hybrid search bonanza - european sharepoint conference 2015

Download Hybrid Search Bonanza - European SharePoint Conference 2015

If you can't read please download the document

Post on 15-Apr-2017

497 views

Category:

Technology

2 download

Embed Size (px)

TRANSCRIPT

PowerPoint Presentation

Hybrid Search Bonanza

Cloud Search Service Application - Custom Security Trimmer and Claims ProviderPetter Skodvin-Hvammen - Puzzlepart

Petter Skodvin-Hvammen

skodvinhvammen.wordpress.com | @pettersh | petter.skodvin-hvammen@puzzlepart.com

business apps for sharepointPrincipal Consultanthttp://www.puzzlepart.com

The Ultimate Vision of Enterprise Search!One Search Box | Blended Search Results | Common Ranking | One IndexImage couresy of https://en.wikipedia.org/wiki/Portal:Middle-earth/Selected_picture/4 Search in Everything

Multiple Auth ProvidersCustom Claims ProviderCustom Security TrimmingSearch across multiple domains on-premGetting StartedCloud scenariosOn-prem scenariosExtrasSearch across on-prem and Office 365Scenario 1Scenario 2

Scenario 1Search across multiple domains on-prem

IntranetSharePoint 2013 farm in the corporate domain / internal networkWindows authentication onlyOnly Internal users in Active Directory

Scenario 1

CONTOSO

Active DirectoryWindows Authenticationhttps://intranet.contoso.com

Internal users

ExtranetSharePoint 2013 farm in an external domain / external networkADFS/SAML authenticationInternal and external users in MS SQL ServerCustom claims providerScenario 1

EXTERNAL

SQLServerSAML Authenticationhttps://extranet.contoso.comCustom Claims Provider

External usersADFS

Business RequirementsScenario 1

Internal usersExternal usersIntranetExtranet

Internal users:Access intranet and extranet using their corporate windows accountSearch for both internal and external content

External users:Access extranet using their registered credentials or their partner windows accountSearch for external content only

8

Warning! Its a complex setupThere are two different domainsThere is NO domain trustSharePoint crawl only works with windows authenticationAll users must authenticate using ADFS to access external content

Scenario 1

CONTOSOEXTERNAL

ADFSTrust

Active DirectorySQLServerSAML Authenticationhttps://extranet.contoso.comCustom Claims ProviderFIMSync

Internal domain usersExternal users(individual)ADFS trust to authenticateInternal usersExternal users authenticated by trusted partnersADFS using SQL database as directoryFIM synch to external users DBCustom claims provider

ADFS Trust

External users(partner domain)

Claims Based Authentication

Issuer (Trusted Provider)Identity / Subject (SSN)Roles

Claims

ADFS Configuration and External User DBPPID as Identity Claimhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifierGroups SID (Internal users)http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsidScenario 1

https://fsext.contoso.com/adfs/ls/

IdSidDomain12345S-1-5-21-606747145-796845957-725345543-571903CONTOSO23456S-1-5-21-606747145-796845957-725345543-540805FABRICAM34567S-1-5-21-606747145-796845957-725345543-1734-

CONTOSOFABRICAMEXTERNALUSERSConfigure SAML-based claims authentication with AD FS in SharePoint 2013https://technet.microsoft.com/en-us/library/hh305235.aspx

https://fs.fabricam.com/adfs/ls/https://fsint.contoso.com/adfs/ls/

Custom Claims Provider / People PickerSearch and name resolutionInternal and external users from Users table in SQL ServerInternal groups from Active Directory (CONTOSO)ACLs matching ADFS claimsScenario 1

Plan for custom claims providers for People Picker in SharePoint 2013https://technet.microsoft.com/en-us/library/gg602072.aspx

Claims-based identity in SharePoint 2013https://msdn.microsoft.com/en-us/library/office/ee535242.aspx

Crawling external content from internal farmSetup windows authentication in external web applicationWhy not multiple zones?Same urls for internal and external users ease collaborationInternal users manage permissions for external usersCrawl default zone or elseOutlook use default zone for calendar integrationAlerts and emailsScenario 1

Multiple Authentication ProvidersScenario 1

ADFS

Scenario 1

CONTOSOEXTERNAL

ADFSTrust

Active DirectorySQLServerSAML AuthenticationWindows Authenticationhttps://intranet.contoso.comhttps://extranet.contoso.comCustom Claims ProviderFIMSyncCrawl Search

ADFS Trust

Internal domain usersExternal users(individual)

External users(partner domain)

Querying external content in internal farmScenario 1

Internal Windows ClaimsClaim TypeClaim ValueIssuerOriginal Issuerhttp://schemas.microsoft.com/ws/2008/06/identity/claims/primarysidS-1-5-21-606747145-796845957-725345543-571903SharePointWindowshttp://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsidS-1-5-21-606747145-796845957-725345543-1734SharePointWindowshttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/upnpetter.skodvin-hvammen@contoso.comSharePointWindowshttp://schemas.microsoft.com/sharepoint/2009/08/claims/userlogonnameCONTOSO\petterSharePointWindowshttp://schemas.microsoft.com/ws/2008/06/identity/claims/groupsidS-1-5-21-606747145-796845957-725345543-1734SharePointWindowshttp://schemas.microsoft.com/ws/2008/06/identity/claims/groupsidS-1-5-21-606747145-796845957-725345543-540805SharePointWindows

