This second article in my Rational Guide series focuses on the capabilities in SharePoint 2010 which enable the delivery of hosting environments. Hosting is finally a first class citizen in SharePoint 2010, however there isn’t a great deal of material out there on this subject. This article will:
- walk through the problem space
- discuss the features of SharePoint 2010 that enable multi-tenant environments
- provide a step by step guide to setting it all up
- give general recommendations for those looking to deliver hosting platforms based on SharePoint 2010
For those who attended my breakout session on multi-tenancy at the SharePoint Evolution conference in London during April, this article can be used as its companion.
Rational Guide to Multi Tenancy with SharePoint 2010
PowerShell for SharePoint 2010 rocks. No, really it does. You hate it at first, but then it’s all pure goodness. But boy, does the UI SUCK! Crap for productivity, crap for demos, just about crap for anything other than lame jokes about old skool shell scripting.
Sure, there are funky PowerShell GUIs out there, but they appear to cost money. The good news is Windows ships with it’s own IDE. This thing is called an ISE – prey how much do marketing people get paid?
Anyway – that’s what I’ve been using for all my demos to show the PowerShell stuff that I do. Better than a command prompt. Trouble is this bad boy doesn’t load the SharePoint cmdlets, so you have to do that before working with SharePoint.
The good news is you can add the guff necessary to load the DLL in a PowerShell ISE profile. It’s a very basic thing, but you may find it useful. To set it up, use the following PowerShell. This one is a user profile, you can change this to be a machine wide one if you wish (refer to this article).
# creates a local user powershell ISE profile
if (!(test-path $profile ))
{new-item -type file -path $profile -force}
# opens it for edit
psEdit $profile
# copy the following into the new file and save it
cd 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\CONFIG\POWERSHELL\Registration'
.\SharePoint.ps1
cd \
# now everytime you run powershell ise as the same user - it will load the SP cmdlets automatically on start up
Happy ISEing!
Yalls may be playing around with Service Application Federation with SharePoint 2010 with the shiny new SharePoint Server 2010 bits. This federation is also called publishing and consuming service applications, but as I’m spending a lot of my time of late in PowerPoint, I’m using the buzzword for the time being.
However, with the RTM bits there is a fundamental missing piece that is not currently documented on Tech Net.
Of course you need to exchange and install the necessary certificates as detailed here. However in order to make it work the consuming farm must have permissions to the publishing farm’s Topology service app, otherwise it will fail with the following error:
"Unable to connect to the specified address. Verify the URL you entered and contact the service administrator for more details.”
In your ULS logs you will see the following slightly more helpful detail:
An exception occurred when calling SPTopologyWebServiceApplicationProxy.EnumerateSharedServiceApplications on service https://SERVERNAME:32844/Topology/topology.svc : System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
To grant the permissions necessary, on the consumer farm, run the following PowerShell:
(Get-SPFarm).Id
Copy the output (a GUID of course!). On the publishing farm run the following PowerShell – replacing <farmid> with the guid from above:
$security = Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity
$claimProvider = (Get-SPClaimProvider System).ClaimProvider
$principal = New-SPClaimsPrincipal -ClaimType http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid -ClaimProvider $claimProvider -ClaimValue <farmid>
Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"
Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security
Now you're cooking with gas, you will be able to see the consuming farm's claim in the permissions dialog for the Topology service app. And now you can connect to the published service from the consuming farm. hopefully TechNet will be updated soon.