Authenticon and Authorizon Infrastructure in 2013 Paolo Pialoi – paolo@pialoi.com Senior Consultant PiaSys SPC401 Something about me Consultant, project manager and trainer since 1996 Working in a company of my own : www.pialoi.com More than 40 certificon exams passed Certified Solution Master – Charter Focd on since 2002 Author of 10 books about , C#, .NET 2010 Developer Reference, Press 2013 Developer Reference, Press Build Windows 8 Apps with Visual C# and Visual Basic Step by Step , Press Speaker at main IT conferences \\pialoi-sistemi.it\DFSRoot\Profiles\My-Documents\PaoloPi\My Documents\My Pictures\SP2010-Developer-Reference. Agenda Authenticon ’ Authenticon Federon Apps Authenticon Custom ClaimsProvider Authorizon ’ Authorizon Apps Authorizon Server to Server (High Trust) Authenticon NT Token Windows Identity ASP.NET (FBA) SQL, LDAP, Custom … SAML Token Claims Identity SPr NT Token Windows Identity SAML 1.1 ADFS, ACS, etc. - Classic - Claims 2013 ’ Authenticon It works almost like 2010 Supported Authenticon Modes Classic - mode It’s deprecated ! For backward compbility only Available only through Powehell No more available in Central Administron You have Convert - SPWebApplicon to migrate to claims … Claims - It’s the default mode And the only one available in SPCA it … and move to it Claims - Authenticon Methods Anonymous Windows Basic, NTLM, Kerberos Forms Authenticon (FBA) Membehip API (ASPNET SQL) LDAP Provider Custom Provider ( developed in .NET) Trusted Identity Provider Active Directory Federon Services (ADFS 2.0/3.0) Windows Azure Access Control Services (ACS) Windows Azure Active Directory Services (AAD, via ACS) Custom IP/STS ( developed in .NET or any other compliant platform ) 2013 Authenticon Paolo Pialoi Identity Claims Representon Windows Account: i:0#.w|piasys \ paolo FBA Account: i:0#.f|fbamembehip|paolo SAML Account: i:05.t|piasys - acs|paolo@pialoi.com How it works i :0 5 . t | piasys - acs | paolo@pialoi.com i = Identity Claim c = Other Claim : = Separator 0 = Reserved ClaimValue Type . = String + = RFC822 Name For further details read : Protocols Claim Type # = logon name 5 = email . = rname ? = name identifier ! = identity provider - = Role Get - SPClaimTypeEncoding Claim Issuer w = Windows t = Trusted Identity Provider f = Forms Authenticon . = Custom Claims Provider Claim Value or Original Issuer Windows = Claim Value Othe = Original Issuer Name Claim Value ( not for Windows) Trusting an external Identity Provider Windows Azure ACS 2.0 Identity Provider and Security Token Service Leverages external IP Account ( aka Windows LiveID ) Facebook Google Yahoo! ADFS 2.0/3.0 Windows Azure Active Directory Custom WS - Federon It’s available for free! You simply to have a valid Windows Azure subscription Some Specs Supported by ACS 2.0 Protocols OAuth 2.0 WS - Trust WS - Federon Tokens SAML 1.1/2.0 JSON Web token (JWT) Federng with Windows Azure ACS Paolo Pialoi PeoplePicker, Claims, Augmenton, etc. When you trust an external IP you get claims Some you to augment them Some you to search for them in the PeoplePicker Often you to authorize on them Claims Provide What you is a claims provider Claims augmenton (custom claims to extend issued security tokens ) Names resolution ( search , resolve , friendly values for claims , people , and roles ) Available out of the box SPActiveDirectoryClaimProvider SPFormsClaimProvider SPTrustedClaimProvider Custom Claims Provide Inherit from SPClaimProvider ..Administron.Claims Implement/Override methods for Name resolution Claims augmenton Support hierarchies Resolve claims Search claims Custom Claims Provider Deployment Requires a farm - level solution (.WSP) Not suitable for Office 365 Leverages a dedicated feature with a receiver SPClaimProviderFeatureReceiver be activated via Powehell onto the target Web Applicon Developing a Custom ClaimProvider ( Quick Over ) Paolo Pialoi 2013 App Authenticon App Authenticon is supported only for CSOM or REST API requests originated by an app ! Authenticon Model for Apps Internal app Authenticon When an app invokes CSOM/REST API from within an app web and with SAML token for r - hosted apps this kind of app authenticon Cross - domain calls in Cloud - hosted apps this kind of app authenticon External app Authenticon via OAuth The app invokes CSOM/REST API providing an access token signed by Windows Azure ACS The access token can include app and r identity The access token can be an app - only identity Is the only model supported by Office 365 External app Authenticon via Server to Server The app invokes CSOM/REST API providing an access token signed with a trusted X.509 certificate Leverages a direct trust between and an app ( further details later …) Is only supported on - premises Is the endpoint outside of an app web? Does the token include r info? Is endpoint CSOM/REST? OAuth token present? End Start r credentials provided? anonymous context r context App-Only context app and r context Yes No 2013 Apps ’ Authenticon Yes Yes Yes No No No No Yes Yes Yes Yes Yes Yes No No No No No The OAuth Protocol The OAuth 2.0 authorizon framework enables a third - party applicon to obtain limited accessto an HTTP service, either on behalf of a resource owner by orchestrng an approval interaction between the resource owner and the HTTP service, or by allowing the third-party applicon to obtain access on its own behalf. http://tools.ietf.org/html/rfc6749 Apps OAuth Flow 7. Access token 10. App Start Page + Contents 5. Request App Start Page + Context Token (SPAppToken) 4. App Redirect 9. a 8. Req. + Access token 1. Start App 2. Request context token 3. Signed context token 6. Refreshtoken MSN icon parental controls Subject AppServer Server Windows Azure ACS Server to Server (High Trust) High Trust != Full Trust Extension to OAuth Leveraged by apps and infrastructural services ( Workflow Manager, Exchange, etc.) Can any r identity Direct trust relonship Between and the external app /service on X.509 certificates One certificate for each app ( avoid sharing certs across apps ) Can leverage shared certificates for Trust Broke Available for Provider - hosted apps Supported by wizard of Visual Studio 2012/2013 and Office Developer Tools for VS Configurable by Powehell Authorizon SPr and SPGroup Almost the same as in 2010 Define r or group principals Inherit from SPPrincipal You can give explicit permissions ( authorizon ) Target: site, lists / libraries , items /folde Authorizon leverages Permission Levels ReadOnly , Limited Access, Edit , Design, Full Control Permission Levels can be customized Permission Levels are made of Permissions Manage Lists , Add Items , Edit Items , Delete Items , etc. Are a bitmask of nve and basic permissions App Permissions Are different from r permissions Are granted as all or nothing App can include permissions requests in applicon manifest Installing r grants/denies permissions during installon If permissions request denied, does not install the app can grant only permissions that they have You be at least a Site Owner to install an App Cannot be changed after assignment Permissions can only be revoked More about App Permissions App has full control over its app web But no other default permissions Permissions are made of Scope and Right Permission Scopes Site Collection, Web Site, List, Tenant , Services ( Search , Managed Metaa , r Profile , etc.) Permissions applied to a target scope, apply also to all the children of that scope Permission Rights Read - Only , Write, Manage , Full Control Other specific rights for Services Apps Rights and Scopes are not customizable 2013 Authorizon Paolo Pialoi Sesha Mani Principal Program Manager , Office365 Cloud Services Claims, Oauth , S2S in – Roadmap Claims infrastructure is at the core powering full stack of platform investments, today, tomorrow, and in the future Out of box S2S Scenarios, Extensibility App Model Oauth& S2S identity platform Claims infrastructure Services Scenarios to Exchange eDiscovery Site Mailboxes MySiteProject Tasks Sync High Resolution Photos to Translon service Hybrid: Duet/SAP Hybrid Search to MTW Multi-tenant Workflows (MTW) to Apps AppModel extensibility to Azure media service… Video Portal (upcoming) Wrap up r Authenticon Claims - That’s all about claims External Identity Provide ACS, ADFS, etc. Custom Claims - Provide for better ’ experience App Authenticon Internal Authenticon External Authenticon via OAuth External Authenticon via Server to Server Authorizon SPPrincipal App Principal MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. to SPC14 Welcome on - premises, in the cloud, and everything in between … “ “ Bill Baer Senior Product Marketing Manager Bill Baer is a Senior Technical Product Manager and Certified Master for in the product group in Redmond, Washington; having previously worked at Hewlett - Packard Bill Baer has a proven background in infrastructure engineering and enterprise deployments of Products and Technologies. While at Hewlett - Packard Bill Baer was awarded the MVP award for his contributions in the Technology Solutions Group, now known as HP Enterprise Business, which encompasses server and storage hardware, technology consulting, and software sales. Twitter @ williambaer LinkedIn / billbaer TechNet /b/ wbaer Bill Baer ('b..r) Senior Product Marketing Manager www.wbaer.net Office 365 Innovon Transformon of IT Server 2013 & Service Pack 1 Closing Agenda By 2015, 35% of enterprise IT expenditures for most organizons will be managed outside the IT department’s budget. 2015 IT budget Source: Gartner Predicts, Gartner, 2011 2020 By 2020, cloud will represent nearly 30% of all IT spending Source: IDC Black Book 2013, IDC, 2013 Cloud Computing IT as a Service Infrastructure as a Service \\\Projects\\Cloud Power \Design\_\Iaas. Platform as a Service \\\Projects\\Cloud Power \Design\_\PaaS. Software as a Service \\\Projects\\Cloud Power \Design\_\Saas. IT challenges opportunities & t o drive business process transformon to driving outcomes t o increase revenue t o advance innovon t o build better r experiences IT is being asked to do more… D:\Studio Work\TriFilm\13.027TF\20140206_On_Premises_Roadmap\Working_Files\STB13_Jason_10.jpg IT is an enabler… IT has a unique opportunity in a cloud - centric world to: demonstrate overcoming these challenges The opportunity… Transition from systems administrato To value added service broke Server 2013 Re and Roadmap 2014 December 2013 PU December 2013 CU April 2013 PU August 2013 PU June 2013 CU November 2013 PU February 2013 CU October 2013 CU 2012 2013 2014 2013 Launched Server 2013 in Azure VM June 2013 PU March 2013 PU April 2013 CU July 2013 PU February 2013 PU October 2013 PU August 2013 CU January 2014 PU January 2013 PU 2013 PU September 2013 PU December 2012 PU Service Pack 1 …with Service Pack 1, we’re helping IT respond to these challenges D:\Studio Work\Studio_Admin\Art\Images\Mediabank\2014_01\Cercial\WIN13_DellXPS18_01. serv·ice /' s.rvis / 1) Noun: an act of helpful activity; help; aid 2) Verb: perform routine maintenance or repair work on 3) Adjective: of service, ful Service Pack 1 RTW 2/25/2014 1.21 GB (1,307,219,231 bytes) Build 15.0.4469.1005 Included Cumulve Upes Public Upes Functionality Includes all Cumulve Upes up to, and including December 2013 Next post - Service Pack 1 Cumulve Upe, February 2014 Includes all Public Upes, up to, and including December 2013 Next post - Service Pack 1 Public Upe, March 2014 OneDrive for Business Yammer integron Windows Server 2012 R2 Support JSON Light Support D:\Studio Work\Studio_Admin\Art\Images\Mediabank\2014_01\Consumer\WIN13_Acer_02. OneDrive for Business Peonal storage in the cloud Redirection support in Service Pack 1 JSON Light Yammer Integron Support for multi - tenant storage and networking Windows Server 2012 R2 Support Support for Windows Server 2012 R2 as host operng system for 2013 Supports less verbose JSON cun from to Apps Classif DEMO Bill Baer Server 201x Launch 2014 2012 2013 2015 Office 365 Innovon What we’ve delivered 2013 Azure AD Password Sync. Office Web Apps real - co - authoring The Office Improved Sharing Emails Office 365 Adapter Embedded Images PDFs in Word Web Apps Uped Lync mobile clients OneNote for iPhone and Android phones Q&A manager Power Map for Excel Directory Sync Max Objects Auto Increase Windows Azure Active Authenticon Diync Scoping and Filtering Exchange Online Inactive Mailboxes PDF support for Online Lync Online Integrated Reporting Office Web Apps Upe Windows Azure Active Directory Sync Tool - upe Admin Add Retention policy and tag management Office 365 SSO with SAML 2.0 Identity Provide Exchange Online Address Book Policies Excel Web App upe sfeed App for Windows 8 Lync meeting scheduling from OWA Exchange Online Archiving add - on Rights Management Services OneNote for iPad Online Platform Improvements IM mute EXO: 50 GB Mailboxes Exchange group naming policy Directory Sync Max Objects Auto Increase Office on the Web Yammer basic integron Encrypted a Project codename “GeoFlow” pre for Excel Directory Sync Max Objects Auto Increase Office 365 Admin Mobile App SkyDrive Pro Sync for Windows Lync Online Remote Powehell Lync mobile clients Office Mobile for iPhone & Android phones Go Daddy Integron OWA for iPhone & OWA for iPad Lync and Service Reporting Connecting Skype & Lync SkyDrive Pro apps for Windows 8 & iOS Message Center Shared with Me 50 GB mailbox Office 365 Switch Plans SkyDrive Pro Storage increase Lync Online Q&A manager Massive Scale = 4,294,967,296 Documents PB Tenants/TB Site Collections 1 PB Tenants 1 TB Site Collections = 1,024 TB = 1048576 GB = 1.0737E+9 MB Trust & Control Codename Fort Knox SSL \\\Projects\\Cloud Power \Design\_\Document. Contoso Sales.pptx C:\\mitchellg\Appa\Local\\Windows\Temporary Internet Files\Content.Outlook\DRES7FCJ\Storage_white (2). C:\\mitchellg\Appa\Local\\Windows\Temporary Internet Files\Content.Outlook\DRES7FCJ\Storage_white (2). C:\\mitchellg\Appa\Local\\Windows\Temporary Internet Files\Content.Outlook\DRES7FCJ\Storage_white (2). \\\Projects\\Cloud Power \Design\_\Document_Secure. AES256 Encrypted Storage 64KB 64KB 64KB \\\Projects\\Cloud Power \Design\_\Consistent_Development_and_Deployment_Platform. Enc. Partition \\\Projects\\Cloud Power \Design\_\Consistent_Development_and_Deployment_Platform. Enc. Partition \\\Projects\\Cloud Power \Design\_\Consistent_Development_and_Deployment_Platform. Enc. Partition Trust & Control Multi - Factor Authenticon \\\Projects\\Cloud Power \Design\_\Applicon. Login with rname & password Windows Multi - Factor Auth Challenge r responds to challenge from device Trust & Control Encryption @ Rest Unencrypted a at Rest 265 - bit AES At - Rest Encrypted Hacker Hello world &%s62 >U8}!4 256 - bit SSL encryption r No encryption Hacke advanced methods to target serve. Hacke can easily access unencrypted a. a - At - Rest Encryption Your a is invaluable. Encrypting a in transit is no longer enough. At - rest a encryption completes and maintains a protection while in storage. Even in the unlikely case that a server or hard drive is compromised, intrude would only see undecipherable a that is garbled and unreadable The most important cloud characteristic is the ability to migrate workloads between public and private cloud North American CloudTrac Survey, IDC, 2012 Public Private IT Experience Powehell Powehell >_ Remote Desktop Remote Desktop Windows Admin Windows Admin Server Server Tools Tools Office 365 Powehell Powehell >_ \\\Projects\\Cloud Power \Design\_\Devices. Tenant Administron Tenant Administron Systems Center \\\Projects\\Cloud Power \Design\\s\Cross Platform. Directory Synchronizon Directory Synchronizon AD FS AD FS \\\Projects\\Cloud Power \Design\_\IIS-MULTI-TENANCY. InTune InTune Management Management Tools Identity and Security Investments in deployment and management that allow you to deploy coexistence scenarios with confidence and scale Span the cloud and on - premises with rich hybrid Search and BCS scenarios Search CONFIDENTIAL Query Federon Search across on - premises and the cloud Investments in deployment and management that allow you to deploy coexistence scenarios with confidence and scale Span the cloud and on - premises with rich hybrid Search and BCS scenarios Line of Business CONFIDENTIAL Business Connectivity Services Search across on - premises and the cloud Deliver lower TCO and increased agility, with the flexibility of bringing SkyDrive Pro and Sites to Office 365 while retaining on - premises investments. Files & Content OneDrive for Business Simple coexistence configuron and cloud controls on - premises Redirect SkyDrive Pro and Sites to Office 365 Configure Yammer as social experience Social CONFIDENTIAL Yammer sfeed Replacement Activate/deactivate experience Simple configuron through Central Administron Moving Forward… \\\Projects\\Cloud Power \Design\\s\Cloud_on_your_terms. \\\Projects\\Cloud Power \Design\\s\Public_Cloud_Productivity. \\\Projects\\Cloud Power \Design\\s\Cross Platform. LIKE ‘Contoso Sales’ From Query Federon to \\\Projects\\Cloud Power \Design\\s\Cloud_on_your_terms. \\\Projects\\Cloud Power \Design\\s\Public_Cloud_Productivity. \\\Projects\\Cloud Power \Design\\s\Cross Platform. LIKE ‘Contoso Sales’ Search Remote Index SPC14 for IT Professionals SPC @ a Glance 50+ Hands on Labs Levels 2 & 3 @ The Venetian 100+ s 100+ s D:\Studio Work\Studio_Admin\Art\Images\Mediabank\2014_01\Consumer\WIN13_Madelon_Lenovo_Acer_HP_Samsung_Asus_Nokia_01_horizontal_Fix. 100+ s Making Collaboron Rock by Increasing Discoverability Solutions and Architectures on Windows Azure Infrastructure Services 2013 hybrid end - to - end Advanced Performance Analysis for Beyond Deployment: How IT Can Inspire, Motivate And Drive Sustainable Adoption Give all the storage they want without going broke Over: spreadsheet management and risk assessment in Office and 2013 Online: Meeting security, privacy, and compliance requirements Automng operons and governance: site provisioning and group management Lessons learned from a support engineer: where there was no planning, there was no adoption Gathering requirements: asking the right questions before building out a 2013 environment Office 365 identity federon Windows Azure and Windows Azure Active Directory Real - world architecture decisions Deploying highly available Internet Sites on Windows Azure Virtual Machines End - to - end eDiscovery in Office and Office 365 Load testing 2013 Visual Studio 2013 2013 and Office 365 upgrade and migron: strategy and tactics Configuring Hybrid Search with 2013 and Online Implementing federated (cross - farm) services in 2013 Showcase: Customer Panel on r Adoption Optimizing SQL Server 2012 for 2013 storage architecture, 2001 - present inside and out WCM in 2013 for IT Pros from 0 to Infinity Access is back! High - value, 'no code', functional & flexible business apps with the Access services Automated 2013 disaster recovery with Windows Azure and Cloud Packs Configuring Hybrid Business Connectivity Services with 2013 Showcase: How Legal does eDiscovery Comprehensive r Profile Synchronizon Designing and applying informon architecture for and Office 365 Get up and running fast with SkyDrive Pro: planning guidance and best practices Multi - factor authenticon for 2013 and Online a security and compliance Authenticon and authorizon infrastructure in 2013 Designing, deploying, and managing Workflow Manager farms Migrate your a and documents efficiently to Online and SkyDrive Pro Online Management & Control Federng appl with Office 365 Windows Azure Active Directory Mastering Office Web Apps 2013 deployment and operons Windows Powehell with 2013 and Online Authenticon patterns for 2013 and Office 365 Governing & configuring organizonal sites in an enterprise environment Mobilize your workforce: publish to your beyond the firewall with Windows Server 2012 R2 Web App Proxy 2013 Work Management Service deep dive Subordinate integrity: Certificates for 2013 The nuts and bolts of upgrading to 2013 Over of Compliance in Office and Office 365 Business Continuity Management with SQL Server Always On Undetanding and maintaining Apps for IT Professionals Optimizing external a consumption through Business Connectivity Services (BCS) and Oa Services 2013 demystified 2013 demystified in the clouds – select, mix, and deploy what’s right for you Stress testing and optimizing 2013 shredded storage with traditional and RBS storage 100+ s 100+ Online: Building for Large Enterprises Tips & Tricks to make the most out of your site and maximize adoption Find Your Cloud @ SPC Hybrid Office 365 & Public Cloud On - premises & Private Cloud SPC279 Online: Meeting security, privacy, and compliance requirements SPC216 Online: Building for Large Enterprises SPC339 2013 hybrid end - to - end SPC320 Configuring Hybrid Search with 2013 and Online SPC319 Configuring Hybrid Business Connectivity Services with 2013 SPC298 Introduction to and Windows Azure IaaS SPC333 Mobilize your workforce: publish to your beyond the firewall with Windows Server 2012 R2 Web App Proxy Summary D:\Studio Work\Studio_Admin\Art\Images\Mediabank\2014\STB13_Jaden_11. Great and great opportunity for the business On path to deliver the next major release of Server Ramping focus on the enterprise cloud in CY 2014 Will continue to innovate across box and cloud BI and Search investments integrng deeply with Office 365 D:\Studio Work\Studio_Admin\Art\Images\Mediabank\2014_01\Cercial\WIN13_Brittany_HPElitePadproductivityjacket_02. Cunity Experts MVP’s MCM’s Product & Program Manage Influence Adviso Develope Informon Worke IT Professionals & Systems Administrato Ask The Experts 6:15 – 8:15 Wednesday, Main Expo Hall The Office 365 IT Pro Network Discover Engage Connect Participate in cunity discussions around Office 365 topics, provide feedback, and ask questions. Learn about the latest s, upes, trends, and best practices in the informon technology industry. Interact with pros, enginee, MVPs, Inside, and industry influence. Get started at www.yammer.com/itpronetwork IT Pro Winner’s Circle Will Hardy Calgary Board of Educon –IRIS Solution © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Introduction to and Windows Azure IaaS Kirk Evans Architect, Azure Modern Apps COE SPC298 Agenda Why on Azure IaaS ? How does it work? Who has done this already? Why on Azure? Cloud Models On Premises Storage Serve Networking O/S Middleware Virtualizon a Appl Run You manage Infrastructure (as a Service) Storage Serve Networking O/S Middleware Virtualizon a Appl Run Managed by You manage Platform (as a Service) Managed by You manage Storage Serve Networking O/S Middleware Virtualizon Appl Run a Software (as a Service) Managed by Storage Serve Networking O/S Middleware Virtualizon Appl Run a Cloud Continuum CONTROL COST-EFFICIENCY (On-premises) • Value Prop: •Full h/w control –size/scale •Roll-your-own HA/DR/scale Value Prop: •100% of API surface area •Easy migron of existing apps •Roll-your-own HA/DR/scale (IaaS) •Hosted Value Prop: •Auto HA, Fault-Tolerance •Friction-free scale •Self-provisioning, mgmt. @ scale • Service Office 365 (SaaS) Service Level Agreements 99.9% for single role instances 8.75 hou of down per year What’s included Compute Hardware failure (disk, cpu , memory) acenter failures - Network failure, power failure Hardware upgrades, Software maintenance – Host OS Upes What is not included VM Container crashes, Guest OS Upes 99.95% for multiple role instances 4.38 hou of down per year Value Delivered Fast Quicklyget develope on your projects up and running with little down. Quicklyget system test environments provisioned. \\\Projects\\Cloud Power \Design\_\Speed. Reduced Cost Reduced-Cost. Tear downdeveloper machines when vendo leave the project. Reduced capital expenditures as no laptops to be issued to develope. Tear downsystem test environments when not in or a particular release has finished. Integrate the customer’s vendo easily. The customer doesn’t have to add the vendor to the corporate domain. Reduced Operons \\\Projects\\Cloud Power \Design\_\Gea. MSDN Azure Benefit .MSDN products can be d on Virtual Machines .Single monetary credit (e.g. VPN gateway fee, no ovepending) .Focs on Dev/Test Usage R Dev / Test Cloud Service VirtualNetwork Windows Azure SQL DR1 (A6) SP DR1 (Large) AD1 (X-Small) SQL DR2 (A6) SP DR2 (Large) SP DR4 (Large) SP DR5 (Large) SP DR3 (Large) Visual Studio Online Test Agents Load Test Exclusive Offer for MSDN Subscribe IaaS and Disaster Recovery Cloud Service Virtual Network Windows Azure SQL DR1 (A6) SP DR1 (Large) AD1 (X-Small) On Premises Web serve Applicon serve SQL DR2 (A6) SP DR2 (Large) SP DR4 (Large) SP DR5 (Large) SP DR3 (Large) Directory serve VPN Tunel SQL Server Log Shipping Extranet and Public - Facing Internet Cloud Service Virtual Network Windows Azure On Premises Active Directory Site develope and autho VPN Tunnel 2013 Farm Web Applicon Windows Azure Active Directory Internet Zone Anonymous Extranet Zone Default Zone Windows Windows SAML FBA Active Directory Domain Services Partne and Custome Visito www.blueskyabove.us Kirk Evans @ kaevans #SPC298 Images and Disks Images Available Windows Server SQL Server BizTalk Server Ubuntu OpenS CentOS S Linux Enterprise Server VM Depot Java Platform (Pre) WebLogic Server (Pre) Oracle (Pre) Virtual Machine Sizes Each Peistent a Disk Can be up to 1 TB VMSize CPU Cores Memory #a Disks IOPs Extra Small Shared 768 MB 1 500 Small 1 1.75GB 2 2x500 Medium 2 3.5 GB 4 4x500 Large 4 7 GB 8 8x500 Extra Large 8 14 GB 16 16x500 A6 4 28GB 8 8x500 A7 8 56 GB 16 16x500 How it Works Select from Image Gallery Create VM from image gallery Virtual Machine booted. Changes direct-writeto blob storage Log in to Windows Azure Management Portal The image is copied to your blob storage account R How it Works Bring your own custom Virtual Hard Disk (VHD) Upload image to blob storage Virtual Machine booted. Changes direct-write to blob storage Create your own VHD Create a Virtual Machine by attaching to disk R Azure Management Portal Kirk Evans @ kaevans #SPC298 Peistent Disks and Highly Durable Windows Azure Storage Windows Azure Storage (Disaster Recovery) Virtual Machine Peistent Disks and Highly Durable Windows Azure Storage Windows Azure Storage (Disaster Recovery) Virtual Machine Virtual Machine Fault Domain Rack Virtual Machine IIS1 Virtual Machine SQL1 Fault Domain Rack Virtual Machine IIS2 Virtual Machine SQL2 Web Availability SQL Availability Availability s Get SLA by deploying multiple instances in availability s Ensure availability during upes & maintenance Architect availability into the applicon K Affinity Groups Closely locate your compute, network and storage resources in the same acenter Get better performance Get lower latency Reduce egress costs AffinityGroup K Connectivity Protocols and Endpoints Port Forwarded Endpoints Direct cunicon to multiple VMs in the same cloud app Support for All IP- Protocols (VM to VM) Instance-to-instance cunicon TCP, UDP, and ICMP, dynamic ports UDP Traffic Supported in WA Load-balanced incoming traffic and allows outbound traffic Custom Load Balancer Health Probes Health check with probe outs HTTP- probing, allowing granular control of health checks Virtual Machine Names and DNS Bring your own DNS server your on-premises DNS serve Deploy a DNS server in Windows Azure public DNS services Windows Azure-provided DNS Resolves VMs by name within the same cloud service Machine names are modeled explicitly and in the DNS service Full control over machine names Windows Azure WA Gateway On-premises Your acenter Hardware VPN or Windows RRAS Virtual Network DNS Server Site - to - Site VPN Virtual Networks – Site - to - Site Windows Azure On-premises Your acenter Individual compute behind corporate firewall Point - to - Site VPN Remote worke Virtual Networks – Point - to - Site Virtual Network DNS Server Hardware VPN or Windows RRAS Site - to - Site VPN WA Gateway Point to Site Connectivity Kirk Evans @ kaevans #SPC298 Topology Web Front End Tier Availability #1Front End ServicesDistibuted CacheWorkflow ManagerQuery ProcessingFront End ServicesDistibuted CacheWorkflow ManagerQuery ProcessingIndex Partion #0 Index Partion #0ReplicaFront End ServicesDistibuted CacheWorkflow ManagerQuery ProcessingReplicaReplicaXL - 8 cores / 14GBC: (System) 127GBD: (Page File, Blob Cache) 604GBE: (Log) 40GBF: (Index) 500GBC: (System) 127GBD: (Page File, Blob Cache) 604GBE: (Log) 40GBF: (Index) 500GBC: (System) 127GBD: (Page File, Blob Cache) 604GBE: (Log) 40GBF: (Index) 500GBXL - 8 cores / 14GBXL - 8 cores / 14GB ReplicaFront End ServicesDistibuted CacheWorkflow ManagerQuery ProcessingXL - 8 cores / 14GBC: (System) 127GBD: (Page File, Blob Cache) 604GBE: (Log) 40GBF: (Index) 500GB K App Server Tier Availability #2Content ProcessingAdminCrawlAnalyticsBack End ServicesContent ProcessingAdminCrawlAnalyticsBack End ServicesC: (System) 127GBD: (Page File) 604GBE: (Log) 40GBF: (Analytics) 300GBC: (System) 127GBD: (Page File) 604GBE: (Log) 40GBF: (Analytics) 300GBXL - 8 cores / 14GBXL - 8 cores / 14GB Content ProcessingAdminCrawlAnalyticsBack End ServicesC: (System) 127GBD: (Page File) 604GBE: (Log) 40GBF: (Analytics) 300GBXL - 8 cores / 14GB K a Server Tier Availability #3Availability Group #1Availability Group #2 Availability Group #3SearchContentContentConfiguronService ApplC: (System) 127GBD: (Page File) 604GBE:, F:, G:, H: (TempDB Files) 500GBI: (TempDB Logs) 500GBL: (Transaction Logs) 500GBJ:, K:, M:, N: (Content a) 1024GBO: (Search s) 1024GBXL - 8 cores / 14GBXL - 8 cores / 14GBC: (System) 127GBD: (Page File) 604GBE:, F:, G:, H: (TempDB Files) 500GBI: (TempDB Logs) 500GBL: (Transaction Logs) 500GBJ:, K:, M:, N: (Content a) 1024GBO: (Search s) 1024GB ContentContentConfiguronService ApplC: (System) 127GBD: (Page File) 604GBE:, F:, G:, H: (TempDB Files) 500GBI: (TempDB Logs) 500GBL: (Transaction Logs) 500GBJ:, K:, M:, N: (Content a) 1024GBO: (Search s) 1024GBXL - 8 cores / 14GB K Deploying Powehell for Automon and Advanced Management Automon . Query , manage and c onfigure – at scale: • Virtual Machines • Storage across multiple subscriptions and storage accounts • Tiered deployment workflows Virtual Machines . Configure storage and networking . Domain join to AD on - premises . Bring your own machine images or disks . remote Powehell Virtual Network . Configure Virtual Network . Manage configuron and gateway . Connect to on - premises networks Storage . Upload & download VHDs from storage a ccounts to on - premises . Copy VHDs between s torage a ccounts and subscriptions K Powehell Remoting Endpoint K 2013 Automon Scripts .Powehell Scripts that Remote Powehell for automated deployment of Active Directory, SQL Server and 2013. .Two Sample Configurons Available .HighlyAvailable and SingleVMs .Download from GitHub .https://github.com/windowsazure/azure-sdk-tools-samples K Single Virtual Machines Template \\\Projects\\Cloud Power \Design\_\Agility. AD/DC/DNS LB WEB/APP SQL 80 \\\Projects\\Cloud Power \Design\_\Agility. 20000 Cloud Service Virtual Network Windows Azure Web/App Tier 1 x Large (4 Cores & 7 GB) a Tier 1 x A6 (4 Cores & 28 GB) Identity Tier 1 Small (1 Core & 1.75 GB) K Highly Available Template \\\Projects\\Cloud Power \Design\_\Agility. AD/DC/DNS LB WEB SQL APP 80 \\\Projects\\Cloud Power \Design\_\Agility. 20000 Cloud Service Virtual Network Windows Azure AV SPWEB AV SPAPP AV SQLHA AV DC Web Tier 2 x Large (4 Cores & 7 GB) App Tier 2 x Large (4 Cores & 7 GB) a Tier 2 x A6 (4 Cores & 28 GB) 1 x Small (Quorum) (1 Core & 1.75 GB) Identity Tier 2 Small (1 Core & 1.75 GB) K Powehell Remoting Kirk Evans @ kaevans #SPC298 Case Studies Telenor – Dev/Test Toyota – Gazoo.com . 2013 on Windows Azure Infrastructure Services .http://www..com/en-us/download/confirmon.aspx?id=38428 . 2013 Automon Scripts .https://github.com/windowsazure/azure-sdk-tools-samples Links My s Related s MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. 2013 and Office 365 Upgrade and Migron Strategy and Tactics Dan Holme Analyst & Evangelist IT UNITY SPC243 danholmehttp://tiny.cc/danholmespc14dan.holme@itunity.com t_logo-a. C:\\Dan\Pictures\facebook_logo (36x36).jpg C:\\Dan\Pictures\Dan Headshots\Dan_Lync_100KB.jpg http://www.ashwinkini.com/blog/wp-content/uploads/2008/01/mvp_horizontal_fullcolor. AUTHOR EXECUTIVE TRACK IT Unity Logo w:Tagline.ai CONSULTANT MAUI DAN HOLME 2013 and Office 365 Upgrade and Migron Strategy and Tactics Dan Holme Analyst & Evangelist IT UNITY About This Roadmap to 2013 & Office 365 What is 2010? What is at ? What is 2013? When should I upgrade? On - premise or Office 365? Insight, clarity & balance What are enterprises planning and doing? Technical guidance How do I upgrade or migrate? What do I to know to successfully upgrade ? Answer questions Why Does Matter? Business Matte Doesn’t Matter Doesn’t Matter Objectives VALUE RISK Matte VALUE RISK Objectives VALUE RISK Why should I consider 2013? Ancient History 2006 iPhone 2007 2010 Facebook Devices Social C:\\v-junyo\Documents\Jun_Mesh\ Files\DesignTools\Brand Photos\Office Brand - No_exp\\OFF12_Joi_01. http://farm7.stcflickr.com/6198/6149648253_a3f453cb9e_z.jpg Cloud Control C:\\v-junyo\Documents\Jun_Mesh\ Files\DesignTools\Brand Photos\Windows 7\Cercial\CERCIAL\WIN12_Kiki_01. 2007 – 2012: Revolutionary Trends People Devices Social C:\\v-junyo\Documents\Jun_Mesh\ Files\DesignTools\Brand Photos\Office Brand - No_exp\\OFF12_Joi_01. http://farm7.stcflickr.com/6198/6149648253_a3f453cb9e_z.jpg Cloud Control C:\\v-junyo\Documents\Jun_Mesh\ Files\DesignTools\Brand Photos\Windows 7\Cercial\CERCIAL\WIN12_Kiki_01. People 2013 2010 2013 2010 is so 2006! 