1 / 50

SharePoint Apps for the IT Pro

Thomas Vochten. SharePoint Apps for the IT Pro. # spsnl 2014. ABOUT ME. Thomas Vochten SharePoint MVP. Platform architect. Speaker. Trainer. Involuntary DBA. Consultant at Xylos. V-TSP at Microsoft. @ thomasvochten http :// thomasvochten.com. AGENDA. Introduction to Apps

catrin
Download Presentation

SharePoint Apps for the IT Pro

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Thomas Vochten SharePoint Apps for the IT Pro #spsnl 2014

  2. ABOUT ME Thomas VochtenSharePoint MVP. Platform architect. Speaker. Trainer. Involuntary DBA. Consultant at Xylos. V-TSP at Microsoft. @thomasvochtenhttp://thomasvochten.com

  3. AGENDA • Introduction to Apps • Preparing the infrastructure • Apps Management • Apps Security

  4. INTRODUCTION TO APPS

  5. THE PROBLEM WITH FULL TRUST CODE (FTC) • Performance • Maintenance • Security • Upgrades • Supportability • …

  6. PREVIOUS ATTEMPTS TO FIX THE PROBLEM Custom code in Sandboxed Solutions is deprecated with SharePoint 2013

  7. MORE FRUSTRATIONS SharePoint developers felt, well… a bit left behind

  8. WELCOME TO THE CLOUD APP MODEL (CAM) • Apps don’t run on the SharePoint server • Can still interact with SharePoint • On-Premises and in the cloud • Free choice of tools, languages & platforms

  9. EVERYTHING IS AN APP

  10. THE NEW MICROSOFT ? http://officespdev.uservoice.com/ https://officeams.codeplex.com/

  11. TYPES OF APPS

  12. SHAREPOINT HOSTED APPS • Run in the browser • Use client side technologies only • Relatively easy • Can interact with the host web • Use an app web with a funky URL • On-Premises and in the cloud • AuthZ with user privileges

  13. PROVIDER HOSTED APPS • Bring your own hosting • Use any language or platform • Greater flexibility • Greater responsibility • Can interact with the host web

  14. PROVIDER HOSTED APPS

  15. AUTO HOSTED APPS • Web & Azure components are provisioned automatically • Can interact with the host web • Automagically provisioned provider-hosted apps

  16. APPS POSITIONING

  17. APPS USER EXPERIENCE

  18. SHAREPOINT STORE

  19. WHO DO YOU TRUST ?

  20. APP PROVISIONING • Timer job kicks in • App web is provisioned • Permissions are configured

  21. FULL PAGE Mimics SharePoint look and feel

  22. APPS UI COMPONENTS Ribbon extensions App Parts

  23. PREPARING THE INFRASTRUCTURE

  24. DEMO ENVIRONMENT • Single farm • Single content application pool • Single services application pool • Single content web application • Host named site collections • No host headers • SSL Everywhere

  25. “Host-named site collections are the preferred method to deploy sites in SharePoint 2013” From: TechNet

  26. Exploring the demo environment

  27. DNS PREREQUISITES • Choose your app domain • Request a wildcard or SAN certificate • Configure DNS with a wildcard record • Setup SharePoint & IIS to accommodate requests for your app domain

  28. CHOOSE AN APP DOMAIN • Unique domain • No subdomains please • You need one… perfarm!

  29. CERTIFICATES Wildcard Certificate *.contoso.com Wildcard Certificate *.contosoapps.com SAN Certificate *.contoso.com *.contosoapps.com Single web application Host named site collections No IIS host headers Multiple web applications IIS Host headers Routing web application for apps

  30. ROUTING WEB APPLICATION https://app-bdf2016ea7dacb.contosoapps.com/... DNS Lookup app-bdf2016ea7dacb.contosoapps.com Web App Host header: intranet.contoso.com Certificate Default Website No host header Default Website No host header Web App Host header: teams.contoso.com Certificate Routing Web App No host header WC Certificate

  31. ROUTING WEB APPLICATION https://app-bdf2016ea7dacb.contosoapps.com/... DNS Lookup app-bdf2016ea7dacb.contosoapps.com Web App No host header SAN Certificate

  32. ROUTING WEB APPLICATION • When you need to use IIS host headers • Web application without a host header • Contains no site collections • Delete/disable the Default Website in IIS • Consider multiple IP addresses • Use the same application pool identity as your content application pool

  33. SHAREPOINT PREREQUISITES Claims based authentication only Subscription Settings Service Application • Generates & manages App ID’s App Management Service Application • General settings • App licensing

  34. SHAREPOINT CONFIGURATION • Configure App domain • Configure App prefix • Configure App Catalog • Configure SharePoint Store settings

  35. CONSIDERATIONS • You can use multiple zones for your app domain (needs March 2013 PU)$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService$contentService.SupportMultipleAppDomains= $true $contentService.Update() iisresetNew-SPWebApplicationAppDomain-AppDomain <AppDomain> -WebApplication <WebApplicationID> -Zone <Zone> -Port <Port> -SecureSocketsLayer • Use SSL… everywhere!

  36. Configuring infrastructure for Apps

  37. SIMPLE, RIGHT? • Your environment is now ready to host SharePoint Hosted Apps • Office365 can use provider hosted apps without extra configuration • Connecting on-premises farms to provider hosted apps requires additional configuration!

  38. APPS SECURITY

  39. SECURITY BASICS • User principals vs App principals • Authentication vs Authorization SharePoint 2013 can authenticate Apps!

  40. APP AUTHENTICATION • Internal AuthenticationIt just works • External Authentication using S2S Trusts • External Authentication using OAuth

  41. AUTHENTICATION FLOW

  42. APP PERMISSIONS • Granted by user approval • All or nothing • Default permissions (like app web control)

  43. LOW TRUST VS HIGH TRUST • Low trust apps need ACS as trust broker (via Office365) • High trust apps need Server To Server trust (no need for Office365)

  44. LOW TRUST VS HIGH TRUST You might need to open firewall ports towards ACS

  45. KERBEROS? Sorry, something went wrong

  46. SAML AUTHENTICATION Identity provider should support: • Wildcard return URL • Wreply parameter ADFS 2.0 does not, ADFS 3.0 does

  47. SUMMARY • Apps are good for you • Don’t underestimate infrastructure impact • Understand the security model of apps • Strongly consider using host named site collections • Use SSL - Everywhere!

  48. QUESTIONS ?

  49. #spsnl @thomasvochten

More Related