Post on 28-Dec-2015
Configuring Cross-Farm Services in Microsoft SharePoint 2010
Shannon BrayTechnical Architect | Training DirectorPlanet Technologies
Shannon Bray
MCT, MCPD(e), MCITP, MCSD, MCAD, …SharePoint 2010 Microsoft Certified Master CandidateAutomating SharePoint 2010 with Windows PowerShell 2.0Technical Architect | Training DirectorPresident of Colorado SharePoint User’s Group
In this session you will learn to:
Understand the Service Application ArchitectureUnderstand Key ConceptsUnderstand Service Federation and How it WorksThe Steps Include …Troubleshoot the Federated Service EnvironmentTest the Federated Service Environment
To Start Out With …
Two Farmshttp://enterprise.teched.localhttp://internet.teched.local
No SharePoint Service AccountsNo SharePoint Service ApplicationsNo SharePoint Content Databases in SQL Server
To Start Out With …
Two Farmshttp://enterprise.teched.localhttp://internet.teched.local
No SharePoint Service AccountsNo SharePoint Service ApplicationsNo SharePoint Content Databases in SQL Server
Everything will be built during the presentation!!!
demo
Build Core Infrastructures
Shannon BrayTechnical Architect | Training DirectorPlanet Technologies
Understand the SA Architecture
Services can be consumed “a la carte”The service architecture is extensibleServices are supported on SharePoint FoundationServices can be scaled outServices can be resilient \ redundantServices can be Federated
Understand Key Concepts
ServiceService Machine InstanceService ApplicationService Application ProxyService ConsumerService Proxy GroupsDeploying Service ApplicationsAutomatic Services
Understand Federation and How it Works
Automatic ServicesServices that Support FederationFarm Level TrustService Application PermissionsDomain Level Trust
Automatic Services
Application Discovery and Load Balancer Service ApplicationSecurity Token Service Application
demo
Automatic Services
Shannon BrayTechnical Architect | Training DirectorPlanet Technologies
Enterprise Services Farm
The Steps Include …
Create the Publishing CertificateCreate the Consumer CertificatesExchange the CertificatesImport the Consumer Certificates on PublisherImport the Publishing Certificate on the ConsumerConfigure Trust with Consumer Farm IDPublish the Service(s)Consume the Service(s)
Create the Publishing Certificate
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content "C:\Certs\EnterpriseServicesRootCert.cer" -Encoding byte
Create the Consumer Certificates
$rootCert = (Get-SPCertificateAuthority).RootCertificate $rootCert.Export("Cert") | Set-Content "C:\Certs\InternetRootCert.cer" -Encoding byte
$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate $stsCert.Export("Cert") | Set-Content "C:\Certs\InternetSTSCert.cer" -Encoding byte
Get the Consumer Farm ID
$farmID = (Get-SPFarm).Id
New-Item C:\Certs\internetConsumerFarmID.txt -type file -force -value "$farmID“
Swap ‘Em
Copy-Item \\$consumer\c$\Certs\InternetConsumerFarmID.txt \\$publisher\c$\Certs
Copy-Item \\$publisher\c$\Certs\EnterpriseServicesRootCert.cer \\$iconsumer\c$\CertsCopy-Item \\$iconsumer\c$\Certs\InternetRootCert.cer \\$publisher\c$\CertsCopy-Item \\$iconsumer\c$\Certs\InternetSTSCert.cer \\$publisher\c$\Certs
Import the Certs on Publishing
$trustCert = Get-PfxCertificate "C:\certs\InternetRootCert.cer" New-SPTrustedRootAuthority Internet -Certificate $trustCert
$stsCert = Get-PfxCertificate "c:\certs\InternetSTSCert.cer" New-SPTrustedServiceTokenIssuer Internet -Certificate $stsCert
Import the Certs on Consumer
$trustCert = Get-PfxCertificate "C:\Certs\EnterpriseServicesRootCert.cer"
New-SPTrustedRootAuthority EnterpriseServices -Certificate $trustCert
Permissions to the Consumer Farm
$farmID = Get-Content C:\Certs\InternetConsumerFarmID.txt
$security = Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity
$claimProvider = (Get-SPClaimProvider System).ClaimProvider
Topology Discovery
$principal = New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimProvider -ClaimValue $farmID
Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"
Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security
demo
The Steps Include…
Shannon BrayTechnical Architect | Training DirectorPlanet Technologies
Test the Federated Service Environment
Managed Metadata Service from Consumer Farm
Troubleshoot the Environment
Ensure Domain TrustConsumer has permission to Topology ServiceCheck the ACLFQDNCertificates
demo
Test and Troubleshoot the Federated ServicesShannon BrayTechnical Architect | Training DirectorPlanet Technologies
Related Content
OSP310 - Virtualizing Your SharePoint Farm ArchitectureOSP201 - The Ten Immutable Laws of Microsoft SharePoint Security
BOF18 – Advanced Architectures for Microsoft SharePoint 2010
Product Demo Stations for SharePoint 2010
Find Me Later At…BOF18 – Advanced Architectures for Microsoft SharePoint 2010SharePoint Booth@NoIdentity29 – Follow me… to follow me.
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
www.northamerica.msteched.com
Connect. Share. Discuss.
Complete an evaluation on CommNet and enter to win!
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.