Spark the future.

May 4 – 8, 2015Chicago, IL

Configuring OneDrive for Business Deployment: Options and Best Practices Spencer HarbarArchitect

BRK3183

About Spencer Harbar

Architect based in Edinburgh, UKwww.harbar.net | spence@harbar.net | @harbars

Technical Director for Fidra ConsultingWorks with Microsoft’s largest enterprise customersWorks with SharePoint Product Group on ReadinessAuthor for MSDN & TechNet

Session Objectives And TakeawaysSession Objectives: 1. Understand SharePoint Server 2013 advancements for integrating on-premises with

OneDrive for Business in Office 3652. Position OneDrive for Business in Office 365 as a first and best workload in the cloud3. Architect and plan for OneDrive for Business integration and migration as a first step

towards a cloud strategy for or customers

OneDrive for Business is a first and best cloud workload

ContentsIntroduction to OneDrive for BusinessIdentity ScenariosRedirection in SharePoint Server 2013Office 365 ConfigurationMigrationRoadmap

OneDrive for Business

Personal storage in the cloud

Redirection support in Service Pack 1

In SharePoint 2013Discrete Document LibraryEvolution of Shared and Personal My Site conceptsSimplifies sharing and versioning experiencePrivate by default, simple permissions management

Identity Considerations Click icon to add pictureCloud Identity

Directory Synchronization

Active Directory Federation Services

Identity Options

Federated IdentityCloud IdentityDirectory & Password Synchronization*

Single identity in the cloud

Suitable for small organizations with no integration to on-premises directories

Single identity

Suitable for medium and large organizations without federation*

Single federated identity

and credentials

Suitable for medium and large organizations

Cloud IdentitySingle identity in the cloud with no affinity to on-premises Active DirectoryProvided through Azure AD

DisadvantagesNo affinity with on-premises identityRequires separate username and passwordDoes not support hybrid workloads

AdvantagesLow TCORapid deployment and provisioningNo new infrastructure requirements

Windows Azure Active

Directory

OAuth2

SAML-P

WS-Federation

Metadata

Graph API

Office Activation Service

Office 365 Admin Portal

Exchange Mailbox Access

…

Authorization

Spreadsheet

CSV Import

Cloud Identity

Directory SynchronizationIntegrates with Azure AD replicating on-premises users, groups, and contactsProvides use of on-premises user name across environmentsEnables password hash replication with Password Synchronization

Password SynchronizationAdvantagesLow barrier to entryReduces TTS (Time to Solution)No changes needed to existing AD serversExtends Directory Synchronization to provide Same Sign-On experience

DisadvantagesDoes not provide Single Sign-On experienceRequires additional authenticationDoes not support custom 2 factor authentication mechanisms deployed on-premisesDoes enable policy based access control decisionsSingle Point of Failure

Windows Azure Active

Directory

OAuth2

SAML-P

WS-Federation

Metadata

Graph API

Office Activation Service

Office 365 Admin Portal

Exchange Mailbox Access

…

Authorization

Directory & Password Sync

On Premises

DirectorySync

Active Directory

AD FS

AdvantagesProvides Web SSO (enables seamless partner federation) & mitigates partner user account managementClaim mapping supportExtensibleEnables broader hybrid workload adoption and support (I.e. Search, BCS, etc.)

DisadvantagesInfrastructure investment requiredComplex configurationLow ROI in limited support scenarios

Provides an open and interoperable claims-based model for integration

Windows Azure Active

Directory

OAuth2

SAML-P

WS-Federation

Metadata

Graph API

Office Activation Service

Office 365 Admin Portal

Exchange Mailbox Access

…

Authorization

AD FS

DirectorySync

Active Directory Federation Services

On Premises

Active Directory

Redirection in SharePoint Server 2013

Click icon to add picture

PrerequisitesService Pack 1Office 365 (P1 + subscription)Identity federation for seamless experience

1 User authenticates on-premises

2User clicks OneDrive for Business

in navigation

3 User is not in redirect audience 4 User is in redirect audience

Redirection to OneDrive in Office 365

On Premises

OneDrive for Business Redirection

Spencer Harbar

New options under the heading Office 365 Connections on the home page of the SharePoint Central Administration website

SharePoint Online My Site Host Url

Configure audience scoped redirection toOffice 365

Specifies where new SharePoint sites are created.

Redirects to OneDrive for Business in Office 365

Office 365 Configuration Click icon to add picture

Office 365 Configuration and SettingsUser license assignmentStorage allocationNavigation settings

Deployment

Click icon to add picture

Deploy Sync Client with Office Deployment ToolConsole application and configuration manifestAllows an administrator to customize and manage Office 2013 Click-to-Run deployments

Download client<Add SourcePath="\\server\share\C2R_deploy" OfficeClientEdition="32" > <Product ID="GrooveRetail"> <Language ID="en-us" /> </Product> </Add>

Install client<Add SourcePath="\\server\share\C2R_deploy" OfficeClientEdition="32" > <Product ID="GrooveRetail"> <Language ID="en-us" /> </Product> </Add> <Updates Enabled="TRUE" UpdatePath="\\server\share\C2R_updates" /> <Display Level="None" AcceptEULA="TRUE" />

\\server\share\C2R_deploy\setup.exe /download \\server\share\C2R_Deploy\Download_OneDrive.xml

\\server\share\C2R_deploy\setup.exe /configure \\server\share\C2R_Deploy\Install_OneDrive.xml

