraging a hybrid reporting environment to provide additional Business Intelligence capabilities in Office 365
- Numerous new, supporting graphics
Please take a peek folks!
-Andre
----
Recently I got into a discussion on how to implement SharePoint Online in a hybrid environment with SharePoint 2010 on-premise. How does this exactly work and how should we implement it?
Hybrid
The hybrid approach is not merging information from two different site collections into one. Or making sure an on-premise document library has the same content as the document library in an online environment. So what does hybrid technically mean then? It basically means we have two separate environments that act and operate completely independent of each other. Even the SharePoint service applications such as the user profile service, managed metadata service, and search cannot be shared between the on-premises farm(s) and SharePoint Online environment. Instead, administrators should choose to either fully deploy a service application in only one location, or configure an instance of the service in each environment. But still there are ways to integrate functionality between the two environments.
The idea is that you first segment the different workloads from SharePoint across the on-premise and online environment. You often see that the commodity services like collaboration on team sites, news sites, projects sites and so on are stored in the Online environment, while the more advanced scenario’s often remain on-premise (think of BI capabilities, Fast Search or advanced custom solutions). So where does the hybrid word come from then? It basically means that we stitch these two environments together using the same look and feel, so that the end users have a complete transparent and rich experience and do not notice the difference between working in the on-premise environment or in the online environment. They can only see the difference by looking at the URL.
Single Sign On
In order to have such a complete transparent and rich experience from an end user perspective, it is important that the end users only need to authenticate once. This can be accomplished by implementing and configuring single sign on. Once this has been set up there is a trust relationship between the on-premise and online environment. This will make sure that if the end users that already authenticated in the on-premise environment (Active Directory), don’t need to re-enter their password in the online environment. So navigating between the on-premise and online environment will be transparent without password prompts. Should you require more information on how this technology exactly works or need more information on how to implement it, please see the following links:
How Single Sign-On Works in Office 365
https://community.office365.com/en-us/w/sso/727.aspx
Prepare for Single Sign on:
https://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652540.aspx
Plan for and deploy Active Directory Federation Services 2.0 for use with single sign-on
https://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652539.aspx
Single sign-on: Roadmap
https://onlinehelp.microsoft.com/en-us/office365-enterprises/hh125004.aspx
Deploying and Configuring ADFS 2.0
https://www.youtube.com/watch?v=fwHIKlAPV0g
Questions about Single Sign On (SSO) with Office 365 for Education
https://blogs.technet.com/b/educloud/archive/2011/09/23/questions-about-single-sign-on-sso-with-office-365-for-education.aspx
Video Screencast: Complete setup details for federated identity access from on-premise AD to Office 365
https://blogs.msdn.com/b/plankytronixx/archive/2011/01/24/video-screencast-complete-setup-details-for-federated-identity-access-from-on-premise-ad-to-office-365.aspx
Branding
So how do we give these two environments the same look and feel (branding), so that the end user doesn’t notice the difference? This is not as simple as it sounds. In order to make the environments look and feel the same, you would need to design and apply the same master pages, use the same icons, images and style sheets. Next to that you need to make sure the global navigation of both environments will integrate seamlessly by linking to each other’s environment.
More detailed information and things to consider when branding a SharePoint Online environment can be found here.
Search
Search is one area which has some integration capabilities. Thought the integration is not ideal, as we can’t share the relevance of the search results between the two environments. But what we can do is to have either two search boxes, one for on-premise content and one for the online content, or use federated search. With federated search you can do one search query, but get two separated results from two difference content sources showing up in two separate result sets. Below is a screenshot of search results from SharePoint and search results from Bing.
Obviously you can customize the search results page and its layout so that it will fit your needs. Bear in mind though, that you can only setup federated search in an on-premise environment and is not available in the Online environment (see also the Microsoft SharePoint Online for Enterprises Service Description). More info about the search integration capabilities can be found in the whitepaper “Hybrid SharePoint Environments with Office 365”.
User profile
A user’s my site and my profile should exist in a single environment only to ensure that there is a single correct and complete source of user data. Although the user profile service cannot be shared between environments, it is possible to link on-premises SharePoint User Profiles to Office 365 and vice versa. So whichever environment a user is currently browsing, if they access their own or another user’s profile, it will redirect to the environment that is hosting the service. More information on how to implement user profiles and my sites in a hybrid environment can be found in the whitepaper “Hybrid SharePoint Environments with Office 365”.
Business Connectivity Services
Since the November update of SharePoint Online, we can connect to Line Of Business (LOB) data stored in either your on-premise environment or in Azure using the Business Connectivity Services (BCS) component. As long as you have your LOB application exposed to the web, you should be able to hookup the data into SharePoint Online. For more information about BCS in SharePoint Online, please see the following resources:
Introduction to Business Connectivity Services in SharePoint Online
https://msdn.microsoft.com/en-us/library/hh412217.aspx
What's New for BCS in SharePoint Online
https://msdn.microsoft.com/en-us/library/hh418045.aspx
SharePoint Online Developer Resource Center
https://msdn.microsoft.com/en-us/sharepoint/gg153540.aspx
Integrating other components
Though it can be challenging to accomplish forms of integration for other SharePoint components between the two environments, there are techniques and strategies to take into account when you are planning and designing for a hybrid environment. A lot more detail about these techniques and strategies can be found in the earlier mentioned and excellent whitepaper “Hybrid SharePoint Environments with Office 365”.
-Andre