SlideShare une entreprise Scribd logo

Microsoft SharePoint 2013 BCS Hybrid Model

David J Rosenthal
David J Rosenthal

What is a SharePoint Business Connectivity Services (BCS) Hybrid solution?If your company has an on-premises SharePoint 2013 farm and a SharePoint Online 2013 tenancy, you can use BCS to create a secure connection between the two to make line-of-business (LOB) data available to applications for SharePoint and external lists in SharePoint Online. This is called a SharePoint BCS Hybrid solution. SharePoint Online 2013 supports only one-way connections from online to on-premises and to only one on-premises farm. The LOB data must be published as an OData source.Why use a SharePoint BCS Hybrid solution?A SharePoint 2013 BCS Hybrid solution provides a bridge for companies that want to take advantage of cloud-based SharePoint Online to access on-premises LOB data while keeping that proprietary data safely maintained on their corporate intranet. The SharePoint BCS Hybrid solution does not require opening holes in the firewall to allow traffic through and it does not require you to move the LOB data out into the perimeter network. The SharePoint BCS Hybrid solution uses the on-premises BCS services to connect to the LOB data and then, through a reverse proxy, securely publish it through a Client-Side Object Model (CSOM) endpoint out to the BCS services in SharePoint Online.

Technologie
1  sur  1
Télécharger pour lire hors ligne
Business Connectivity Services Hybrid Flow in SharePoint 2013 BCS Hybrid Flow BCS FLOW LIST CUSTOMER NETWORK An information worker logs on to the user’s SharePoint Online tenancy and opens an app for SharePoint or MICROSOFT DATA CENTER INTERNET PERIMETER INTRANET 1 external list that needs data from an on-premises OData data source. NETWORK 2 The external list creates a request for the data and sends it to Business Connectivity Services. BCS looks at the OFFICE 365 connection settings object and the external content type to see how to connect to the data source and what credentials to use. ENTERPRISE Directory synchronization 3A BCS retrieves the client SSL certificate from the Secure Store in SharePoint Online. This is used for SharePoint MSODS Online authentication to the reverse proxy. AD DS 3B BCS retrieves an OAuth token from the Access Control Service. This is the user’s credentials used for user authentication to the SharePoint 2013 on-premises farm. The Access Control Service is part of every SharePoint https://Myhybridserver.contoso.com SHAREPOINT 5 Online subscription. It is a Security Token Service that manages security tokens for users of SharePoint Online. ONLINE synchronization BCS sends an HTTPS request to the published endpoint for the data source. The request includes the client User profile SSL/443 4 certificate from the Secure Store and the user’s OAuth security token as well as a request for the data. 5 The reverse proxy authenticates the request by using the client certificate and forwards it to the CSOM pipeline of 4 the on-premises SharePoint 2013 farm. REVERSE The CSOM pipeline consults the User Profile Service to look for a mapping between the user’s OAuth security token BCS RUNTIME SERVICE PROXY 9 6 from the Access Control Service and the user’s domain credentials from AD DS. If one exists, the user’s domain ODATA credentials are returned to the request. 3A SERVICE HEAD 7 The user’s domain credentials are used to authenticate to the SharePoint on-premises site that receives hybrid requests and the request is passed to the SharePoint on-premises BCS service. BCS RUNTIME SERVICE USER PROFILE STORE 7 SECURE 8 The SharePoint on-premises BCS retrieves the credentials that are used to authenticate to the external data source 2 STORE from the SharePoint on-premises Secure Store Service. 8 The SharePoint on-premises BCS service passes the request for data along with the external data credentials to the Myhybridserver.contoso.com 9 OData service head which then performs the desired operations on the external data and returns the results to the SharePoint Online user. 6 SECURE STORE 3B CSOM OR EXTERNAL DATA STORE LEGEND ACS SERVER-TO-SERVER TRUST PIPELINE CUSTOM AUTH OAUTH TOKEN FROM ACS - When a user logs REQUEST on to SharePoint Online, the user is authenticated by ACS. ACS issues an OAuth security token, which RESPONSE represents the user to all SharePoint Online processes and objects that the user tries to access. This security token is embedded in the request for external data and USER PROFILE SYNC AND DIRECTORY passed, along with the SSL certificate, to the reverse proxy. From there, it is passed to the Client-Side Object SHAREPOINT ON-PREMISES SYNCH Model (CSOM) pipeline in SharePoint on-premises and is mapped to the user’s domain credentials. SSL CERTIFICATE - This certificate is used to establish trust for the USERS ACTIVE DIRECTORY CREDENTIALS - 1 communication channel between the reverse proxy device and Office This is another security token that represents the user in 365. This can be a wild card certificate. It should be from a well-known certificate authority. the user’s Active Directory domain. It represents the user to all domain resources that the user tries to access. In the SharePoint BCS Hybrid configuration, it is Server-to-Server authentication configuration for SharePoint Hybrid used to authenticate the user to SharePoint on- environments consists of establishing a trust between SharePoint on- premises. premises and Access Control Service (ACS). ACS is then the trust broker for both SharePoint on-premises and SharePoint Online server. When Server-to-Server trust is fully configured, each server farm trusts the EXTERNAL DATA CREDENTIALS - The OData security tokens that are issued by ACS and are used for authenticating service is secured by using either basic authentication access to resources on behalf of the identified user. or Windows authentication, or by using a custom