Hybrid SharePoint Server 2019 Demystified

Hybrid SharePoint Server 2019 Demystified


Thomas Vochten

December 05, 2019


  1. 1.
  2. 3.

    Agenda • Why go for a hybrid setup? • Hybrid

    capabilities walkthrough • What do I need? • Configuration overview
  3. 5.

    Move to the cloud at your own pace • Innovation

    is cloud-first • Hybrid is just an intermediate step, migrate at your own pace • You will end up in the cloud eventually • All “modern” hybrid features are one-way towards the cloud
  4. 6.

    The Hybrid Prerogative Customers building On Premises environments today: •

    Will be using one or two Hybrid scenarios from “launch” (e.g. OneDrive, Search), or • should do so with Hybrid in mind (and a plan in place!) On-Premises deployments • Are with us for the long haul • Migration is the end goal, but not for ALL content/services • Some workloads and/or legacy services are not fit for purpose in the cloud
  5. 7.

    Deployment Plan, plan, plan! SharePoint remains a relatively complex product

    It is essential to understand components and services prior to deployment KISS – Keep It Simple, … Complex/ large farm deployments are the biggest cause of • operational pain • Upgrade and migration hassles • adoption blockers
  6. 8.

    Overview of hybrid capabilities • Hybrid OneDrive & Profiles •

    Hybrid Sites • Hybrid App Launcher • Hybrid Taxonomy & Content Types • Hybrid Auditing • Hybrid Self Service Site Creation • Hybrid Search • Hybrid B2B Extranet
  7. 12.

    What it is not • User Profile Synchronisation or Import

    from On-Premises • Existing content will not be migrated You might want to migrate additional properties that are not synced by AD Connect User Profile Batch Update API http://thvo.me/pnpuserupdate
  8. 15.

    What does it provide? • Hybrid OneDrive & Profiles +

    Sites that you follow on-premises appear in Office 365 Classic mode only 
  9. 16.

    What it is not • Nothing to do with the

    Site itself! • A site that is magically spread across on-premises and online • Provisioning of on-premises or online sites Online On-premises
  10. 19.

    Hybrid App Launcher • Pin custom apps to the App

    Launcher in online • See them appear in on-premises
  11. 21.

    Hybrid Taxonomy (aka Metadata) • Copy your existing on-premises term

    store to the cloud (Optional) • SharePoint Online becomes the “master” • Changes in on-premises will be overwritten • GUIDs will be retained
  12. 22.

    Taxonomy & Content Types • Grant your farm account full

    control permissions on the term store • In the term store itself, not the MMS • Watch the timer jobs! Taxonomy Groups Replication Content Type Replication • PowerShell to copy your on-prem termstore/ctypes to the cloud: Copy-SPTaxonomyGroups Copy-SPContentTypes
  13. 23.

    Limitations • Synced items can still be deleted (will be

    recreated upon next job run) • Your on-premises term store can still be changed (which can cause problems!) • Does not do site-collection scoped taxonomy, only central metadata • You need to make the farm account a term store administrator in on- premises • SharePoint on-premises can have 1000000 items in a term store, SharePoint Online can "only" have 200000 • Reusing a term in on-premises can’t be replicated to the cloud
  14. 24.

    Hybrid Content Types • Create content types online • Subscribe

    to them from on-premises • Uses the content type hub
  15. 29.

    Query Federation • Separate result blocks • Maximum 10 results

    • Without ranking and relevance integration • No refiners • Complex for inbound scenario’s
  16. 33.

    Tip | IsExternal managed property All on-premises content is tagged

    with a new managed property: IsExternalContent
  17. 34.

    Additional scenario’s for hybrid search • Geo-distributed environments all using

    the same index • eDiscovery & compliancy features are based on search • Archiving and migration scenario’s
  18. 35.

    Hybrid Search - Limitations • Windows AuthN only! • No

    internet, no search • Limited customization options No entity extraction No content enrichment Other SPO search limitations • No good central administration integration • No dashboard of your online index search health
  19. 36.

    Hybrid Search - The Cost Hybrid search is free, …kind

    of 1 million on-premises items per 1 TB of pooled storage in SPO
  20. 38.

    Establishing a trust relationship All hybrid scenarios are based upon

    the key elements of service interaction within a SharePoint environment: • Farm trusts • Server to server (S2S) trusts • Claims identity and user profiles There are configuration aids to avoid most of the complexity
  21. 40.

    User Profiles are paramount For pretty much anything to work

    a Profile must be present For things to work well, the Profile should be accurate and up to date. Has always been the case, but amplified considerably by any Office 365 deployment • Hybrid “doubles down” on this, as you have two profiles • Aim is to be as consistent as possible between the two
  22. 41.

    Active Directory as the master source • With any Office365

    deployment, it is best to master source identity with Active Directory • An (enterprise) Office 365 deployment is a long term commitment to identity integration with Azure AD • For those whom AD is not the master source of identity: • Strategy should be to move away from the legacy model • Tooling available (Connectors for MIM) to address in the medium term • Adds significant complexity and operational cost
  23. 42.

    Hybrid features vs SharePoint versions Table inspired by work by

    Nico Martens Feature SP 2013 SP 2016 SP2019 Federated hybrid search RTM RTM RTM Cloud hybrid search 01/2016 CU RTM RTM Hybrid app launcher 07/2016 CU RTM RTM Hybrid OneDrive & Profiles 09/2015 CU RTM RTM Hybrid Sites 07/2016 CU RTM RTM Hybrid Taxonomy 11/2016 CU FP1 (11/2016 CU) RTM Hybrid Content Types 06/2017 CU 06/2017 CU RTM Hybrid Auditing (preview) N/A FP1 (11/2016 CU) N.A. Hybrid self service site creation 03/2017 CU 11/2017 CU RTM MySite creation defaults to OneDrive for Business 10/2017 CU N/A RTM
  24. 44.

    Getting ready for a hybrid setup • Decent internet connectivity

    (duh) • Office 365 Enterprise subscriptions • SharePoint Admin account for on-premises • Global Admin account for Office 365 SharePoint Admin is not enough! Modern AuthN is supported
  25. 45.
  26. 47.

    «Modern» hybrid is outbound only SharePoint Online Internet Microsoft data

    center Intranet Microsoft Office 365 tenant SharePoint • Search: Cloud Hybrid Search One-way outbound • Hybrid OneDrive • Hybrid Team Sites SharePoint Server 2013/2016/2019 Outbound (HTTPS 443) Inbound
  27. 48.

    Advantages of “Modern” hybrid topologies • Relatively easy to configure

    • Mainly configured through wizards (& a little PowerShell) • New hybrid scenario’s can easily be added to On-Premises • No need for certificates, reverse proxy, public IP Address, DNS • Works with SharePoint 2013, 2016 and 2019
  28. 50.
  29. 51.
  30. 52.
  31. 53.
  32. 54.
  33. 56.

    Visible changes to your farm Registered trust certificates On-Premises cmdlets:

    Get-SPTrustedSecurityTokenIssuer Get-SPTrustedRootAuthority Azure cmdlets: Get-MsolServicePrincipal
  34. 57.

    Caution! Enabling hybrid features can break • Provider hosted add-ins

    • Workflow Manager trust Always use the latest scripts & wizards provided by MSFT! Workaround: configure hybrid first, or re-establish trusts http://thvo.me/hybridsearchfixtrust
  35. 59.