External ADFS / SAML ClaimsClaim TypeClaim ValueIssuerOriginal Issuerhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier12345SharePointTrustedProvider:ADSFShttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier12345SharePointSharePointhttp://schemas.xmlsoap.org/ws/2009/08/claims/userid0\.t|adfs|12345SharePointSecurityTokenServicehttp://schemas.microsoft.com/sharepoint/2005/05/claims/name0\.t|adfs|12345SharePointSecurityTokenServicehttp://schemas.microsoft.com/ws/2008/06/identity/claims/groupsidS-1-5-21-606747145-796845957-725345543-1734SharePointTrustedProvider:ADFShttp://schemas.microsoft.com/ws/2008/06/identity/claims/groupsidS-1-5-21-606747145-796845957-725345543-540805SharePointTrustedProvider:ADFS

Custom Security TrimmerRuns as search service accountLoaded by Query ComponentRequires a local cache for performance / latencyBeware of not being able to RunWithElevatedPrivilegesScenario 1

DEMOSecurity Trimmer in Visual Studiohttps://github.com/pskodvin/sp2013-securitytrimmer Scenario 1

Scenario 2Search across on-prem and Office 365Cloud Search Service Application

The New Cloud Search Service ApplicationSharePoint Server 2016 and 2013 with August 2015 UpdateDocumentation and scripts onhttps://connect.microsoft.com/office Scenario 2

Scenario 2

Search Server NameSearch Service AccountSearch Service Application NameDatabase Server Name

Create a Cloud Search Service Application

Scenario 2

Scenario 2

Portal UrlHybrid SSA IdConfigure Integration On-prem Farm Office 365 Tenant

Cloud Search Service ApplicationDEMO - SharePoint Server 2013Scenario 2

Scenario 2

SharePoint Online Search On-Prem SourcesSharePoint ContentSharePoint User ProfilesWeb SitesFile SharesBCS Connector (Databases / Web services).NET Connectors (Custom / Third Party)

Scenario 2

Search On-Prem ContentDEMO - SharePoint OnlineScenario 2

As Ingunn:

SharePoint Content

As Petter:

Rest of the stuff30

SharePoint Online Search On-Prem SourcesDocument PreviewsOn-Prem Office Web Application Server

Content Source RefinerSearch configuration available from https://github.com/pskodvin/search-configuration

Open files from on-prem file sharesSetup IIS on file serverServer name mappingsEndpoint configuration

Scenario 2

Content Search Web PartDEMO On-Prem ContentScenario 2

As Ingunn:

As Petter:32

SharePoint On-Prem Search Office 365SharePoint ContentDelve User ProfilesOneDrive 4 BizDelve BlogsOffice 365 VideosWhat about?

Office 365 GroupsSwaysOffice GraphGraphQuery property not yet supported for SharePoint 2013Scenario 2

https://espc15hybrid.sharepoint.com/_api/search/query?querytext='hybrid+search+bonanza'&selectproperties='Title%2cEdges%2cPath'&properties='GraphQuery:ACTOR(ME)'http://pettersh-sp2013.cloudapp.net/_api/search/query?querytext='hybrid+search+bonanza'&selectproperties='Title%2cEdges%2cPath'&properties='GraphQuery:ACTOR(ME)'33

Search Office 365 ContentDEMO - SharePoint Server 2013Scenario 2

As Petter:

One DriveExpenseshttp://pettersh-sp2013.cloudapp.net/search/Pages/results.aspx?k=%2A#k=expensesTimesheethttp://pettersh-sp2013.cloudapp.net/search/Pages/results.aspx?k=%2A#k=timesheetBlogZoohttp://pettersh-sp2013.cloudapp.net/search/Pages/results.aspx?k=zooVideoBeachhttp://pettersh-sp2013.cloudapp.net/search/Pages/results.aspx?k=zoo#k=beach

34

Search First MigrationScenario 2

Production

Staging

Test

Production

Staging

Test

Production

35

Related SessionsTuesday15:15 - The Four Pillars of Enterprise Search Strategy (Joel Olesen)15:15 - Closer look at the new Cloud Hybrid Search Solution (Donald Hessing)

Wednesday10:15 - Developing Search-driven Applications with SharePoint, the Office Graph and Azure Search (Jeff Fried)11:45 - Office 365 SharePoint Hybrid Whats New & Roadmap (Bill Baer)

Thursday14:00 - Content Recommendation with SharePoint Search (Andr Vala)

Petter Skodvin-Hvammenskodvinhvammen.wordpress.com | @pettersh | petter.skodvin-hvammen@puzzlepart.comPrincipal ConsultantThank You!