authentication provider. Overview of Hybrid BCS Hybrid BCS Flow Components Business Drivers Office 365 and SharePoint Online Components On-Premises Components On-Premises Components Directory and User Profile Synchronization What is a SharePoint Business Connectivity Services (BCS) Hybrid solution? Azure Access Control Service This the Azure security token service that performs authentication AD DS A Windows Server service that stores and manages users accounts, security groups, Secure Store Service SharePoint On-Premises This is the credential mapping SharePoint Directory Synchronization The BCS Hybrid solution depends on the on-premises and issues security tokens when a user logs in to a SharePoint Online site. It looks up credentials distribution groups, and computer accounts. Active Directory being synchronized with MSODS. This allows the users to log on If your company has an on-premises SharePoint 2013 farm and a SharePoint service application. In the SharePoint BCS Hybrid solution, SharePoint on-premises stores the to SharePoint Online by using the same user principal name (UPN) as they use in the Microsoft Online Directory Services (MSODS), which has been synchronized with the on- Online 2013 tenancy, you can use BCS to create a secure connection between the premises Active Directory accounts. This allows the user to use the same set of credentials for BCS Runtime Service SharePoint On-Premises The BCS Runtime service is a SharePoint service mapping of the users’ domain credentials to the credentials that are used to access the for on-premises authentication. two to make line-of-business (LOB) data available to applications for SharePoint both the on-premises and online environments. application that manages all BCS functionality, such as administration, security, and external data source. and external lists in SharePoint Online. This is called a SharePoint BCS Hybrid communications. User Profile Synchronization The SharePoint user profile service pulls user solution. SharePoint Online 2013 supports only one-way connections from online BCS Runtime Service Online The BCS runtime service is a SharePoint service application that information from Active Directory into SharePoint, making it available for to on-premises and to only one on-premises farm. The LOB data must be SharePoint On-Premises A SharePoint 2013 server farm, this hosts the BCS service, the site manages all BCS functionality, such as administration, security, and communications. CSOM Pipeline The Client-Side Object Model receives the incoming request from the reverse SharePoint User Profiles. The BCS Hybrid solution depends on Active Directory published as an OData source. proxy and maps the OAuth user token from ACS to the users’ domain credentials. that accepts the inbound hybrid requests and the Secure Store Service. information being available in the user profile store for the CSOM pipeline to Office 365 Every Microsoft Office 365 subscription hosts a SharePoint Online tenancy. The Office perform the user OAuth credential to user domain credential mapping. Why use a SharePoint BCS Hybrid solution? 365 subscription also provides the Access Control Service (ACS) and Microsoft Online Directory External Data The line-of-business (LOB) data that the SharePoint BCS Hybrid solution works Site/Site Collection A site collection created expressly for the purpose of facilitating all hybrid A SharePoint 2013 BCS Hybrid solution provides a bridge for companies that Services (MSODS). with. request communication. The web application that this site collection is in has an alternate want to take advantage of cloud-based SharePoint Online to access on-premises access mapping configured. LOB data while keeping that proprietary data safely maintained on their Office 365 Microsoft Online Directory Services (MSODS) Provides directory services in Office OData Service Head The SharePoint BCS Hybrid solution only supports the OData protocol. If corporate intranet. The SharePoint BCS Hybrid solution does not require opening 365 that you can synchronize with your on-premises Active Directory Domain Services (AD DS). the external data is not natively accessible via an OData source, you must use Visual Studio to User Profile Store A SharePoint database used to store user profile information. User profiles holes in the firewall to allow traffic through and it does not require you to move The synchronization is done through user profile synchronization and allows users to use the build and deploy an OData service head for it. contain detailed information about people in an organization. A user profile organizes and the LOB data out into the perimeter network. The SharePoint BCS Hybrid same account for both on-premises and cloud authentication. Reverse Proxy This server is responsible for accepting and authenticating inbound traffic from displays all of the properties related to each user, together with social tags, documents, and solution uses the on-premises BCS services to connect to the LOB data and then, through a reverse proxy, securely publish it through a Client-Side Object Model SharePoint Online Hosts the sites that surface the on-premises LOB data, the BCS runtime the Internet and publishing out the CSOM service endpoint for the inbound request to connect other items related to that user. In the BCS Hybrid scenario, it is used to map the users’ ACS (CSOM) endpoint out to the BCS services in SharePoint Online. service and metadata store, and the Secure Store Service. to. It is in the perimeter network. OAuth credentials to the users’ domain credentials. SharePoint Online Secure Store Service This is the credential mapping SharePoint service application. In the SharePoint BCS Hybrid solution, SharePoint Online stores an SSL server certificate that authenticates the SharePoint Online request to the reverse proxy. © 2012 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at ITSPDocs@microsoft.com.