+

+

Sync Client UpdatesAutomatic updates from Microsoft<Updates Enabled="TRUE“ />

Patch TuesdayDaily Scheduled Task to check

Updates from an internal location<Updates Enabled="TRUE" UpdatePath="\\server\share\C2R_updates" />

No Automatic updates<Add SourcePath="\\server\share\C2R_deploy" Version="15.0.xxxx.xxxx" OfficeClientEdition="32" >

Download a new build and create a new configuration file

Bandwidth PlanningDownload the OneDrive for Business Client Network Bandwidth Calculatorhttp://www.microsoft.com/en-us/download/details.aspx?id=44541

Migration

Click icon to add picture

IW-Led, IT-ManagedITManages OneDrive for Business sync client deploymentReadiness

IWManaged migration

Drag and Drop

ScenariosIW-led migrationNo document metadata preservation needed

Migration of personal content (personal sites)PrerequisitesPersonal sites are required (I.e. must be created) for migrationBulk provisioning options provided in Service Pack 1

Bulk site migrations require a migration account to be added to the personal sites

Bulk ProvisioningLimited to 200 in a batch for the queueThe queue is shared by tenantsThrottling is possible if a single tenant is keeping the queue saturated

Provisioning speed varies based on farm activitiesImprovements have been made in provisioning speedEffort is underway to improve further

Bulk Site Creation: CSOM APIpublic IEnumerable<string> CreatePersonalSiteEnqueueBulk([Microsoft.SharePoint.Client.ClientCallableConstraint(Type = Microsoft.SharePoint.Client.ClientCallableConstraintType.MaxLength, Value = 200)]string[] emailIDs)

Calling CSOM from PowerShell[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.UserProfiles")$loader =[Microsoft.SharePoint.Client.UserProfiles.ProfileLoader]::GetProfileLoader($ctx)#To enqueue Profile$loader.CreatePersonalSiteEnqueueBulk(@(“JoeUser@contoso.com"))$loader.Context.ExecuteQuery()

Assigning Permissions$cred= Get-CredentialConnect-SPOService -Url https://contoso-admin.sharepoint.com -credential $credConnect-MSOLService -credential $cred$AdminAccount= “migrationaccount@contoso.onmicrosoft.com"$Users= Get-MSOLUser -All | Select UserPrincipalName foreach ($User in $Users){

$strUser = $User.userprincipalname$pos= $strUser.IndexOf("@") $strUser = $strUser.SubString(0, $pos) $SiteUrl= "https://contoso-my.sharepoint.com/personal/" + $strUser $SiteUrl= $SiteUrl+ "_contoso_onmicrosoft_com" Set-SPOUser -Site $SiteUrl -LoginName $AdminAccount -IsSiteCollectionAdmin

$true –ErrorAction Continue}

New Migration Pipeline SDKImproved import API that implements Azure Blob Storage based on modern File APIs

Designed to improve migration performance and reduce load on Office 365 services such as SharePoint Online

SDK with sample pipeline solution (migration tool) in May 2015

Personal Files

FileShare Server

SharePoint On-Prem

Microsoft Or ISV tool

Symmetrical SAS Key

Content[Container]

Read/List

Manifest[Container]

Read/List/Write

Notification[Queue]

Add/Remove3

4

5

Create a package using the tool

Upload the package

CSOM : Site.CreateMigration

+ +WebID +

File upload to SPOManifest Read/writeUpdate the QueuePut Log in the Manifest

Legend

BOT

Timer Job Queue

CFE CFE CFE

...

...Migration Azure

Blob StorageBOT BOT

4

CSOM Migration call

Work item queued for later migration timer job

processing

Job Distributed to the bots via timer

service logic

Migration to the CBD

Content transfer to spo

Update Manifest and Azure Queue

2

CDB CDB CDB

...Use only 1 CPU per CDB

1

CSOM : Create target Site/Web/List structure

ISV SolutionsScenariosIT-endorsed use of competitive FSS solutionsRequire metadata preservation, discovery, and compliance controls

File and Folder RestrictionsWindows Reserved Characters<, >, :, “, /, \, |, ?, * as identified by Path.GetInvalidFileNameChars Method

OneDrive for Business Considerations_ (marked as hidden in Explorer View). (preceded or followed by)~, #, %, &, [, ], {, }Posix semantics are not supported

File and Folder Validationprivate static Regex pattern = new Regex(@"[\\\[\]\|~#%&*\:{}?/]+", RegexOptions.Compiled);

DirectoryInfo source = new DirectoryInfo(args[0]);

foreach (DirectoryInfo di in source.GetDirectories()) { if (di != null) { FileInfo[] files = source.GetFiles("*.*", SearchOption.AllDirectories);

Download source code and app at http://blogs.technet.com/b/wbaer/archive/2014/05/24/file-and-folder-considerations-with-onedrive-for-business.aspx.

In Review: Session Objectives And TakeawaysSession Objectives: 1. Understand SharePoint Server 2013 Service Pack 1 advancements for integrating on-

premises with OneDrive for Business in Office 3652. Position OneDrive for Business in Office 365 as a first and best workload in the cloud3. Architect and plan for OneDrive for Business integration and migration as a first step

towards a cloud strategy for or customers

OneDrive for Business is a first and best cloud workload

Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.

Please evaluate this sessionYour feedback is important to us!

© 2015 Microsoft Corporation. All rights reserved.