Print | posted on Monday, June 14, 2010 2:43 AM
Introduction
This, the third part of the Rational Guide article on multi tenancy walks through the example scenario which future articles use to show how to build out the multi tenant capabilities of SharePoint Server 2010. I will also highlight the key features in action, providing an overview of what multi tenancy brings to a SharePoint 2010 deployment.
If you haven’t checked out the previous parts, I strongly encourage you to review them. I won’t repeat information and I assume you have read the previous parts, which are:
- Feature and Capability Overview
- Planning your Deployment
- Example Scenario and what Multi Tenancy brings to the party (this article)
- Configuring the base Infrastructure
- Configuring Partitioned Service Applications
- Provisioning Tenants
- Testing the Functionality
Example Scenario
In order to provide end to end coverage of all the key aspects of multi tenancy with SharePoint 2010, I’ve constructed an example scenario. This is pretty simple, I’ve designed it to only focus on the multi tenancy features and to avoid extraneous details. Whilst I have attempted to make this scenario as appropriate for real world deployments as possible, please remember that it is a contrived example for the purposes of explaining the capabilities. So if you want to replicate it, do so at your own risk!
All you need to run through the article series is a SharePoint Farm consisting of a single server. My rig for producing this is a single SharePoint Server, a SQL Server, and a Domain Controller. You could do it all on one box, but I prefer to separate them. Of course in the real world we’d have more than one SharePoint box, but this isn’t an article on Farm Topology.
I have a single farm, which I’ve named “Hosting Farm”. Within the farm I am running some base services, and all of the Service Applications that can be partitioned. These services are:
- Managed Metadata
- Business Data Connectivity
- Secure Store
- Search
- User Profiles
- Word Automation
I have a single Proxy Group containing these services and a single Web Application, which will contain all of my tenant (customer) site collections. I have chosen to use Host Named Site Collections for my customers. See part two for the reasoning behind this choice. I have three customers hosted, each of which use a different set of features, they are:
- Microsoft (Enterprise Features)
Microsoft are the big daddy, we all know that. Their users are also more savvy and into cool things like KPIs so on. They are also the customer that has wads of cash to pay for the enterprise features. - Oracle (Standard Features)
Oracle are a little bit into SharePoint (you know it!). They need ECM, WCM mainly to figure out what to do with all their acquisitions (hint: bin them!). But despite being all OLAP, they ain’t ready for real business intelligence. - Apple (Foundation Features)
Apple make toys. Nice looking toys mind. Apple don’t really do enterprise software. It’s more of a iWork thing you dig? They ain’t ready for proper SharePoint, and they kinda are shy about admitting they use it to track super secret product specs and so on. Of course if they were serious about all those rumour sites, they’d have some IRM or whatever.
Note: It should be obvious, but the above is a lame attempt at humour. I’m not serious about the above statements, this is a fictitious scenario! :)
That’s it! That’s all we need to demonstrate the multi tenancy features of SharePoint Server 2010. This example scenario is shown below (click the image to view at full size):
What does Multi Tenancy bring to the party?
Before we start looking at how to set up all this goodness let’s take a tour through the capabilities offered by the various components of a multi tenant SharePoint 2010 deployment.
People Picker
Once we configure a Site Subscription with the appropriate OU in Active Directory, we can only search for and view the users in that OU hierarchy:
Microsoft People Picker
Oracle People Picker
Just to prove the point, here is the Apple people picker searching for “MS” which of course matches the five users in AD, but they are not displayed to the Apple site subscription:
Apple People Picker
This seems simple, and it is, but it’s very important. Not being able to see other customer’s users is paramount to any multi tenant system. This underlines the importance of designing your AD implementation appropriately.
Tenant Administration
If we wish we can deploy a Tenant Administration site, which allows our customers to manage their own settings and create site collections.
Tenant Admin Home Page
Manage Site Collections
New Site Collection
By deploying Tenant Admin sites for our customers, we can allow them to manage their own settings and create sites without calling us. All of these actions will be constrained by settings we configure at the Farm level. As it’s just a site collection, tenant administration is fully extensible. There is significant scope for additional functionality in here depending on what you wish to allow tenant admins to do in your deployment.
Feature Packs
Feature Packs allow us to assign certain features to tenants. This is extremely powerful. In this example I map the three customers to the three “SKUs” of SharePoint. We can be much more granular than this, but this is the classic example.
Take a look at the tenant admin site for Microsoft again, this time focusing on the System Settings area:
Microsoft Tenant Admin
Compare that to the Tenant Admin site for Apple:
Apple Tenant Admin
Because the Apple Site Subscription has the SharePoint Foundation features mapped using a Feature Pack, they don’t have options for InfoPath, Metadata, User Profiles, and so on. Note that not all features are feature pack aware!! You will see InfoPath options available to both Standard and Enterprise feature packs.