Recommandé

Power BI for Developers @ SQLSaturday #420 (Paris)
Power BI for Developers @ SQLSaturday #420 (Paris)Power BI for Developers @ SQLSaturday #420 (Paris)
Power BI for Developers @ SQLSaturday #420 (Paris)Rui Romano
 
Creating No-Code BCS Solutions in SharePoint 2010 and Office 2010–From TechEd...
Creating No-Code BCS Solutions in SharePoint 2010 and Office 2010–From TechEd...Creating No-Code BCS Solutions in SharePoint 2010 and Office 2010–From TechEd...
Creating No-Code BCS Solutions in SharePoint 2010 and Office 2010–From TechEd...Ayman El-Hattab
 
Surfacing Your External Data using BCS in SharePoint 2013 - Dev Connections 2013
Surfacing Your External Data using BCS in SharePoint 2013 - Dev Connections 2013Surfacing Your External Data using BCS in SharePoint 2013 - Dev Connections 2013
Surfacing Your External Data using BCS in SharePoint 2013 - Dev Connections 2013Corey Roth
 
Office 365 Connectors
Office 365 ConnectorsOffice 365 Connectors
Office 365 ConnectorsSPC Adriatics
 
Office 365 Connectorsv1
Office 365 Connectorsv1Office 365 Connectorsv1
Office 365 Connectorsv1Shahzad S
 
SPSMad2016 Rubén Toribio - Template
SPSMad2016 Rubén Toribio - TemplateSPSMad2016 Rubén Toribio - Template
SPSMad2016 Rubén Toribio - TemplateRub Toribio Gallardo
 
How do i connect to that
How do i connect to thatHow do i connect to that
How do i connect to thatBecky Bertram
 
