6. 6
Why do we want/need a hybrid?
Moving to the cloud to
Reduce Costs
Increase Flexibility
Temporary Hybrid
Collaboration with Externals
Separation of workloads
Scalable
10. 10
When and what to migrate?
Content - Gradual migration
By department
By Location
By Type
Solutions
Identify what can be migrated
Test it in the cloud
Services
11. 11
Who gets access to what?
Permanent access
On-demand access
Projects; temporary workloads
Approval process
Regular verification if still needed
14. 14
What’s possible - General Requirements - SharePoint Requirements
Setting up a Hybrid Environment
15. 15
What is possible?
Scenario Works Out of Box?
SharePoint: Search Yes
SharePoint: BCS Yes
SharePoint: Duet Online Yes
SharePoint: other services No
Exchange integration Limited
Lync integration Yes
Source: Microsoft, SPC12
16. 16
Not without your own Domain
Needed for
UPN
DNS
Certificates (SSL, STS)
Reverse Proxy
…
17. 17
Active Directory Requirements
Single Forest
You need to able to verify every domain
Users need proper UPN
john@MyAwesomeCompany.local won’t work!
john@MyAwesomeCompany.com.sg is what we
need
18. Active Directory Federation 18
Services (ADFS)
Sign-In on local server instead of MSOL
Recommendation: 2 ADFS servers, 2 ADFS
proxies
19. 19
DirSync
Synchronise your AD users with Office 365
Allow your users to log in to Office 365 with the
same username
Cannot be installed on a Domain Controller
AD Synchronisation also needs to be activated in
Office 365 UI
Doesn’t grant access, still need to add licenses
24. 24
Configure trust with ACS 1/3
Install Office 365 Sign-on Assistant &
PowerShell cmdlets
Replace default STS Certificate
Issued by public Certification Authority
(recommended) or self-signed
SP: Set-SPSecurityTokenServiceConfig
25. 25
Configure trust with ACS 2/3
Upload certificate to Office 365 (PS)
MSOL: New-MsolServicePrincipalCredential
Add host-name of SP server to SP principal
object of Office 365 tenancy (PS)
MSOL: Set-MsolServicePrincipal
Register SPO S2S principal object with on-
prem SP STS
SP: Register-SPAppPrincipal
26. 26
Configure trust with ACS 3/3
Set SharePoint authentication realm to
context ID of Office 365 tenant
SP: Register-SPAppPrincipal
Configure on-prem ACS proxy and set up
trust with ACS
SP: New-SPAzureAccessControlServiceApplicationProxy
SP: New-SPTrustedSecurityTokenIssuer
31. 31
I want my own hybrid environment!
Lots of good content from MS available on
Hybrid in general
One-way setup
Two-way setup
BCS
Whitepapers from Axceler, Quest, …
http://hybridoffice365.com