Feature packs are much more useful than just for admin settings though. Check out the Site Collection features of a Apple Member Site:
Apple Member Site Features
Not much happening in here, lets add a Web Part to the home page:
Apple Add Web Part
Compare that to those for the Oracle (Standard) sites:
Oracle Add Web Part
Here’s the new site collection page for Microsoft (Enterprise):
Microsoft new Site Collection
And here’s the same page for Oracle (Standard):
Oracle new Site Collection
Pretty sweet huh? All we’ve done is assigned feature packs to customers, no heavy lifting to control which features are available to different customers in the same farm (they are in the same web application). I know a few large enterprises who are salivating at the prospect.
Managed Metadata (MMS)
Managed Metadata is uber cool. One of the best bits of new stuff in SharePoint 2010. And it works flawlessly in multi tenant deployments. When we deploy Managed Metadata in partition mode, it cannot be managed thru Central Admin. Our combo box of Service Application Proxies will be empty:
CA Term Store Management
However if we manage the Term Store from any Member Sites we will get effectively a different Term Store for each customer. Microsoft are big on changing the name of a product every few years, so they are using MMS for keeping track of them:
Microsoft Term Store Management
Oracle on the other hand are not into innovative branding exercises and are busy buying every software company on the planet:
Oracle Term Store Management
Apple don’t really have a need for Managed Metadata, they are simply a toy company. Of course these term sets are available in member sites as managed metadata columns and so on. It all just works, but the important thing is that Oracle can’t see Microsoft’s terms and vice versa. The data is partitioned, but stored in a single service application and database. Sweet! :)
But wait, there’s more. On a per customer basis we can configure a Content Type Gallery and consume Content Types in member sites:
Microsoft Content Type Publishing
Oracle Content Type Publishing
Now that, you have to admit is pretty nice. When we configure MMS as partitioned, our Content Type Hub option in the Service Application Properties disappears, as a “global” value no longer makes sense. We configure the Content Type Gallery on a per tenant basis.
Business Data Connectivity (BCS)
Next up is BCS – we can partition this bad boy. Once again, when we do we can no longer manage it via Central Administration:
CA BCS Management
But once again, when we manage it from Tenant Admin, we can see the BCS data for that tenant only:
Microsoft BCS Management
Oracle BCS Management
Apple BCS Management
Yup, even Apple uses BCS – they need to keep track of other company names they are about to steal, so they track this in a flat file on a Unix server and use BCS to surface it into SharePoint!
Nice! BCS seamlessly and securely working across multiple customers in the same application.
Secure Store Service (SSS)
BCS is all very well, but most of those nasty legacy systems that underpin your business likely don’t do Windows Authentication, or some snazzy “new” claims based chunk of XML goop. Even if they did support Windows AuthN, how likely is it your internet users are gonna be doing Kerberos? Thought so. That’s where SSO comes in. This can also be partitioned. Once we deploy it we must create a Encryption key before Tenant Admins can create applications. We do this as normal in Central Admin, but notice the other buttons are disabled:
Central Admin SSS Management
Customers can create their own isolated applications from Tenant Administration:
Microsoft SSS Management
Oracle SSS Management
See the trend here? Good isn’t it?!
SharePoint Server Search
Search (“regular” SharePoint Server Search, not that FAST fanciness) can also be partitioned. There is no Tenant specific settings for Search. We don’t even need to add our host named site collections to the content source manually anymore (SP2010 fixes this automatically).
Edit Content Source
As long as the web application hosting our host named site collections is in the content source, (it is by default) everything just works.
Here we are in a Microsoft member site searching for “lorem”:
Microsoft Search Results
The same search in a Oracle member site returns no hits:
Oracle Search Results
Poor old Apple only have Foundation so they can only search within the current site:
Apple Search Results
Search results returned are based upon the site subscription, we will never see hits from another customers corpus, even though there is a single content source. There is some more search related multi tenant magic, but that will be a topic for a future post.
User Profiles (UPA)
All those cool new “web 2.0” social features in SharePoint 2010 rely on the UPA. UPA can be partitioned and when it is, we see a subset of the capability in Central Administration:
Central Admin UPA Management
Notice far less options, more on that in a bit. We have two tenants displayed – Microsoft and Oracle. We also have an audience automatically created for each customer. From here we can configure things that make sense “globally” to the farm, such as Synchronization Connections and schedules.
The real magic happens in the Tenant Administration:
Microsoft UPA Management
Notice 7 profiles and we can configure other social related settings here on a per tenant basis.
Oracle UPA Management
This time with 5 profiles.
This is extremely powerful. Whilst the basic social features are trivial, the User Profile Synchronization configuration allows us to have a single OU for each customer. Similar to Search we only need one Sync Connection which is configured globally, but we can have different property mappings for user profiles for each customer. Indeed we can even choose to do a different direction on a property. Perhaps Microsoft do Sync, whereas Oracle do plain import. We can also configure My Sites for each customer, all within a single Web Application, or if we need to for scale reasons on different ones.
Partitioned UPA is a very, very impressive capability.
Wrap Up
Hopefully this quick tour of the various multi tenancy capabilities in SharePoint Server 2010 has wet your appetite, it really is a very exciting area. In the next installment I will finally show you the money, and take you through configuring the base infrastructure for multi tenancy on SharePoint 2010. Stay tuned!
.