2013 Should I upgrade? Move Forward Don’t Upgrade Objective VALUE RISK VALUE RISK Objective VALUE RISK WORKLOAD Workload VALUE RISK Workload The technical implementon of a business objective Workload Solution Service Applicon Business outcome Business What you are doing Workload Evolution No “Big Upgrade” Projects VALUE RISK VALUE RISK “ Upgrade projects have delivered little or no value ” CIO Fortune 50 financial services USA Workload Evolution No “Big Upgrade” Projects VALUE RISK VALUE RISK Move Forward Migrate VALUE RISK VALUE RISK Move Forward Don’t Upgrade Move Forward Migrate When should I begin moving to 2013? Service Pack Don’t Wait Why ? What? When? Business Won’t Wait Don’t Wait “ We are the ones with the budget. If IT can’t deliver, we will go around them . “ Business Lead Major retailer Australia How should I move forward? Roadmap to 2013 2010 Collab LOB Intranet Network a Serve SQL Virtual Serve Roadmap to 2013 2013 2010 Collab LOB Intranet Network a Serve SQL Virtual Serve Roadmap to 2013 2013 Services 2010 Collab LOB Intranet Network a Serve SQL Virtual Serve Roadmap to 2013 2013 Services 2010 Collab LOB Intranet SearchCenter, My Sites Network a Serve SQL Virtual Serve Roadmap to 2013 2013 Services Workload 2010 Collab LOB Intranet SearchCenter, My Sites Network a Serve SQL Virtual Serve Mobile Social Networking Search Web Content Management Roadmap to 2013 2013 Services Workload Social 2010 Collab LOB Intranet SearchCenter, My Sites Network a Serve SQL Virtual Serve Roadmap to 2013 2013 Services Workload Social 2010 Collab LOB Intranet SearchCenter, My Sites Network a Serve SQL Virtual Serve Roadmap to 2013 Deploy 2013 into your service portfolio now The “real” hybrid: 2010 / 2013, Foundon / Server, on - premise / cloud Don’t wait for SP1 but ensure your vendo are ready 2013 service farm Search Center, My Sites Get Office 365 into your service portfolio now Deliver innovve solutions to drive business value Business won’t wait for the next “big jump” upgrade project Deploy workloads to 2010 or 2013, Foundon or Server, on-premor cloud farm as appropriate Don’t deploy “big bet” workloads on 2010 If a workload involves 2013’s “big bets”, you risk, pain, cost, or failure Social, search, mobile devices, WCM (public facing web site, published content intranet or extranet) I have 2007… Should I skip 2010? The 2010/2013 Workload Decision Tree Define Business Can it be done in 2010? 2013 It can be done better in 2013 YES Can it be done in 2013? NO YES Another Product NO OK, now can we upgrade? Migrate Don’t Upgrade Migrate Upgrade is Dead Upgrade: A High Level Copy s to farm 2 Upgrade s 3 4 Create 2013 Production farm 1 5 Site collections remain in 2010 mode 4 Split Peonality 2013 2010 mode 2013 mode 1 2010Root Folder(“14 Hive”) 2013Root Folder(“15 Hive”) 2010 workflow engine 2010 customizon models (Full Trust, Sandbox) Upgrade: A High Level Copy s to farm 2 Upgrade s 3 Server Farm Administrato 4 Site Collection Admins Create 2013 Production farm 1 Upgrade site collections to 2013 mode 5 Site collections remain in 2010 mode 4 2010 mode available 2010 workflow engine 2010 customizon models (Full Trust, Sandbox) 14 15 Upgrade to 2013 Build serve Deploy customizons Upgrade services Migrate to claims Upgrade content s Upgrade site collections Along the way Backup everything fit Minimize down Monitor progress Upgrade Path 2013 2010 2007 Upgrade: A High Level B2B (Build - to - Build) 2013 2013 CU V2V (Veion - to - Veion) 2010 2013 In-place upgrade attach upgrade attach upgrade Upgrade: A High Level B2B (Build - to - Build) 2013 2013 CU V2V (Veion - to - Veion) 2010 2013 In-place upgrade attach upgrade attach upgrade Upgrade Upgrade the way you upgrade! Office 365 or On - Prem ? Office 365 On - Prem Which Cloud? Private Cloud SaaS \\\Projects\\Cloud Power \Design\_\Cloud. C:\\v-junyo\Dropbox\ZumTeam\Team_Resources\Design inspirons\Metro_Style_\app_64. Hosted IaaS \\\Projects\\Cloud Power \Design\_\Cloud. Managed IaaS \\\Projects\\Cloud Power \Design\_\Cloud. Workloads and Clouds Private Cloud (“On Prem ”) SaaS (Office 365) Collaboron Extranet Scenarios Social r - driven solutions IaaS ( Windows Azure VMs ) Public - facing websites Small farms for remote or projects Dev environments Disaster recovery Custom or third - party appl (full - trust ) \\\Projects\\Cloud Power \Design\_\Cloud. \\\Projects\\Cloud Power \Design\_\Cloud. C:\\v-junyo\Dropbox\ZumTeam\Team_Resources\Design inspirons\Metro_Style_\app_64. When should I move to the cloud? Move Forward Don’t Move Up VALUE RISK Upgrade Path Private Cloud SaaS \\\Projects\\Cloud Power \Design\_\Cloud. C:\\v-junyo\Dropbox\ZumTeam\Team_Resources\Design inspirons\Metro_Style_\app_64. Hosted IaaS \\\Projects\\Cloud Power \Design\_\Cloud. Journey to the Cloud Journey is inevitable Workload - determinon of platform wants you in the (their) cloud Aggressive pricing But there are (many) alternves Tools and guidance are incomplete Address challenges of hybrid service architecture early on Architect on - premise implementons to reflect Office 365 Build customizons for cloud, whenever possible So what I end up with is… \\\Projects\\Cloud Power \Design\_\Cloud. \\\Projects\\Cloud Power \Design\_\Cloud. C:\\v-junyo\Dropbox\ZumTeam\Team_Resources\Design inspirons\Metro_Style_\app_64. 2013 2010 Foundon Server Saas IaaS Private Service Solution Applicon Remember… Business Matte IT Doesn’t Matter Business Matte IT Matte VALUE RISK Upgrade Upgrade IT MAHALO! (thank you!) http://tiny.cc/danholmespc14 http://itunity.com http://bit.ly/danholmearticles http://bit.ly/danholmebooks A HUI HO! (‘til next !) dan.holme@itunity.com @ danholme MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. 2013 hybrid end - to - end Sam Hassani Principal Consultant BrightStarr SPC339 Introductions… Who am I? Principal Consultant at BrightStarr Certified Master: 2010 Certified Solutions Master: 2013 Beta Engineer Contact details Twitter : @ samhassa Email : sam.hassani@brightstarr.com Web : www.brightstarr.com Web: www.samhassani.com Yammer: Operons and Management Group Certified Master - 2010 Certified Solutions Master - Hybrid at SPC Hybrid end-to-end: SPC339 –Monday 2pm Office 365 identity federon Windows Azure and Windows Azure Active Directory: SPC411 – sday 9am Configuring Hybrid Search with 2013 and Online: SPC320 –sday 1:45pm Configuring Hybrid Business Connectivity Services with 2013: SPC319 –sday 5pm Best practices for Hybrid Search deployments: SPC306 –sday 5pm Federng appl with Office 365 Windows Azure Active Directory:SPC421 – Wednesday 1:45pm Server 2013 and Office 365Hybrid: Post Conference Event –Thuday 1-5pm Agenda Why Hybrid? Configuring Hybrid Identity Management Choosing a Hybrid Topology Configuron Hybrid Challenges Resources Questions Why Hybrid? Benefit from the latest and greatest Focus on the core business and easily scale up and down Online is attractive More easily collaborate with external partne Online has limitons Existing investments with lots of a and customizons But my business runs on premises Protect sensitive a “Leverage the strengths of both parts while minimizing the components’ weaknesses” A Hybrid Deployment += HybridOnlineAzure IaaS/ On- premises Get started in the cloud Migrate existing workloads in a phased approach Supplement cloud environments Rapid provisioning of workloads Con Hybrid Scenarios Hybrid Options Search Get Search in On - Premises or in Online from the On - Premises or Online search indexes Business Connectivity Services (BCS) Enable a Online site collection to work with a in an on - premises Oa service Duet Enterprise Online Enable Online to perform both read and write operons against an on - premises SAP system . Identity Management Provide a single identity and single sign on experience from the Cloud from On Premises Identity Management CloudIdentity Single identity in the cloud Windows Azure Active Directory On - Premises Identity Diync & Password Sync Directory Synchronizon Single identity Windows Azure Active Directory Federated Identity (SSO) On - Premises Identity Federon Single federated identity Windows Azure Active Directory Directory Sync Configuring Hybrid Directory synchronizon Synchronizon of objects for on - premises AD to Azure AD Limited to 50,000 objects, can be increased by engaging Synchronizon occu every 3 hou by default, can be initiated manually Can filter on OU, Domain or r Attribute This is a requirement for Hybrid scenarios including Search When a r issues a query from On - premises to SP Online, SP Online rehydrates the r’s identity The rehydron process looks up attributes in the SP Online profile store If no or multiple profiles exist the query will fail rather than security trimmed being returned Add on - premises domain to Office 365 Determine and register public domain name Add domain in Office 365 Provide name Create verificon record with DNS hosting provider Verify domain name ownehip Activate Directory Synchronizon Activate Active Directory Synchronizon for your Office 365 Tenant Configure Directory Synchronizon Download and install Diync tool on a member server in on - premises environment Configure Directory Synchronizon Run Diync tool on server where installed Configure SSO Prepare Active Directory Windows Server 2003 R2 functional level at a minimum UPNs are correctly (if public domain diffe to corporate domain name) Deploy ADFS 2.0 Install Online Services Sign in Assistant and Windows Azure AD Powehell Modules up a trust between ADFS and Windows Azure AD Connect-MSOLService -MSOLADFSContext Convert-MsolDomainToFederated–DomainName Demo Environment Office 365Windows Azure VMsDomain ControlleP 2013SQL 2012https://intranet.hassanionprem.comhttps://my.hassanionprem.comADFSDiyncMSOL toolshttps://brightstarrdevelopment..comhttps://brightstarrdevelopment-my..comhassanionprem.combrightstarrdevelopment.on.com Demo Diync and SSO with Office 365 One - way outbound topology A CENTERINTERNETINTRANET Online CANNOT QUERY Server 2013 Online Site collectionSearch portal: Local search ONLYSearch: One-way outboundBCS: Not supportedDuet: Not supported Server 2013 CAN QUERY OnlinePrimary web applearch portal: Local + Remote search OutboundInboundOffice 365 Tenant Server 2013LocalLocal/Remote One - way inbound topology A CENTERINTERNETINTRANET Online CAN QUERY Server 2013 Online Site collectionSearch portal: Local search ONLYSearch: One-way inboundBCS: SupportedDuet: Supported Server 2013 CANNOT QUERY OnlinePrimary web appliconOffice 365 Tenant Server 2013PERIMETER NETWORKRevee proxyOutboundInboundLocalSearch portal: Local + Remote search Local/Remote Two - way bi - directional topology A CENTERINTERNETINTRANET Online CAN QUERY Server 2013 Online Site collectionSearch: BidirectionalBCS: SupportedDuet: Supported Server 2013 CAN QUERY OnlinePrimary web appliconOffice 365 Tenant Server 2013PERIMETER NETWORKRevee proxyOutboundInboundSearch portal: Local + Remote search Local/RemoteSearch portal: Local + Remote search Local/Remote Revee Proxy Device options Only required for ‘Inbound’ Hybrid topology e.g. issuing queries from a Search Center in Online attempting to retrieve search from an on - premises farm Revee Proxy Device Requirements Support client certificate authenticon with a wildcard of SAN SSL certificate Support pass - through authenticon for OAuth 2.0 Accept unsolicited inbound traffic on TCP port 443 (HTTPS) Bind a wildcard or SAN SSL certificate to a published endpoint Relay traffic to an on - premises 2013 farm without rewriting any packet heade Supported Revee Proxy Devices Forefront Threat management Gateway (TMG) 2010 Windows Server 2012 R2 with Web Applicon Proxy (WAP) F5 BIG - IP Configure Environment Ensure services are started and configured r Profile Service App Management Service Subscription tings Service Establish a trust relonship between on - premises farm and Online (S2S authenticon) Create a STS certificate, replace in on-premises farm and upload to Online Register the on-premises STS as a service principal in Office 365 Establish a trust between on-premises farm and Windows Azure AD Publish web appl through revee - proxy device Configure server-to-server (S2S) authenticon $ cer.Import ("C: \ SelfSignedSTS.cer") $ binCert = $ cer.GetRawCerta () $ credValue = [ System.Convert ]::ToBase64String($ binCert ); - MsolServicePrincipalCredential - AppPrincipalId $ spoappid - Type asymmetric - Usage Verify - Value $ credValue - Starte $ cer.GetEffectiveeString () - Ende $ cer.GetExpironeString () $ = Get - MsolServicePrincipal - AppPrincipalId $ spoappid $ spns = $ .ServicePrincipalNames $ spns.Add ("$ spoappid /*.hassanionprem.com") - MsolServicePrincipal - AppPrincipalId $ spoappid - ServicePrincipalNames $ spns $site=Get - Spsite "https://intranet.hassanionprem.com" $ appPrincipal = Register - SPAppPrincipal - site $ site.rootweb - nameIdentifier "00000003 - 0000 - 0ff1 - ce00 - 000000000000@bce49a51 - dea4 - 44c3 - 8da0 - 0af70dbd186a" - displayName " Online" - SPAuthenticonRealm - realm bce49a51 - dea4 - 44c3 - 8da0 - 0af70dbd186a - SPAzureAccessControlServiceAppliconProxy - Name "ACS" - MetaaServiceEndpointUri "https://accounts.accesscontrol.windows.net/bce49a51 - dea4 - 44c3 - 8da0 - 0af70dbd186a/metaa/ json /1" - DefaultProxyGroup - SPTrustedSecurityTokenIssuer - MetaaEndpoint "https://accounts.accesscontrol.windows.net/bce49a51 - dea4 - 44c3 - 8da0 - 0af70dbd186a/metaa/ json /1" - IsTrustBroker - Name "ACS" Configure For Hybrid Search Configure result source In this case as a remote index URL of remote locon Secure Store (for client certificate authenticon)* Configure Query rule to show remote Choose context of Query rule Can add a condition or fire on any query text Determine search vertical e.g. block, promoted result Ensure block points to a specific source (remote index) Demo Search Hybrid r Experience and Configuron Hybrid Challenges Handling the Social experience Applicon Lifecycle Management r Experience and Transitions Business Continuity Management and Operons Hybrid Challenges Handling the Social Experience work in sites in both On - premises and Online E.g. Intranet On - premises, and Project/Collaboron sites Online Which social experience should be presented with? Editing Profile? sfeed? OneDrive for Business? Demo Consistent Social Experience in a Hybrid Environment Handling the Social Experience work in sites in both On - premises and Online E.g. Intranet On - premises, and Project/Collaboron sites Online Which social experience should be presented with? Editing Profile? sfeed? SkyDrive Pro? What about the rest of the social experience? @mentions, tags, notes, following, centing capability are stored in social/content s No way Out of the box to replicate this informon Applicon Lifecycle Management Rapid, incremental upes to online Testing is important Invest in test and development automon Automated nightly builds Automon involves site and content recreon, solution deployment, managed property creon, etc . Only one test tenant per AD?? You can multiple diync serve syncing to each unique tenant You cannot sync the same objects into different tenants – diync filtering BCM and Operons Operons don’t stop beca services are in the cloud How do you integrate Online operons and support with your own? IT Operons to consider: Monitoring and Alerting Support Desks Backup and Restore Service Level Agreements r Experience and Transitions Final Thoughts Hybrid allows you to move to the cloud on your own terms Hybrid is not the answer to every business requirement Undetand the strengths and weakness of Hybrid Plan a phased transition of appropriate workloads to the cloud Resources Hybrid for Server 2013: http://technet..com/en-us/library/jj838715.aspx Windows Azure AD Powehell http://technet..com/en - us/library/jj151815.aspx Office 365 Cunities and Wikis http://cunity.office365.com/en-us/default.aspx Your Cunity MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. A behind the scenes look at: Office 365 for IT Pros Alistair Spei Senior Operons PM Jeff Medford Senior Product Manager Let’s all move to the Cloud! Online Gaming Social Storage Security Music Video e - mail We are all cloud consume… Enterprise-grade cloud services C:\\chrisw\Desktop\Cloud Services 3. Dynamic workplace Making sense of it all Merging home & work Natural ion Responsible organizon Office 365 is more than a cloud service Comprehensive tools To do your best work Latest productivity services in ’s public cloud + the latest apps IT Professionals should not treat the “cloud” as a mysterious black box. Office 365 physical infrastructure ’s Global Infrastructure 10 – 100 acente (DCs) worldwide Multiple Content Delivery Network (CDN) “edge nodes” around the world acenter network conn Locons illustrve only! Scalability: Connecting acente to Last mile and P2P Last mile provide deliver to consume P2P technology improves last mile delivery Core: a cente Global Fiber backbone that connects a Cente Edge Nodes Connect a Cente to Internet Exchange Points Metro solutions Connecting business custome to last mile provide Locons illustrve only! acenter components IT Load CRAC Chiller Condenser Cooling towe Water supply UPS Generato Transformer Generato Power supply Example: Efficiency Example: Efficiency Example: Efficiency Example: Efficiency C:\\v-ahhamd\Desktop\Site Pics\DSC_5871.JPG Example: Efficiency •Shared Mechanical & Electrical •Shared global fiber network & peering •Separate internal network •Separate hardware and storage •Separate encryption procedures •Separate compliance policies •Separate access control Office 365 infrastructure operates as separate acente within acente Office 365 logical architecture Streamlined Management Services Shared Platform Services Organizonal Productivity services Enginee on Call Service Operons Consolied Reporting Provisioning and upe automon Identity management and access control System Monitoring Cerce Platform r Productivity appl Office Yammer Lync Exchange Project & Visio Office Mobile Office 365 is a of cohesive services Auditing & Compliance policies Office Online \\\Projects\\Cloud Power \Design\_\Service_Lifecycle_Management. www Office 365 services are loosely coupled Separon of function with distributed functional components Loose coupling further limits the scope and impact of most failures Service component isolon to avoid failure cascades Replicon of directory a ensures a seamless experience. SPO EXO Online ID Office 365 Portal Office 365 Provisioning Lync C:\\shawnm\Desktop\Geek. Example: Reliability Streamlined Management Services Shared Platform Services Organizonal Productivity services Enginee on Call Service Operons Consolied Reporting Provisioning and upe automon Identity management and access control System Monitoring Cerce Platform r Productivity appl Office Yammer Lync Exchange Project & Visio Office Mobile … in the interests of Auditing & Compliance policies Office Online \\\Projects\\Cloud Power \Design\_\Service_Lifecycle_Management. www Streamlined Management Services Shared Platform Services Organizonal Productivity services Enginee on Call Service Operons Consolied Reporting Provisioning and upe automon Identity management and access control System Monitoring Cerce Platform r Productivity appl Office Yammer Lync Exchange Project & Visio Office Mobile … in the interests of Auditing & Compliance policies Office Online \\\Projects\\Cloud Power \Design\_\Service_Lifecycle_Management. www Online .Web front end with query component .Applicon serve with: •Central Administron •Search administron component •Applicon services .SQL Server with: •Central Administron configuron and content s •Content s •Search administron •Crawl •Property Architecture AD Sync Prov. SCOM ULS SPDiag WER DNS SMTP Admin Backup architecture at cloud scale Content: WFE App Server Crawl WFE CA r Jobs Sandbox Federated Services: Fed App Fed Query Fed CA Fed Idx SQL: SQL SQL SQL SQL AD AD Directory: Stamp 1: Content: Federated Services: SQL: WFE App Server Crawl WFE CA r Jobs Sandbox Fed App Fed Query Fed CA Fed Idx SQL SQL SQL SQL AD AD Directory: Stamp 2..N: Network 1..N: NLB NLB acenter 1..N: Content: Federated Services: SQL: WFE App Server Crawl WFE CA r Jobs Sandbox Fed App Fed Query Fed CA Fed Idx SQL SQL SQL SQL AD AD Directory: Stamp 1: Content: Federated Services: SQL: WFE App Server Crawl WFE CA r Jobs Sandbox Fed App Fed Query Fed CA Fed Idx SQL SQL SQL SQL AD AD Directory: Stamp 2..N: Network 1..N: AD Sync Prov. SCOM ULS SPDiag WER DNS SMTP Admin Backup NLB NLB Disaster Recovery acenter 1..N: Grid Manager Global Directory Tenant Admin (UI) Cerce backend DNS (multiple) OrgIDAuth, Svc. Incident Management Azure (Windows/SQL) CDN Services Network 1 acenter 1 Example: Scalable Failure Scope none disk rack dc Copy Count 1 2 4 6 10+ a Center a Center Rack 2 Rack 1 Keeping Your a Safe Rack 3 RAID 10 synchronous mirroring asynchronous log shipping Asynchronous replicon scheduled backups point-in- restore recycle bin client side cache save Example: Reliability Exchange Online Exchange Server roles Theory E E M M Exchange 2013 SP1 Exchange 2010 SP3 Exchange 2007 SP3 RU10 C C M M C C M M C C Availability Group (DAG) Client Access Server Array Load Balancer Exchange Server Roles Reality E E M/C M/C Exchange 2013 SP1 Exchange 2010 SP3 Exchange 2007 SP3 RU10 M/C M/C M/C M/C Availability Group (DAG) Client Access Server Array Load Balancer Load Balancer MDB HTTP Proxy IIS Client Access RPC CA Mailbox IIS RPS OWA, EAS, EWS, ECP, OAB POP, IMAP SMTP UM POP IMAP Transport UM SMTP POP, IMAP HTTP MailQ Exchange Client Protocol Architecture RpcProxy SMTP C:\\scschnol\Desktop\Stencil s 7-26-12\SMTPConnector. SIP Redirect C:\\scschnol\Desktop\Stencil s 7-26-12\UM-Enabledr. SIP + RTP POP/IMAP C:\\scschnol\Desktop\Stencil s 7-26-12\rMailbox. Outlook Web App Outlook EAS EAC Powehell C:\\Kimberly\Documents\Coues\Logos\IE7_icon_rgb_2in. http://upload.wikimedia.org/wikipedia/en/thumb/7/7f/Windows_Powehell_icon./64px-Windows_Powehell_icon. http://upload.wikimedia.org/wikipedia/en/thumb/7/7f/Windows_Powehell_icon./64px-Windows_Powehell_icon. http://cdn.atechnica.net/wp-content/uploads/2012/07/outlook-2013-icon. C:\\scschnol\Desktop\Exchange 15 \ManagementConsole. C:\\scschnol\Desktop\Exchange 15 \Cellphone. Exchange Online North America 1 North America 2 Europe 1 ACENTER AUTOMON Exchange Online scalability Identity Management What it is: .the identity platform behind Office 365 & other Cloud Services .Able to integrate with enterprise identity platforms .Enabler of single sign - on for Office 365 and other apps What it isn’t: .Windows Azure Active Directory is not your AD Domain Controlle running in the Windows Azure .We do support AD running as a role on a VM in Windows Azure IaaS – but that is a separate discussion Windows Azure Active Directory One Cloud Directory for every organizon Cloud Identity Management Spreadsheet CSV Import Office Activon Service Office 365 Admin Portal Exchange Mailbox Access … Windows Azure Active Directory OAuth2 SAML-P WS-Federon Metaa Graph API Authenticon Authorizon On Premises Directory & Password Hash Syncronizon Active Directory Diync Windows Azure Active Directory OAuth2 SAML-P WS-Federon Metaa Graph API Office Activon Service Office 365 Admin Portal Exchange Mailbox Access … Authenticon Authorizon On Premises Identity Federon Active Directory Diync Windows Azure Active Directory OAuth2 SAML-P WS-Federon Metaa Graph API Active Directory Federon Services One way trust Office Activon Service Office 365 Admin Portal Exchange Mailbox Access … Authenticon Authorizon Office clients Office 365 Professional Plus Deployment Work PC Software Distribution Deploy Patch Office Content Delivery Network http://officecdn..com Office 365 r Portal https://c2rup.officeapps.live.com https://portal.online.com Peonal Devices Office 365 r Management Office 365 Professional Plus Activon Work PC Office Activon Service http://ols.officeapps.live.com Peonal Devices Service Operons Controlled: RBAC for Office 365 Operons Office 365 acenter Network C:\\sakuu\Documents\Ballmer WPC\AI\work. Corporate Network Lock Box: Role Access Control Grants least privilege required to complete task. Verify eligibility by checking if 1.Background Check Completed 2.Fingerprinting Completed 3.Security Training Completed O365 Admin Requests Access Grants temporary Privilege Logged as Service Request 1.Auditable 2.Available as self-service reports Product Team Operons Traditional IT •Highly skilled, domain specific IT (not true Tier 1) •Success depends on stc, predictable systems Service IT •Tiered IT •Progressive escalons (tier-to-tier) •“80/15/5” goal Direct Support Direct Support •Tier 1 d for routing/escalon only •10-12 engineering teams provide direct support of service 24x7 Engineered Operons •Direct escalons •Operons applied to specific problem spaces (i.e., deployment) •Emphasize software and automon over human processes Tier 2 Operons Tier 1 Operons Service Product Team Tier 1 Operons Service Service Software Aided Processes Product Team Operons Support Other Product Team Service Office 365 operons model evolution CONFIDENTIAL – INTERNAL ONLY Majority of changes done through code (deployment) Prevents “configuron drift” problems Allows great veioning of previous and state Any non-code change goes through multiple series of res Peer as well as Manager Usually implemented via automon + operons Implemente have experience and “veto” power Changes are additionally planned/reed well before implementon Scheduled a week or more ahead in advance Forces change requestor and implementer to get it right Required to verify in pre - production environment before getting to production Any break-fix in Live Site falls under Incident Protocol Under supervision of a Senior Manager Has attention of on - call team in case of any issues Change Management inside Office 365 CONFIDENTIAL – INTERNAL ONLY Production is sacred! .We don’t put things in production until they have passed many stages and slices .If any single change fails at a stage .The entire build is abandoned – the whole package be safe before going further .Engineering system continuously runs tests to ensure dependencies and complex scenarios are valied .The same pipeline is d for both server and service Production changes done safely, with incrementally larger slices .Test accounts internal , “friends and family” .Dedicated separate test environments to ensure production is safe Safely Deploying via “Slices” cid:image001.@01CD9805.DD1FF550 Getting Onboard What does Deployment on a cloud service mean? .Continued investment from .Drive Business Scenarios / Pilots .Best Practice Paths / Guidance is in place .Identity scenarios grow in complexity as ed .Choice and control Build from Pilot to Deployment, layer features and integrons Full Office 365 r Experience with minimal on-premises requirements to value vs. effort invested Identity options: cloud IDs, synchronized IDs and federated IDs John Benefits of Office 365 FastTrack Exchange, & Lync Online, Office ProPlus, WA Active Directory Experience Value Early Cloud Experience Real World Benefits Broad Production Full Feature Value Meet your s Deploy Enhance Pilot 1 2 3 Optional integron Extend in weeks Meet business s Customized to landscape Core onboarding Deploy in days Companywide cloud IT led migron Full Office 365 service Pilot in hou Peist to deployment r led migron Fit in hou, Onboarding in days Exchange, , Lync, Office 365 ProPlus, Yammer, and WA Active Directory Pilot complete Deploy Complete What Office 365 Service Exchange, , Lync, Office Web Apps, Office 365 ProPlus, Mobile How Service domain Cloud Identity Web Client Office client Self Service What All Pilot Features + Shared namespace, simple coexistence, external sites How Pilot + IT led migron * Customer domain Directory sync Password sync Admin migrons OnRamp What Deploy + Federon, Hybrid Delegon, and more How Deploy+ * Configure adv. features Federated Identity Exchange Hybrid Corporate app store Hybrid Lync Hybrid 3 rd party migron tools Adopt features Deploy Enhance Pilot 1 2 3 Guided Customer Facing Content http://fasttrack.office.com/ Step-by-step guidance for all custome deploying Office 365 Clear deployment methodology from Pilot to Deploy to Enhance Single message, single source for informon regarding Office 365 Deployment Deeper level tools and resources surfaced as part of the FastTrack steps. Get Started with FastTrack Go to http://aka.ms/fasttrackspc Enter the Promo Code “SPC2014” Start your Office 365 experience Provision scenarios to pilot membe Get direct feedback from our and improve scenarios on your s Utilize guided deployment plans and change management resources Learn more at the Virtual Academy http://aka.ms/officeMVA •free online coues (live and on-demand) •Guided lab walkthroughs • Press ebooks • certificon preparon Get Office 365 Certified! http://aka.ms/office365mcsa •Managing Office 365 Identities and requirements •Enabling Office 365 Services MSC13_Illus_Cloud_003_rgb © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Advanced Performance Analysis for Ryan Campbell Senior Consultant, SPC303 Objectives Introducing Contoso Effective Performance Analysis End r Oriented The Performance Pyramid The Traditional Tools Contoso’s Performance Pyramid Strategy Contoso: a Loading and Aggregng Contoso: a Analysis Contoso Effective Performance Analysis want less than 3 seconds will permit up to 5 seconds Measure the end r experience Effective Performance Analysis Speed is a con complaint ’ Reference Performance Pyramid ServerPerformance Traffic Configuron LAN & WAN r Video Bulk Visualizon of End r Experience The Traditional Tools Performance Monitor Server Performance Traffic Configuron LAN & WAN r Load Testing Server Performance Traffic Configuron LAN & WAN r Browser Server Performance Traffic Configuron LAN & WAN r Network Sniffe Server Performance Traffic Configuron LAN & WAN r The Gaps Server Performance Traffic Configuron LAN & WAN r .r .No Bulk Analysis. No Veion Comparison .LAN & WAN .No WAN analysis. No bulk LAN analysis .Traffic .No analysis .Configuron .No architecture checks .Server Performance .No thresholds identified. No direct r impact measured The forest for the trees Contoso’s Strategy Contoso’s Strategy Server Performance Traffic Configuron LAN & WAN r .r .rAgent (IIS) and IP to GPS .LAN & WAN .IIS taken + cs / sc bytes. TraceRt from WFE to Client .Traffic .IIS Rollup and XForwardedFor .Configuron .EnumWebs , SPSFarmReport , ULS .Server Performance .Performance Monitor (csv) 750k rows3GB of a 12 million rows 350GB of a 22 million rows 18GB of a IP to Address logic Reports 400GB of a Performance Monitor IIS Logs Trace Route .8,500 a points every 5 seconds .3,500 unique hops .36,000 .25,000 pages in 14,500 sites Contoso: a Loading and Aggregng .15” Laptop with 3740QM .32GB RAM .240GB SSD + 480GB SSD + 1.5TB USB3.0 HDD .Windows 8.1 Pro, Hyper - V + 4 Guest VMs .SQL 2012, SSAS 2012, Excel 2013, Power Map Pre, VS 2013 Hardware .Correlate on .IIS Logs .Network Map . .Performance Monitor and Cube ETL Challenges IIS Logs Performance Monitor Logs Aggregng Hits toform s Aggregng s to Sites (SPWeb) Speed Denormalizeda was too wide for SQL Server (12,162columns) Normalized a was 24.6 Billion rows (Hoorayfor Compression!) Speed Contoso: Analysis Enterprise Ststics Unique r Count Count Average Load Enterprise Ststics – Load Targets Unique r Count Count Average Load Enterprise Ststics - Anomalies Unique r Count Count Average Load Server Performance .RAM .Temp DB .Host Affinity Server Performance – Action Items .RAM .Double RAM on all Web Front Ends .Temp DB .Increase number of Temp DBs to 8 .Host Affinity .Spread VMs out to other hosts .MAXDOP . to 1 Configuron .Search Topology .SQL NetworkActivity .App PoolRecycle Configuron (2) .BLOB Cacheis too low .Page Cacheis too low Configuron – Action Items .Redo Search Topology .Double RAM on all Web Front Ends .BLOB .Increase 10 s (after adding RAM) .Applicon Pools .Disable automc recycling (after adding RAM) .SQL Network Traffic .Identify and postpone to after business hou (10pm) Traffic Unique r Count Count Average Load Traffic - Anomalies Unique r Count Count Average Load 5% 62% 10% 15% 8% Traffic – Anomalies / abc / gc /big / /abo/se /abo/ vHelpDesk Other Traffic – Action Items .Address RG1\137846 accessing /ABC/GC/BIG .Reduce or Eliminate .Identify source of slow load for other anomalies .Investigate excessive web parts, external a connections, scripts customizons LAN & WAN Traffic – Action Items .Increase capacity on slow links .Reroute traffic on slow links .Consider caching (hardware, BranchCache) and CDN to RG1 and RG3 – Action Items .No discernable differences .Reassess after remedion Action Item Summary .RAM, RAM, RAM .Disable RG1\137846 accessing /ABC/GB/BIG .Improve /abo/vhelpdesk .Investigate other slow pages .Upe BLOB Cache .Upe Search Topology and SQL Server .Solve slow links with more than 5% of .Consider CDNs .Reassess after remedion Summary MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Give all the storage they want without going broke Zach Rosenfield Senior Program Manager @ zrosenfield Meet Cost Drive Over MSIT Consumption How Does SPO Scale? Topics Tips for Running OneDrive for Business Storage Costs File Count And Size Cost Drive File Sync Overhead Growth Management OneDrive for Business costs beyond CAPEX and OPEX .’s own tenant -A year after launch… .92% of growth is from who the sync client .Know your organizon! .Will grow another 20TB in the next 90 days. File Counts & Size 60TB of files on disk 150k files per day 2 MB average file size 150k u se 40k s ync daily 3,974k 3,842k 3,231k 2,165k 886k 765k 713k 701k 516k 229k OneDriveFor Business: File Counts Excel Word PPT PDF XML Other OneNote TXT Email Visio What is Sync Traffic? OneDrive Sync + Office Document Cache Sync LIST.ASMX ITEMS TO SYNC OneDrive for Business Client Content DB CELLSTORAGE.SVC Content - Type: multipart/related < 3.5 MB Content - Type : multipart/related .Compute & Bandwidth Heavy .File Sync and background processing .50 cores for 40,000 syncing . All of will require nearly 200 cores .Avoid sharing with front ends d for r “experience” traffic Sync Overhead 50 - 50 100 150 200 250 300 350 400 k 50k 100k 150k 200k 250k 300k 350k 10k 50k 100k 200k 300k Cores Consumed Unique Sync-Enabled Cores backups .No down comes at a large cost! .The more machines, the more overhead .OPEX is real! .Security .Monitoring .Overhead & Design .DB Integrity .Physical Machine Failures .Patching Storage Costs raid raid raid raid secondary acenter T - logs T - logs mirror mirror backups operons are hard .Single tenant instances can spike unexpectedly .Growth rates require constant “DB Splits” .Constant rebalancing across machines .Read - only window required for . - level growth projections are unreliable – just - in - maintenance Onboarding Strategies .Avoid Pre - provisioning. Impossible to balance correctly upfront and empty sites consume resources .The search index grows rapidly with the number of sites and files (over 25 indexed items per site by default!) Manage Growth and Onboarding 01/11/2013 01/12/2013 01/01/2014 01/02/2014 01/03/2014 01/04/2014 01/05/2014 TBs of content Team site growth OneDrive growth 15,342 Dec-13 Feb-14 Active r Growth –Tenant X 37,868 Dec-13 Feb-14 Active r Growth –Tenant Y How Does Online Work Then? http://1.bp.blogspot.com/_4dl3f3Qmyso/TEUztwI-BVI/AAAAAAAAAZc/gD9TyrQFTY4/s400/queue+barrier+sign.jpg .SP2013 average creon per site: 30s .Assume serialized site creon per C ontent DB .Average 2,880 sites per day per Content DB .Per Content DB , that’s 120/ hr and ~1000 per day during work hou .Beware of averages! .30 /hour != 300 at 9am .Shared resources .Other SQL actions like migrng files .Other types of site creons for the same Content DB or server . Online Queues .Normally under a minute, but can get long during s of high activity Onboarding Queues .Enabling SPFeaturesis the “long pole” of creng a site .Rolling into Online now: Fast Site Provisioning .