kako pravilno konfigurisati sharepoint on-premises za sharepoint add-ins (sharepoint apps)
TRANSCRIPT
Kako pravilno konfigurisati
SharePoint on-premises za
SharePoint Add-ins
(SharePoint apps)
Dragan Panjkov
MVP, K2
Agenda
• Konfiguracija farme
• Mogućnosti autorizacije add-ina
• Modeli arhitekture za provider-hosted add-ine
Problem
• SharePoint 2013 / 2016 => preporuka da se ne
koristi Server-Side Code (Farm Solutions)
• SharePoint Apps / SharePoint Add-ins su
preferirani način za razvoj i deployment custom
rješenja
• Neophodna je dodatna konfiguracija na
SharePoint farmi
Demo
• Add-in iskustvo za krajnjeg korisnika
Konfiguracija farme
1. DNS konfiguracijaa. Forward Lookup zona
b. CNAME Alias
2. Wildcard SSL sertifikat
3. Konfigurisanje SharePoint servisnih aplikacija a. Subscription Settings SA
b. App Management SA
4. Konfigurisanje add-on URL-ova
DNS konfiguracija
• Forward Lookup Zona
– u slucaju odvojenog domena (opciono)
• CNAME Alias
– „wildcard“
– Redirekcija svih zahtjeva sa app domenom (ili
poddomenom) na FQDN SharePoint farme
Wildcard SSL sertifikat
• Potreban je samo u slučaju ako su i
SharePoint i add-on konfigurisani za SSL
SharePoint Service Apps (1)
1. Pokrenuti neophodne servise
SharePoint Service Apps (2)
2. Konfigurisati Subscription Service app (PoSh)$account = Get-SPManagedAccount "<AccountName>"
# Gets the name of the managed account and sets it to the variable $account for later use.
$appPoolSubSvc = New-SPServiceApplicationPool -Name SettingsServiceAppPool -Account $account
# Creates an application pool for the Subscription Settings service application.
# Uses a managed account as the security account for the application pool.
# Stores the application pool as a variable for later use.
$appSubSvc = New-SPSubscriptionSettingsServiceApplication -ApplicationPool $appPoolSubSvc -Name SettingsServiceApp -DatabaseName <SettingsServiceDB>
# Creates the Subscription Settings service application, using the variable to associate it with the application pool that was created earlier.
# Stores the new service application as a variable for later use.
$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $appSubSvc
# Creates a proxy for the Subscription Settings service application.
SharePoint Service Apps (3)
2. Konfigurisati App Management Service app (PowerShell ili Centralna Administracija)$account = Get-SPManagedAccount "<AccountName>"
# Gets the name of the managed account and sets it to the variable $account for later use.
$appPoolAppSvc = New-SPServiceApplicationPool -Name AppServiceAppPool -Account $account
# Creates an application pool for the Application Management service application.
# Uses a managed account as the security account for the application pool.
# Stores the application pool as a variable for later use.
$appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolAppSvc -Name AppServiceApp -DatabaseName<AppServiceDB>
# Creates the Application Management service application, using the variable to associate it with the application pool that was created earlier.
# Stores the new service application as a variable for later use.
$proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc
# Creates a proxy for the Application Management service application.
Konfigurisanje add-in URL-ova
• PowerShell-om ili iz
Centralne Administracije
Set-SPAppDomain <appDomain>
Set-SPAppSiteSubscriptionName -Name "app" -Confirm:$false
Demo
• Kako izgleda konfigurisana farma
Low Trust Autorizacija• Microsoft preporučuje ovaj način autorizacije
• Prvenstveno namijenjena za add-ine koji su cloud-hostani
• Trusted Token Issuer je Azure Access Control Service
• Koriste se access-tokeni za autorizaciju
• Neophodna internet konekcija
• Add-ini se mogu objaviti na Office Store i instalirati na SharePoint Online (Office 365)
• Detaljna konfiguracija na https://github.com/OfficeDev/PnP-Tools/tree/master/Scripts/SharePoint.LowTrustACS.Configuration
Low trust
SharePoint Farm
Add-in Admin
End Users ACS
Registration of add-in
Verification of registration
Approve and publish
Remoteconnectivity
2
34 5
6
7
Server & Tenant Admin
1Associate server
to Office 365 tenant
Provider hosted add-ins
spapp_appnane.contoso.com
High Trust Autorizacija– Koriste se digitalni sertifikati
– Namijenjena za full on-premises okruženja
– Malo komplikovanija za konfiguraciju
– Nije neophodna internet konekcija
– Add-ini se ne mogu instalirati na SharePoint Online
– Detaljna konfiguracija na https://msdn.microsoft.com/en-
us/library/office/fp179901.aspx
– Konfiguracijske PowerShell skripte na
https://msdn.microsoft.com/en-us/library/office/dn579380.aspx
High trust (S2S)
SharePoint Farm
Add-in Admin
End Users
Registration of certificate
1
Server Admin
Provider hosted add-ins
spapp_appnane.contoso.com
Configuration of certificate
Approve and publish apps
2
7
6
4 5
3
Remote connectivity
Verification of certificate
Demo
• High Trust u DEV okruženju
Dijeljeno okruženje Najčešća konfiguracija
Svaki add-in ima svoj ASP.NET web sajt na dijeljenoj IIS farmi
Load balanced za visoku dostupnost
1
Different services used by add-ins
Network load balancer ASP.net applications hosted in IIS
Load balanced servers
https://spapp_app1.contoso.com
https://spapp_app2.contoso.com
https://spapp_app3.contoso.com
2
45
https://spapp_app3.contoso.com
3
Dedicated okruženje
Svaki add-on ima svoju ASP.net IIS aplikaciju na zasebnim serverima
Load balanced za visoku dostupnost
1
Different services used by add-ins
Network load balancer ASP.net applications hosted in IIS
Load balanced servers
https://spapp_app1.contoso.com
https://spapp_app2.contoso.com
https://spapp_app3.contoso.com
2
3 45
Izolovano okruženje
Za svaku organizaciju se projektuju zasebna okruženja projektovana ponaosob kao dijeljeno okruženje
1
Different services used by add-ins
Network load balancer ASP.net applications hosted in IIS
Load balanced servers
https://spapp_org2_app2.contoso.com
2
3 45
https://spapp_org2_app1.contoso.com
https://spapp_org1_app2.contoso.com
https://spapp_org1_app1.contoso.com
https://spapp_org3_app2.contoso.com
https://spapp_org3_app1.contoso.com
Za više informacija• Configure an environment for apps for SharePoint
(SharePoint 2013)
• Set up an on-premises development environment for SharePoint Add-ins
• Architecture models for SharePoint provider hosted add-ins in on-premises
• Office Dev PnP Web Cast – Provider hosted add-in infrastructure setup for SharePoint on-premises
• Patterns and Practices videos (Channel 9)
Ne zaboravite ispuniti upitnike.
Čekaju vas vrijedne nagrade!