1 / 13

SP2013 app infrastructure and configuration and isolation

SP2013 app infrastructure and configuration and isolation. Vesa Juvonen Principal Consultant Microsoft. Infrastructure configuration for SP Apps. Wild card DNS entry for app domain Apps service application and subscription service created in environment hosting SP apps

ilya
Télécharger la présentation

SP2013 app infrastructure and configuration and isolation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SP2013 app infrastructure and configuration and isolation Vesa Juvonen Principal Consultant Microsoft

  2. Infrastructure configuration for SP Apps • Wild card DNS entry for app domain • Apps service application and subscription service created in environment hosting SP apps • SharePoint application for routing the incoming requests to app DNS entry • App catalog created for Apps for SharePoint to enable end users to utilize apps http://*.apps192.168.x.x

  3. DNS configuration on-premises • Define wildcard DNS entry for apps • *.appscontoso.com or something similar • Notice that it’s recommended to create own domain, not use just sub domain due security reasons • Configure app address in SP side using Central Admin or PowerShell • One address per farm • PowerShell cmdlet’s • Get-SPAppDomain • Set-SPAppDomain

  4. App configuration for on-premises farm • Ensure that App service application and subscription service are created and running in farm • Apps will be hosted on own domain • Leverages web browser same-origin policy for script isolation • URL naming – each app has unique URL – one app – one = URL • http://default-appUID.appscontoso.com • appUID – combination of unique identifier for site collection and particular SPWeb where app is installed app1 SharePoint site main SharePoint site tenant-uniqueID.appdomain http:// /appname/etc http://intranet.contoso.com http://default-9ac5d88f52de26.appscontoso.com/TrafficCameras/pages/default.aspx

  5. Enterprise deployments – Single Farm Setup SharePoint Farm http://my.contoso.com192.168.1.2 http://intranet.contoso.com192.168.1.2 http://teams.contoso.com192.168.1.2 192.168.1.2 No Host Header192.168.1.2 NLB APP DNS:*.contosoapps.com = 192.168.1.2 http://default-87e90ada14c175.contosoapps.com

  6. 4 • 5 • 1 • 3 • 2 Enterprise deployments – Follow The Request SharePoint Farm Request Gets Picked Up • 192.168.1.2 • Not using a Host Header so listens to all requests • SharePoint routes and serves from appropriate web app 192.168.1.2 5 *.contosoapps.com = 192.168.1.2 NLB ? APP DNS http://default-87e90ada14c175.contosoapps.com

  7. https://*.contosoapps.com192.168.1.2 https://*.teamapps.com192.168.1.2 Enterprise deployments – Multi-farm options Corporate Farm Collaboration Farm http://intranet.contoso.com192.168.1.2 http://mysite.contoso.com192.168.1.3 http://teams.contoso.com192.168.1.3 192.168.1.2 192.168.1.3 NLB NLB APP APP

  8. DNS vs. IIS configuration http://my.contoso.com192.168.0.3 http://intranet.contoso.com192.168.0.3 http://teams.contoso.com192.168.0.3 Host name – intranet.contoso.com IP Address – unassigned Host name – teams.contoso.com IP Address – unassigned Host name – unassigned IP Address – unassigned Host name – mysite.contoso.com IP Address – unassigned http://*.contosoapps.com192.168.0.3 192.168.0.3 APP

  9. Extranet with split-back-to-back with split DNS SharePoint Farm NLB DMZ Corporate SSL Certification *.appcontoso.com App domain: appscontoso.com Example: https://default-10d7ae858e96d0.appscontoso.com/eventapp

  10. Get app to site collection • All site content provides functionalityto add apps • Both SharePoint store and corporate catalog visible from single place • Users can add Apps to be available at the site • Apps can request permissions, which depending on implementation for operations using oAuth

  11. Design Considerations for App infrastructure • You should always use SSL on web applications if you are using SharePoint Apps • Access tokens are included with requests, blocks cookie replay attacks • Your app domains should not be child domains • If your web apps are *.contoso.com, do not make app domain *.apps.contoso.com, instead make it something like *.contosoapps.com • Dedicated app domain is more secure with certain browsers • Apps for SharePoint on web applications using SAML authentication have special requirements on the FedAuth server/identity provider that most don’t support today • SharePoint Apps do not support multiple zones (i.e. AAM); all requests are served out of the default zone • Apps for SharePoint are however fully supported in Secure Site Access and host header site collections model which is the recommended approach for all deployments • You need to ensure that application pool account used for ”routing” application has sufficient permissions to other SharePoint applications • Easiest way to achieve this is to use same application pool account cross web applications

  12. Demo Apps in details Installation, deployment, usage, configuration…

  13. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related