Sql Saturday 228 Rapid Data Integration Using SharePoint BCS
Sql Saturday 228 Rapid Data Integration Using SharePoint BCSSql Saturday 228 Rapid Data Integration Using SharePoint BCS
Sql Saturday 228 Rapid Data Integration Using SharePoint BCSObilogic
 

Recommandé

Power BI for Developers @ SQLSaturday #420 (Paris)
Power BI for Developers @ SQLSaturday #420 (Paris)Power BI for Developers @ SQLSaturday #420 (Paris)
Power BI for Developers @ SQLSaturday #420 (Paris)Rui Romano
 
Creating No-Code BCS Solutions in SharePoint 2010 and Office 2010–From TechEd...
Creating No-Code BCS Solutions in SharePoint 2010 and Office 2010–From TechEd...Creating No-Code BCS Solutions in SharePoint 2010 and Office 2010–From TechEd...
Creating No-Code BCS Solutions in SharePoint 2010 and Office 2010–From TechEd...Ayman El-Hattab
 
Surfacing Your External Data using BCS in SharePoint 2013 - Dev Connections 2013
Surfacing Your External Data using BCS in SharePoint 2013 - Dev Connections 2013Surfacing Your External Data using BCS in SharePoint 2013 - Dev Connections 2013
Surfacing Your External Data using BCS in SharePoint 2013 - Dev Connections 2013Corey Roth
 
Office 365 Connectors
Office 365 ConnectorsOffice 365 Connectors
Office 365 ConnectorsSPC Adriatics
 
Office 365 Connectorsv1
Office 365 Connectorsv1Office 365 Connectorsv1
Office 365 Connectorsv1Shahzad S
 
SPSMad2016 Rubén Toribio - Template
SPSMad2016 Rubén Toribio - TemplateSPSMad2016 Rubén Toribio - Template
SPSMad2016 Rubén Toribio - TemplateRub Toribio Gallardo
 
How do i connect to that
How do i connect to thatHow do i connect to that
How do i connect to thatBecky Bertram
 
Sql Saturday 228 Rapid Data Integration Using SharePoint BCS
Sql Saturday 228 Rapid Data Integration Using SharePoint BCSSql Saturday 228 Rapid Data Integration Using SharePoint BCS
Sql Saturday 228 Rapid Data Integration Using SharePoint BCSObilogic
 
Power BI for Developers @ SQLSaturday #369
Power BI for Developers @ SQLSaturday #369Power BI for Developers @ SQLSaturday #369
Power BI for Developers @ SQLSaturday #369Rui Romano
 
SharePoint 2016 Search
SharePoint 2016 SearchSharePoint 2016 Search
SharePoint 2016 SearchMike Maadarani
 
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataPowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataBram de Jager
 
SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...
SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...
SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...Layer2
 
Tuga IT - Power BI for Developers
Tuga IT - Power BI for DevelopersTuga IT - Power BI for Developers
Tuga IT - Power BI for DevelopersRui Romano
 
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataPowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataBram de Jager
 
BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)
BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)
BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)serge luca
 
Enterprise Integration Pack & On-Premises Data Gateway
Enterprise Integration Pack & On-Premises Data GatewayEnterprise Integration Pack & On-Premises Data Gateway
Enterprise Integration Pack & On-Premises Data GatewayDaniel Toomey
 
Business Intelligence with PowerBI for SharePoint Online
Business Intelligence with PowerBI for SharePoint OnlineBusiness Intelligence with PowerBI for SharePoint Online
Business Intelligence with PowerBI for SharePoint OnlineSharePoint Saturday Hong Kong
 
Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleDavid J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021David J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021David J Rosenthal
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from MicrosoftDavid J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva IntroductionDavid J Rosenthal
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva LearningDavid J Rosenthal
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva TopicsDavid J Rosenthal
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldDavid J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the EnterpriseDavid J Rosenthal
 