“Site Master” per language, template, and .Copied directly in SQL to site .Not all features support this yet .Upcoming improvements . release improves speeds by 30% .In testing — an additional 75% improvement Fast Site Provisioning add row icon for Windows 8/Metro - add row icon for Windows 8/Metro - add row icon for Windows 8/Metro - add row icon for Windows 8/Metro - add row icon for Windows 8/Metro - add row icon for Windows 8/Metro - add row icon for Windows 8/Metro - add row icon for Windows 8/Metro - s econds fast site provisioning: phase 1 2013 provisioning Latency distribution Predictive Capacity .Storage on disk as indicator of growth .Only model one thing (maintain a consistent ro of compute) .Proactive Growth Modeling .Storage capacity: Project exponential growth at observed rate -- adjust rate monthly. .@Scale – Apply storage as ed .Lead dictated by hardware onboarding speed Actual Limit Observed Growth Goal State Aggressive Projection Standard Projection processor icon for Windows 8/Metro - hdd icon for Windows 8/Metro - electricity icon for Windows 8/Metro - stack icon for Windows 8/Metro - cloud icon for Windows 8/Metro - boundless cloud storage platform http://hammadrajjoub.net/wp-content/uploads/2013/04/windowsazure_logo. icon for Windows 8/Metro - icon for Windows 8/Metro - icon for Windows 8/Metro - icon for Windows 8/Metro - frame icon for Windows 8/Metro - icon for Windows 8/Metro - icon for iPhone/iOS 7 - icon for Windows 8/Metro - frame icon for Windows 8/Metro - pdf icon for iPhone/iOS 7 - metaa pdf icon for iPhone/iOS 7 - excel icon for iPhone/iOS 7 - excel icon for iPhone/iOS 7 - excel icon for iPhone/iOS 7 - word icon for iPhone/iOS 7 - word icon for iPhone/iOS 7 - pdf icon for iPhone/iOS 7 - publisher icon for iPhone/iOS 7 - 1Tb Site Collections & OneDrive! Total Storage 8 Unlimited storage. Unparalleled Security. Fort Knox Introducing… You to know your a is securely protected You want infinite storage that expands to meet your growing s RBS vs Fort Knox Content DB cloud icon for Windows 8/Metro - http://hammadrajjoub.net/wp-content/uploads/2013/04/windowsazure_logo. File Read Scenario Request file get locon request file request file request file request file 2013 RBS Fort Knox • RBS does garbage collection & orphan cleanup SQL Tables & Indexes • RBS does full blob enumeron to find orphans • RBS does not allow for fine - grained permission • RBS s windows r jobs (harder to scale/coordinate) • RBS pools are an un - necessary management layer for SPO • Fort Knox only has the permissions it requires • Fort Knox can write and read directly into the blob store • Fort Knox lowe the impact on SQL IO — leaving it for metaa • Fort Knox s storage account pools without intermediate abstraction Blob C Blob B Blob A Veion 1A,B,C Uploaded InitialShred Blob G Blob D Blob E Blob F Blob B Blob A Veion 2D,E,F,G Uploaded Blob CUpe Blob G Blob D Blob H Blob F Blob B Blob A Veion 3H Uploaded Blob EUpe A Blob’s Life Unsaved Doc How do Blobs shred in ? Fort Knox: Advanced Encrypted Store A B C D E Key Store A B C D Content DB A B C D E crypto Windows Azure Storage a=2 b=3 erasure coding standard replicon a=2 b=3 a=2 b=3 a+b =5 • Append only distributed file system (immutable store) • Local and geo r eplicon • Erasure coding (from 3 local copies to 1.33*) • Can handle as many as 4 local failures – better than traditional replicon http://hammadrajjoub.net/wp-content/uploads/2013/04/windowsazure_logo. close icon for iPhone/iOS 7 - close icon for iPhone/iOS 7 - *Reaches 1.33 through Reed - Solomon 12 fragments + 2 local par + 2 global par a=2 Azure: 12+4 Managing SQL Growth Backup & Restore Log Shipping sitemap upe sitemap upe catch up clean up clean up .No windows for maintenance .Eliminate shrinks and defrags .Seamless rebalance with move .But, split r equires RO Introducing DB Mitosis . technology to enable very fast growth management .“Splits” a into two parts within seconds flag deletions flag deletions Healthy SQL SPO - Aware Monitoring Availability High I/O Full Disk Blocking Host & Mirror Auto - Heal SQL Aware Patching Patchable Normal Run HA Patching failove Split Aware Keep Books In Sync Auto - Manage Hosts -100% -80% -60% -40% -20% 0% % Reduction in Missed Minutes (Fit 6 Months) On Prem Impact SQL Storage Layout (Blobs inline) Locon Array Logical drive RAID Size (GB) d For Chassis 2x 900GB C 0 500 system D 0 1,176 system logs 6x 900 GB E 0 5,000 content & temp logs MSA 24x 900GB H 1+0 9,500 content a O 1+0 505 temp a • Hard Drive: 900GB 10k RPM SAS (2.5”) Drive http://windowsitpro.com/site-files/windowsitpro.com/files/imagecache/large_img/uploads/2014/01/onedrivebusiness.jpg hdd icon for Windows 8/Metro - 9 00GB @ 10k RPM HDD 24 disk (a) + 8 disk (logs, os , etc ) 9.5 Usable TB (RAID 10) $10,176 Per Server (Disk Only) 40k (>500 serve @ 2x HA) $8.24/r 25GB - Just for Disk ! $5/r 25 GB each 99.9% Availability nas icon for iPhone/iOS 7 - doc icon for iPhone/iOS 7 - price tag icon for Windows 8/Metro - group icon for Windows 8/Metro - OneDrive For Business Expand your footprint today g o fast unified search s ave money .Know your business .Availability Requirements? .Scale? .Usage patterns? .When to Remote Blob Storage (RBS)? .Lots of large files that are mostly “write - once, read rarely” .If SQL Storage costs are higher than the cumulve hardware+ops cost of running the additional RBS system .Make sure the disaster recovery story meets your s! Lots of RBS Provide out there… Staying On - Prem? Cloud-Lrg. CloudStorageService-Grp-4. CloudStorageService-Grp-4. Stoimple-Appliance. Server-Grp-2. Server-Grp-2. Stoimple solution for CloudStorageService-Grp-2. CloudStorageService-Single-2. Cloud-Lrg. CloudStorageService-Grp-4. CloudStorageService-Grp-4. Inactive a + Backup Copies in Cloud Stoimple-Appliance. Speed of SSD + Elasticity of Cloud Server-Grp-2. Server-Grp-2. SAS Local Tier Most Active a on SSD On-premises acenter Hybrid cloud storage for •Stoimple solution+ Windows Azure Addresses core challenges •iSCSI storage integrates transparently •Local performance + cloud elasticity = good experience, lower cost, seamless scalability •Enterprise-grade security for cloud •Automated snapshots + rapid DR = better a protection, less mgmt Cloud storage Stoimple In Summary Realize the true cost of large scale storage Know your organizon Prepare for Growth Management http://windowsitpro.com/site-files/windowsitpro.com/files/imagecache/large_img/uploads/2014/01/onedrivebusiness.jpg brain icon for Windows 8/Metro - Find the solution that fits your s medal2 icon for Windows 8/Metro - MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m Thank You! Questions? @ zrosenfield courtesy .com .Erasure Coding References .https://www.nix.org/conference/atc12/technical-s/presenton/huang .http://blogs.msdn.com/b/windowsazure/archive/2012/06/13/nix-best-paper-award-erasure-coding-in-windows-azure- storage.aspx References © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. : Our Enterprise Social Journey Chris Slemp and Ethan Gur - esh IT & Engineering SPC280 C:\\Annette.DUARTE\Downloads\180041971.jpg The world has become a giant network. #worklikeanetwork C:\\Annette.DUARTE\Desktop\Yammer\Office_cubicles_v2.jpg Yet, we continue to work like we always have. #worklikeanetwork Work like a network. #worklikeanetwork C:\\Jonathan.DUARTE\Desktop\circles. C:\\Jonathan.DUARTE\Desktop\peon2. C:\\Jonathan.DUARTE\Desktop\peon1. C:\\Jonathan.DUARTE\Desktop\peon3. C:\\Jonathan.DUARTE\Desktop\peon4. C:\\Jonathan.DUARTE\Desktop\4. Listen to conveons that matter Adapt and make smarter decisions Grow your business Seamless social experiences across familiar appl, all delivered on an enterprise-grade platform C:\\Jonathan.DUARTE\Desktop\5. C:\\Jonathan.DUARTE\Desktop\6. C:\\Jonathan.DUARTE\Desktop\3. C:\\Jonathan.DUARTE\Desktop\1. Yammer_Spittle_White. C:\\Jonathan.DUARTE\Desktop\2. Becoming a Responsive Organizon Hierarchies to Networks Control to Empowerment Rewards to Motivon Customer to Cunity The Story http://www.shorpy.com/files/images/08798u_1_0.jpg “But if my stakeholde and my enginee can find and collaborate directly with each other, what is my value?” (Dis)Incentives “Internal social media scares me beca I’m not confident who’s seeing what I post. People have been fired over stuff like this…” The comic is a of 6 organizonal charts, edges with arrows show who reports to whom. Amazon's is very traditional, each manager has exactly 2 people below her. Google's is colorful (nodes are colored red, green, yellow, blue) and is extremely messy. Edges are overlapping all over the place, it's unclear who reports to whom. Facebook looks like a social network with bidirectional arrows and a distributed structure. 's is divided in three sub-structures that are pointing guns at each other. Apple's is a circle with a large red dot in the center, and everyone around it reports to that red dot -- the arrow heads are particularly large and even the people two levels away from the center red dot also have arrows point at them coming directly from the red dot. Oracle's is divided into two sections, the fit section is labelled 'Legal' and is huge, the second section is labelled 'Engineering' and is tiny. http://www.bonkeworld.net/organizonal-charts/ The comic is a of 6 organizonal charts, edges with arrows show who reports to whom. Amazon's is very traditional, each manager has exactly 2 people below her. Google's is colorful (nodes are colored red, green, yellow, blue) and is extremely messy. Edges are overlapping all over the place, it's unclear who reports to whom. Facebook looks like a social network with bidirectional arrows and a distributed structure. 's is divided in three sub-structures that are pointing guns at each other. Apple's is a circle with a large red dot in the center, and everyone around it reports to that red dot -- the arrow heads are particularly large and even the people two levels away from the center red dot also have arrows point at them coming directly from the red dot. Oracle's is divided into two sections, the fit section is labelled 'Legal' and is huge, the second section is labelled 'Engineering' and is tiny. Email addiction 1. I admit that I am powerless over email, that my life has become unmanageable. 2. I have come to believe that a Power greater than myself can restore me to sanity. http://www.zoominmail.com/wp-content/uploads/2012/07/outlook-rules-productivity. http://www.rbbdigitalpark.com/wp-content/uploads/2012/06/wrongemail. http://farm9.stcflickr.com/8481/8227882239_2fdbcdaa24_b.jpg Acquisition meant launch without any prep No prepared group framework No exec engagement No internal business goals No management resources Disagreement on external network plan Success Kid Moved quickly with Legal Turned on Single - Sign On Turned off External Network self - provisioning Brought in the Yammer Customer Success team Early Focus on Champions Aligned with Company Meeting months… SG YamJam SCD YamJam CEE D&S YamJAm SAP Jam TweetJam MidWestDistrict All Hands IT Townhall UK YamJam UK EPG YamJam UK Web YamJam Flexible Benefits YamJam YamJamDevices AWS YamJam GBB TeamweekYamJam Navy YamJam OEM YamJam Retail YamJam Apple YamJam Google Apps YamJam going well & Why 18,000 Daily engaged 25% Execs posted in Jan 25% Drop in email lists 2 Global Cunity Manage 150 Trained Yammer Champions Social Enablement Board Online and in - peon coaching Naming conventions Policy re Policy enforcement Network configuron “Vendor” management Best practice sharing Event management Strategic, exec engagements Legal, HR, Cs , Sales, Engineering… Passionate early adopte (global) 30 Days of Yammer 45% sustained increase CEO and HR events 27,432 engaged on Feb 4 Some of the YamJams in the last 6 months… France: a YamJam energizes the country A YamJam … Has a halo effect on other groups Corp s Portal Sharing an historic moment… Exec Blogs CIO blog IT - wide feed on home page Post - specific feed on each post Network Maturity and Business Value •Employee Connections •Culture Initives •Sharing Industry Articles & s •Replace Meetings •Team & Department FAQs •Employee Recognition •Any business-related function or task done more efficiently •Co-creng content •Sharing best practices & lessons learned http://jnjma.com/wp-content/uploads/2011/05/arrow.jpg Tales of an early adopter team Background: “Yammer North” team •Who: team of 45 •When: June 2013 •Why should you care? What worked for us could work for similar teams in your organizons… http://www.vapartne.ca/wp-content/uploads/2013/04/Attracting-Early-Adopte-Startups.jpeg •EXPERIMENT: Move all team - internal cs to Yammer •Hypothesis: We’ll be more effective publicly in Yammer vs. privately in e - mail • limit: 1 week Getting started: No - email week http://getstimulated.files.wordpress.com/2011/01/experiment.jpg 1 PUBLIC group for team Leade citted to: .Yammer posts: .Team Status Upes .“I brought in donuts…” .Liking posts they had seen/agree with Getting the ball rolling: Leadehip http://philmckinney.com/wp/wp-content/uploads/2005/05/iStock_000015752010Medium.jpg Getting the ball rolling: Project teams •Project team leads made PUBLIC groups for their projects. •d by project team to discuss day - to - day issues . •Team leads also posted project status to the team - wide group. Forming Good Habits Through Shame •Yammer North Shame : Place you could shame othe for e - mail during the week. •People started self - shaming… Positive Observons : Project Teams •My boss’ boss liked my post! •Questions get answered so much faster • people get up to speed so easily http://abhisays.com/wp-content/uploads/2010/10/facebook_like_buton. Positive Observons : Team Leade •We feel more informed •Sharing decisions publicly (e.g. bug decisions) helps the team level - •People are more willing to ask questions http://abhisays.com/wp-content/uploads/2010/10/facebook_like_buton. Positive Observons: The rest of MSFT •Many more helpful strange than trolls! https://i.chzbgr.com/maxW500/2802855168/h352F9A23/ Negve Observons: The Team .Still e - mail for cunicng with other teams •2 inboxes: annoying but manageable . .Meetings : •Still scheduled in Outlook •Learning when to “move” a conveon from Yammer thread to a meeting. http://wtfhub.com/wp-content/uploads/2010/12/sad-panda.jpg Negve Observons: The Team .Long - form / rich - text content: •Notes are not a replacement for Docs •If you want tables or formatting, to get creve.. .Where should a document live? •Not bad for experienced •… but product gives you too many choices. .E - mail gestures we miss( ed ): •Subject line •“To” vs. “CC” vs. “BCC” http://ts4.mm.bing.net/th?id=HN.608010048810254826&pid=1.7 Negve Observons: The Rest of MSFT •Confusion about what can be posted in public •Educon ed on groups vs. home feed Experiment •No one on the team wanted to go back to e - mail •Champions on other teams started asking how we did it http://www.bhmpics.com/walls/success_kid-other.jpg Tips for successful adoption in your teams 1.You some influential champions 2.People advice for how to get started •It’s not actually “e - mail” vs. “Yammer” •Bad advice is better than no advice. 3.Have a plan to show some ‘quick wins’ 4.Plan positive & negve reinforcement http://media-cache-ec0.pinimg.com/736x/4c/92/04/4c92040fef4071367083248a2d4ccc7c.jpg How do we get to value? •Employee Connections •Culture Initives •Sharing Industry Articles & s •Replace Meetings •Team & Department FAQs •Employee Recognition •Any business-related function or task done more efficiently •Co-creng content •Sharing best practices & lessons learned http://jnjma.com/wp-content/uploads/2011/05/arrow.jpg Visionary , risk taking , Entrepreneurial Start - up “ We create experiences that surprise and delight.” Coaching, Consensus Driven High Emotional intelligence “We treat employees, custome and supplie with respect.” Hierarchical , great process , coordinon Efficiency and cost control “We deliver quality products, on and under budget.” Demanding , competitive Performance “ We want to be the market leade in our industry.” Who are we, really? Innovve Cunity Cand and Control Execution MoreSuitability to a social businessLess Mark Fidelman, Socialized! One Culture = Social Culture “Each employee be able to solve problems more quickly and with more real - a…” “We to cunicate in ways that… drive agility, action, ownehip and accountability.” “We empower employees closest to the customer to make decisions in service of the larger mission.” “The ability to coordinate effectively, within and among teams… [to] build better products faster…” “We want people who get up each morning excited to make better.” 2013 Re-Org Memo “Culturally, our core values don’t change, but how we them and act day to day evolve so we work together to win. The keys are the following…” Nimble Cunicve Decisive Collaborve Motivated What we now, given our culture Social = How We Work Remove seams between products Processes and tools are social by design Integron, integron, integron Executive participon Make the value of open collaboron undeniable Analytics tied to biz metrics Starting with only organic wasn’t ideal ?!? Integron http://www.powerframeworks.com/series/AV/025/av025_0401_v3.jpg http://www.powerframeworks.com/series/AV/025/av025_0401_v3.jpg Network Can Snap to a Framework Integron Stories… “ It’s given us the ability to put all eyes on the ball and quickly add more as ed. …It’s less status meetings and more strategy, customer . We’re more organized , respond faster …” Eric Kraus (Account Tech Strategist ) Integron … Plus a Filter by country and find top poste… Analytics OR… algorithm: (Replies + Likes) * ( Touched) … Plus a By author to see where they post… Analytics …Plus a See what topics are driving conveons Analytics Wrap up .Undetand your culture to change it .Don’t launch without sponsohip .But launch! Experiment! And learn .Champions to empower and scale .Integrate and expose business insights Come chat more at the Do - sponsored BoF - s 11am @ C:\\Jonathan.DUARTE\Desktop\circles. Listen to conveons that matter Adapt and make smarter decisions Grow your business #SPC14 Enterprise Social Related Content See you at the 2 Social booth & 3 Social tables at Asks the Experts WED @6:15! Room A responsive organizon stays ahead of the competition SPC104 Delphino4001 MON 2:00 Trek Bikes: pedaling past complex collaboron problems in the enterprise SPC386 Delphino4005 MON 2:00 's vision and roadmap for Enterprise Social SPC282 Delphino4005 MON 3:45 : Our Enterprise Social Journey SPC280 Lido 3001 MON 3:45 Nonwide: Building a World-Renowned Intranet with SP 2013 & Yammer SPC311 Murano3204 9:00 Real-world, best practices for making enterprise social successful SPC239 Delphino4005 9:00 Make your portal social in 1-2-3! SCP378 M,N 9:00 Over of Yammer app development SPC332 O, P 9:00 Yammer External Networks: Engaging Custome and Partne SPC248 Murano3204 10:45 Cargill: Real-world challenges and value in introducing enterprise social SPC295 Delphino4001 10:45 Integrng Yammer and .NET SPC380 O, P 1:45 Work like a network: The power of Enterprise Social SPC112 Marcello 4401 3:15 Best practices for breaking down organizonal barrie Yammer SPC264 Delphino4005 3:15 Over of configuring Yammer SSO & Directory Sync SPC368 Titian 2201 3:15 Successful team collaboron with Yammer & SPC247 Delphino4005 5:00 Driving enterprise social from the bottom up SPC266 Delphino4005 WED 9:00 Developing socially connected apps with Yammer, and OpenGraph SPC371 O, P WED 9:00 Giving voice to frontline worke via enterprise social SPC263 Delphino4005 WED 10:45 Yammer mining -dig in and "listen" to what your big *social* a is saying SPC3991 Murano3204 WED 1:45 How to become a Yammer Power r in 75 minutes SPC275 Delphino4005 WED 5:00 Knowledge Management with and Yammer SPC246 Delphino4005 THU 9:00 Measuring Business Value with Yammer SPC392 Delphino4005 THU 10:30 #WorkLikeANetwork Enterprise Social Resources Sites, Blogs & Twitter .Enterprise Social Customer Success-Yammer Success Center– EnterpriseSocial.com- The Responsive Org .Admin & IT-Develope-Yammer App Directory-Office Store-Yammer Ignite .Blogs: YammerOffice 365Twitter: @Yammer@Office365 Research/Whitepaper .Gartner: Magic Quadrant for Social Software in the Workplace- Evolution of the networked enterprise: McKinsey Global Survey - Yammer’s 2013 Business Value Survey - The Rise Of Enterprise Social Networks Press .How Red Robin Transformed Its Business With Yammer- How Teach for America gets the most out of Yammer on a shoestring budget- HK firm creates idea melting pot for 4,000 employees- LexisNexis found that employees who Yammer are way happier- Switching to Yammer let this company slash helpdesk calls and save $1.5 million a year- How got its own employees to Yammer Videos .Move Faster Together .Transform the Way You Work with Yammer #WorkLikeANetwork MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Expense Tool .Real - feedback on a service .Democrzed help .Business intelligence on service issues Social Service Management Analytics Integron Secure and Reliable at Massive Scale: Running Online Ben Canning Head Plumber SPC279 Explosive Growth… April June July August September October November December January Monthly Active 485%r Growth Since April Not Trials. Not Tire Kicke. Real, Paying Custome. 250,000+ r equests per second 5,700 tweets per second Lots of usage… 15,342 Dec-13 Feb-14 Active r Growth –Tenant X 37,868 Dec-13 Feb-14 Active r Growth –Tenant Y Lots of content… OneDrive for Business Team Sites PDF33% Word31% Excel19% PowerPoint4% Email4% Other9% 500% YoY Growth 400+ Petabytes >400,000 Cores +15,000 per Month Lots of machines… 46,000 SQL s Unbreakable : Year in Re Change We Can Believe In Rock Solid Security Topics Fort Knox: Boundless Encrypted Storage Unbreakable – Year in Re Exceeded SLAGlobally Last 6 Quarte 99.85% 99.90% 99.95% 100.00% 2012 - Q3 2012 - Q4 2013 - Q1 2013 - Q2 2013 - Q3 2013 - Q4 Availability –All Services Unbreakable – Year in Re 99.75% 99.80% 99.85% 99.90% 99.95% 100.00% Mar-13 Apr-13 -13 Jun-13 Jul-13 Aug-13 Sep-13 Oct-13 Nov-13 Dec-13 Jan-14 Feb-14 Online Availability LATAM Incident • Exceeded SLA 11 of last 12 Months • Clear Positive Trend • 1 Major Incident in September Impacting LATAM Region (cable cut) • Exceeded SLA 11 of last 12 Months • Clear Positive Trend • 1 Major Incident in September Impacting LATAM Region (cable cut) • Exceeded SLA 11 of last 12 Months • Clear Positive Trend above 99.95% • 1 Major Incident in September Impacting LATAM Region (cable cut) Cable Severed in Gulf of Mexico Internal Only? Failover Challenges Custome Lose Access as Auth Tokens Expire September Incident Ensure Independent, Redundant Connections Nothing is ‘Internal Only’ Faster Automated Failover Fix HA for AD September Incident Growing Maturity Escalons Falling Despite Exponential Usage Growth Mar-13 Apr-13 -13 Jun-13 Jul-13 Aug-13 Sep-13 Oct-13 Nov-13 Dec-13 Jan-14 Daily Active Paging Escalons 485% YoY Active r Growth Escalons Per r Reduced 3X Escalon Sources Change Telemetry CFE SQL 6X Reduction in Missed Minutes! Escalons by Impact - Then Escalons by Impact - Now SQL Change CFE Misc 4 categories dominate Focd efforts on these areas which we’ll discuss… 6X Overall Reduction Mix Shift towards ‘Long Tail’ CFE Reduced, Shifting to Load .Load Balancing is Tricky .Machine vs Farm Issues .Detect SP Issues .Lack of Safety Net .Risky F5 Management .Circuit Breaker .Full Auto F5 Mgmt .Move Logic to CFE’s .Smarter Health Detection .Safety Net Prevents Over Correction .Auto - Heal for Sick Machines Healthy Front - Ends CFE2 CFE3 CFE1 T0 T1 T2 T3 T4 T5 T6 Ping Ok? IIS App Pool Ok? Perf Counte ok? IIS Latency ok? IIS Erro ok? OK! 17X Reduction in Missed Minutes Healthy SQL SPO - Aware Monitoring Availability High I/O Full Disk Blocking Host & Mirror Auto - Heal SQL Aware Patching Patchable Normal Run HA Patching failove Split Aware Keep Books In Sync Auto - Manage Hosts -100% -80% -60% -40% -20% 0% % Reduction in Missed Minutes (6Mos) Managing SQL Growth Backup & Restore Log Shipping sitemap upe sitemap upe catch up clean up clean up .No Windows for Maintenance .Eliminate Shrinks and Defrags .Seamless Rebalance with Move .But, Split Requires RO Introducing DB Mitosis . technology to enable very fast growth management .“Splits” a into two parts within seconds flag deletions flag deletions C:\\bencan\Appa\Local\Packages\.windowscunapps_8wekyb3d8bbwe\AC\Temp\{F9BC4C1C-BB68-446D-8643-F69DAC135EF1}.tmp PRJDB TXDB UPADB SUBDB BCDDB APPDB SSDB FARM CNTDB Farm-wide impact on failure Tenant level impact on failure FARM Collapsed Service DBs to Content DB All a Tenant Partitioned One config, maintenance, monitoring FARM MinDB MinDB FARM MinDB Failover DR FARM MinDB STAND-BY FARM MinDB ACTIVE - DB level failover - Active/Active • Failover DBs, not Farms. • Handle single DB failure quickly. • Handle Farm or DC failure without waiting for 99 th percentile MinDB • Traffic is Active in both NWs • DR compute capacity fully utilized • Total Failover in minutes • AlwaysOn * for sync/ async replicon ACTIVE Topology Simplificon Pros • Role Separon • Easy to Identify/Isolate Failure Cons • Increased Fragility • Cannot Prefer r Traffic • Capacity Mgmt is Hard Topology Simplificon • Content and Fed Farms Unify • Search Remains Separate • Roles Align on Traffic Type ‘ MinRole ’ Topology MinRole • Con Role Hosts All Services • Traffic Prioritizon • Less Intra - Machine Fragility • Easy Capacity Build - out& Balancing On - Premises • Follow PLA Guidance • ‘ Prefer Self ’ and ‘AllowService Jobs’ flags coming soon Tackling Change Human error Change Telemetry CFE SQL Sources of Missed Minutes Ungraceful Disconnected Too slow, with too much built-up entropy Making change safe Edog MSIT Wave 1 Wave 2 Staged rollout with Tripwire All change gestures now follow a staged rollout process, listening to monitoring signals before beginning a stage 100% automon Automngall change gestures removed the potential for down cad by human error Seamless change Massive engineering effort to remove all down-ca facto and gracefully apply changes Upgrade automon Step 1 Deploy a target farm. The VMs have the latest bits, security patches, etc. Step 2 Dual-mount the target farm to also read from the same s Split SiteMapfrom ConfigDBto eliminate for SiteMaprebuild Step 3 Route traffic for synthetic tenants to the target farm and monitor farm health 12h Only Fast Seamless NLB Step 4 Gradually route traffic for customer tenants to the target farm Step 5 Tear down old source farm 24h Safe, but also super fast Upgrade 2w Every Every Critical fixes and security patches features and security patches Patching 2w 6mo 2w 6mo Automon is key Safety Speed Merlin& Joblets Automonprevents human error,which was aleading ca of down Code doesn’t take coffee breaks. Automon can remove spent idling Asafe way to allow human interventionwhen automon s a push Jun Jul Aug Sep Oct Nov Dec Jan Feb 2.5x reduction in manual touches Lockbox: No Default Access to Your a No Standing Access Just - In - Access Robust Logging . Approval Required for Access . Automated with Human Escalon . , Geo Limited . Zero People With Access . Automon for Repai . Content Access As Last Resort . All Access is Logged . Activities are Standardized . >10Tb per Day Analyzed Machine Learning Making sense of it all Probability of account X logging into machine Y? “Strangest ” sequences of events in the acenter today? Visualizon Does anything stand out? Crowd Sourcing Was this you? Tested and Proven Red Team Testing Industry Leading Analysts Proactive Detection and Probing Incident Response Validon a Protection Encryption in Transit… …and at Rest …between acente Hardware - SSL decryption at the load - balancer Best - in - class cryptography (Perfect Forward Secrecy, 2048 - bit key lengths) End - to - End encryption of content between acente, for disaster recovery. (AES 256 or better) BitLocker Drive encryption on all volumes that store content at rest (AES 256 - bit encryption) But Wait, There’s More! cloud icon for Windows 8/Metro - boundless cloud storage platform http://hammadrajjoub.net/wp-content/uploads/2013/04/windowsazure_logo. icon for Windows 8/Metro - icon for Windows 8/Metro - icon for Windows 8/Metro - icon for Windows 8/Metro - frame icon for Windows 8/Metro - icon for Windows 8/Metro - icon for iPhone/iOS 7 - icon for Windows 8/Metro - frame icon for Windows 8/Metro - pdf icon for iPhone/iOS 7 - metaa pdf icon for iPhone/iOS 7 - excel icon for iPhone/iOS 7 - excel icon for iPhone/iOS 7 - excel icon for iPhone/iOS 7 - word icon for iPhone/iOS 7 - word icon for iPhone/iOS 7 - pdf icon for iPhone/iOS 7 - publisher icon for iPhone/iOS 7 - 1Tb Site Collections & OneDrive! Total Storage 8 Unlimited storage. Unparalleled Security. Fort Knox Introducing… You to know your a is securely protected You want infinite storage that expands to meet your growing s Fort Knox: Advanced Encrypted Store A B C D E Key Store A B C D Content DB A B C D E crypto Unlimited Storage. Unparalleled Security. Summing Up… Reliable and Mature Evergreen and Safe Secure & Compliant Unlimited Storage. Unparalleled Security. 8 Thank You! Questions? bencan@.com courtesy .com MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Automng Operons and Governance Site Provisioning & Group Management Dan Holme Analyst & Evangelist IT UNITY SPC304 danholmehttp://tiny.cc/danholmespc14dan.holme@itunity.com t_logo-a. C:\\Dan\Pictures\facebook_logo (36x36).jpg C:\\Dan\Pictures\Dan Headshots\Dan_Lync_100KB.jpg http://www.ashwinkini.com/blog/wp-content/uploads/2008/01/mvp_horizontal_fullcolor. AUTHOR EXECUTIVE TRACK IT Unity Logo w:Tagline.ai CONSULTANT MAUI DAN HOLME Automon Framework Request •a points • List Workflow •Approval •Approval Provision •Policies •Logic •Powehell Proxy •Elevon •Isolon •Scheduled Task Log •Document • List Report •Insight •Compliance •Excel Goals Spotlight: operons & policy - management Identify: con operonal pain points Discover: connect out - of - box technologies Equip: provide tools, list definitions & scripts Guide: take it to the next level Foundon What is governance ? Governance Define Design Develop Deploy Manage Measure Modify Change Operons Business Outcomes ServiceDelivery People Process Policy People Process Policy Innovon IA IM SM AM V C R M What is operons management ? Operons Management and Improvement Define •Inputs (Requests) •Outputs (Changes) •Operonal Procedures Measure •SLAs Achieved •Costs of Operons Modify •Improve •Automate Why automate ? Why automate? Increase efficiency Reduce cost Reduce administrve effort Liberate administrve talent Improve ssfaction & adoption Increase consistency Reduce error Increase security Reduce exposure Increase manageability Increase insight Decrease chaos Operons Management and Improvement Define •Inputs (Requests) •Outputs (Changes) •Operonal Procedures Measure •SLAs Achieved •Costs of Operons Prioritize • Consuming •Complex •Critical •Compliant Automate •Powehell •Third Party Tools •ROI & ROI How can you break it down ? ? Process Definition Request •a points Workflow •Approval Provision •Procedures •Policies •Logic Log •Document Report •Insight •Compliance What is possible out - of - the - box ? Automon Framework Request •a points • List Workflow •Approval •SPD Workflow Provision •Procedures •Policies •Logic •Powehell Log •Document • List Report •Insight •Compliance •Excel Can we see an example ? Automon Framework Request •a points • List Workflow •Approval •SPD Workflow Provision •Procedures •Policies •Logic •Powehell Proxy •Elevon •Isolon •Scheduled Task Log •Document • List Report •Insight •Compliance •Excel Key elements of proxy framework lists for request and logging Powehell script Iterates through list and processes tasks that are approved and scheduled s snap - in, Active Directory module, etc. Runs on server or code script with Powehell remoting Scheduled task Runs POWEHELL.EXE with path to script as argument Runs with credentials that have appropriate rights Repeats on a schedule that meets SLAs Logging How do I do that ? Do it youelf! Download sample script and list template http://tiny.cc/danholmespc14 Create the web app for collaboron sites Managed paths: depts , teams, projects, sites Create a list with the template Name the list: Site Request [with a space] Create quotas Match with values in the list: Team Site - Standard and Team Site - Large Read the script Cents “Business Logic” cents indicate areas you will to modify Modify the script and the master page Modify the master pages In the Branding folder Replace “contoso.com” URLs with appropriate URLs to home page of your intranet Take it to the next level Request •a points • List Workflow •Approval •Approval Provision •Policies •Logic •Powehell Proxy •Elevon •Isolon •Scheduled Task Log •Document • List Report •Insight •Compliance •Excel Take it to the next level Request •a points • List Workflow •Approval •Approval Provision •Policies •Logic •Powehell Proxy •Elevon •Isolon •Scheduled Task Log •Document • List Report •Insight •Compliance •Excel Workflow •Approval •SPD Workflow •Workflow Provision •Procedures •Policies •Logic •Powehell •.NET app Proxy •Elevon •Isolon •Scheduled Task •Service, Service App, r Job Log •Document • List •SQL Report •Insight •Compliance •Excel •Reporting, BI Request •a points • List •Forms, BCS Third Party Tools Infrastructure and operons management Deployment Configuron Administron Informon management a protection Insight Build vs. buy Feature Track record Support Do it better Do more MAHALO! (thank you!) http://tiny.cc/danholmespc14 http://itunity.com http://bit.ly/danholmearticles http://bit.ly/danholmebooks A HUI HO! (‘til next !) dan.holme@itunity.com @ danholme MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Gathering Requirements: Asking the Right Questions for Building a 2013 Environment Shannon Bray, MCM Chief Architect Planet Technologies SPC362 .MCM, MCT, MCSD, MCSE, MCPD, MCITP, … .Twitter: @noidentity29 .Email: sbray@go-planet.com Shannon Bray .Failed implementons? . to 2013? . your next project to be successful? .You want the list of questions I ? You are here beca … .Many of us have goals and plans to accomplish those goals. .Typically, the more detailed the goals and plans, the better chance you have for success. . is no different! Importance of gathering requirements So … I have this client …. 