Contenu connexe

En vedette

Power BI for Developers @ SQLSaturday #369
Power BI for Developers @ SQLSaturday #369Power BI for Developers @ SQLSaturday #369
Power BI for Developers @ SQLSaturday #369Rui Romano
 
SharePoint 2016 Search
SharePoint 2016 SearchSharePoint 2016 Search
SharePoint 2016 SearchMike Maadarani
 
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataPowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataBram de Jager
 
SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...
SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...
SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...Layer2
 
Tuga IT - Power BI for Developers
Tuga IT - Power BI for DevelopersTuga IT - Power BI for Developers
Tuga IT - Power BI for DevelopersRui Romano
 
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataPowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataBram de Jager
 
BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)
BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)
BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)serge luca
 
Enterprise Integration Pack & On-Premises Data Gateway
Enterprise Integration Pack & On-Premises Data GatewayEnterprise Integration Pack & On-Premises Data Gateway
Enterprise Integration Pack & On-Premises Data GatewayDaniel Toomey
 
Business Intelligence with PowerBI for SharePoint Online
Business Intelligence with PowerBI for SharePoint OnlineBusiness Intelligence with PowerBI for SharePoint Online
Business Intelligence with PowerBI for SharePoint OnlineSharePoint Saturday Hong Kong
 

En vedette (9)

Power BI for Developers @ SQLSaturday #369
Power BI for Developers @ SQLSaturday #369Power BI for Developers @ SQLSaturday #369
Power BI for Developers @ SQLSaturday #369
 
SharePoint 2016 Search
SharePoint 2016 SearchSharePoint 2016 Search
SharePoint 2016 Search
 
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataPowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
 
SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...
SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...
SharePoint BCS, OK. But what is the SharePoint Business Data List Connector (...
 
Tuga IT - Power BI for Developers
Tuga IT - Power BI for DevelopersTuga IT - Power BI for Developers
Tuga IT - Power BI for Developers
 
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate DataPowerApps, the Developer Story: Build an API to Integrate Corporate Data
PowerApps, the Developer Story: Build an API to Integrate Corporate Data
 
BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)
BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)
BI : SharePoint 2016 BI or PowerBI v2 ? (O365 Saturday Copenhagen, 2016)
 
Enterprise Integration Pack & On-Premises Data Gateway
Enterprise Integration Pack & On-Premises Data GatewayEnterprise Integration Pack & On-Premises Data Gateway
Enterprise Integration Pack & On-Premises Data Gateway
 
Business Intelligence with PowerBI for SharePoint Online
Business Intelligence with PowerBI for SharePoint OnlineBusiness Intelligence with PowerBI for SharePoint Online
Business Intelligence with PowerBI for SharePoint Online
 

Plus de David J Rosenthal

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleDavid J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021David J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021David J Rosenthal
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from MicrosoftDavid J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldDavid J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the EnterpriseDavid J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantDavid J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureDavid J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 

Plus de David J Rosenthal (20)

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from Microsoft
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
 

Dernier

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 

Dernier (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 

Microsoft SharePoint 2013 BCS Hybrid Model

  • 1. Business Connectivity Services Hybrid Flow in SharePoint 2013 BCS Hybrid Flow BCS FLOW LIST CUSTOMER NETWORK An information worker logs on to the user’s SharePoint Online tenancy and opens an app for SharePoint or MICROSOFT DATA CENTER INTERNET PERIMETER INTRANET 1 external list that needs data from an on-premises OData data source. NETWORK 2 The external list creates a request for the data and sends it to Business Connectivity Services. BCS looks at the OFFICE 365 connection settings object and the external content type to see how to connect to the data source and what credentials to use. ENTERPRISE Directory synchronization 3A BCS retrieves the client SSL certificate from the Secure Store in SharePoint Online. This is used for SharePoint MSODS Online authentication to the reverse proxy. AD DS 3B BCS retrieves an OAuth token from the Access Control Service. This is the user’s credentials used for user authentication to the SharePoint 2013 on-premises farm. The Access Control Service is part of every SharePoint https://Myhybridserver.contoso.com SHAREPOINT 5 Online subscription. It is a Security Token Service that manages security tokens for users of SharePoint Online. ONLINE synchronization BCS sends an HTTPS request to the published endpoint for the data source. The request includes the client User profile SSL/443 4 certificate from the Secure Store and the user’s OAuth security token as well as a request for the data. 5 The reverse proxy authenticates the request by using the client certificate and forwards it to the CSOM pipeline of 4 the on-premises SharePoint 2013 farm. REVERSE The CSOM pipeline consults the User Profile Service to look for a mapping between the user’s OAuth security token BCS RUNTIME SERVICE PROXY 9 6 from the Access Control Service and the user’s domain credentials from AD DS. If one exists, the user’s domain ODATA credentials are returned to the request. 3A SERVICE HEAD 7 The user’s domain credentials are used to authenticate to the SharePoint on-premises site that receives hybrid requests and the request is passed to the SharePoint on-premises BCS service. BCS RUNTIME SERVICE USER PROFILE STORE 7 SECURE 8 The SharePoint on-premises BCS retrieves the credentials that are used to authenticate to the external data source 2 STORE from the SharePoint on-premises Secure Store Service. 8 The SharePoint on-premises BCS service passes the request for data along with the external data credentials to the Myhybridserver.contoso.com 9 OData service head which then performs the desired operations on the external data and returns the results to the SharePoint Online user. 6 SECURE STORE 3B CSOM OR EXTERNAL DATA STORE LEGEND ACS SERVER-TO-SERVER TRUST PIPELINE CUSTOM AUTH OAUTH TOKEN FROM ACS - When a user logs REQUEST on to SharePoint Online, the user is authenticated by ACS. ACS issues an OAuth security token, which RESPONSE represents the user to all SharePoint Online processes and objects that the user tries to access. This security token is embedded in the request for external data and USER PROFILE SYNC AND DIRECTORY passed, along with the SSL certificate, to the reverse proxy. From there, it is passed to the Client-Side Object SHAREPOINT ON-PREMISES SYNCH Model (CSOM) pipeline in SharePoint on-premises and is mapped to the user’s domain credentials. SSL CERTIFICATE - This certificate is used to establish trust for the USERS ACTIVE DIRECTORY CREDENTIALS - 1 communication channel between the reverse proxy device and Office This is another security token that represents the user in 365. This can be a wild card certificate. It should be from a well-known certificate authority. the user’s Active Directory domain. It represents the user to all domain resources that the user tries to access. In the SharePoint BCS Hybrid configuration, it is Server-to-Server authentication configuration for SharePoint Hybrid used to authenticate the user to SharePoint on- environments consists of establishing a trust between SharePoint on- premises. premises and Access Control Service (ACS). ACS is then the trust broker for both SharePoint on-premises and SharePoint Online server. When Server-to-Server trust is fully configured, each server farm trusts the EXTERNAL DATA CREDENTIALS - The OData security tokens that are issued by ACS and are used for authenticating service is secured by using either basic authentication access to resources on behalf of the identified user. or Windows authentication, or by using a custom authentication provider. Overview of Hybrid BCS Hybrid BCS Flow Components Business Drivers Office 365 and SharePoint Online Components On-Premises Components On-Premises Components Directory and User Profile Synchronization What is a SharePoint Business Connectivity Services (BCS) Hybrid solution? Azure Access Control Service This the Azure security token service that performs authentication AD DS A Windows Server service that stores and manages users accounts, security groups, Secure Store Service SharePoint On-Premises This is the credential mapping SharePoint Directory Synchronization The BCS Hybrid solution depends on the on-premises