2010 SQL Server 2012 Minor issues but mostly OK Built to minimum specs for 2010 So … I have this client …. •What is the most important question to ask???? Problem Space •Ignoring minimum requirements •Lack of planning Phases of a Successful Project Discover and refine requirements Analyze and prioritize requirements Design a solution that meets the requirements Govern solution delivery, operon, maintenance In This … We will discuss questions pertaining to … • Minimum requirements • Planning success • Planning governance • Planning informon architecture • Planning business p rocesses • Security requirements • Business intelligence • Role of the Office client • Performance and reliability • Business continuity management MinimumRequirements Installon Scenario Deployment type and scale RAM Processor Hard disk space Single server with a built-in or single server that s SQL Server Development or evaluon installon of Foundon 2013 8 -10 GB 64-bit, 4 cores 80 GB for system drive Single server with a built-in or single server that s SQL Server Development or evaluon installon of Server 2013 24 GB 64-bit, 4 cores 80 GB for system drive Web server or applicon server in a three-tier farm Pilot, r acceptance test, or production deployment of Server 2013 12 GB 64-bit, 4 cores 80 GB for system drive MinimumRequirements SQL Serve 64 - Bit, 4 or 8 cores depending on the number of 8GB for small deployments; 16 GB for medium. For large deployments, it is highly recended that you re the Storage and SQL Server Capacity Planning Configuron for Server 2013 . Stretched Farm Intra - farm latency of < 1ms one way, 99.9% of the over a period of ten minutes. Bandwidth speed be at least 1 gigabit per second Planning Success Why 2013? Key playe? Organizon’s strategic initives and mission? Reporting relonships between the stakeholde? Why is each stakeholder involved? Business objectives? Vision statements for each? Business objectives map to initives? Any conflicting goals? Paramete of a successful project? Steps to maximize and measure r adoption? Plans for maintenance and monitoring? Planning Success ASK: What will determine the success of the project? If you don’t know the answer to this question before you start, you are not planning for success!!! Don’t be afraid to ask for specifics!! • Reduction in effort or ? • ROI or cost benefit? Everything should be measurable!!! Governance Strategy Membe of governance board? Vision statement of the project? Defined roles and responsibilities? Policies and standards for: Content Design Security Features Navigon Custom code Composite appl Branding Informon Architecture Types of sites and how accessed? Content types, site columns, etc. ? Content security? r experience? Document storage? Document metaa? Metaa conalities? Document storage before ? Document management policies? Managed terms and keywords? Planning Success Remember: Implementing a tool should not dictate a process and the tools selected to enable a processes should not dictate the requirements. It is important to remember the requirements fit and the technology second. Business Processes Processes ties to content? Policies around content? Type of browse? Whose responsible for defining processes? (governance) Whose responsible for workflows? (governance) What composite appl will be available? LOB a? Security Requirements Who? When? What? Why? How? Internal and External? Same Rights? Authenticon? PII? a in transit and rest? (SSL, TDE, etc.) Ports? Gateways? Proxies? LB? Anti - virus? Server hardening? Pre - defined network topologies? Security Requirements (cont.) Rights management? Compliance and auditing? Threats management? Password policies? GPO tings? Groups in AD and \ or ? Business Intelligence Reports? Charts? Dashboards? Scorecards? KPIs? Excel Services? PerformancePoint? Visio? Role of Office Client End - r veion? Local copy? Offline ? Document caching? Co - authoring? Mobile appl? OneDrive or OneDrive Pro? Planning Success Remember: Don’t ignore Online as an option if it fits. Email, collaboron, instant messaging, VoIP audio and video conferencing can be packaged nicely with Office 365! It doesn’t have to fit perfectly. Hybrid deployments offer f lexibility! Business Continuity Defined SLAs? Expected RPO? Expected RTO? Who is responsible for backups? (governance) Who is responsible for DR plan? (governance) How often is plan tested? Locon of a cente? Budget? Performance and Reliability Con ? Growth or adoption over X yea? Performance metrics? Services? Geographical areas? AD, , SQL locons? Peak hou? Monitoring and Maintaining? Expected load? RAM? Distribution? NUMA Boundaries ? Performance and Reliability? (cont.) Network speed? Encryption requirements? Virtual, bare metal, etc. ? Blade distribution? Development and Staging? Software development lifecycle ? Custom code? External apps? Concerns acquiring hardware? allocated for performance and reliability testing? Demo Asking the Right Questions … Summary Every 2013 implementon is different and it is vital to undetand the requirements that will help build a system to will promote success. This document is meant to help trigger requirements that be critical architecture component. © 2012 . All rights reserved. , Windows, Windows Vista and other product names are or be re gis tered in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Questions? © 2012 . All rights reserved. , Windows, Windows Vista and other product names are or be re gis tered in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Thank You! MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Confessions of a PFE Eric Harlan Sr.PFE SPC277 Father Husband Blogger Author Speaker Sr.PFE Thrill Seeker (ly unfulfilled ) SKIER Who is @ EricHarlan 42 Why are we here? PFE always see the “interesting issues” The “G” word Permissions Architecture “Best Practices” Documenton Governance .Greek root word – “MEH” .Ok, actually it’s to “Helm a ship” .Past Present Future .For Pete's sake, What is the BUSINESS ? .Be fluid, living documenton cover the important part in order. (ex. Architecture, Patching, Policies, Document management/retention.) Governance Life Lesson, and hey it works for too! .Over Cautious .Always second guesses, never a decision waits until things are perfect .Over Zealous .Too risky, never plans, jumps in the river with no oa .Baby Bea .JUUUUST RIIIGHT. Weighs out risk vs. reward Governance Permissions Percentage that stats are made up 73% 13% 9% 5% Other numbe are totally fake. Percentage that permission is the ca 90% 5% 3% 2% Reactive cases. Hey AD/SQL admin. Stop hng. Demo One account to rule them all. . Architecture Single server? SUUUURE .Really consider what people do in .Consider what you want to drive people to do in .Consider 5 yea out .What is your performance goal? Is it reasonable? Architecture Script installs of the software. .Repeatable process .Not just for install of but expansion Architecture Undetand the Technology .If you don’t, get someone that does. .Pay Now, or Pay Later. Who is going to manage your environment? .You, Us, or othe. (On - Prem , Azure/365, Amazon) .What does that mean for sustainability, ROI, expansion Architecture “Best Practice” Definition: The Agreed upon best method to follow the crowd blindly and do something that be completely detrimental to your own environment (read: career). Best Practice This isn’t 2007 There is plenty of documenton (read: opinions) on how should be run , managed, planned for etc. Undetand why you are doing what you are doing? If you don’t know just ask. Test what changes you make in an environment that “closely” resembles production. Best Practice Documenton .Don’t keep your disaster recovery plan in . .Make sure a wider team knows where important docs are and who is in charge when the redundancy fails .Know who owns what and hold them accountable. .TEST what your documents cover Documenton What does it all mean man? .High consumption doesn’t mean good adoption, it mean poor governance. .What does adoption mean? .It’s easy to spend a LOT of money with .Are you flexible or are you firm in your Architecture? .Do you know who has access to what? ADOPTION MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Office 365 identity federon Windows Azure and Windows Azure Active Directory Spencer Harbar Architect SPC411 About Spencer Harbar Architect Edinburgh, United Kingdom www.harbar.net | spence@harbar.net | @ harba Works with ’s largest enterprise custome Works with Product Group on Readiness Author for MSDN & TechNet Certified Solutions Master | Certified Architect | 2010 Certified Solutions Master | Instructor & Author Certified Master | 2010 Certified Master | 2007 Most Valuable Professional | Server mvp. Agenda Identity Management and the Cloud Level Practice discipline Identity federon for Office 365 Re core concepts and options Leveraging Windows Azure to accelerate directory synchronizon Identity Management and the Cloud Identity Management A deployment means you ARE in the Identity Management business Whether you like it, or not! Importance increases significantly with 2013 r Sign In, Service Interaction, Virtually every investment area relies on Profiles, App AuthZ , S2S etc. Key functional scenarios require a base level of identity federon Hybrid, Social, etc Office 365 increases this dependency on “plumbing” Identity Management exposes the impl of weak identity management more than perhaps any other product It’s that important! And it does so to end via functionality, as opposed to IT operons Office 365 again increases, or amplifies this further Every Identity Management initive, ever (and always ) Primarily a political endeavor, NOT a technical one No tool from any vendor will change this IdM consulting skills a have for successful implementon Identity Management 10% Tech - nology 90% Everything else! Example IdM Considerons Ownehip Who owns which a Departmental controls IS systems Organizonal culture a Quality Is the a even there? Is the a “clean”? Is the a up to e ? System Quality e.g. Health of Active Directory Too many forests domains Line of business systems Access Control Regulatory Controls External (to ) a sources Authenticon and Authorizon SSL for sync operons IdM and the cloud Cloud deployment pushes identity considerons to the forefront Conly such issues are “put off” or papered over on premises Even “simple” scenarios simply don’t work without it For example Federated Search Long term this is perhaps one of the best “side benefit” of cloud computing, especially for IT Pros or Infrastructure focd practitione IdM tooling a clear leader and innovator in identity federon and metadirectory tooling Since 1999 – the fit cercial state metadirectory Whilst the implementon changes the core concepts and operons remain the same Incredible pace of delivery with Windows Azure Active Directory and related tooling No one else comes close! Examples include the revisions in directory synchronizon, support for “complex” scenarios as well as the core service offering But remember, IdM tooling is only 10% of the battle!!!! Identity federon for Office 365 Identity options Cloud Identity Windows Azure Active Directory Cloud Identity & Directory Sync Federated Identity Appropriate for •Smaller orgs without AD on-premises Pros •No serve required on-premises Cons •No SSO •No multi-factor authenticon •Two s of credentials to manage with differing password policies •IDs mastered in the cloud Appropriate for •Medium/large orgs with AD on- premises Pros • and groups mastered on- premises •It enables coexistence scenarios Cons •No SSO •No multi-factor authenticon •Two s of credentials to manage with differing password policies •Single server deployment Appropriate for •Larger enterprise orgs with AD on- premises Pros •SSO with corporate credentials •IDs mastered on-premises •Password policy controlled on- premises •Two-factor authenticon possible •It enables coexistence scenarios Cons •High availability server deployments required “Hidden” Concepts Anything other than Cloud Identity is a long term c to identity co - existence Directory Sync and Federon the only sensible option really Implementon change, but the core concepts will remain The “journey” to the cloud requires more infrastructure on premises And potentially preparon/clean up of existing infrastructure Identity federon Example AD Considerons Structure Description Considerons Matching domains Internal domain and external domain are the same i.e. contoso.com No special requirements Sub-domain Internal domain is a sub-domain of the external domain i.e. corp.contoso.com Requires domains to be in order, primary and then sub- domains Local domain Internal domain is not publicly “” i.e. contoso.local Domain ownehip can’t be proved, a different domain: •Requires all to get UPN • SMTP address if possible Multiple distinct UPN suffixes in single forest Mix of having login UPNs under different domains i.e. contoso.comand fabrikam.com •AD FSQFE—to resolve this issue. •Requires switchin Windows Powehell SupportMultipleDomain Multi-forest MultipleAD forest “External” FIM+ Guidance Other options Office365 Connector for FIM Graph API ‘Works with Office 365 Identity’ program Simple Options for Identity Management with Office 365 Thuday, March 6. 10:30 AM - 11:45 AM. San Polo 3401 - 3503 Leveraging Windows Azure to accelerate directory synchronizon Windows Azure Active Directory Sync tool The name for “ diync ” Synchronizes on premises Active Directory to Office 365 Traditionally deployed on premises Why deploy in the cloud? Why not? . Reduce deployment for O365 services Provide high availability for directory sync Avoid barrie to deployment on premises Reduce on premises server count Solution Over Diync Over Deployment phases Diync Workflow Critical Considerons Site to site VPN required Could be RRAS, Cisco, Juniper etc Windows Azure virtual network Address space, routing tables, firewall rules Active Directory On Premises considerons remain 100% valid Still significantly less work and much faster than deploying directory sync from scratch to on premises scenario Wrap Up Identity Management and the Cloud Cloud is driving Identity Management to the forefront the true leader in the Cloud IdM space Identity federon for Office 365 Core concepts and options Leveraging Windows Azure to accelerate directory synchronizon Deployment Over Deploy Office 365 Directory Synchronizon in Windows Azure http://technet..com/en-us/library/dn635310(v=office.15).aspx MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Over of Compliance in and Office 365 Astrid McClean and Quentin Christensen SPC233 Compliance Today Why Compliance •Legal and Regulatory requirements •Organizonal governance •Internal and external threats Today’s Challenges •Duplicate storage •Add-ons for •Complex experience The Asks •Lower the cost •One experience •Easier to manage •Leave the end r alone Content Lifecycle Create Collaborate Store \\\Projects\\Cloud Power \Design\_\Flexible_Workspace. Dispose Compliance Delete Discover paper-lock Archive Encrypt Audit C:\\hannahr\Dropbox\MOD Serve Metro Icon Library\victor melniciuc\s\Tech_Words\TechWords_06-13-12-Security. DLP Preserve Vision for Compliance Features Empower the r Enable the Compliance Officer In Place and Extensible Easy for IT Exchange, , Windows Outlook, Word, PowerPoint, , Mobile Apps Exchange, , Lync, AD, File Server, third parties Exchange, Strategy: In - Place Build compliance into the appl Index or Ingest to extend Unify compliance experience and configuron across the suite Bloomberg Immutable Immutable Exchange Lync 3rd Party Archives Compliance Delete Discover paper-lock Archive Encrypt Audit DLP Preserve … Exchange Othe Archive eDiscovery and Compliance C:\\hannahr\Dropbox\MOD Serve Metro Icon Library\victor melniciuc\s\Tech_Words\TechWords_06-13-12-Security. Traditional Compliance Enable Compliance OfficeCompliance Center Demo – Compliance Center Store a for business and compliance s Exchange In-Place Archive Records Center Outlook C:\\petern\Desktop\Design Stuff\\ logos\explorer-icon. OWA Retain folder hierarchy Reduce risk by deleting a with policy Specify default policies and tags available for to classify their folde or items Exchange Deletion Policies Document Deletion Policies Define central policies Assign policies to Site Collection Templates or individual Site Collections Preserve important a Exchange Preservon Preservon Demo – Archive, Delete and Hold Policies Protect a with encryption IRM (RMS) Prevents sensitive informon from being printed, forwarded, or copied by unauthorized people inside the organizon S/MIME Sign and encrypt messages to certificates Office 365 Message Encryption Encrypt messages to any SMTP address a Loss Prevention Helps to •identify •monitor •protect sensitive a through deep content analysis Identify Protect Monitor End r educon W:\Open Engagements\Productivity\MS-Unified Cun\#1601 BizProd MOD Team Core Content Work\ Iconography\People\GroupOfPeople_060812. W:\Open Engagements\Productivity\MS-Unified Cun\#1601 BizProd MOD Team Core Content Work\ Iconography\Words\Draft\061312_Word_\Shield_061312_white-16. C:\\hannahr\Dropbox\MOD Serve Metro Icon Library\david enriquez\061012\people061012white_V3-02. Demo – DLP Policy Tips a Loss Prevention Content analysis Get Content Regex Analysis Function Analysis Additional Evidence Verdict Policy Tips Outlook and OWA Document Fingerprinting Protect intellectual property like patents, company confidential informon, and other standardized form content Document Classificon Search for sensitive a Built - in classif Discover and preserve with eDiscovery Preserve a for legal purposes Support for eDiscovery across Exchange, Lync and Search and export a Add mailboxes, sites and file shares Demo – eDiscovery Quentin Christensen Investigate and prove with auditing Specify criteria such as to search and then export audit logs Choose from many reports such as admin actions and non owner access Exchange Auditing Auditing Audit s, edits , deletes, and searches. Configure per site collection Unified Compliance Give me one experience Make it easier to manage Content Lifecycle Create Collaborate Store \\\Projects\\Cloud Power \Design\_\Flexible_Workspace. Dispose Compliance Delete Discover paper-lock Archive Encrypt Audit C:\\hannahr\Dropbox\MOD Serve Metro Icon Library\victor melniciuc\s\Tech_Words\TechWords_06-13-12-Security. DLP Preserve Demo: Unified Hold Policies Astrid McClean Compliance Features Empower the r Enable the Compliance Officer In Place and Extensible Easy for IT MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Real - world Architecture Decisions Wictor Wilén Director & Architect Connecta AB, Sweden SPC334 Wictor Wilén Director, Architect , Author Connecta AB, Sweden Certified Architect – 2010 Certified Solutions Master – Certified Master – 2010 objectives TechNet is not always your answer Your requirements impact your solution Cost, budget – things that really matte This is my and experience on this topic Agenda Where to start the architectural work Topology options Hybrid over Single content Web Applicon approach and Host Named Site Collections Real - world examples Some things you should avoid… 2013 architectural changes Changes that a change! Same core infrastructure as in 2010 Service Appl and Services Distributed Cache Request Management Access Services 2013 Improved Service Appl Search “disconnected” workloads Office Web Apps 2013 Workflow Manager 1.0 Yammer The App Model Service Appl and Services Distributed Cache Service AppFabric Cache Service. An in - memory cache Request Management Software “load balancing” Routes and throttles requests Access Services 2013 Service Applicon for Access on SQL 2012 Contained s Service Appl and Services Machine Translon Service Automagic translon Bing Work Management Service Aggregates Tasks from Exchange and Project into App Management Service Foundon for the App Model Rearchitected services Search Rebuilt from scratch features from both Search and FAST Search Office Web Apps (WAC) No longer a Service Applicon Separate product Workflow A separate product: Workflow Manager 1.0 Authenticon and Authorizon Claims Authenticon The default OAuth OAuth 2.0 is d for App AuthZ Server to Server (S2S) AuthN OAuth variant d by Apps, Workflow and Server to Server AuthN Start your farm design… Markitecture diagrams… There is no one farm to rule them all.. It’s all about compromises… What are the workloads? What is the budget? How skilled is the operons team? What are the available resources? Low cost Management Performance Hardware and Resources Basically the same hardware as for 2010 But you more serve! And you more RAM…and disk! Think about Physical and Virtual machines Don’t forget ALL fault domains! 7 is the 5 3 is the 2 It’s not all about ! Licensing Office clients Network Devices/Browse Training Infrastructure Active Directory SLAs Topology considerons Planning the topology Topology planning is very iterve… …and it will change over Involves both hardware, virtual hardware, components, services and people… Planning the topology - tie Routing and cachingVery low latency Web & App LayerLow Latency Search LayerLow Latency Batch Processing LayerMore Tolerant Latency Layer < 5 msec < 500 msec < 500 msec >1 min RM DC WebApp rProf. Metaa BDC SecureStore r Code Access State Svc Query Admin Index UPA Sync Crawl Target Crawl Search Proc. Workflow Machine trans. WorkMgt < 5 msec SQL Scale out Scale up Know the Boundaries Software boundaries and limits for 2013 Available on TechNet. http :// askwictor.com/spbal Boundaries, Thresholds and Limits Boundary – stc, cannot be exceeded Threshold – configurable for specific scenarios Supported limit – configurable, but to a tested value Continuously uped Most recently with all Search details Important to memorize! Site Collection size and limits Security limits List and column limits Search Requires very different planning in 2013 Not only for Binging stuff Cross Site Publishing Analytics Recendons Search Roles can be distributed Administron Crawler Content Processing Analytics Processing Index Query Processing October 2013 CU contains huge improvements! C:\\WICTOR~1.WIL\Appa\Local\Temp\SNAGHTML34e39c. Search Components Find the most appropriate partner CPU Network Disk Memory Administron Crawler Content Processing, CPC AnalyticsProcessing, APC Index Query Processing CPC APC Admin Crawl Index Query The content of this slide is borrowed from Dearch, aka Neil Hodgkinson Workflow and Office Web Apps Workflow Manager 1.0 1 or 3 server installs, no other options! Can share server with Evaluate your s! Check out the Workflow Manager (SPC356) Office Web Apps 2013 (WAC) Cannot share serve with anything Come to my WAC (SPC383) Apps for On - Premises farms Apps only? DR easier Hosting options for High - trust apps On - Premises IIS Farm or Azure IAAS Co - locate with web serve Azure Web Sites Other hosting options Certificate Management Shared certificate between multiple apps Each app has it’s own certificate Certificates, certificates, certificates… Yes, you SHOULD certificates! Not only on Central Administron OAuth and S2S Apps Workflow Office Web Apps 2013 Exchange S2S Involve business and ops early in this discussion! Might require infrastructure (CA) Firewall considerons Involve the firewall team early Firewall requirements should be a part of the design Nothing freaks out a firewall admin than opening ports ad - hoc No good TechNet documenton available You can find pieces here and there My firewall cheat sheet will be uploaded to Yammer after this Profiles and Hybrid r Profile considerons Active Directory Import (ADI) Quick and easy – works for most simple requirements and scenarios Built - in FIM Basically same as in 2010 External FIM Advanced scenarios Allows IdM to be managed by other teams than the team (a good thing!) r Profile Replicon To or not to ? My Sites, Social and Yammer My Sites are a requirement ! Required for social, task rollup, OneDrive for Business Diync is a “requirement”! Diync Server (1 for Yammer and 1 for Office 365 ) Password hash sync AD FS is for most organizons required Single Sign On AD FS Serve and Web Applicon Proxies (2 + 2) in SP1 Office 365 Admin OneDrive for Business Sites in Office 365 Connect on - premises farm to Yammer Hybrid distributed deployments Search The key to Hybrid deployments Make sure to attend the Hybrid s My Sites Hosted on - premises or in Office 365? Look and Feel Branding, theming or just leave as is? Social Experience Yammer is the way forward! The Single Content Web Applicon approach! The Single Web Applicon approach One Web Applicon listening to all host heade The “” recended guidance One App Catalog per Web Applicon Reduces memory footprint Better usage of resources Most often requires Host Named Site Collections Apps Host Named Site Collections Host Named Site Collections Path Site Collections RequiresPowehell to create Site Collections Central Administron(or Powehell) to create Site Collections Allows for unique DNS Names Same DNS Name as Web Applicon A Root Site Collection is required *-SPSiteUrl Alternate Access Mappings Custom Self Service Site Creon OOB Self Service Site Creon Farm level Managed Paths Web Applicon level Managed Paths Custom Site Creon Provider recended Host Named Site Collections Caveats Root Site Collection is required It’s a support requirement have the same name as the Web Applicon Search s the Root Site Collection for discovery SSL Terminon requires custom HTTP Header Front - End - Https: On Default Site Creon provider can ca SLA problems Do you want to mix My Sites with other sites collections ? Host Named Site Collections example Combinon of HNSC & PBSC Applicon pool Web Applicon – https://root.contoso.com Root Site Collection: https://root.contoso.com (no template) Site Collection: https://teams.contoso.com My Site Host: https://my.contoso.com Peonal Site: https://my.contoso.com/peonal/wictor Demo: Host Named Site Collections Wictor Wilén Three samples from the real world Virtual and Physical hardware Two identical farms (Warm standby) Swing releases for ALM Shared Office Web Apps Farm SQL Server 2012 Standard (mirroring) Regional farms Sample 1: All - in - one intranet Intranet for a global company Collaboron Social BI Features ~25.000 Heavily customized Huge migron project Search intense Sample 1: Compromises Search configuron Crawl serve crawl themselves Initially index/query on web serve SSD disks SQL Server Mirroring instead of Availability Groups DFSR to move SQL backups between farms Workflow Running on web serve Social RAM pressure on web serve (increased from 16GB to 24GB) Distributed Cache on web serve Only physical hardware RAM: 48/24/96 GB 8 cores SQL Server 2012 Standard Sample 2: public .com site Public facing web site with multiple brand sites Multiple sites Multiple domains Search driven Cross site publishing Authoring in the same farm Sample 2: Compromises All Physical hardware Hosting costs Two tie 1: Web Applicon, Service Appl and Index+Query 2: Rest of Search components Authoring in the same farm Three types of Sites 1: Content site collections 2: Ass site collections (CDN, kind of…) 3: Catalogs – shared between content sites, only for autho and not accessible externally A platform to host services - Intranet - Extranet (AD FS) - Appl - Apps CAM preferred over FTC - FTC requires special approval A combinon of physical and virtual hardware Dedicated IIS Farm for Apps Different levels of SLA Sample 3: a services platform A infrastructure that allows the IT - department to treat as a services platform Sample 3: Compromises Start small! A design that allows scale - out/up We expect changes to the service over CAM preferred over FTC Strict requirements on FTC apps Dedicated IIS Farm for Provider hosted apps And the stuff that is so often forgotten… Plan your HA and DR strategies up front! Make sure that you can handle High - Availability Remember 3 is the 2 Make sure to attend the BCM on Thuday (SPC343) Don‘t forget: Workflow Provider Hosted Apps Access Services 2013 Choose appropriate DR strategy Cold Warm Hot HA and DR will impact cost! Up! One, Two, Three, Four, Five or Six Nines? 20%+ had > 99.9% up requirement Office 365 has a financially backed 99.9% d up! Does your up requirements include maintenance? 10% of my survey answe had 100% up including maintenance windows! Make this reasonable! RPO vs RTO Normal operons Reaction Repair Buffer Panic Zone MTPD Point of Bankruptcy Disruption a loss Reduce RPOBackups Always On Availability Groups Reduce RTOCold -> Warm -> Hot standbys Routines, checklists, automon Practice! RPO RTO “Just beca you can does not mean that you should!” Things to avoid consider carefully Multi - tenancy Multi - tenancy Only a very few this feature Often done for the wrong reasons Built for specific large scale hosting scenarios Read Office 365 Requires customizons Such as Tenant Admin etc. Geo - distribution Geo - distributed topologies Multiple farms is the solution Service Applicon Federon works…for some Service Appl is not a product that can be replicated Third party offerings available, but make sure they work with your specific scenarios Stretched Farms Very specifi c requirements [<1ms, one way, 99.9% of the , 1gbps] http:// askwictor.com/spstretched Stretched SQL - KB971160 Service Farms and Service Applicon federon Service Farms Undetand the limitons In most cases only the solution more complex Service Applicon Federon Managed Metaa the perfect candie Summary Evaluate the s from not only a technical pepective The s will change, over Be prepared to change your decisions Base your design on tests, facts and experience Don ´ t believe everything you read… …except this deck . MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Deploying highly available Internet Sites on Windows Azure Virtual Machines Sanjay Narang MCS, MCSM SPC312 Luca Bandinelli CAT Rangarajan Srirangam Azure CAT .Discuss the approaches and challenges in implementing a DR solution for public facing web sites on 2013 hosted on Azure IaaS .Explain approaches and procedures for configuring .A hot - standby DR farm across geographically separated a Cente .Cross a Center a synchronizon at the SQL Server level in Azure IaaS .Azure Traffic Manager for auto failover Objectives To know more about … Architectural aspects for defining topology of on Azure IAAS SPC3992 - Brenda Carter, Kirk Evans Solutions and Architectures on Windows Azure Infrastructure Services Thuday, March 6, 2014, 9:00 AM - 10:15 AM, Lido 3001 - 3103 Configure SQL Server Always ON SPC343 - Neil Hodgkinson, Wayne Ewington Business Continuity Management with SQL Server Always On Thuday, March 6, 2014, 9:00 AM - 10:15 AM, Murano 3201 - 3303 .Introduction .Solution Architecture .Key Challenges in having Geo - DR in Azure .Initial Configurons - Primary and DR Farms .Enabling Auto - Failover – Azure Traffic Manager .Failove – Temporary and Permanent .Other Considerons Agenda .Internet Facing Web Sites – What Customer wants .Minimum Down/ a loss .Considerons .Can each layer of a Center be made redundant? .Patching manes complete down .Natural Disaste spanning the whole geographic locon .Azure VMs – Connectivity Up - 99.95% .Solution .Maximize Up, Minimize RPO/RTO .Geo - Distributed farms for DR .Cloud Hosting and Auto Failove Introduction .Full featured Internet Scenario – Not available on O365 .Provisioning : Ease and speed .Scale on demand, pay per .Support: End - to - end unlike AWS .a cente: Global, SLA backed .Scenario Specific Features: .Blob Storage .Fast Cross - DC transfer .ACLs on end - points .SQL Server: Backup to Azure Blob, Always on and listener support .Traffic Manager Why Azure Solution Architecture BLOBStorage Windows AzureRegion 1 Windows AzureRegion 2FARM 1 (PRIMARY) FARM 2 (DR) 80/443 80/ 44 3 DNS Queries Traffic Manager Custom log s hipping j obs for a sync .Two 2013 Farms in two Geo - Distributed a cente .Configured in a hot - standby Disaster Recovery (DR) configuron .Internet Sites Scenario - Two Service Appl – Search and MMS .Windows Azure Traffic Manager routes r traffic to DR farm on failover .Custom log shipping solution to sync a .What is Synced – Content DB and MMS DB .Restore mode - standby (read - only) .Search .Independent Search service in each farm .Search in DR farm crawls read - only (standby) content DBs Solution Architecture Details .Windows Azure .V irtual networks are restricted to single acenter .Impact .Single Active Directory domain cannot span multiple acente .Each farm s to have separate AD domain deployed locally .Can’t SQL Server AlwaysOn Availability Groups b/w Primary and DR as single AD Domain is required .Trust between the two AD domains (in two acente) – Cannot be established .Requires additional configurons to avoid permission related issues for service accounts .OOB log shipping across acente - Cannot be configured .Requires custom log shipping solution Key Challenges for Geo - DR in Azure Primary Farm – Initial Configurons FARM 1 (PRIMARY) Virtual Network Affinity Group Cloud Service 1Cloud Service 2Cloud Service 3 Subnet 2Availability 2Subnet 3Availability 3Subnet 1Availability 1Subnet 4Availability 4 Front Ends App Sv Domain Controlle DB Sv Quorum Node Windows Azure Load Balancer Availability Group Listener Endpoint SQL AlwaysOn Availability Group Custom log backups jobs BLOB Storage .All VMs within same VNET and Affinity Group .Each Tier having redundancy/HA – in its own Availability .Front End Tier – Public IP, Windows Azure Load Balancer . tier .Configured in SQL Server Always On Availability Groups (AG) .s 3 rd VM (Non - SQL) for Quorum of Windows Server Failover Cluster (WSFC ) (Node Majority) .Only one Availability Group possible per WSFC .Listener requires all VMs to be in different cloud service from DB .Service Appl .Search Service Applicon .Managed Metaa Service Applicon Primary Farm – Initial Configurons Details DR Farm – Initial Configurons FARM 2 (DR) Virtual Network Affinity Group Front Ends App Sv Domain Controlle DB Sv Quorum Node Windows Azure Load Balancer Content DBs & MMS DB are Read-Only & NOT part of AlwaysOn AG SQL AlwaysOn Availability Group Custom log restore jobs BLOB Storage .Similar to Primary Farm with some differences .SQL Server .Content DBs and MMS DB are not in AlwaysOn AG .They are getting log - shipped to both DBs .All other DBs are in AlwaysOn AG .Web Appl and MMS Service .Configured to Read - Only (standby mode) DBs .AAM ting public URL same as Primary Farm .Search .Search is created separately .Configured to crawl Read - Only (standby mode) content DBs .Scheduled during windows when restore is not happening DR Farm – Initial Configurons Details Custom Log Shipping .Custom SQL Agent Jobs at Primary and DR farms .Fit .Backup DB from Primary .Restore in DR with NORECOVERY .After Fit .Backup Logs from Primary with sequence numbe .Restore Logs in DR with STANDBY in proper sequence .s BACKUP to URL and RESTORE from URL TSQL cands .To backup and restore directly to/from Azure BLOB storage .Supports both http and https endpoints Custom Log Shipping Jobs RESTORELOG[WSS_Content_80_spc1] FROMURL= 'https://spc1storage.blob.core.windows.net/dbs/ WSS_Content_80_spc1_log_1.bak' WITHCREDENTIAL='spc1credentials', STANDBY='c:\backup\standby_wss.bin BACKUPLOG[WSS_Content_80_spc1] TOURL= 'https://spc1storage.blob.core.windows.net/dbs/WSS_Content_80_spc1_log_1.bak' WITHCREDENTIAL='spc1credentials' ,COMPRESSION ,STATS=5; Additional Configurons Adding Domain Accounts to DBs Domain1\app1 Domain1\search1 Domain1\app1 Domain1\search1 Domain2\app2 Domain2\search2 FARM 1 (Primary) FARM 2 (DR) AD Domain: Domain1 AD Domain: Domain2 .Provide Access to DR Farm accounts on content DBs One activity for adding app pool account and search account to the DB 1.Backup the content DB from the Primary Farm 2.Restore the content DB with RECOVERY (Read - Write mode) in DR Farm 3.Attach the content DB to the web applicon. . SQL Alias as Server Name, which points to a SQL Instance and NOT Listener .Applicon pool identity account (Domain2 \ spapp2) gets access on the content DB 4.Modify web app r Policy to provide Content Access Account (Domain2 \ spcrawl2) access on the content DB 5.Backup the content DB from the DR farm and restore it to the Primary farm. .Accounts from both domains have been added to content DBs .up custom log shipping for content DBs between the two farms .Schedule Config DB refresh for site collections .$ contentDB.RefreshSitesInConfiguron () Configuring Web Appl in DR .Provide Access to DR Farm accounts on MMS DB (One activity ) .Backup the MMS DB from the Primary Farm .Restore the MMS DB with RECOVERY (Read - Write mode) in DR Farm .Make service app pool account (Domain2 \ spsvc2) as db_owner for the MMS DB .Upe MMS to the restored DB . SQL Alias as Server Name, which points to a SQL Instance and NOT Listener .Backup the MMS DB from the DR farm and restore it to the Primary farm. .Accounts from both domains have been added to MMS DBs .Configure custom log - shipping for MMS DB between two farms Configuring MMS in DR .Recended DR strategy for Search .Backup/Restore .Pros: Full Fidelity Restore .Cons: Extra failover required to Search features in DR farm .Crawling Read - Only DBs .Pros: .Immediate access to content freshness and content search features .Enables read - only cross - site publishing scenarios (except search analytics) .Cons: .No sync of search configuron changes .No sync of search analytics features Search in DR Demo Configured Farms in hot - standby Geo - DR mode Failove 1.r traffic to company domain 2.Company domain to Traffic Manager domain 3.Traffic Manager domain and profile 4.Traffic Manager profile rules processed 5.Cloud service domain name sent to r 6.r calls cloud service 7.Repeat (after DNS cache (TTL) expires) Azure Traffic Manager .The Front End serve ‘cloud service’ for two farms is configured in ‘Failover’ load balancing mode .TM keeps checking the ‘online’ service on ongoing endpoint monitoring .Primary Farm ‘cloud service’ is the ‘fit’ service in the ordered list .A custom job keeps polling TM to check ‘Active’ service .Sends alerts when TM fails over to secondary service .Can take appropriate actions for on type of ‘failover’ Enabling Auto - Failover – Azure Traffic Manager BLOB Storage 1.Primary Farm goes down 2.TM recognizes that farm is down and route traffic to DR farm 1.No change in URLs 3.Visito access the site in read - only mode (from DR farm) 4.Custom Job 1.D etects TM has switched the traffic 2.Pas the restore log to avoid r disconnection Temporary Failover Subnet 1Subnet 4Availability 1Availability 4Cloud ServiceSubnet 2Availability 2Cloud ServiceSubnet 3Availability 3Cloud Service Subnet 1Subnet 4Availability 1Availability 4... SQL Server AlwaysONAvailability GroupCloud ServiceSubnet 2Availability 2Cloud ServiceSubnet 3Availability 3Cloud Service Read Only Primary DR A 1 2 3 4 Demo Temporary Failover 1.Primary Farm does not come back 1.Permanent F ailover is decided (e.g. on window) 2.Service Disruption expected (for some ) 2.s are brought online (DR farm) 1.Tail log backups are taken from Primary farm (if possible) 2.All pending logs are applied (both instances) 3.DBs are brought to RECOVERY ( both instances ) 4.DBs are added to AlwaysOn Availability Group 3. Serve Configured (DR Farm) 1.SQL Aliases are configured to point to AG Listener 2.Site becomes Read Write 3.Search Decision – Backup/Restore or Continue as is 4.TM – DR farm is made as Primary Endpoint Permanent Failover BLOB Storage Read Only Primary DR A … 2.1 2.2 2. 3,4 3 4 1 Demo Permanent Failover Other Considerons Reveing Roles Patching Content Delivery Network to minimize visible down When both farms fail Summary Geo - Distributed Farms with Hot - Standby DR and Auto Failove helps in increasing the HA Azure services such as Traffic Manager helps in automc failover limitons in Azure required additional steps for configuring DR Custom log shipping solution required to sync a between cross a cente in Azure References Cloud Services, Virtual Machines, and Virtual Network SLA Geo-DR for SQL Server on Windows Azure Infrastructure Services Log Shipping Tutorial: Listener Configuron for AlwaysOn Availability Groups in Windows Azure 2013 on Windows Azure Infrastructure Traffic Manager Over MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. End to End eDiscovery in Office and Office 365 Quentin Christensen Program Manager SPC396 90% U.S. s ly engaged in litigon 147 Average number of active lawsuits for $1B+ companies $1M Average per case cost of eDiscovery Fulbright & Jawoki, Gartner Identify and Preserve Search and Process Re Produce eDiscovery Over Volume Relevance eDiscovery Challenges Preservon Search and reduction Export Demo Quick Investigon Quick Investigon Early case assessment Fast, real search Answe in minutes, not weeks eDiscovery simplified Save and money Reduce risk Key Takeaways Advantages: in-place, real , simple Capabilities: In-Place Hold, Query, and Export eDiscovery as easy as 1, 2, 3. In - Place Hold: protect content in - place in real Query: find up to e and relevant content quickly Export: transfer content for re and production 1 2 3 Across: , Exchange, Lync, and file shares on - premises and Office 365 Demo Compliance Center and Hold In - place hold: content stays in Exchange and , less storage space, lower costs, higher fidelity Locon and query : hold entire mailboxes, sites, or apply a query to hold less content No impact to : seamlessly create, edit, and delete without knowing its on hold 1. In-Place Hold Lync Archiving r A Mailbox Recoverable Items Deletions Deleted Items Inbox Veions Purges DiscoveryHolds Server side archiving All Lync modalities captured (PC, mobile, web, OWA) r A on hold Hold state synced Lync archives content into Exchange mailboxes when r is on In-Place Hold Includes instant messaging and meeting content In - Place Hold Admins cannot delete the hold a or site Lists, feeds , documents, and pages are covered Veion history is preserved if veioning is on r A Mailbox Recoverable Items Deletions Inbox Purges Veions Audits Deleted Items … DiscoveryHold Calendar Logging (6) Messages purged by query hold (5) Message Edited (3) Message deleted (4a) Message “purged” by r (Litigon Hold / Single Item Recovery) ExchangeLifecycle (4b) Message “purged” by r (In-Place Hold) (1) Message delivered (2) Message moved to Deleted Items Demo eDiscovery Center Real : no to wait for indexing, always live and up to e Reduce: proximity search, rich query syntax Make decisions: query and source ststics help you analyze 2. Query Keywords and Properties Query Example “Executive Briefing” Any content that contains the words “Executive Briefing” together, anywhere in the document, page, or message. “Executive Briefing” AND “Summary” Any content that contains the words “Executive Briefing” and “Summary”, anywhere in the document, page, or message filename:budget Any file with budget in its filename, such as 2014 budget projections.docx, 2015 budget priorities.pptx, 2014 budget planning.xlsx, and so on. filename:2014 budget filetype:xlsx Excel worksheets that contain the phrase 2014 budget, such as “2014 budget planning.xlsx” and “2014 budget re.xlsx”. ExecutiveNEAR(20) Briefing Anycontent that contains the word “Executive” within 20 words of ”Briefing”. Demo Export Easy: download from , Exchange, and file shares whether on premises or in Office 365 all at once EDRM XML Support: growing industry standard for a interchange, import into popular re tools Take it offline: Nve files, PSTs, pages as .MHT, lists and feeds as .CSV 3. Export EDRM XML 1.1 Support Local a File Shares Exchange \\\Projects\\Cloud Power \Design\_\Tower. What about all my other a? \\\Projects\\Cloud Power \Design\_\Connect_to_Cloud_Services. Local a Online \\\Projects\\Cloud Power \Design\_\Connect_to_Cloud_Services. Exchange Online PSTS Files PSTS Files \\\Projects\\Cloud Power \Design\_\Connect_to_Cloud_Services. Exchange Online Provide a sketch of the a flow(s) Detail here... http://go..com/fwlink/p/?LinkId=314072 eDiscovery as easy as 1, 2, 3. In - Place Hold: protect content in - place in real Query: find up to e and relevant content quickly Export: transfer content for re and production 1 2 3 Across: , Exchange, Lync, and file shares on - premises and Office 365 Key Takeaways eDiscovery simplified Save and money Reduce risk Advantages: in-place, real , simple Capabilities: In-Place Hold, Query, and Export © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Load testing 2013 Visual Studio 2013 Todd Klindt & Shane Young Not Develope Rackspace SPC381 .WSS MVP since 2006 .Speaker, writer, consultant, Aquarius, proud Trans Am owner .Peonal Blog www.toddklindt.com/blog .Company web site http://.Rackspace.com .E - mail todd.Klindt@Rackspace.com .Twitter me! @toddklindt .If you’re not already sick of him .http://www.toddklindt.com/netcast Who is this Todd Klindt guy? mvplogo. Hat_JPG.jpg .Shane Young – Cincinn, Ohio .@Rackspace . Server MVP, somehow .Consultant, Trainer, Writer, Speaker, Wishes he was handsome like Todd .Shane.Young@Rackspace.com .Blog .http://msmvps.com/shane . Consulting .http://.Rackspace.com .Twitter @ ShanesCows Who Am I? MVP_FullColor_Focreen_small 16.tif .Talk about the tools .Make some tests .Demo , demo, demo Agenda .How do you do it? . and effort ting up machines .Cost for hardware .Fear of Visual Studio Challenges .Visual Studio Ultimate .Windows 7/8 .Windows Server 2012/2012 R2 .A test environment .Nerves of steel What You N eed .Performance Testing .Does it work? .Load Testing .Does it really work? .Stress Testing .When does it stop working? .Capacity or Scale Testing .Will it work for us? Terms .Solution .One or more projects .Project .One or more tests .Web Test .A series of web requests .Can be one or more pages or actions .Load Test .Execution of one or more web tests .Has tings like browser, networks, More Terms Let’s get to it! Todd & Shane Project .Record steps in Internet Explorer .Make sure recording bits work .Easier on workston .One type of request per web test .Can also create with Fiddler Create Web Test .Add web tests to load test .Pick network profile .Pick browser profile .Can add multiple workstons to test .Can monitor serve from VS .Can export to Excel Create Load Test .ed to simulate network connections .C: \ Program Files (x86) \ Visual Studio 12.0 \ Con7 \ IDE \ VSTestConfig.exe networkemulon /install .Save to SQL .C: \ Program Files (x86) \ Visual Studio 12.0 \ Con7 \ IDE \ loadtestrepository.sql Add Network Shims .Can run tests from ’s serve .Sing up for Visual Studio Online TFS account .Add as many agents as you To The Cloud! Slides and coupons for a free backrub from Shane http://.rackspace.com/spc Questions? ( make’m easy ones) Yammer External Networks: Engaging Custome & Partne Rich Wood Nonal Director, Modern Appl Perficient, Inc. SPC248 .Con Ground: #ESN and Extranets .Enterprise Social Networks as an Engagement Tool .Extranets and How They Work .Why Yammer: Stng the Case .Demo .Tour a Live External Network .Governance in a Yammer External Network .Wrap-Up / Q&A Agenda .Has an extranet today .s or Yammer externally .Utilizes “the cloud” for external collaboron Please raise your hand if your organizon… #ESN as an engagement tool Enterprise Social Networks (#ESN) Forrester: The promise of Enterprise Social Networks (#ESN) is that they will… Drive more effective re of content ass… #ESN Provide better and faster access to expertise… #ESN Enable richer and more valuable real - interactions… #ESN Create a platform that can support collective action… #ESN [Help you] strive for a culture of innovon…. #ESN Wouldn’t it be nice to share these benefits with vendo, partne, and custome? Extranets and how they work Extranets: What are They? External facing (not behind a firewall, no VPN required) Collaborve with people outside your network Secure to only invited Extranet Cases Document Collaboron on shared projects, bids, work products Sharing Rich Media like large image files, drawings, video Many - to - Many Cunicon Channel for broadcast and conveon Our Reflex? On - Premise Extranets secured behind SSL Strict governance be enforced to ensure security Active Directory often d to manage r base But the Cloud is the Game Changer But the Cloud is the Game Changer Online Yammer + = Extranet 2.0 Online Yammer robust document collaboron team sites, calenda, projects and tasks & planning Extranet 2.0 fast and easy to up for real - collaboron cunicon focd how people live and work right now the best of both worlds… but we don’t want to wait (and we really don’t have to) h ere today h ere today coming soon! Single Sign On Yammer has a tool for every social case… Yammer for #ESN = Batman’s Utility Belt The External Network… It’s Yammer’s Secret Weapon! Stng the case: Yammer as an extranet Engage custome, vendo, partne in meaningful dialogue Promote the brand Manage the message Own the activity Extranets: Why Yammer .Adoptability .Interactivity .Cloud Advantages .Mobile Accessibility .Governance Extranets: Why Yammer Adoptability Rapid initial adoption Internal is key Familiarity breeds usability Adoptability Groups Global Nav Suggestions sfeed Search Notif Post upes Adoptability Groups Global Nav Suggestions sfeed Search Notif Post upes Cunicate Collaborate Get Feedback Build Shared Ownehip Interactivity – With Custome Interactivity – With Business Partne Many : Many Engagement Collaborate Share Rich Media Build Camaraderie and Shared Accountability The Proof is in the Pudding The Ultimate Extranet Case over 90,000 FTE Employees over 150,000 partne literally millions of custome Partne Custome Cloud Advantages No Active Directory r management Accessible anywhere Easy UI for your own teams Log in once with your home network Yammer is accessible across device platforms through free, nve appl on Windows, Windows Phone, iOS, and Android. Mobile Accessibility Freemium vs. Enterprise Governance Freemium Enterprise control content Admins can manage content own content Enterprise owns the content No admin controls Admin controls Ease of Administron Control who can create, invite and interact on external networks while managing those networks closely. Governance DEMO 1: Case: Single Partner Collaboron Rich Wood .Your home, your branding .Manage the message – share the s that matte .Many to many sharing and collaboron .Foster interactivity and con purpose Keys to this case DEMO 2: up and Governance in Yammer External Networks Rich Wood .External Network tings (Global) .up and Configuron .External Network tings (Local) .Usage Policy .r tings .Content and Security Ston Stops .Office Web Apps and OneDrive for Business for document collaboron .Yammer Feed replaces Social Feed = Yammer + Online extranets! .Inline Social, Groups, and Office Graph .Where to find out? Roadmap # SPC 282 And that’s all today. But tomorrow…? So with Yammer, you’ll be prepared for every external #ESN case. Just like…. #SPC14 Enterprise Social Related Content See you at the 2 Social booth & 3 Social tables at Asks the Experts WED @6:15! Room A responsive organizon stays ahead of the competition SPC104 Delphino4001 MON 2:00 Trek Bikes: pedaling past complex collaboron problems in the enterprise SPC386 Delphino4005 MON 2:00 's vision and roadmap for Enterprise Social SPC282 Delphino4005 MON 3:45 : Our Enterprise Social Journey SPC280 Lido 3001 MON 3:45 Nonwide: Building a World-Renowned Intranet with SP 2013 & Yammer SPC311 Murano3204 9:00 Real-world, best practices for making enterprise social successful SPC239 Delphino4005 9:00 Make your portal social in 1-2-3! SCP378 M,N 9:00 Over of Yammer app development SPC332 O, P 9:00 Yammer External Networks: Engaging Custome and Partne SPC248 Murano3204 10:45 Cargill: Real-world challenges and value in introducing enterprise social SPC295 Delphino4001 10:45 Integrng Yammer and .NET SPC380 O, P 1:45 Work like a network: The power of Enterprise Social SPC112 Marcello 4401 3:15 Best practices for breaking down organizonal barrie Yammer SPC264 Delphino4005 3:15 Over of configuring Yammer SSO & Directory Sync SPC368 Titian 2201 3:15 Successful team collaboron with Yammer & SPC247 Delphino4005 5:00 Driving enterprise social from the bottom up SPC266 Delphino4005 WED 9:00 Developing socially connected apps with Yammer, and OpenGraph SPC371 O, P WED 9:00 Giving voice to frontline worke via enterprise social SPC263 Delphino4005 WED 10:45 Yammer mining -dig in and "listen" to what your big *social* a is saying SPC3991 Murano3204 WED 1:45 How to become a Yammer Power r in 75 minutes SPC275 Delphino4005 WED 5:00 Knowledge Management with and Yammer SPC246 Delphino4005 THU 9:00 Measuring Business Value with Yammer SPC392 Delphino4005 THU 10:30 #WorkLikeANetwork Enterprise Social Resources Sites, Blogs & Twitter .Enterprise Social Customer Success-Yammer Success Center– EnterpriseSocial.com- The Responsive Org .Admin & IT-Develope-Yammer App Directory-Office Store-Yammer Ignite .Blogs: YammerOffice 365Twitter: @Yammer@Office365 Research/Whitepaper .Gartner: Magic Quadrant for Social Software in the Workplace- Evolution of the networked enterprise: McKinsey Global Survey - Yammer’s 2013 Business Value Survey - The Rise Of Enterprise Social Networks Press .How Red Robin Transformed Its Business With Yammer- How Teach for America gets the most out of Yammer on a shoestring budget- HK firm creates idea melting pot for 4,000 employees- LexisNexis found that employees who Yammer are way happier- Switching to Yammer let this company slash helpdesk calls and save $1.5 million a year- How got its own employees to Yammer Videos .Move Faster Together .Transform the Way You Work with Yammer #WorkLikeANetwork A fast, easy, and safe way to collaborate with vendo, partne and custome? Yammer External Networks. Q&A Thank you. MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Hybrid Search: Configure Outbound Hybrid Search in Online with Password Sync SPC320 Manas Biswas , Senior Support Escalon Engineer, GBS India Neil Hodgkinson , Senior Program Manager, CXP CAT Objectives And Takeaways Objectives: Cover the con configurons and tools d to up the Hybrid environment and infrastructure Prepare for conveons with custome and partne on the implementon of hybrid search Evangelize the benefits of hybrid as a stepping stone towards a full cloud migron Key Takeaways Discuss the configuron experience for Outbound Hybrid with Password Sync and undetand the critical components in the up Agenda Hybrid Scenarios Hybrid Components and Configuron Hybrid Deployment Configuring Hybrid Search & Query Rules What is Hybrid? And why ? Hybrid Solution Hybrid Scenarios Security trimmed Search from both Online & On premise Search Read/write access to external a from line- of-business (LOB) systems BCS Extend the reach of your SAP a into the cloud Duet for Enterprises Hybrid Scenarios Security trimmed Search from both Online & On premises Search Read/write access to external a from line- of-business (LOB) systems, Web services, s BCS Extend the reach of your SAP a into the cloud Duet for Enterprises Hybrid Search One - way outbound topology On-premises Server 2013 Enterprise Search portal:Local and remote search are available Online search portal: Local search are available Primary web app Online Local search only Site collection Office 365 tenant Server 2013 Farm Hybrid search Outbound Inbound Online cannot query Server Internet a center Intranet Customer network Server can query Online One - way inbound topology On-premises Server 2013 Enterprise Search portal: Local search are available Online search portal: Local and remote search are available Internet a center Intranet Inbound Perimeter network Customer network Outbound Revee proxy Online can query Server Server cannot query Online Online Office 365 tenant Server 2013 Farm Hybrid search Site collection Local search only Primary web app Two - way (bidirectional) topology On-premises Server 2013 Enterprise Search portal and Online search portal: Local and remote search are available. Inbound Outbound Online can query Server Internet a center Intranet Perimeter network Customer network Revee proxy Server can query Online Online Office 365 tenant Server 2013 Farm Hybrid search Site collection Primary web app Hybrid search r Experience from Cloud from On-Premise Query Flow – On Premise Search Center On Premises Online On Premises Search Center Index Component Index Component Index Component Index Component Query Processing Component ? ? Query Processing Component r Profile Service App Authenticated r Deployment - Phases Infrastructure up S2S Trust & Identity Management Search Service Integron Deployment - Phases Infrastructure up S2S Trust & Identity Management Search Service Integron Directory Synchronison On Premises Infrastructure Internet a center Intranet Perimeter network Customer network ADFS Proxy AD Serve Office 365 tenant DiyncServer Azure AD Directory Service ADFS Serve ACS Trust Azure AD Tenant Azure AD Proxy STS r Profile Sync Service Secure Store Target App Revee Proxy Federon Gateway Identity Platform Infrastructure Deployment On Premises Infrastructure Infrastructure for Outbound Hybrid with Password Sync Internet a center Intranet Perimeter network Customer network Azure AD Directory Service ACS Trust Azure AD Tenant Azure AD Proxy Federon Gateway Identity Platform Office 365 tenant AD Serve DiyncServer with Password Sync STS r Profile Sync Service On Premises Infrastructure Core identity scenarios with Office 365 CloudIdentity Single identity in the cloud Suitable for small organizons with no integron to on- premises directories Windows Azure Active Directory On - Premises Identity Diync & Password Sync* Directory & Password Synchronizon* Single identitysuitable for medium and large organizons without federon* Windows Azure Active Directory Federated Identity On - Premises Identity Federon Single federated identity and credentials suitable for medium and large organizons Windows Azure Active Directory Directory Sync Core identity scenarios with Office 365 CloudIdentity Single identity in the cloud Suitable for small organizons with no integron to on- premises directories Windows Azure Active Directory On - Premises Identity Diync & Password Sync* Directory & Password Synchronizon* Single identitysuitable for medium and large organizons without federon* Windows Azure Active Directory Federated Identity On - Premises Identity Federon Single federated identity and credentials suitable for medium and large organizons Windows Azure Active Directory Directory Sync Directory Synchronizon Features Directory synchronizon between on - premises and online Identities are created and managed on - premises and synchronized to the cloud Single identity and credentials but no single Sign - On for on - premises and Office 365 services \\psf\Host\Volumes\EP File Share\Touch\Project Office 365 Presenton Support\Development\T2562\Artwork\\iStock_000015505031Medium.jpg Windows Azure Active Directory r On-Premises Identity Ex: Domain\Alice Directory Synchronizon Cloud Identity Ex: alice@contoso.com AD Steps to c onfigure Directory Sync Run the wizard and start the sync Activate TXT or MX records Install & Configure Sync Activate Upe DNS records Add on - premises domain to O365 tenant In O365 Dashboard r Management valie and Groups import Activate and grant licenses For detailed configuron see: http://technet..com/en-us/library/hh967642.aspx Add Domain Activate Directory Synchronizon in your tenant Demo Synchronison of r Account Deployment - Phases S2S Trust & Identity Management Infrastructure up Search Service Integron Replace SP STS Token Signing Certificate ACS Trust up v Valie UPA For Remote Index to work we to establish an OAuthTrust with ACS between On-Premises and Online. This enables S2S Authenticon. 1.Replace the security token signing certificate across all serve in on- premises farm 2.Deploy Windows Azure AD powehellwith the pre-requisite of Sign-in Assistant 3.Establish trust between on-premises SP Farm and SP Online by replacing certificate 4.Add service principal name for the on-premises domain. (Eg.00000003-0000-0ff1-ce00- 000000000000“/*.spc.spocloud.com) 5.Register SP Online applicon principal as a trusted provider in SP on-premises 6. authenticon realm for SP 7.Configure a proxy in the on-premisefarm for Azure AD Establish Server To Server Authenticon Options: RECENDED: Self - signed certificate that you can create in the IIS Manager SUPPORTED:Certificate issued by a public certificate authority DOES NOT WORK: Domain - issued certificate the - SPSecurityTokenServiceConfig with ImportSigningCertificate flag to change the token signing certificate Replace STS Token Signing Certificate Valie r Profile Service App On the on-premises farm valie: UP Service Applicon is configured and running r Profiles are synced with AD for the same of as specified for Diync Valie r profile attributes are correctly populated, key ones are: r principal name (UPN) Name Identifier (most conly this is Windows Security Identifier (SID)) Simple Mail Transfer Protocol (SMTP) address Inition Protocol (SIP) address Demo up S2S Authenticon and ACS Trust On Premises Infrastructure Infrastructure for Outbound Hybrid with Password Sync Internet a center Intranet Perimeter network Customer network Azure AD Directory Service ACS Trust Azure AD Tenant Azure AD Proxy Federon Gateway Identity Platform Office 365 tenant AD Serve DiyncServer with Password Sync STS r Profile Sync Service On Premises Infrastructure Deployment - Phases Infrastructure up v Search Service Integron Configure Result Source S2S Trust & Identity Management v Create a Query Rule Valie Search Configuron Demo Configure Result Source and Query Rule .Protocol should be chosen as Remote .SPO URL should be specified as Tenant Root Site URL (https://tenant..com) .For Credentials informon select Default Authenticon Configure Result Source – On Premises Create A Query Rule – On Premises From Result Source drop - down list, select the specified result source Under Query is performed on these sources, if you select “One of these sources”, make sure to select the result source you created cid:image003.