and issues security tokens when a user logs in to a SharePoint Online site. It looks up credentials distribution groups, and computer accounts. Active Directory being synchronized with MSODS. This allows the users to log on If your company has an on-premises SharePoint 2013 farm and a SharePoint service application. In the SharePoint BCS Hybrid solution, SharePoint on-premises stores the to SharePoint Online by using the same user principal name (UPN) as they use in the Microsoft Online Directory Services (MSODS), which has been synchronized with the on- Online 2013 tenancy, you can use BCS to create a secure connection between the premises Active Directory accounts. This allows the user to use the same set of credentials for BCS Runtime Service SharePoint On-Premises The BCS Runtime service is a SharePoint service mapping of the users’ domain credentials to the credentials that are used to access the for on-premises authentication. two to make line-of-business (LOB) data available to applications for SharePoint both the on-premises and online environments. application that manages all BCS functionality, such as administration, security, and external data source. and external lists in SharePoint Online. This is called a SharePoint BCS Hybrid communications. User Profile Synchronization The SharePoint user profile service pulls user solution. SharePoint Online 2013 supports only one-way connections from online BCS Runtime Service Online The BCS runtime service is a SharePoint service application that information from Active Directory into SharePoint, making it available for to on-premises and to only one on-premises farm. The LOB data must be SharePoint On-Premises A SharePoint 2013 server farm, this hosts the BCS service, the site manages all BCS functionality, such as administration, security, and communications. CSOM Pipeline The Client-Side Object Model receives the incoming request from the reverse SharePoint User Profiles. The BCS Hybrid solution depends on Active Directory published as an OData source. proxy and maps the OAuth user token from ACS to the users’ domain credentials. that accepts the inbound hybrid requests and the Secure Store Service. information being available in the user profile store for the CSOM pipeline to Office 365 Every Microsoft Office 365 subscription hosts a SharePoint Online tenancy. The Office perform the user OAuth credential to user domain credential mapping. Why use a SharePoint BCS Hybrid solution? 365 subscription also provides the Access Control Service (ACS) and Microsoft Online Directory External Data The line-of-business (LOB) data that the SharePoint BCS Hybrid solution works Site/Site Collection A site collection created expressly for the purpose of facilitating all hybrid A SharePoint 2013 BCS Hybrid solution provides a bridge for companies that Services (MSODS). with. request communication. The web application that this site collection is in has an alternate want to take advantage of cloud-based SharePoint Online to access on-premises access mapping configured. LOB data while keeping that proprietary data safely maintained on their Office 365 Microsoft Online Directory Services (MSODS) Provides directory services in Office OData Service Head The SharePoint BCS Hybrid solution only supports the OData protocol. If corporate intranet. The SharePoint BCS Hybrid solution does not require opening 365 that you can synchronize with your on-premises Active Directory Domain Services (AD DS). the external data is not natively accessible via an OData source, you must use Visual Studio to User Profile Store A SharePoint database used to store user profile information. User profiles holes in the firewall to allow traffic through and it does not require you to move The synchronization is done through user profile synchronization and allows users to use the build and deploy an OData service head for it. contain detailed information about people in an organization. A user profile organizes and the LOB data out into the perimeter network. The SharePoint BCS Hybrid same account for both on-premises and cloud authentication. Reverse Proxy This server is responsible for accepting and authenticating inbound traffic from displays all of the properties related to each user, together with social tags, documents, and solution uses the on-premises BCS services to connect to the LOB data and then, through a reverse proxy, securely publish it through a Client-Side Object Model SharePoint Online Hosts the sites that surface the on-premises LOB data, the BCS runtime the Internet and publishing out the CSOM service endpoint for the inbound request to connect other items related to that user. In the BCS Hybrid scenario, it is used to map the users’ ACS (CSOM) endpoint out to the BCS services in SharePoint Online. service and metadata store, and the Secure Store Service. to. It is in the perimeter network. OAuth credentials to the users’ domain credentials. SharePoint Online Secure Store Service This is the credential mapping SharePoint service application. In the SharePoint BCS Hybrid solution, SharePoint Online stores an SSL server certificate that authenticates the SharePoint Online request to the reverse proxy. © 2012 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at ITSPDocs@microsoft.com.