@01CE3A04.DF04FF90 Query section, click Remove Condition so that the rule will fire for every query Within Edit Result Block choose This block is always shown above core L aunch Query Builder from the Query Rule you’ve created .Click on the Test tab and then .Click the Show more link .Type some query terms in the “{ subjectTerms }:” edit box .Click the Test query button Valie your Search Configuron You should see search from Online or a detailed error message With all components in place you will see Search form both verticals. See the from Cloud from On-Premise from Cloud from On-Premise Questions Related s Monday 2013 Hybrid End to End – Sam Hassani sday O365 ID Federon Windows Azure and Windows Azure AD – Spencer Harbar Best Practice for Hybrid Search Deployments – Brent Groom and Norm Lambert Configuring Hybrid BCS Services – Fabian Williams Wednesday Get up and running with one drive for business – Zeralina Murherjee Thuday in the Clouds – Christian Buckley Hybrid Search Scenarios - recap Outbound Search (most con) Outbound from custome network ( on premises) to Online r that is in the custome network, on corpnet, searches from on premises. There is an outbound request to SPO to return . from both are shown Inbound Search Inbound from Online to custome network ( on premises) r that is not on custome network, but signed into SPO, searches. There is an inbound request to custome network - on prem to return . from both are shown Two-way Search Search is up both inbound and outbound as described above. Both scenarios are supported in that case –whether r is on premises on corpnet, or only signed in to Online Guidance: Start small with outbound search fit. Then as ed, add inbound search Hybrid Key Components - recap •Diync - synchronizes and groups from on - premises AD to Azure AD •Azure AD - cloud directory service, which provides the ability to store and manage the organizonal identities in the cloud •ACS – cloud - federon service which provides and easy way to authenticate against identity provide and Azure AD •OAuth – open standard for authorizon •S2S Authenticon – OAuth implementon d to enable cunicon between serve to access and request resources Hybrid Key Components - recap •Result Source - d to specify a provider to get search from •Query Rule - search customizon feature which allows to read, transform and act on a r - entered search term •Revee Proxy – proxy server which directs incoming requests to the on - premises farm MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Implementing Federated Services in 2013 Shannon Bray, MCM Chief Architect, Planet Technologies SPC377 .MCM, MCT, MCSD, MCSE, MCPD, MCITP, … .Twitter: @noidentity29 .Email: sbray@go-planet.com Shannon Bray .Exploring the service applicon architecture .T erms and concepts of services appl .Concepts of federon .Steps to configure federated services .Steps to troubleshoot and test the configuron .Basics of cross veion support In this , you will learn the : Service Applicon Architecture The core architecture is the same as 2010 Services can be consumed “a la carte” The service applicon is extensible Services are supported in Foundon Services can be scaled out Services can be resilient \redundant Services can be federated Terms and Concepts Service Service Machine Instance Service Applicon Service Applicon Proxy Service Consumer Service Proxy Groups Deploying Service Appl Automc Services Demo Terms and Concepts Concepts of Federon Concepts of Federon Services that support federon Farm level trust Service Applicon permissions Domain level trust Demo Concepts of Federon Steps to configure federated services Create the publishing certificate Create the consumer certificates Exchange the certificates Import the certificates (both farms) Configure trust with the consumer farm id Publish the service(s) Consumer the service(s) Demo Configure Federated Services .Managed Metaa Service from the consumer farm Steps to troubleshoot and test … Demo Troubleshoot and Test .SP 2013 federated services support 2010 consume .Only federated services supported this: .Search .Profile .Social Secure Store .Managed Metaa .BCS .Allows parallel service farms .2010 services farm can be d while verifying upgrade of federated services .SP 2013 farm can be d once .SP 2013 farm should be fit farm upgraded as best practice .2010 non - federated services remain d by 2010 farm only Basics of cross veion support .The concept of federon is the same as 2010 and is all about configuring the appropriate trusts between the farms. Summary © 2012 . All rights reserved. , Windows, Windows Vista and other product names are or be re gis tered in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Questions? © 2012 . All rights reserved. , Windows, Windows Vista and other product names are or be re gis tered in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Thank You! MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Power BI for the IT Pros Matt Masson - matt.masson@.com Senior Program Manager SPC369 .Power BI over for the IT Pro .Excel (client) .Administron (cloud) .Collaboron and consumption (end r) .How Power BI is d by the engineering team .Demos Agenda Power BI for Office 365 Collaborate in Office 365 1 in 4 enterprise custome on Office 365 Insights in Excel 1 Billion Office Analyze Visualize Share Find Q&A Mobile Discover Scalable | Manageable | Trusted Self-service BI with the familiarity of Office and the power of the service Power BI - Excel Power Query Gets a into Excel Power BI provides query sharing and corporate a search capabilities Power Pivot BI modeling for the Excel a Model Power BI provides large workbook support and refresh Power a visualizon Power BI provides collaboron and mobile consumption through BI Sites Power Map Interactive story telling and visualizon Power BI - Administron Power BI Admin Center Configure a Management Gateway and Power BI roles Error logs and troubleshooting Manage a Portal Allows a stewards to and manage shared queries a Catalogue Provides corporate a sharing and search capabilities a Management Gateway Allows on - premises a access for a refresh Allows IT managed corporate Oa feeds Power BI - Consumption Power BI Sites BI focd experience for Online Power BI Q&A Interactive natural language query on top of your Excel workbooks Power BI Mobile App Access Power BI sites on your tablet or Windows 8/8.1 device Power BI at Improving our Engineering Process Tracking Live Site Issues TFS Wareho 1 (Issues IS) Active Directory (People) Azure Informon (a Cente) Power BI for Office 365 Corporate a Catalogue Admin Center Manage a Portal SPO team sites, BI Sites, Q&A a Management Gateway TFS Wareho 2 (Issues BI) Demo Power BI – End to End .Power Query .Power Pivot .Power .Power Map .Power BI Admin Center .a Management Portal .a Catalogue .a Management Gateway .Power BI Sites .Power BI Q&A .Power BI Mobile App Re MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Search - driven publishing for Intranet Portals in Online Alex PopeHelge Grenager Solheim Senior SDE Principal PM Lead SPC337 0 2 4 6 8 10 12 14 16 18 0 100 200 300 400 500 600 700 800 O365 Announcement ststics Average ed (seconds) Shares Cents Quiz: Which is the CSWP? Objectives And Takeaways Search Driven Publishing in online .Search Driven Publishing (SDP) basics .Content Search Web Part (CSWP) .Display templates .Search Schema .Availability of SDP features in SPO .Group cache mechanism .Best practices for CSWP CSWP now available in SPO for intranet scenarios A caching mechanism can improve performance Content Search Driven Publishing Model CATALOG DOCUMENTS C:\\janhs\Appa\Local\\Windows\Temporary Internet Files\Content.Outlook\1XB8H63D\Yellowfield (4). C:\\janhs\Appa\Local\\Windows\Temporary Internet Files\Content.Outlook\1XB8H63D\WWIToday (4). ARTICLES C:\\janhs\Appa\Local\\Windows\Temporary Internet Files\Content.Outlook\1XB8H63D\Yellowfield (4). AS LIBRARY C:\\janhs\Appa\Local\\Windows\Temporary Internet Files\Content.Outlook\1XB8H63D\Yellowfield (4). C:\\janhs\Appa\Local\\Windows\Temporary Internet Files\Content.Outlook\1XB8H63D\Yellowfield (4). NAVIGON C:\\janhs\Appa\Local\\Windows\Temporary Internet Files\Content.Outlook\4OAUFH1C\Home (2). Search Usage Demo End - r usage of CSWP Content Search Publishing Portal Search Driven Publishing (SDP) Dynamic content re through search r Experience \\\Projects\\Cloud Power \Design\_\r. 1.Crawl, process, index 2.Load page, evaluate query 3.Display templates render . Search Driven Publishing, more details Content Search Publishing Portal r Experience \\\Projects\\Cloud Power \Design\_\r. Document libraries Lists Index Analytics Crawl & doc. processing Query processing Content Search WP (CSWP) Display Templates Query Independent Authoring and Publishing .Content can be red for different purposes Page creator freedom .Which content to show – query builder .How to show it – display templates Power of search .Analytics and recendons .Scaling and performance .Across site collection boundaries .Automcally uped SDP value proposition SDP features in SPO vs on - premises •Content search web part(CSWP aka CBS) •Cross site publishing(XSP) Available in SPO for auth (intranets) •Taxonomy Refinement Panel Web Part •Faceted navigon –supports taxonomy refine •Product catalog site collection template On-premises only •Query rules, display templates, rank models, managed navigon, search schema, analytics, Azure, entity extraction, CSOM, KQL, query builder, result sources... Other features available in SPO Content search web part (CSWP aka CBS) Display Templates .Basic ones ship out-of the-box .Make your own in HTML & JavaScript Search Schema Crawled properties Managed properties Managed properties Content Content Processing Index CSWP Author (Query, Search, Retrieve, Sort) Title (Search, Query, Retrieve) LastModified (Query , Retrieve, Refine, Sort) Office:2 Title People:PreferredName Basic:displayTitle Ows_Title Basic:10 Basic:9 Search Schema Automc creon of properties .List columns: crawled property only .Site columns: crawled and managed property + mapping Managed properties Content Search Publishing Portal r Experience \\\Projects\\Cloud Power \Design\_\r. Document libraries Lists Index Analytics Crawl & doc. processing Query processing Content Search WP (CSWP) Display Templates Query Schema mapping Crawled properties Search Schema in SPO .SPO schema limitons .What to do ? Farm Level (out of the box) Tenant 1 Site collection 1-1 … Site collection 1-N Tenant 2 Site collection 2-1 … Site collection 2-N Cross Site Publishing: “Create content in an authoring environment and it in any one of your publishing environments.” Demo How to actually up what was demoed before Features and SKUs roadmap Feature On-premises SPO IntranetSites E3/E4/A3/A4/G3/G4/ E3 for Nonprofits SPO Public Sites E3/E4/A3/A4/G3/G4/ E3 for Nonprofits SPO DedicatedE3/E4/Plan 2 Content search web part(CSWP) SP 2013 Cross site publishing(XSP) SP 2013 Taxonomy refine SP 2013 Faceted navigon SP 2013 Product catalog site collection template SP 2013 October 2013 October 2013 Later Later Later Later Later Later Later Later Feb 2014 * Feb 2014 * Feb 2014 * Feb 2014 * Feb 2014 * * SPOD-13-206 Best Practices for Search Driven Publishing in Online Online Considerons owns the hardware .Finite query capacity per farm .Multitenant environment runs the search service .Continuous crawl, no crawl schedule configuron . is Farm admin, you are tenant admin .Constant fixes and functionality! .No managed code: display templates and apps It’s in the cloud .Hands off reliability .No to worry about index capacity .r to server latency is typically higher than on - prem CSWP Group Cache Search driven is good However queries are slow Solve it with a cache! Introducing the CSWP Group Cache Great performance .Speeds up your search driven intranet pages . complex queries fast .Decreases page load s your existing security groups .Select a group that has access to your content .All in that group will the cache Demo CSWP group cache Group cache – best practices Where to .Home pages .Peak load scenarios .High traffic category pages .Complex queries Where not to .Low r count tenants .Low traffic pages .Peonalized queries .Granular security scenarios 0 20 40 60 80 100 120 140 1 18 35 52 69 86 103 120 137 154 171 188 205 222 239 256 273 290 307 324 341 358 375 392 409 426 443 460 477 494 Queries Group Cache - performance Cache Off Cache On Team Site Page s per Second Group cache – limitons • Active directory groups, not groups •Does not support Deny ACLs –content will not be retrieved Security •Only content (re)crawled after Feb 24, 2014 shows up •Consider “reindexlist” if you are missing items Recrawl •Query is asynchronous and cached, but not with the page Output Cache Other Best Practices for Search Driven Publishing in Online Continuous crawl .A mechanism to pick up changes in SPO quickly and refresh the index .Incremental crawl is less frequent and picks up libraries What’s the delay about? .Balancing scale vs. growth .Crawling is pad during some operonal gestures Is it going to get better? .Crawling is top of mind .Continuous crawl moving to 5 minutes .Internal 1 hour goal: 93.19% (JAN) - > 94.95% (FEB) Where’s my content?! •Modifying Out of Boxtemplates prevents us from upgrading those templates •Best Practice is to copy and reference the one Prefer copy over modify •We won’t break you beca we would break ouelves •Additional documenton is coming Feel free to our JavaScript functions •Edit the HTML veion and let us convert it to JavaScript •The conveion extracts important properties Modify the HTML Display Templates Best Practices Complex queries 1 2 3 4 5 6 7 CSWP Loading Behaviour . Sync to optimize the most d a . Async when the r can wait for the a .Multiple Sync CSWPs can slow down the entire page: we have to wait for the slowest query! Demo CSWP Loading Behavior BrightStarr & Rugby Football Union intranet .s and informon .People directory .Cunities space .Yammer .Content Search WP More info .www.brightstarr.com Content by Search or Content by Query? Content Search is good for .Any search .Across site collections .Re content for multiple publishing purposes .HTML5/JavaScript/CSS .Multiple client types (mobile, desktop, iPads ) .Recendons, on search analytics Content Query is good for .Instant : no index latency .Lists only .Smaller a s (<5000 items) .CAML, XSLT In Re: Objectives And Takeaways Search Driven Publishing in online .Search Driven Publishing (SDP) basics .Content Search Web Part (CSWP) .Display templates .Search Schema .Availability of SDP features in SPO .Authenticated cache mechanism .Best practices for CSWP CSWP now available in SPO for intranet scenarios A caching mechanism can improve performance SDP links .1) Blog posting: SDP in SPO: http://cunity.office365.com/en- us/blogs/office_365_cunity_blog/archive/2013/10/30/search-driven-publishing-features-are- now-available-in--online.aspx .2) Configure CSWP (in SPO): http://office..com/en-us/office365- -online-enterprise-help/configure-a- content-search-web-part-in-- HA104119042.aspx .3) Blog posting: XSP for Contoso On - premises http://blogs.technet.com/b/tothe/archive/2013/02/14/how-to--up-a-product-centric- web-site-in--2013.aspx .4) TechNet Scenario page for XSP: http://technet..com/en- us//jj872721 Ask questions at the Sites & Portal booth’s & tables at Asks the Experts WED @6:15! Room Trends in Designing Portals for 2013 SPC2013 M, N Mon3:45pm Make your portal social in 1-2-3! SPC378 M, N 9:00am Search-driven publishing for Intranet Portals in Online SPC337 Murano3201 1:45pm The Conference.com Site: From Sketch to Launch to Live! SPC224 Veronese 2401 1:45pm Adjust the pepective with responsive designs for SPC203 O, P 3:15pm Branding Internet facing web sites with in the cloud SPC290 Delphino4001 3:15pm Building a Modern Portal in 75 Minutes! SCP399 M, N 5:00pm 2013 Powering Web Sites and Mobile Apps SPC388 M, N Wed10:45am Deliver adaptive and peonalized experiences for your 2013 sites SPC228 Marcello 4401 Wed1:45pm E-cerce solutions with Dynamics for Retail & 2013 SPC359 Veronese 2401 Wed5:00pm Online Performance –Designing your Pages to be Fast SPC3993 Titian 2201 Thu9:00am Azure IaaSand 2013 WCM -better together! SPC387 Veronese 2401 Thu10:30am The strategy behind building a successful social intranet SPC291 Lando4204 Thu12:00pm Sites & Portals Related s See you at the Searchbooth’s & Search tables at Asks the Experts WED @6:15! Room Develop Advanced Search-Driven 2013 Apps SPC402 I, J 1:45pm Best practices for Hybrid Search deployments SPC306 Veronese 2401 5:00pm 2013 Search Analytics SPC340 M, N Wed9:00am How to manage and troubleshoot Search: A practical guide SPC375 Veronese 2401 Wed10:45am 6 Proven Steps to Get the Best Out of Search in 2013 SPC265 Delphino4001 Wed1:45pm Best practices for Informon Architecture and Enterprise Search SPC207 Veronese 2401 Wed1:45pm Search content enrichment and extensibility in 2013 SCP414 K, L Wed1:45pm Customizing Search experiences with Azure Hosted a and Bing Maps SPC321 Veronese 2401 Wed3:15pm Futuristic Search appl Kinect and Yammer! SPC405 M, N Wed3:15pm Search architecture and sizing in 2013 SPC336 Titian 2201 Wed5:00pm Effective Search deployment and operons in 2013 SPC360 Veronese 2401 Thu9:00am 2013 Search display templates and query rules SPC322 M, N Thu9:00am Managing Search Relevance in 2013 and O365 SPC382 Veronese 2401 Thu12:00pm Search Related s MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Comprehensive r Profile Synchronizon Spencer Harbar Architect SPC406 About Spencer Harbar Architect Edinburgh, United Kingdom www.harbar.net | spence@harbar.net | @ harba Works with ’s largest enterprise custome Works with Product Group on Readiness Author for MSDN & TechNet Certified Solutions Master | Certified Architect | 2010 Certified Solutions Master | Instructor & Author Certified Master | 2010 Certified Master | 2007 Most Valuable Professional | Server mvp. Agenda Identity Management r Profile Service Applicon Architecture r Profile Synchronizon Active Directory Import Demonstron Windows Powehell Provisioning External Identity Manager Identity Management and Social Importance of r Profiles Whether you like it or not! Importance increases significantly with 2013 A deployment means you ARE in the Identity Management business Pretty much every investment area relies on Profiles for core functionality App AuthZ, S2S, etc 2013 increases the dependency on r Profiles Primarily a political endeavor, NOT a technical one No tool from any vendor will change this Every Identity Management initive, ever (and always) Identity Management (“ IdM ”) 10% Technology 90% Everything else! Can make or break a large scale social deployment Make friends with your DS admins! Regular cun is a ! Change Control for pre - requisites Especially when Active Directory is externally managed e.g. Reboot of domain controlle, Windows Upe Large bulk upes Replicng Directory Changes Additional rights for property export r Profile Service Architecture Lessons from the field One of the most con cas of weak deployments, limited functionality and upgrade pain Inadequate undetanding of the UPA architecture Federate or replicate? Central farms, regional farms, both? Relonship with other services Features and design constraints drive deployment options Lessons from the field Security Privacy Policy Operons Inadequate planning for r Profiles SQL Server Distributed Cache Server Search Managed Metaa Business a Connectivity Supporting Infrastructure and related services Performance 2013 Profile Sync Goals Reliability Compbility Large organizons should be able to perform a full sync of AD and a over a weekend IT Pros should be able to monitor the performance and stability of profile sync and have access to the informon that they to take corrective action when problems occur Con Directory Service configurons should be supported, including Forefront Identity Manager and LDAP Active Directory Import (ADI) Synchronizon “modes” r Profile Synchronizon (UPS) External Identity Manager (EIM) Lightweight LDAPapproach internal to a.k.aDirect AD Import Embedded Forefront Identity Manager Same approach as SP2010 with improvements “under the hood” External Forefront Identity Manager the Connector Custom Code: r Profiles Web Services and Object Model \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\_\IIS-MULTI-TENANCY. \\\Projects\\Cloud Power \Design\_\Applicon. \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\_\IIS-MULTI-TENANCY. \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\_\IIS-MULTI-TENANCY. \\\Projects\\Cloud Power \Design\_\Open_Web_Platform. Profile Synchronizon “modes” r ProfileService Applicon UPS UPS ( ( FIM) FIM) BCS External System ? \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\_\IIS-MULTI-TENANCY. \\\Projects\\Cloud Power \Design\_\r. Active Directory \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\_\IIS-MULTI-TENANCY. \\\Projects\\Cloud Power \Design\\s\IT_guy. \\\Projects\\Cloud Power \Design\_\Confidentiality. ADI ADI (r Profile Service Instance) EIM EIM (External (External FIM) FIM) EIM EIM (Custom (Custom Code) Code) Directory \\\Projects\\Cloud Power \Design\\s\Server_2. \\\Projects\\Cloud Power \Design\_\IIS-MULTI-TENANCY. \\\Projects\\Cloud Power \Design\\s\IT_guy. \\\Projects\\Cloud Power \Design\_\Confidentiality. Provisioning UPA and UPS Provisioning UPA and UPS Farm Configuron Wizard (just kidding .) Via Manage Service Appl Central Administron The default schema issue Windows Powehell The default schema issue Farm Account default schema incorrectly in Sync DB We will neverbe able to start the UPS service instance When the Windows Powehell is not under the context of the farm account Log on as the Farm Account and execute the Powehell Fix the schema manually –an unsupported change Potential Workaround Solution Non UAC environments Get - Credential and Start - Job UAC Environments Just this one! Start - Process - runas Both simulate interactive logon as the Farm account (Log on Locally) Both require Local Machine Administrator “External” file: Script to call external file: Provisioning UPA Windows Powehell Spencer Harbar Active Directory Import Get up and running with profile import as quickly as possible Active Directory Import Capabilities and Groups Multiple domain support For the most con scenario (AD forest) Import Only! Container selection LDAP filte Inclusion One connection per domain That could be a lot of connections! Support for secondary accounts Active Directory Import Capabilities Custom Property Mappings Account mappings for Windows, FBA and Trusted Identity provide a.k.aShadow Accounts For simple a types As 2010 Replicng Directory Changes & NetBIOS Domain Names Leverages a change log to drive import efficiency DiyncRequestControlis scoped at the domain level Replicng Directory Changes permission is still required for AD Import Implement immediately after creng the UPA! Replicng Directory Changes also required on the Configuron partition NetBiosDomainNames property still required if NetBIOS and FQDN of the domain do not match Provisioning You can modify the properties of the UPA to configure Active Directory Import via Windows Powehell Provisioning the UPA will retain the default mode (r Profile Synchronizon) Provisioning Central Administron UI can be misleading when creng connections after changing the mode. You do NOT to start the UPS service instance Sync DB created but empty when UPA is provisioned You don’t to worry about BCM for the Sync DB! It exist, but it IS supported to mirror/log ship an empty . Scripting Connections For AD Import only, these cmdletsare NOTsupported for UPS Known Issues withRemove-SPProfileSyncConnection •only removes the organizonal unit (OU) from the profile synchronizon connection •Fix: *. SPProfileSyncConnectionWindows Powehell cmdletssupported No cross forest Contact resolution Active Directory Import Limitons Mapping to system properties is not supported Augmenting profiles with a from BDC is not supported Those that begin with SPS- Mapping multi value to single value or vice vea is not supported Active Directory Import Limitons Mapping two different AD attributes to the same property is not supported LDAP Query Filte Maximum flexibility With great power comes great responsibility Sweet UI! . Traditional LDAP queries can be d to constrain imported objects As opposed to exclusion with UPS Valie your filte with ADSIEdit Just beca you can, doesn’t mean you should Filte are inclusion AD Import Behaviour Adding or removing OUs Filter changes Property mappings A full import is required whenever a configuron change occu To clean up profiles which are not created as part of the import Profiles are marked for deletion After full import a purge is required Demonstron Active Directory Import r Profile Synchronizon Profile Sync Performance Improvements Reduce full import from up to 2 weeks down to 60 hou for extremely large directories Batched BDC Import Eliminon of full table scans History clean up Removal of und provisioning steps Some object resolution moved from to Sync Removed Provisioning Stages Server 2010 Server 2013 Operons Provisioning the service and operonal characteristics are otherwise identical to 2010! Provisioning UPS with Windows Powehell UPS Sync Behaviour Adding or removing OUs Filter changes Property mappings A full import is required whenever a configuron change occu After full import a purge is necessary To clean up profiles which are not created as part of the import Profiles are marked for deletion Demonstron r Profile Synchronizon Switching Modes ADI to UPS! Intention is to ADI to get up and running quickly If (when) you later UPS Switch mode Configure connections, filte and mappings That’s it! Not intended for back and forth between modes! Numerous bugs Don’t do it! AD Import stores connections in the Profile DB Switching modes UPS stores connections in the Sync DB Property mappings and filte are NOT moved Manual recreon required Or an XML provisioning approach Switching Modes Undetand the design constraints Document the configuron!!! Requires strong planning! Run PurgeNonImportedObjectsafter a full import to remove items that should not be there Re and Purge! External Identity Manager External Identity Manager is now supported! This option will disable Profile Sync options Now you can custom code or Connector to get profile a into Custom code will be some implementon of System.DirectoryServices (hopefully) Connector for FIM What is it? Management Agent (MA) for Forefront Identity Manager (FIM) 2010 R2 Service Pack 1 Why it? No synchronizon to manage Move UPS BCM complexity outside Build powerful, complete global identity solutions Leverage all FIM Management Agents Full Synchronizon existing FIM investment, expertise, and infrastructure Connector for FIM Ships as external download Support for Server 2013 now Support for Server 2010 in testing Availability and Support Requires FIM 2010 R2 SP1 You to create and a metaveerules extension You not be able to migrate your existing a Only FIM Sync Service ed Things you to know 2013 Active Directory Exchange FIM FIM Portal FIM HR SQL Example Scenario () 2013 Active Directory Exchange FIM Portal Authoritve source of r a FIM HR SQL Example Scenario ( Connector) Connector Requires significant FIM configuron and skills FIM Management Agent Management Agent Active Directory Management Agent (and potentially othe) FIM Portal Configuron Performing Sync runs Upe - SPProfilePhotoStore Walkthrough and guidance coming “soon” - ETA June 2014 Wrap Up Plan! Seriously, you do this! Think Plan some more Go back and do some more planning! Do a little more planning Plan Rubbish In == Rubbish Out Directory Service Health Poor Active Directory platform hygiene External DS management Impacts pretty much every product feature e.g. organic growth of domains forests Choosing the right mode… Active Directory Import Small to midsize company No custom HR system, no SAP Want a fast, single synchronizon option Does NOT require changes to default mappings Get up and running quickl y Profile Synchronizon Small to midsize or large company with a non - identity solution Slightly more complex s such as multiple forests Additional a systems (SAP, etc.) Connector with External FIM Large company that ly s FIM or wants to invest in an identity solution with Ultimate flexibility, offload the Operonal Service burden from Decouple solution arena from MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. The Conference.com Site: From Sketch to Launch to Live Jeff Seacrist, Olaf Hubel and Robert van Son SPC224 Introducing ouelves Robert van Son Business Development Manager Jeff Seacrist VP – Product Strategy webtrends_logo_white_transparent_. objectives Leveraging Azure VM’s to create a high available and low cost infrastructure to host 2013 website Share the experience of creng a 2013 website only out of the box components and features Applying the right analytics keep track of the effectiveness a website and to formulate just the right changes to meet your goals Azure VM’s for websites Position of Azure VM as a cloud service Serve Appl a Run Middleware O/S Virtualizon Storage Networking On premis Serve Appl a Run Middleware O/S Virtualizon Storage Networking Infrastructure (as a service) Serve Appl a Run Middleware O/S Virtualizon Storage Networking Platform (as a service) Serve Appl a Run Middleware O/S Virtualizon Storage Networking Software (as a service) Vendor Manages You manage Why host your website on Azure Flexible scale up/down Pay for what you Template server provisioning Office365 is limited for public facing sites Wortell Azure VPN Architecture of the SPC website Active Directory System CenterOperons Manager2012 Active DirectorySystem CenterOperons ManagerGatewayGlobal 2013Web Server 2013Applicon ServeQL 2012 Always OnProduction Farm 1 2013Web Server 2013Applicon ServeQL 2012 Always OnProduction Farm 2 Deploying veions of the website 1 Develop the veion on the development farm 2 Synchronize the content with the production farm 3 Scale up the development farm 4 Reroute visito to the development farm 5 Clean up your development farm Designe and develope working together on the design Seattle Chicago Amsterdam Dubai Auckland Quite a spread in the project team But there is always someone working….. Fit design we were given Okay….. Fit design we started working with Getting there… And the veion that eventually went live Yeah!!! Designe and develope collaborate! http://cdn.onextrapixel.com/wp-content/uploads/2011/04/designer-developer.jpg Create mutual awareness Involve develope from day 1 Share all incrementals Cunicate, cunicate, cunicate Levering 2013 WCM features Author vs Publishing layouts Create a device channel for autho Serve the Seattle master Have it triggered by a cookie Add the cookie to one browser Remove controls for editing from publishing Clean HTML output Easier to develop and test Instruct the content maste This way of work is Switch browse can be conf What is Cross Site Publishing We d it , just beca we could … Search Authoring Site Collection Catalog Spc14auth.wortell.nl Publishing Site Collection 1 conference.com Why catalogs http://brokenfreetodance.com/wp-content/uploads/2014/02/lady-with-long-list.jpg Very long lists of items http://s3.amazonaws.com/rapgenius/1381300494_Book-pages1533.jpg Create a lot of pages http://www.hanselman.com/blog/content/binary/Windows-Live-Writer/Download-Visual-Studio-2013-while-your-f_B56E/vs2010_5d3e834e-b243-4c9b-9c01-8f17f0498ea2. Create a custom ASPX cross site publishing up catalogs Enable at the source list Don’t forget to enable anonymous access Re on the target site through the Site Administron (mind the crawl ) Structured content Anything that goes in a list We d it for slide, sponso, s and speake Mind ass Images and video’s are not available in the index Suggested Content Browser Locons to help content manage Upload to anonymously accessible site (and known in the external DNS) Marked up the default callout display template Reting filte is just a link to the over page… Ranking can’t be adjusted by Query rules, they don’t fire. Solution: adjust the XRANK of some s Refine only appear when the are a part of the result . Increase result if ed Content is edited outside of Imported into in a job to reduce load Menu is controlled by managed navigon Most content is authored with regular pages in one page library Search is d to combine content from multiple lists multiple One ASPX file for all items catalogs Consider the URL format One ASPX file to display all content items External lists can’t be configured as catalog Demo of WCM features on the SPC website Developing a Measurement Approach of Dreams “If you cannot measure it, you cannot improve it.” - Lord Kelvin Measurement is n ot an a fterthought Source: Web Analytics Demystified Corporate Goals Business Objectives Measures of Success Operonal Tactics Measuring what M atte Business Objective Sample Metrics Business Value Build engagement and attendance Registrons •Conveions •Funnelanalysis •Higher attendance •Reduced cost of event •Greater marketing reach Optimize marketingspend Campaigns& Referre •Tied to conveions •Marketing effectiveness •Reduce costs Expand usage of Educon •Top s •TopSpeake •Undetand topics of importance •Identify and nurture influence .Any initive .Quick to value .Developed by Webtrends in cooperon with for optimum interoperability A - Preferred Analytics Solution “ continues to support our relonship with Webtrends as a ‘Preferred Analytics Solution for ’, including Online within Office 365. With the emerging social enterprise and the ever-increasing to measure collaboron throughout the organizon, Webtrends provides an effective measurement platform for custome worldwide,” Jared Spataro General Manager Office Webtrends 2013 Gold Partner Collaboron and Content.rgb.eps For Intranets too! Integrated Implementon An Even Easier Approach Homepage[1].jpg Evalung the Conveion Funnel Conveions by Campaign Search Engine Traffic Top s Top Speake #96 Robert van Son #193 Jeff Seacrist Sharing & Building Dashboards https:// ws.webtrends.com /v3/Reporti ng/profiles/70971/reports/W4nuqmb5p 77/? start_period =_day - 28&end_period=_day - 1&language= en - US&format = html&suppress_error_codes =true Takeaways External lists can’t be configured as catalogs Query rules don’t work on search over pages or with refine Consider measurement during the design stages and link metrics to business objectives See you at the Searchbooth’s & Search tables at Asks the Experts WED @6:15! Room Develop Advanced Search-Driven 2013 Apps SPC402 I, J 1:45pm Best practices for Hybrid Search deployments SPC306 Veronese 2401 5:00pm 2013 Search Analytics SPC340 M, N Wed9:00am How to manage and troubleshoot Search: A practical guide SPC375 Veronese 2401 Wed10:45am 6 Proven Steps to Get the Best Out of Search in 2013 SPC265 Delphino4001 Wed1:45pm Best practices for Informon Architecture and Enterprise Search SPC207 Veronese 2401 Wed1:45pm Search content enrichment and extensibility in 2013 SCP414 K, L Wed1:45pm Customizing Search experiences with Azure Hosted a and Bing Maps SPC321 Veronese 2401 Wed3:15pm Futuristic Search appl Kinect and Yammer! SPC405 M, N Wed3:15pm Search architecture and sizing in 2013 SPC336 Titian 2201 Wed5:00pm Effective Search deployment and operons in 2013 SPC360 Veronese 2401 Thu9:00am 2013 Search display templates and query rules SPC322 M, N Thu9:00am Managing Search Relevance in 2013 and O365 SPC382 Veronese 2401 Thu12:00pm Search Related s See you at the Sites & Portal booth’s & tables at Asks the Experts WED @6:15! Room Trends in Designing Portals for 2013 SPC2013 M, N Mon3:45pm Make your portal social in 1-2-3! SPC378 M, N 9:00am Search-driven publishing for Intranet Portals in Online SPC337 Murano3201 1:45pm The Conference.com Site: From Sketch to Launch to Live! SPC224 Veronese 2401 1:45pm Adjust the pepective with responsive designs for SPC203 O, P 3:15pm Branding Internet facing web sites with in the cloud SPC290 Delphino4001 3:15pm Building a Modern Portal in 75 Minutes! SCP399 M, N 5:00pm 2013 Powering Web Sites and Mobile Apps SPC388 M, N Wed10:45am Deliver adaptive and peonalized experiences for your 2013 sites SPC228 Marcello 4401 Wed1:45pm E-cerce solutions with Dynamics for Retail & 2013 SPC359 Veronese 2401 Wed5:00pm Online Performance –Designing your Pages to be Fast SPC3993 Titian 2201 Thu9:00am Azure IaaSand 2013 WCM -better together! SPC387 Veronese 2401 Thu10:30am The strategy behind building a successful social intranet SPC291 Lando4204 Thu12:00pm Sites & Portals Related s Q&A Robert van Son Robert.van.Son@wortell.nl Jeff Seacrist Jeff.Seacrist@webtrends.com webtrends_logo_white_transparent_. MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be trade mar ks in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this pres ent on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Driving Business Value with 2013 – Lessons learned and best practices from Avanade top global custome Andre Huizing General Manager, Netherlands Avanade SPC208 Thomas Huberlaus Travele Insurance Jeanne Eliason Travele Insurance Filip Knapik Procter & Gamble Vivek Khurana Pfizer Dave Ross Dow Chemical Mario Kyriakou Bristol Mye Squibb Scott Mitchell Devon Energy BusinessTech_Signature2KO. Pfizer World BusinessTech_Signature2KO. Monitoring Traffic MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m Optimizing SQL Server 2012 for 2013 Brian Alderman MCT / Consultant MicroTechPoint SPC311 About the Speaker Brian Alderman (CEO / Founder / MCT / Consultant) MicroTechPoint (MTP) www.microtechpoint.com Brian’s Blog brian@microtechpoint.com @brianalderman & @microtechpoint Co - Author 2010 Administrator’s Companion Co - Author 2013 Administron Inside Out Enjoy Travel and Golf Mulletville , Vermont Arizona Golf 19 th Hole Agenda SQL Server Introduction and SQL Server Integron Demo: SQL Server Configurons to Optimize SQL Server Instance Configurons Configurons Avoiding Ginormous Transaction Logs SQL Server Best Practices for Optimizing SQL Server Introduction SQL Server Introduction Multiple Instances of SQL Server on One Server One Default Instance with Multiple Name Instances Each Instance Managed Individually Share SQL Server Management Tools Each Instance Shares Windows Server Resources Two Types of s: System and r Minimum of Two Files Created Per MDF (Master a File) LDF (Transaction Log File) NDF (Optional for Extending ) SQL Server Transaction Log Process D:\work\standard ass\est off ftp ass\12_23_13\reworked\hp_server_export. E:\contract\stormwind\=all_ass\laptop_generic. Modificon is sent by applicon to SQL Server E:\contract\stormwind\=ass_in_folde\mine\packet_big_src. 1 a pages are located in, or read into the buffer cache and then modified E:\contract\stormwind\=ass_in_folde\mine\packet_big_src. 2 E:\contract\stormwind\=all_ass\certificate. Light downward diagonal Buffer Cache E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000019426351Small_CLEAN. E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000022761490Small_CLEAN. Modificon is recorded in transaction log on disk E:\contract\stormwind\=ass_in_folde\mine\packet_big_src. 3 Later, checkpoint writes dirty pages to E:\contract\stormwind\=ass_in_folde\mine\packet_big_src. 4 E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000019426351Small_CLEAN. E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000022761490Small_CLEAN. LDF MDF Checkpoint Working with Recovery Models Recovery Model Description Simple Does NOTpermittransaction log (t-log) backups. Automcally truncates log to reduce space requirements Full RequiresLOGBACKUPSto manage t-log space requirements. Avoids a loss if damaged or missing file occu. Permits point-in- recovery. BulkLogged Requireslog backups to manage t-log space requirements. Improves performance during bulk copy operons. Reduces t-log space usage by minimal logging of operons. SQL Server Instance System s Master Configuron of SQL Server Instance Msdb Storage of SQL Server Automon Configuron Informon Resource (Hidden) Read - Only Containing All SQL Server System Objects Tempdb Temporary Work Storage Area Model Template d to Create All s and SQL Server Integron and SQL Server Integron All SQL Server Veions and Veions Large Majority of a Stored in SQL Server Farm Configuron Informon Stored in Configuron in SQL Server Central Administron Content Stored in Own Content in SQL Server (Blog on how to rename) Every Web Applicon Minimum of One Content Most Service Appl Have at Least One Content s Farm Creates Several s (>20 DB’s if Spousal Installon and Run Configuron Wizard) Content Contains Several Site Collections Site Collection Resides in Only One Content Prevent RPE’s Full Recovery Model on Production s Control Size of (Recended 200GB) Site Collection Quota Templates Maximum Number of Site Collections per Controlling Size of Content s Web Applicon 200GB 200GB 200GB 200GB Site Collections Site Collections Site Collections Site Collections Project Sites Department Sites HR Sites Marketing Sites Require 800 Site Collections with 500 MB Quota 750mb X 250 = 187,500mb / 1024 = 183gb 250 250 250 250 SQL Server Instance Configuron Default File Locons (Move off C: \ Drive) Minimum and Maximum Memory tings Max Degree of Parallelism (MAXDOP) to 1 Collon – Ln1_General_CI_AS_KS_WS During Installon of SQL Server Hosting Content During Creon of Content in SQL Server SQL Server Configurons Model File tings Increase Initial Size of a and Log Files Increase Autogrowth tings ( MB not %) Tempdb File tings Increase Initial Size of a and Log Files Increase Autogrowth tings ( MB not %) Simple Recovery Model Place Files on Different Drive from Content s Demo SQL Server Configurons Avoiding Ginormous Transaction Logs Simple Recovery Model D:\work\standard ass\est off ftp ass\12_23_13\reworked\hp_server_export. a pages are located in, or read into, the buffer cache and then modified 2 E:\contract\stormwind\=all_ass\laptop_generic. Modificon is sent by applicon to SQL Server 1 E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000019426351Small_CLEAN. E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000022761490Small_CLEAN. E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000019426351Small_CLEAN. E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000022761490Small_CLEAN. Modificon is recorded in transaction log on disk 3 Later, checkpoint writes dirty pagesto and FLUSHES transactions from T-log. 4 E:\contract\stormwind\=all_ass\certificate. Light downward diagonal Buffer Cache Full Recovery Model D:\work\standard ass\est off ftp ass\12_23_13\reworked\hp_server_export. a pages are located in, or read into, the buffer cache and then modified 2 E:\contract\stormwind\=all_ass\laptop_generic. Modificon is sent by applicon to SQL Server 1 E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000019426351Small_CLEAN. E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000022761490Small_CLEAN. E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000019426351Small_CLEAN. E:\contract\stormwind\=ass_in_folde\2013_CLEAN_images\iStock_000022761490Small_CLEAN. Modificon is recorded in transaction log on disk 3 Later, checkpoint writes dirty pagesto but RETAINS transactions in T-log. 4 E:\contract\stormwind\=all_ass\certificate. Light downward diagonal Buffer Cache Avoiding Ginormous Transaction Logs mdf ldf Sunday Full Backup mdf ldf sday Differential mdf ldf Differential Monday mdf ldf Differential Wednesday You Lose mdffile of on Thuday at 4:00pm (1) BACKUP LOG DB_NameTO D:\SQLBackups\TempBackup.Bak WITH NORECOVERY (2) Restore Full Backup from Sunday (3) Restore Differential Backup from Wednesday (4) RESTORE LOG FROM D:\SQLBackups\TempBackup.Bak BACKUP LOG DB_NameTO D:\SQLBackups\Weekly_T_Log.Bak WITH INIT Best Practices for Optimizing Best Practices for ’s SQL Server Dedicated SQL Server Instance / Server No Spousal Installons of SQL Server or Size Should Not Exceed 200GB Max Degree of Parallelism (MAXDOP) to 1 Modify Model System tings Avoid Auto - Shrinking s Autogrowth Sparingly Reduces Fragmenton Improves a Entry Performance Best Practices for ’s SQL Server Spread a Files and Transaction Log Files Across Multiple Drives or Locate them on RAID 5/10 Create Multiple T empdb Files on Multiple Drives Generate Maintenance Plans Defragment Drives Containing Content Files Perform Regular Backups of and T - Logs Perform DBCC CHECKDB Operons Regularly Just Say NO to Simple Recovery Model Thank You for Attending! Please Complete the Evaluon Keep in Touch… www.microtechpoint.com Brian’s Blog Speaking Events brian@microtechpoint.com @brianalderman & @microtechpoint MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Over of configuring Yammer SSO & Directory Sync Brian Lyttle Support Escalon Engineer SPC368 Agenda Identity management Yammer r and network internals Demonstron Single Sign - On with SAML Best Practices Wrap up r provisioning with Directory Sync Demonstron Identity management Identity management Hidden at the core of an enterprise Yammer launch Impacts your ability to create a trusted cunity Fundamentally a political challenge, and many r Profile Sync talks have touched on this fact Primary outputs Engagement An engaged r is “anyone who purposefully s Yammer within a given period” Engagement s to occur across silos to achieve success engage more when it’s simple, and the environment is trusted Compliance Driven by the external environment, and the internal organizon About keeping bad guys out while enabling employees, contracto, and agents DSync or SSO, or both? Directory Sync Single Sign-On Sweet spot Provisioning Authenticon r and network internals External Network Collaboron Networks are containe for and groups Home networks are associated with one, or more company email domains External networks operate independently of email domain Networks contoso.com Customer Network Marketing R&D Partnehips Alumni northwind.com Press and Media Northwindand AdventureWorksCollaboron Guest Collaboron Always belong to a home (canonical) network Somes are membe of an external network Guests get direct access to other home networks Exist in a limited number of states during life Pending Active Suspended Deleted r profiles r confirms email, ente name, chooses a password, uploads a “ mugshot ”, and selects some groups. An initial engagement point for end Limited administrator controls have control over the values that appear in their profile Mass upes to u ser p rofiles Available to verified administrato in Yammer Profiles can be created with a default password Bulk u pe Yammer r API Requires code, but allows integron with exotic identity systems Single sign - on SSO b enefits The same credentials d in the enterprise are d by Yammer multi - factor authenticon a possibility Federon r convenience A single of credentials to remember Expected, but absent Yammer delegates this responsibility to Directory Sync Attribute exchange WS - Federon SAML is the supported protocol ADFS, Azure AD, and many other identity provide support this standard Deployment process Provide identity provider metaa Yammer implements service provider configuron Create Relying Party Trust with Yammer metaa Test SSO Make email address changes Activate SSO Process is not self - service If you have a SAML 2.0 Identity Provider then configuron is pretty straightforward Tests happen against your Yammer network at a scheduled Frontline worke These are kiosk worke who not have email, but often have mobile devices SSO it is possible to enable “ Without Emails” (UWE) mode Mixed mode is possible in the same network Only some identity provide ( IdPs ) support this configuron Enabling UWE with ADFS Add email to the incoming claim c:[Type == " http://schemas..com/ws/2008/06/identity/claims/wind…", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("email"), query = ";mail;{0}", param = c.Value ); Add employee ID to the incoming claim c:[Type == " http://schemas..com/ws/2008/06/identity/claims/wind…", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = (" employee_id "), query = "; customAttribute ;{ 0}", param = c.Value ); Add no_email flag to the incoming claim NOT exists([Type == "email"]) => add(Type = " no_email ", Value = "true"); Send employee ID if no_email flag c1:[Type == " no_email "] && c2:[Type == " employee_id "] => issue(Type = "SAML_SUBJECT", Value = c2.Value); Send email if it exists c:[Type == "email"] => issue(Type = "SAML_SUBJECT", Value = c.Value ); Credit Evan Weiss Jeremy Chamilliard Appl and SSO Yammer Embed is SSO - aware and will redirect Mobile appl support SSO an in - app web browser Legacy apps require a temporary password available from the App Directory after authenticon Develope should specify the network permalink to kick off SSO flow when authorizing an app Single sign - on with Azure Active Directory Demo r provisioning with Directory Sync Core Functions Custom invite and welcome emails Adds and invitons Prepopulate r profile fields Overwrite upon upe to AD Profile upes Suspend when they are disabled or deleted in AD Suspensions Expected, but absent Not a good fit for a social scenario where are empowered to create groups that fit with their workflow Group synchronizon r profile l ockdown are always identifiable AD is optimal for the pre - populon of fields Default tings respect values have entered in Yammer Installs on a single server No required AD and LDAP expertise required to configure custom filte (queries) Fit sync sends all a, subsequent syncs are incremental Deploying Directory Sync Install Directory Sync Connect to Yammer Connect to AD Valie r queries Enable syncs Yammer Directory Sync Demo Keep these simple Start by querying for emails belonging to just your domains Filte are automcally added for objectCategory and objectClass Difficult to exclude Custom queries // A good start mail=*@contoso.com // Multiple domains, merged network (&(mail=*@contoso.com)(mail=*@contoso.co.uk)) // Redundant query (& (objectCategory=peon)(objectClass=r)(mail=*)) // Is this replicated in AD? (&(mail=*@contoso.com) (!customAttribute=E)) Create a query for each OU with a GUID identifier Specify an LDAP filter Provide a naming context for each OU ShowDeleted to false Querying multiple OUs "Queries": [ { "Id": "a92b0946-5ea9-42c3-9541-736863f39d29", "Filter": "mail=*@consoso.com", "OverrideRootNamingContext": "OU=France,DC=contoso,DC=com", " ShowDeleted ": false }, { "Id": "6bb94cbb-f9bb-46ab-a78b-58eae0f23836", "Filter": "mail=*@contoso.com", "OverrideRootNamingContext": "OU=Germany,DC=contoso,DC=com", " ShowDeleted ": false }, { "Id": "33bf59b3-ecfe-41cb-899f-7d85e1eb0dee", "Filter": "", "OverrideRootNamingContext": "", " ShowDeleted ": true } ] USN - Changed is captured for each query after a successful sync These values are d for subsequent LDAP queries Removing the incremental query cuor file forces a full sync Incremental syncs { "35ac4db9 - c0ab - 4cab - 8cc6 - 6276ef3a7931": { " PropertyName ": " usnchanged ", " LastValue ": 270047611 }, "f7d21d81 - 87c8 - 4c11 - 9f06 - 6dc095f881cf": { " PropertyName ": " usnchanged ", " LastValue ": 269749469 } "371eff67 - 0ce8 - 4e1e - bba3 - c7a98982552a": { " PropertyName ": " usnchanged ", " LastValue ": 279149469 } "ec7829ef - a25c - 47e8 - 8ff4 - f0d6552b6a74": { " PropertyName ": " usnchanged ", " LastValue ": 270849469 } } Located at C: \ Programa \ Yammer \ Diync Configuron and log files File Purpose globaltings.config.json Main tings file for Directory Sync lastvalidon.json Outputfrom the last validon incrementalquerycuo.config.json Storescuor position for incremental syncs service.log Log for the Windows Service ui.log Log for the r Interface Service and UI executable configuron files in C: \ Program Files (x86) \ Yammer \ Directory Sync allow you control log output tings. Best practices Planning Will disturb few worke An opportunity to give a better fit experience with SSO Network Established Network Always start with SSO Implement Directory Sync in suspend - only mode initially Enable adds and upes later Best practices for SSO Support mobile devices Ensure your identity provider supports failover Involve a range of in testing Test from inside and outside your network Prepare appropriate cun for Email mismatches between Yammer and the SAML assertion can happen. This can be detected and fixed ahead of . Best practices for Directory Sync Become friends with your Active Directory administrator(s) Customize the activon and welcome emails Undetand and re the validon report Include only with email addresses matching your domain(s) Prepare for DR with a standby instance Undetand attribute mappings and preferences, and how these will impact your Yammer Network Document configuron for transition to BAU Wrap up Identity futures can access Yammer from O365 without logging into Yammer Simplified login can more easily move between Yammer and O365 O365 navigon Being looked at, but this is a long term item Yammer Directory Sync replacement Recendons 1.Implement Yammer SSO and Directory Sync now 2.Go with SSO before Directory Sync* 3. a simple Directory Sync configuron 4.Merge to avoid operng multiple Yammer networks. 5.Follow the Yammer Release Schedulefor identity upes Single Sign - On http://success.yammer.com/integrons/single-sign-on/ Directory Sync http://success.yammer.com/integrons/directory-sync/ Documenton #SPC14 Enterprise Social Related Content See you at the 2 Social booth & 3 Social tables at Asks the Experts WED @6:15! Room A responsive organizon stays ahead of the competition SPC104 Delphino4001 MON 2:00 Trek Bikes: pedaling past complex collaboron problems in the enterprise SPC386 Delphino4005 MON 2:00 's vision and roadmap for Enterprise Social SPC282 Delphino4005 MON 3:45 : Our Enterprise Social Journey SPC280 Lido 3001 MON 3:45 Nonwide: Building a World-Renowned Intranet with SP 2013 & Yammer SPC311 Murano3204 9:00 Real-world, best practices for making enterprise social successful SPC239 Delphino4005 9:00 Make your portal social in 1-2-3! SCP378 M,N 9:00 Over of Yammer app development SPC332 O, P 9:00 Yammer External Networks: Engaging Custome and Partne SPC248 Murano3204 10:45 Cargill: Real-world challenges and value in introducing enterprise social SPC295 Delphino4001 10:45 Integrng Yammer and .NET SPC380 O, P 1:45 Work like a network: The power of Enterprise Social SPC112 Marcello 4401 3:15 Best practices for breaking down organizonal barrie Yammer SPC264 Delphino4005 3:15 Over of configuring Yammer SSO & Directory Sync SPC368 Titian 2201 3:15 Successful team collaboron with Yammer & SPC247 Delphino4005 5:00 Driving enterprise social from the bottom up SPC266 Delphino4005 WED 9:00 Developing socially connected apps with Yammer, and OpenGraph SPC371 O, P WED 9:00 Giving voice to frontline worke via enterprise social SPC263 Delphino4005 WED 10:45 Yammer mining -dig in and "listen" to what your big *social* a is saying SPC3991 Murano3204 WED 1:45 How to become a Yammer Power r in 75 minutes SPC275 Delphino4005 WED 5:00 Knowledge Management with and Yammer SPC246 Delphino4005 THU 9:00 Measuring Business Value with Yammer SPC392 Delphino4005 THU 10:30 #WorkLikeANetwork Enterprise Social Resources Sites, Blogs & Twitter .Enterprise Social Customer Success-Yammer Success Center– EnterpriseSocial.com- The Responsive Org .Admin & IT-Develope-Yammer App Directory-Office Store-Yammer Ignite .Blogs: YammerOffice 365Twitter: @Yammer@Office365 Research/Whitepaper .Gartner: Magic Quadrant for Social Software in the Workplace- Evolution of the networked enterprise: McKinsey Global Survey - Yammer’s 2013 Business Value Survey - The Rise Of Enterprise Social Networks Press .How Red Robin Transformed Its Business With Yammer- How Teach for America gets the most out of Yammer on a shoestring budget- HK firm creates idea melting pot for 4,000 employees- LexisNexis found that employees who Yammer are way happier- Switching to Yammer let this company slash helpdesk calls and save $1.5 million a year- How got its own employees to Yammer Videos .Move Faster Together .Transform the Way You Work with Yammer #WorkLikeANetwork MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. for large scale records management - hundreds of millions of documents and beyond! Nishan DeSilva Alex O’Donnell Roberto Yglesias Joe Do Quentin Christensen SPC346 The Speake? Really!!! Alex O’Donnell Productivity Consultant, UK Roberto Yglesias Business Technology Director, Buildingi Quentin Christensen Senior Program Manager, Informon Protection, Office 365 Nishan DeSilva Head of Business and Technology Solutions, Legal Joe Do Senior Program Manager, Business and Technology Solutions, Legal Nokia 2520 Giveaway At this ! But wait, there’s more: transforming business process What’s next? Future of Informon Protection Records Management – can we scale? Discussion When dreams become reality: realized benefits Dreaming big: a journey of epic proportion Agenda Case Study 1: FinancialA large global bank Alex O’Donnell alexdo@.com Productivity Consultant, UK Hello from UK (records centre = records center) This is a top tip! A globalbank with globals on the cloud journey on premises for now of epicscale 250k 370mdocuments 1.5pblegacy content Crunching the numbe Content Size Content Items Site Collections Documents Document Veions Security Scopes no explicit limit for records* 60m 5k per , 250k per farm 30m per library 400k per document 50k per list One record centre = One site collection Re boundaries and limits in its entirety and in context In - place veus Records Centre Perceived ‘concern’ managing a separate centre Permissions ed on an item’s records to manage retention at a granular level Differing SLAs for records Uncertainty of an active site’s full lifecycle Separate storage layer beneath records Records Centre (Records Repository) it is! Informon Architecture Mapping Active Site Subsite Library or List Folder Document/Item Record Centre Single Site Document Library Folder Record encouraged our model Encouraged Model Model Why? 2013 Content Organizer rules allow document routing, on available metaa, into libraries and folde Concept of ownehip defined at the site level - maps to records access Permission each site’s library at provisioning Consider security, sizing and granularity to determine I.A. We to talk about metaa Balance between compliance and r experience Frictionless document creon process Inherit metaa only where appropriate Enough metaa at submission to decide retention Leverage search and eDiscovery to surface records Search don’t browse One Content Type to rule them all (almost) Two Content Types Field Type Details Record Category MMS term (required) MMS term driven Retention Event e (optional) Variablemeaning from category Original Owner ‘Created By’ s tobe re-captured Owner ‘ModifiedBy’ s tobe re-captured Original Department UPA Lookup onsubmission Lookup from UPA Department UPA Lookup onsubmission Lookup from UPA Geography Site level metaa Copy from property bag e created ‘Created on’ s tobe re-captured Original locon Original path field Copy from properties Record Content Type How? Knowing when to customise Configure before customise High level over Cog denotes customison Site provisioning captures metaa Document content type captures metaa Major veion ‘publish’ trigge record Rules rename and move item to correct locon Record repository permissions for site owner(s) Search and eDiscovery for re and legal hold On trigger, routing rules determine where the record should be stored: Informon ManagementPolicy Job ProvisioningEngine DocumentPublished Content OrganiserProcessing Job Document Flow Development Core Principles Did you consider configuring?! recended extension points Consider future cloud migron a mature release management process Performance test at extreme scale Code re, analysis, patterns, frameworks Make of existing tooling Automate and document everything Relevant Customison Points ItemUped in SPItemEventReceiver SendToOfficialFile method to submit a record OnSubmitFile in ICustomRouter SaveFileToFinalLocon after making changes ComputeExpiree in IExpironFormula return calculated e Architecture How many serve? What topology? Potential end state architecture (ex. Social) Main Farm Web Front End Applicon Front End Distributed Cache Search Front End Search Back End Applicon Back End Records Farm 28GB 8 cores 28GB 8 cores 28GB 8 cores 64GB 16 cores 28GB 8 cores 28GB 8 cores Separate SQL Server cluste Role Active Passive (DR) Web Front End 11 11 Applicon Front End 4 4 Distributed Cache 5 5 Search Front End(October Upe) 40.28 40.28 Search Back End (October Upe) 24.16 24.16 Applicon Back End 10 10 8 8 Total 82 82 Potential end state architecture (ex. Social) Conclusions Consideron of boundaries & limits Relevant development can meet complex requirements without additional products Records Informon Architecture is as important as Active Informon Architecture Nokia 2520 Giveaway At this ! Case Study 2: Global Human Resources Consulting Firm Roberto Yglesias Business Technology Director Buildingi The Business Case Large Human Resources Consulting Firm Over 14,000 More than 1,500 locons Across 35 countries in multiple continents Main objective: Cross - team project collaboron Farm Architecture Development Development Integron Systems Integron UAT Production Disaster Recovery WFE SQL App DC Search Domain Control Domain Control Domain Control Domain Control Domain Control Gold NA Europe NA Europe NA Europe NA Europe North America North America Europe APAC Europe APAC 1 Env per Dev NA Europe The Solution Demo Search-driven aggregon Site provisioning wizard Peonalized r experience Client and Project site collections Multi - Stage Retention Policies TCT Project Document Retention Process Diagra m Active Inactive Close Archived Destruction Project Created Project Activity Close Project Archive Project Destruction Request Rec’d Appro - val Destroy Project Inactive No No No Reply Yes TCT Client Retention Process Diagra m Active Inactive Close Archived Destruction Client Created Client Activity Archive Client Destruction Request Rec’d Appro - val Destroy Client All Projects Archived ? No No No Reply Yes All Projects Destroy ed? No Conclusions Centralized project collaboron End-r empowerment Making technology transparent Nokia 2520 Giveaway At this ! Case Study 3: Case Study Joe Do joedo@.com Program Manager, •Employed Lean Six Sigma Process Res •Presented reduced “To Be” Processes •Centralize records archival and access •Enable external collaboron with Outside Counsel & Vendor Outsourcing Reusable Reduce Paper Cost Savings Improved Business Processes High Value Business Scenario - Legal •Global Migron manages over 12,000 files for active foreign nonals at . •Each physical file folder contained 200 to 1000 pages •Electronic documents were printed, filed and saved to a file share. •Multiple workstream and processes with Clients, Vendor Outsourcing, and Outside Counsel. Business Problem Solution Collaborate Externally –upload, , manage documents and a End Record Operato Electronic Physical Off - Site Storage Scanning Process • Optical Character Recognition (OCR) • Index • Migron Outside Counsel Vendor Outsourcing Solution Architecture Records Center \\\Projects\\Cloud Power \Design\_\Tower. \\\Projects\\Cloud Power \Design\_\Tower. Document Classificon PSIGEN PSI:Capture Classificon Engine OCR Pattern Matching with Regular ions Complex, multi - term matching to identify form type (? is)(? End Security Moving a Strong SSL encryption for all Server/Client and Service/Service cun. @ REST Network and domain isolon limits access to your environment BitLocker encryption guards against physical theft Secure Shredded Store guards against logical theft, encrypts individual blobs to limit the scope of access Secrets (the keys to the keys) are also encrypted - at - rest, held in a secure store, and uped frequently. MFA Operonal Access - bound approval to perform specific actions and access to customer a. Scoped access to only the minimal of actions necessary for the task. Today, 10 enginee have standing access – we are driving this to Zero. Content Changes Content Changes Changes were ed to support Shredded Storage AllDocStreams - > DocStreams DocsToStream () AllDocs AllDocVeions Non - relonal binary large objects stored in dbo.DocStreams Enables logical transactional consistency between relonal a and the associated non - relonal file contents Smaller exaggerated storage utilizon until T - log is purged BLOB Sequence Numbe (BSN) BSNs are d to keep track the sequence of each blob. BSN field ( bigint ) added to AllDocVeions , DocsToStreams and DocStreams tables. NextBSN stores the last BSN for each file. Streams will be accessed from AllDocs / AllDocVeions . DocsToStreams . DocStreams . Demo Content Changes Client Appl Protocols, Impacts, Considerons Over (Windows Nve SOAP Stack) Windows Nve SOAP Stack Design pattern on wire contracts and loosely coupled systems Standards - and interoperable Consolidon of existing stacks MIG, WDPG (Windows) ATL Server (VC++) SOAP Toolkit (Office) SQL Server WCF ‘light’ Peer to WCF, not a replacement WCF does not layer on the Windows Nve SOAP Stack Small, fast, minimal dependencies Windows layer 20 Win32 Developer APIs Public “Flat” C API No MFC, ATL, COM, C++ Why is Sapphire important? Client operons Office Backstage Store, Share, Sync FileWriteChunkSize veus FileReadChunkSize Download size veus partition size CellStorage.svc WCF endpoint that manages download and upload of files to d by Office clients and OneDrive for Business API Layer that implements locking and coauth of documents Demo CellStorage.svc Office Web Apps Onenote.ashx Office documents are transformed into JSON arrays Each section of the document is distinguished and tracked separately This allows for the multi - r editing of OWA Shredded Storage will create partitions and shreds on the editing document sections Demo OneNote.ashx Configuron Configuron Paramete FileWriteChunkSize The target size of the shreds of a file binary FileReadChunkSize The size of the a returned from each Stored Procedure call to a file binary FileWriteChunkSize This value should not exceed 4MB Significant hit on I/O will occur The value should not be lower than 64K Optimal ting will be on workload 1 - 4MB (Depending on performance testing, RBS, Dedup ) OneDrive is to 2MB FileReadChunkSize Recendons: >12.5% of average file size = normal operon 6%12.5% = 10% hit on read operons 3%6% = 20% hit on read operons X<3% = 50% hit on read operons Average size of out of box content files is <64K Beware Too high of a ting OneDrive for Business will stop working ICsiError : csierrWebService_QuotaExceeded (0x662) What is your average file size in your content s? This average will drive your ting of FileReadChunkSize Shredded Storage Testing Framework Shredded Storage Testing Framework Tool developed by Chris Givens with support from ISVs http://shreddedstorage.codeplex.com/ Monitoring features include: Office Client to WFE WFE to SQL traffic SQL activities Achieved with Fiddler integron SQL Profiler integron Supporting result tracking Demo Shredded Storage Testing Framework Knowledge Check Question #1 Can You Disable Shredded Storage? Answer #1 No, it cannot be disabled ting the Write Chunk Size to 2GB will not disable it and will only ca performance issues Any other “unknown” means will destroy your farm Question #2 TRUE or FALSE If you the File Write size to 128K, will the size of all the shreds be 128K except for the last? Answer #2 FALSE The algorithms do not break up the shreds solely on the File Write Chunk size In some cases the header and footer of the shred will be of varying size Question #3 TRUE or FALSE If you the File Write size to X, will the size of all the shreds be less than X? Answer #3 FALSE Similarly, the algorithms do not break up the shreds solely on the File Write Chunk size The header and footer of the shred will be of varying size. This metaa does not count towards the File Write Chunk size Question #4 Is a lower or higher FileReadChunkSize better for download speeds? Answer #4 Higher Each chunk be executed via a Stored Procedure call, the more calls you make, the more CPU and network activities will be generated But not TOO high Question #5 TRUE OR FALSE Images in Word and PowerPoint files are broken into their own shreds Answer #5 FALSE Images are not distinguished from other entities inside the office file XML, therefore they are not shredded separately Question #6 TRUE OR FALSE Shredded Storage will apply to all instances of the same file binary ( ie , same file binary uploaded to multiple libraries) Answer #6 FALSE Shredded storage works at an SPListItem level. Each you upload a file to a document library, a SPListItem is generated, therefore, no dedup across libraries Question #7 TRUE OR FALSE Changing the TITLE property of a veioned document will ca shreds to get created Answer #7 TRUE Even though the file does not change, a of shreds are created for the file veion! This is a side effect of the platform and not a bug in shredded storage Title property is special and the property in the binary of the Office file upon modificon (you didn’t change the file, but did) Question #8 What is the max FileWriteChunkSize and everything works? Answer #8 8.25MB If you pass this value, OneDrive for Business will error out with the following: ICsiError : csierrWebService_QuotaExceeded (0x662) Recendons Don’t modify FileWriteChunkSize without justificon (keep less than 4MB) FileReadChuckSize should be proportional to your average file size (dependent on your workload) Test your RBS and Storage vendo hardware and software for acceptable performance Summary Shredded Storage is AWESOME! Shredded Storage adds security to Fort Knox Read and Write chunk sizes will be different for workloads You cannot disable Shredded Storage Shredded Storage with the combinon of RBS and File DeDup should always be tested for performance Questions? What do you want to know about Shredded Storage? Events .Evening Event – 7pm http://www.conference.com/PublishingImages/Sponso/logo_Neudesic. http://www.conference.com/PublishingImages/LVMS%20Photo%203.jpg?RenditionID=3 http://www.conference.com/PublishingImages/Las-Vegas.jpg?RenditionID=3 Survey Don’t forget to fill out your survey! SPC416 Contact Bill Baer Twitter: @ williambaer Email: William.baer@.com Chris Givens Twitter: @ givenscj Email: chris@architectingconnectedsystems.com https://aragonresearch.com/wp-content/uploads/2013/09/--logo-square-large.jpg © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Web Content Management from 0 - Infinity Faizan Khan and Robert Gullick SPC398 Faizan Khan Architect Eastern Region @whoisfaizan Robert Gullick Premier Field Engineer Experiences with Content Deployment A support case study Components WCM Parts and Playe Components Publishing Site Figure 1. The Contoso Electronics website displayed on a desktop device Authoring Site http://i.technet..com/dynimg/IC675698. Office 365 & Devices http://i.technet..com/dynimg/IC675694. http://i.technet..com/dynimg/IC675696. Authoring Site Managed Metaa http://.iconarchive.com//fatcow/farm-fresh/32/applicon-side-tree-icon. http://.iconarchive.com//icojam/blueberry-basic/32/tag-blue-icon. http://.iconarchive.com//icojam/blueberry-basic/32/tag-blue-icon. http://.iconarchive.com//icojam/blueberry-basic/32/tag-red-icon. http://.iconarchive.com//icojam/blueberry-basic/32/tag-red-icon. Search Publishing & Authoring Content By Search Web Part, Catalogs, Query Rules , Content, Catalog Managed Properties Cross-Site Publishing Feature http://.iconarchive.com//jonas-rask/danish-royalty-free/32/library-bookmarked-icon. http://.iconarchive.com//icojam/blue-bits/128/document-empty-icon. http://.iconarchive.com//fatcow/farm-fresh/32/book-icon. http://.iconarchive.com//fatcow/farm-fresh/32/book-spelling-icon. Catalogs Publishing & Authoring Sites http://.iconarchive.com//icojam/blue-bits/128/document-search-icon. Query Rules Navigon Query Builder http://.iconarchive.com//icojam/blue-bits/128/document-search-icon. http://.iconarchive.com//designkindle/build/48/Tools-icon. Refine http://.iconarchive.com//icojam/blue-bits/128/document-empty-icon. http://.iconarchive.com//fatcow/farm-fresh/32/filter-add-icon. http://.iconarchive.com//icojam/blue-bits/128/document-empty-icon. http://.iconarchive.com//fatcow/farm-fresh/32/layout-icon. Display Templates CSWP HTML5 & CSS3 http://.iconarchive.com//icojam/blue-bits/128/document-write-icon. http://.iconarchive.com//icojam/blue-bits/128/document-empty-icon. http://.iconarchive.com//icojam/blue-bits/128/pictures-icon. http://.iconarchive.com//icojam/blue-bits/128/document-photo-icon. http://.iconarchive.com//dakirby309/windows-8-metro/128/Apps-Adobe-Acrobat-Reader-Metro-icon. http://.iconarchive.com//icojam/blue-bits/128/pictures-icon. Metaa & Search Content Source, Continuous Crawl, Managed Metaa, Term s Metaa & Search •Content Source •Continuous Crawl •Analytics Component •Queries Rules •Queries run against the Index •Term Store •Tagging •Navigon •Metaa Managed Metaa http://.iconarchive.com//fatcow/farm-fresh/32/applicon-side-tree-icon. http://.iconarchive.com//icojam/blueberry-basic/32/tag-blue-icon. http://.iconarchive.com//icojam/blueberry-basic/32/tag-blue-icon. http://.iconarchive.com//icojam/blueberry-basic/32/tag-red-icon. http://.iconarchive.com//icojam/blueberry-basic/32/tag-red-icon. Search & Devices Managed Metaa, Term s & Devices Device Channels Device Channel Panel r Profile Demos .ms-cui-topBar2 .o365cs-nav-header ..ms-core-pageTitle ..ms-cui-topBar2 { border-bottom: 1px solid rgba( 239, 239, 239, 0.78 ); height: 0px; display: none; } CSS Styles Wednesday Deliver adaptive and peonalized experiences for your 2013 sites 1:45 PM - 3:00 PM - Marcello 4401 - 4506 Creng Internet facing web sites with on - premises or in the cloud 3:15 PM - 4:30 PM - Ballroom A - H 2013 Search Analytics 9:00 AM - 10:15 AM - Ballroom M, N Thuday Azure IaaS and 2013 WCM - better together! 10:30 AM - 11:45 AM - Veronese 2401 - 2506 Related Thank You! MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Access is back! High-value, 'no code', functional & flexible business apps with the Access services Radi Atanassov MCM & MVP OneBit Software SPC301 . MCSM . Server MVP .OneBit Software .Web Platform r Group C: \ \ Radi>whoami .Access Services – what is it? .Creng Access Apps .Migron & adoption .Configuron & Deployment .Q & A Agenda Access Desktop vs. Access Services .Classic Access desktop appl .20+ yea old .Very popular .Easy to create .Client machine deployment required .Solved business s ..MDF file .Access Services 2013 . apps .a lives in SQL Server .Access client ed only for designing appl .Central access control .Security .Sharing .Scaling up .Standard professional UI .No code required .Many legacy Access s everywhere! .Poor design, but strong business value .Copies and veions everywhere .Old Access client be required .No backup or security practices .No a quality The problems of the “Access” world . web - apps .Inherit site security and themes .Nice cross - browser UI with mobile capabilities OOTB .Deployment – App Store/Catalog .Pro SQL .Central control (security, backup, access control) .Lotus Notes migron candie Solutions to the problems The benefits Central a store •Cloud/Azure •SQL Server Central access control •Security •Identity •Informon governance a is cleaner • Better forms with automc validon • Lookup a • Linked tables • Macros Sharing • Web sharing (URL) • Intuitive and easy Appropriate IT strategy • Stable platform to implement as a corporate standard • a migron story Access Web App Templates Custom Access Web Apps Desktop Access s Office Store Today: 4 ways to create Access s Apps Creng Access Apps DEMO Getting onboard the Access Services wagon .Migrate the most important .Document challenges Import from .Access 2010 (and Web s) .Excel .Lists in SP .SQL/ODBC Create Migron Strategies .Notes Mail - > Exchange .Domino Directory - > Active Directory .Lotus Notes client - > Office .Notes Template - > List templates, Site templates .Applicon s .Lists & Libraries .Workflow and forms .Access Services . Moving away from Lotus Notes .With the Office Discovery and Risk Assessment Tool (Server) .File Share Scanning Discover and Assess .Create an App and import tables from Access 2003 .Remove the tables in Access 2003 .Replace them with Linked Tables “Hybrid” Access Access 2003 Forms Macros Reports Queries Access Services 2013 Forms Macros Reports Queries SQL Tables Tables Import Tables Linked Tables .The look & feel is important to .Access Services is limited, but you can do a lot with colo, logos and images Consider branding .Create a a connection to the SQL in your App .Create Excel & Power charts .Build SQL Server & other reports Surface Access a in Excel or SS .To the App Catalog .To the Office marketplace Publish your Apps .Workshops & Demonstrons .Wiki / Help Site .Announce Access as better platform Training & Knowledge Sharing .Power .Migron Teams .Technical Assistance and Consulting Identify the “People” .http://www..com/en- us/download/details.aspx?id=39358 .The Access 2013 Run enables you to distribute Access 2013 desktop appl .No authoring/editing/design capabilities, just execution of built apps .“Free” – No license required! Access 2013 Run Migrng to Access Services DEMO Architecture Access Services – Architecture Over * Diagram is not mine, I’m borrowing it without permission from #SPC12 slides Access Services In the background… •Access Apps are “App webs” with a in SQL ( - hosted App) •The UI is HTML and JavaScript •a Macro’s are SQL Trigge •Access 2010 d lists for a. This is not available anymore. Events in Access 2013 get translated into AFTER trigge in SQL. Mapped to SQL objects StolenTakenfrom Greg Lindhot& Bob Piper’s presenton from #SPC12 Access App = SQL Access Table = SQL Table Access Field = SQL Field Access atype= SQL atype(some renames) Access ion = SQL ion (some renames) Access Query = SQL Access a Macro = SQL Stored Procedure/Trigger Mapped to SQL objects CREATE[Access].[MyQuery] ASSELECT[MyTable].[ID], [MyTable].[String Field], [MyTable].[e Field] FROM[Access].[MyTable] WHERE[MyTable].[e Field]> EFROMPARTS(2012,7,16) Image source: http://blogs.office.com/b/-access/archive/2012/08/08/access-2013-and-sql-server.aspx •Access 2007, 2010 had the ability to share tables, forms through , .accdb •Access 2013 web app file = .accdw(s SQL Server 2012 for tables) a File Formats Configuron Re . Server Enterprise 2013 ( upe : with March 2013 PU) .Access Client 2013 to design .SQL Server 2012 for Access s .SQL Server 2012 Feature Pack: . SQL Server 2012 Local DB (SQLLocalDB.msi) . SQL Server 2012 a - Tier Applicon Framework (Dacframework.msi) . SQL Server 2012 Nve Client (sqlncli.msi) . SQL Server 2012 Transact - SQL ScriptDom (SQLDOM.MSI) . System CLR Types for SQL Server 2012 (SQLSysClrTypes.msi) Requirements .App Management Service .Subscription tings Service .Secure Store Service Applicon .Domain Name Services (DNS) .Host name for the apps .Wildcard DNS record .Port 80 web applicon and host - named site collection .The app prefix and the app domain name configured .A site collection and Owner permissions Prerequisites for Apps .Service Account ( dbcreator , securityadmin ) .Enable Contained s = True .Allow Trigge to Fire Othe = True .Security Mode = Mixed Mode (and SA account enabled) .Default Language = English .TCP/IP Protocol = Enabled .Named Pipes Protocol= Enabled .Windows Firewall Inbound Ports TCP 1433, TCP 1434, and UDP 1434 SQL Server tings .Load r Profile IIS tings Access Service Applicon .http://technet..com/en - us/library/ee906548(v=office.15) Windows Powehell cmdlets to manage Access Services in Server 2013 .White Paper: Office 2013 -- Access Services up for an On - Premises Installon http://www..com/en- us/download/details.aspx?id=30445 .http://blogs.msdn.com/b/kaevans/archive/2013/07/14/access-services-2013-up-for-an-on-premises- installon.aspxBy Kirk Evans, On - premises installon guide The best configuron guides .Access Apps General Availability – 3 rd Feb, 2014 .Custome can now create, share, and Access apps with full confidence and the same level of d availability as the rest of Office 365 .Full Office 365 SLA Too hard??? Check out Office 365 Plans .Access Services is a fantastic candie for delivering appl with a .Access Services offe a very mature IT platform .Migrng is not difficult .Plan your deployment .Consider Office 365 Key takeaways .http://technet..com/en-us/library/ee683869.aspxPlan for Access Services in Server 2013 .http://office..com/en-us/access-help/what-s--in-access-2013- HA102809500.aspxWhat's in Access 2013 .http://blogs.msdn.com/b/windowsazure/archive/2012/11/06/-access-2013-a- cool--rapid-development-tool-for-the-cloud.aspx- Access 2013: A Cool Rapid Development Tool for the Cloud .http://msdn..com/en-us/library/office/jj249372.aspxHow to: Create and customize a web app in Access 2013 .http://technet..com/en-us/library/ee513071.aspxAccess Services in Server 2013 knowledge articles .http://blogs.msdn.com/b/kaevans/archive/2013/07/14/access-services-2013-up-for- an-on-premises-installon.aspxBy Kirk Evans, On - premises installon guide .http://social.technet..com/wiki/contents/articles/12514.-2013-access- services.aspx 2013: Access Services on TechNet Wiki References . for questions . .Please fill in your feedback forms Thank you !!!!!!!!! You are AWESOME! Contact me to solve your Access problems . .radi@.bg .@ RadiAtanassov .Facebook: Radi Atanassov .LinkedIn: http://au.linkedin.com/in/radi .Blog: www..bg/radi .Company: www.onebitsoftware.net MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Automated 2013 disaster recovery with Windows Azure and Cloud Packs Tom Wisnowski Architect Alex Lee Architect Srikanth Gutha Sr. PFE SPC206 Before we begin… Welcome to SPC 206 Content today will target 200 level topics Meet us after the for deeper technical discussions The importance of business continuity Consumer expectons Always on Always safe Effortless Business continuity inhibito Cost Effort Complexity Benefit Cost Cloud Hosted Low Cost Agile Integrated FullySupported Azure Cost Estimate Backend 8core 14gb Search 8core 14gb Cache 8core 14gb Front End 8core 14gb Office Web Apps 8core 14gb SQL 8core 56gb Cluster Member 4 core 7gb Storage 15TB 2 x XL 2 x XL 2 x XL 2 x XL 2 x XL 2 x A7 1 x L DR Approach Cold Standby SQL Hot Standby (Always On) VM OnlineSchedule SQL 24x7 Always On (only 1 member) + SQL 16hr/week -PatchMaintenance, Change Management All Serve 40h/Half DR Failover Test Azure Cost Estimate Weekly Usage Hou (Estimates) Environment wk 1wk 2wk 3wk 4wk 5wk 6wk 7wk 8wk 9wk 10wk 11wk 12wk 13wk 14wk 15wk 16wk 17wk 18wk 19wk 20wk 21wk 22wk 23wk 24wk 25wk 26wk 27wk 28wk 29wk 30wk 31wk 32wk 33wk 34wk 35wk 36wk 37wk 38wk 39wk 40wk 41wk 42wk 43wk 44wk 45wk 46wk 47wk 48wk 49wk 50wk 51wk 52Total Hou / YeaQL (AO)8736SQL (AO backup) + Member Server880 & OWA880 Category Estimated Cost per Year VM Costs / Year $22,038.40 Storage / year $11,700.00 Network Bandwidth Cost $2,868.00 VPN $5,400.00 Support (Prof Direct) $12,000.00 Azure Storage Trans $4,200.00 Grand Total per Year $54,006.40 On - Prem Cost Estimate Backend 8core 14gb Search 8core 14gb Cache 8core 14gb Front End 8core 14gb Office Web Apps 8core 14gb SQL 8core 56gb Cluster Member 4 core 7gb Storage 15TB On-PremisesAssumptions PhysicalHost Cost / month @ 4 yea (assume ops costs) $500 / month $24,000 / 4 yea StorageCost per GB / month $0.45 Cores: 48 Memory:126 Category Estimated Cost per Year Seve $72,000 Storage (15TB+ 1TB) $88,473 Network Bandwidth Cost ??? Support (Premier) $12,000.00 Azure Storage Trans 0 Grand Total per Year $172,473 Azure/On - Premises Comparison Estimated Azure Cost per Year Estimated On-Premises Cost per Year VM /Server Cost $22,038.40 $72,000 Storage $11,700.00 $88,473 Network Bandwidth Cost $2,868.00 ??? VPN $5,400.00 0 Vendor Support $12,000.00 $12,000.00 Azure Storage Trans $4,200.00 0 Grand Total per Year $54,006.40 $172,473 Windows Azure – What to Know Windows Azure Virtual Machines Azure Cloud Services Azure Networking Azure Storage Conceptual Architecture Network Office Web Appl Farm Farm Directory Network Content & SA a On - Premises Azure Hybrid DR Deployment Process Provision Production Farm Valie Production Configure Azure Infrastructure up SQL Always-On Provision Azure Farm Valie DR Monitoring & Config Mgmt. Test Cloud Pack SPRaaS Azure Portal Cloud Pack SPRaaS SQLRaaS ADRaaS SQLRaaS ADRaaS Azure Portal Azure Portal Provision Environments Product Line Architecture Prescriptive Design, Guidance & Basic Automon for 2013 Deployment Cloud Packs Automon solution created by Services Leverages System Center to orchestrate end-to-end build scenarios on Product Line Architecture(s) Can be fully customized Can target cloud and on-premises Accelerate Farm Build Announcing PLA 2.2! Cloud Pack Environment Backend 8core 14gb Search 8core 14gb Cache 8core 14gb Front End 8core 14gb Office Web Apps 8core 14gb SQL 8core 56gb Cluster Member 4 core 7gb Storage 15TB Cores: 48 Memory:126 Backend 8core 14gb Search 8core 14gb Cache 8core 14gb Front End 8core 14gb Office Web Apps 8core 14gb SQL 8core 56gb Cluster Member 4 core 7gb Storage 15TB 2 x XL 2 x XL 2 x XL 2 x XL 2 x XL 2 x A7 1 x L Deploy to Public Cloud (Azure IaaS) Deploy to Private Cloud (VMM) Portal SQL Orch VMM Deploy Share Az IaaS Network Network Functions & Process Define & Request Deploy & Monitor Install & Configure Define & Request ServiceDesignerassociates template, cloud, configa DeploymentEngineerrequests what has been defined leverage VMM r Roles Deploy & Monitor Orchestrator runbooks monito DB deploys template (app topology) injects a retrieves status Install & Configure Applicon specific automon Conditional execution of tasks Scripts handle dependencies Modular Approach •Small •Dynamic portal •Configuron files •Customizable experience Define & Request •Define app topology •Configa in •Status out •Orchestrate the deploy Deploy & Monitor •Task sequence •Scripts •Inter-server dependencies handled by script Install & Configure Scenario – Deploy to Azure IaaS •Small •ASP.NET portal •Configuron files •Customizable experience Define & Request •Define app topology •Configa in •Status out •Orchestrate the deploy Deploy & Monitor •Task sequence •Scripts •Inter-server dependencies handled by script Install & Configure Fewer choices for Azure VMs (t-shirt sizing, one network) Azure injects UNATTEND.XML No KVP Scenario – Deploy via Azure Pack Portal •Small •Azure Pack Portal •Configuron files •Customizable experience Define & Request •Define app topology •Configa in •Status out •Orchestrate the deploy Deploy & Monitor •Task sequence •Scripts •Inter-server dependencies handled by script Install & Configure Custom Resource Provider Admin Portal UI Tenant Portal UI VMM APIs via SPF Future – Install with PS DSC •Small •Dynamic portal •Configuron files •Customizable experience Define & Request •Define app topology •Configa in •Status out •Orchestrate the deploy Deploy & Monitor •Task sequence •Scripts •Inter-server dependencies handled by script Install & Configure provide Configa: how/what Configa: where Inter/intra server dependencies Cloud Pack Video Deployment Experience Cloud Pack Video Deployed to Azure IaaS Cloud Pack Video Under the Hood How do I get Cloud Packs? Contact your MS Services Executive Assess Risk & Valie DR Deployment Process Provision Production Farm Valie Production Farm Configure Azure Infrastructure up SQL Always-On Provision Azure Farm Valie DR Monitoring & Config Mgmt. Test SPRaaS PLA Tool SPRaaS Service About SPRaaS Service Most popular service from Premier Where it began . Health Check . Risk & Health Assessment Program (RAP) .RAP as a Service (RaaS) .Available for 19 technologies/cluster ! SPRaaS SPRaaS – The Idea Phase 1: Risk Assessment & Knowledge Transfer Identify issues and risks for a given technology leveraging a suite of tools and MS best practices Phase 2: Remedion Planning Create a remedion plan to address identified improvement points and risks that have been aligned to customer specific business impact Phase 4: Desired State Verificon Reassess to verify the desired state after remedion. Phase 3: Remedion Execution Remediate issues and mitigate risks identified in the remedion plan. (by Customer, Partner or Premier) SPRaaS – Overall Health Result •Primarily relates to the state of the environment. Are key components and services functioning the way they should, systems online and responsive, and so on. •Typical health issues equate to active problems. Overall Risk Result •Primarily relates to the potential future state of the environment. Are there processes, documenton and systems in place that would help mitigate future problems in the environment. This can include change control, monitoring, SLAs, training, and so on. •Typical risk issues equate to increased chances of or woening problems in the future. The overall of the assessment are split into two main parts –Health and Risk. This is done to provide a more accurate of the overall environment. SPRaaS – The Flow SP_PLA_WFE1 …. SP_PLA_WFEn SP_PLA_APP1 …. SP_PLA_APPn SP_PLA_SQL SP PLA RaaS Web PS Scripts/SQL Scripts/WMI Tools Server Issues Reports Collected a RaaS Tool Submit \\\Projects\\Cloud Power \Design\_\Secure. Collect \\\Projects\\Cloud Power \Design\_\Rich_r_experience. Advise \\\Projects\\Cloud Power \Design\\s\Pooled. Peist \\\Projects\\Cloud Power \Design\\s\Optimized. C:\\v-junyo\Documents\Jun_Mesh\ Files\DesignTools\Brand Photos\Office Brand - No_exp\In the Office\male stand laptop hold carry office glass window side .jpg Collect SPRaaS Process SPRaaS Process Collect SPRaaS Process Collect SPRaaS Process Collect SPRaaS Process Collect SPRaaS Process Collect Submit \\\Projects\\Cloud Power \Design\_\Secure. SPRaaS Portal Srikanth Gutha Where do you get SPRaaS? Get in contact with your Services TAM / SDM DR up DR Deployment Process Provision Primary Farm Valie Primary Configure Azure Infrastructure up SQL Always-On Provision Azure Farm Valie DR Monitoring & Config Mgmt. Test Windows Cluster Disaster Recovery Production Announcing Support for Async Replica! We now support SQL 2012 Always-On AsyncCit for DR replicon! One technology for HA and DR No for log shipping, DFSR, etc Availability Group Sync Replica Async Replica Primary SP1 Improvements for SQL AG 2013 s Supporting Async Cit What to R eplicate? Content (Not Central Admin) UPA Profile UPA Social Business a Connectivity Project Server Managed metaa Subscription ting service Machine translon App License Management Secure Store PowerPivot Physical Design Windows Clusteite to Site VPNPrimary acenterDR acenteQL Always-On HASQL Always OnPrimaryReplicaReplicaActive Directory SiteWindows RASAzure GatewayActive Directory SiteContoso.comLocal File Share10.0.0.0/16192.168.0.0/16AG 1AG 2AG 3AG 4AG ListenerAG ListenerAG ListenerAG ListenerIPIPIPIPIPIPSite to Site VPN Multi - Site AD Multi - Cloud Service Multi - Subnet Windows Cluster Multiple AG Groups Sync and Async cit DR Today (Conceptual) Farm Default Group Group Failing Over… . a sync cit replica to read / write .Refreshsiteinconfiguron * .Provision Service Appl & Proxy Group #2 .Backup / Restore Search .Move Content/Apps web app to proxy group .Reconfigure UPA Sync Connections .Run profile import .Crawl content sources .Valie Don’t Forget External Dependencies! On - Prem Provider Hosted Apps Azure Provider Hosted Apps & Services s & Services Productivity Services DR Failover Configuron Management Build/Patch level Machine configuron (GPO) Farm configuron Profile import Search Audiences Configuron Drift Deployed solutions / GAC Provider hosted apps App level configuron Web.config / Machine.config Configuron Mgmt Today/Tomorrow Powehell Custom XML Export/Compare Powehell Desired State Configuron TODAY TOMORROW MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Best practices for Hybrid Search deployments Brent Groom Senior PFE SPC306 Norm Lambert Principal Consultant objectives and takeaways objectives: Why hybrid is valuable What are the options Learn Best Practices Where will we be in the future Hybrid really can help solve some critical business issues! Hybrid? What is Hybrid ? Con Scenario Can be considered hybrid += HybridOnlineOn-premises / IaaS += HybridOn-premisesOn-premises / IaaS Related SPC 339 2013 hybrid end - to - end - Sam Hassani .Cloud Fit Strategy – reducing Operons cost . Hybrid to leverage advanced O365 Cloud functionalities .Large Legacy on - premises farms requiring to complete migrons .Regulatory/Compliance/Legal Reasons requiring certain a classif to remain on premises .Privacy/Legal Reasons to maintain some content within the originng country Why Hybrid Environment? Cloud Migron Phases .Pockets of content distributed across multiple environments .Complexity due to multiple r Interfaces/locons .Many top level domains requiring knowledge of where to go to locate the most relevant content .No single Enterprise Search Center for finding content .Lost r productivity and added frustron while trying to locate relevant content Challenges with Distributed Content .Provide integrated search allowing for a single place to find content .One Enterprise Search center to reduce r Interface complexity .Query all of your content at the same .Allow O365 and On - Premises solutions to coexist .Provides a solution allowing custome to move to the cloud on their own terms How Can Hybrid Search Help? .Reduce operon cost .Take advantage of er feature upes in O365 .Hybrid search solves many problems as a is moving from on - premises to O365 Hybrid is great! “We firmly believe in the hybrid computing point of …” Satya Nadella , CEO Demo Outbound Hybrid Search Architecture / Scenarios Best Practices .One - way Outbound .One - way Inbound .Two - way (Bidirectional ) Hybrid Search Topologies – Part 1 Related SPC 320 Configuring Hybrid Search with 2013 and Online Neil Hodgkinson and Manas Biswas The on-premises Server 2013 farm connects to Online. One-way outbound topology A CENTERINTERNETINTRANET Online CANNOT QUERY Server 2013 Online Site collectionSearch portal: Local search ONLY Server 2013 CAN QUERY OnlinePrimary web applearch portal: Local + Remote search OutboundInboundOffice 365 Tenant Server 2013 Online connects to an on-premises Server 2013 farm through a revee proxy device. One-way inbound topologyThe on-premises farm trusts Online (Office 365) Revee proxy device A CENTERINTERNETINTRANET Online CAN QUERY Server 2013 Online Site collectionSearch portal: Local search ONLY Server 2013 CANNOT QUERY OnlinePrimary web appliconOffice 365 Tenant Server 2013PERIMETER NETWORKRevee proxyCUSTOMER NETWORKOutboundInboundREQUIRESSearch portal: Local + Remote search The on-premises Server 2013 farm connects to Online. Online connects to an on-premises Server 2013 farm through a revee proxy device. Two-way (bidirectional) Two-way trust between environmentsRevee proxy device A CENTERINTERNETINTRANET Online CAN QUERY Server 2013 Online Site collection Server 2013 CAN QUERY OnlinePrimary web appliconOffice 365 Tenant Server 2013PERIMETER NETWORKRevee proxyCUSTOMER NETWORKOutboundInboundREQUIRESSearch portal: Local + Remote search Search portal: Local + Remote search .Business Connectivity Services / Duet .Search Service Consumption (on premises/ IaaS only) .Search vertical (On Premises and O365 vertical) Hybrid Search Topologies – Part 2 Business Connectivity Services Hybrid Flow in 2013BCS Hybrid Flow A CENTERINTERNETPERIMETER NETWORKINTRANETSSL/443SECURE STOREOFFICE 365 ENTERPRISECSOMPIPELINECUSTOMER NETWORKMSODSACShttps://Myhybridserver.contoso.com SERVER-TO-SERVER TRUST ONLINE4561278Myhybridserver.contoso.com3BDirectory synchronizonr profile synchronizon ON-PREMISESSECURE STORE OR CUSTOM AUTHEXTERNAL A STOREOA SERVICE HEAD93ABCS RUN SERVICEBCS RUN SERVICEREVEE PROXYR PROFILE STOREAD DS On-Premises consumes a On-Premises Search Service. Farm to Farm Services ConsumptionFarm to Farm TrustINTRANET / EXTRANET / iaaSINTRANETINTRANETSearch portal: Local search ONLYPrimary web applicon Server 2013CUSTOMER NETWORKConsuming ServiceREQUIRESSearch portal: Local search ONLYSingle Enterprise Search Center Primary web applicon Server 2013 Demo Intranet Search – Search Vertical Additional options for hybrid search .Indexing O365 from on-prem •BA Insight O365 Connector .Federon with Interleaving •BA Insight Federator .Can support cross-veion hybrid scenarios (SP2010 on-prem, SP2013 in cloud) Related : SPC2003 Accelerng Successful Search Deployments with BA Insight and on the SP2013 federated identity and hybrid search pattern, Partne have created additional add-ons BA_logo_FINAL-web. . hybrid to direct your .Test your solution .Search Crawler is only crawling local content .Synchronous / Asynchronous .Supported / Not supported Architecture /Scenarios Best Practices Planning/Design Best Practices Performance Infrastructure Content Security Best Practice Areas .Latency .DB Server .1:* .Security Performance Best Practices .Revee Proxy .F5 .Citrix .Juniper .Server 2012 R2 with Web Applicon Proxy (WAP) .Forefront Threat Management Gateway (TMG) .Forefront Unified Access Gateway (UAG) .Fiddler Infrastructure Best Practices MTC TAP .STS .Dir Sync + password sync .SSL .Login options .VPN or Direct Access Security Best Practices .Crawl local .Query Builder .Display Templates .BCS Hybrid .Show result block above core Content Best Practices Hybrid Post Training - Server 2013 and Office 365Hybrid Future of Hybrid – What Hybrid So Intriguing! .Yammer .OneDrive .Oslo .From Query Federon to Remote Index (single relevant result ) The future of search Get Started – Hybrid Search http ://aka.ms/sphyb References Infrastructure Configuring Hybrid Search Part 1 - 3 .http://blogs.msdn.com/b/spses/ Security 2012 R2 Web Applicon Proxy .http://blogs.technet.com/b/speschka/archive/2013/12/23/configuring-windows-server-2012-r2- web-applicon-proxy-for--2013-hybrid-features.aspx Hybrid documenton Hybrid Search .http://aka.ms/sphyb .http://blogs.technet.com/b/speschka/archive/2013/10/11/architecture-design-recendon- for--2013-hybrid-search-features.aspx See you at the Searchbooth’s & Search tables at Asks the Experts WED @6:15! Room Develop Advanced Search-Driven 2013 Apps SPC402 I, J 1:45pm Best practices for Hybrid Search deployments SPC306 Veronese 2401 5:00pm 2013 Search Analytics SPC340 M, N Wed9:00am How to manage and troubleshoot Search: A practical guide SPC375 Veronese 2401 Wed10:45am 6 Proven Steps to Get the Best Out of Search in 2013 SPC265 Delphino4001 Wed1:45pm Best practices for Informon Architecture and Enterprise Search SPC207 Veronese 2401 Wed1:45pm Search content enrichment and extensibility in 2013 SCP414 K, L Wed1:45pm Customizing Search experiences with Azure Hosted a and Bing Maps SPC321 Veronese 2401 Wed3:15pm Futuristic Search appl Kinect and Yammer! SPC405 M, N Wed3:15pm Search architecture and sizing in 2013 SPC336 Titian 2201 Wed5:00pm Effective Search deployment and operons in 2013 SPC360 Veronese 2401 Thu9:00am 2013 Search display templates and query rules SPC322 M, N Thu9:00am Managing Search Relevance in 2013 and O365 SPC382 Veronese 2401 Thu12:00pm Search Related s Related Hybrid s SPC 339 2013 hybrid end - to - end – Sam Hassani SPC 320 Configuring Hybrid Search with 2013 and Online – Neil Hodgkinson and Manas Biswas SPC363 Get up and running fast with SkyDrive Pro: planning guidance and best practices – Zerelina Mukherjee Post Conference Event Server 2013 and Office 365 Hybrid – Neil Hodgkinson, Steve Peschka, Bill Baer, Manas Biswas MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON. Configuring Hybrid Business Connectivity Services with 2013 Fabian G. Williams Architect ADOTOB SPC319 About The Speaker Fabian Williams, MCSD, MCDBa, MCSE ArchitectPlanet Technologies, Inc. www.fabian.com@FabianWilliamslinkedin.com/in/fabiangwilliamsfabian@adotob.com .What Problems Does Hybrid Solve .What is Hybrid & What Flavo does it Come in .Establishing the Hybrid Environment .The role of the Revee Proxy .Establishing Hybrid Identity Management .Configuring Search & BCS Hybrid .Demo .Q&A Outline & Agenda What Problems Does Hybrid Solve? . to Access Content On Site & Off Site .Navigng Multiple a Sources .Searching for Informon between Multiple Environments .a Access Issues & Securing your a .Business to Business Relonships The Challenges The Goals .Create a Single Logon to mahal between Environments .Provide a Secure & Easily Accessible Access to Corporate a .Create a Unified Search Experience .Provide Safe, Secure & Audited Access to Protected a .Provide a Consolied of otherwise Distributed a What is Hybrid Anyway? Screen Clipping 10’000 feet look at Hybrid On Premises Public Internet Windows Azure & Office 365 Grouprrrr Office 365 SPO Online (SPO) 2013 Addressing Identity Public Internet Contoso\Fabian fabian@contoso.on.comAzure AD How Identity Operates Public Internet Azure AD Cross Farm Sharing of Resources Public Internet Azure AD STS Trust The Big Picture for One Way Inbound Corporate LAN (Hosting Provider Internal) Perimeter Network Internet Windows Azure & Office 365 Active DirectorySQL Server 2013 ADFS 2.0Diync Revee Proxy (Web Applicon Proxy) Windows AzureWindows Azure ADACSRegister Domain Name & Certs Nutz & Boltz 1.Register your Domain Name 2.Procure your SSL Certificates 3.Get your Subscription to Online 4.Square away your On Premises Boxes Preparon Check List Build out your On - Premises Farm .Provision Serve .Create App Domain .Create Hybrid Zone Configure Networking & Access .Certs Side & Revese Proxy Side .Accounts & Dir Sycn Side Ready the On - Premises Environment .Create a Service Account that will Broker Access (Secure Store r) to External Resources .Create a Security Group & Add all Federated ing Access to Hybrid in it Create On - Premises Secure Store App ID .Create a Group Secure Store .Add the OaGroup Security Group to the Membe Area . the OaAccount as the Credentials Login Create Oa Service EndPoint .Create a Dub - CF (WCF a Services Oa Source .You modify your Entity Access Rules to allow for AllRead , Write or All Operons .You Limit access to Service Operons as well to Manage Granular Access to Resources .Publish this and Expose it through the Revee Proxy to the Internet Protected by your Server Certificate Config SPO BDC Metaa Store for Hybrid .Log in SP Admin Portal & Add Permissions so that ECT will already have requisite access applied when Imported .Enter the Everybody Group into the Metaa Store Permissions with Execute & Select in Clients Permission & Admin with Full Control Square Away SPO Connection ting Object .Log in SP Admin Portal under BCS & Click Manage On Prem Svcs .I the Name as the “ SPOaConnectionti ngID ” property in the ECT just to Identify it. Upon Competion you should see a Connection Added Create your Oa External Content Type .Hybrid ONLY supports Oa External Content Types so you will Visual Studio .To Hybrid though there are differing Options for BCS you should Secure Store .I recend manually Importing your BDCM file There are some GOTCHA’sLets do a Demo DEMO: The story of a Hybrid External Content Type (ECT) By Fabian Williams •Create a Visual Studio ECT •Configure the ECT for Secure Store •Register the Connection tings via Powehell •Discuss the Gotcha about Importing ECTS for Hybrid (see blog post) In this Demo we will… Deploy the Hybrid Scenario External List .Import your BDCM File into Online .Create an External List .Check your work by modifying an External Item Hybrid in Action DEMO: Walk through End to End of One - Way Inbound Hybrid with BCS… and Search By Fabian Williams MySPC Sponsored by connect. reimagine. transform. Evaluate s on MySPC your laptop or mobile device: m © 2014 . All rights reserved. , Windows, and other product names are or be in the U.S. other countries. The informon is for informonal purposes only and represents the of as of the e of this presenton. Beca respond to changing market , it should not be to be a c on the part of , and cannot the accuracy of any informon provided after the e of this present on. NO , , OR , AS TO THE INFORMON IN THIS PRESENTON.