Kako pravilno konfigurisati

SharePoint on-premises za

SharePoint Add-ins

(SharePoint apps)

Dragan Panjkov

MVP, K2

Agenda

• Konfiguracija farme

• Mogućnosti autorizacije add-ina

• Modeli arhitekture za provider-hosted add-ine

Problem

• SharePoint 2013 / 2016 => preporuka da se ne

koristi Server-Side Code (Farm Solutions)

• SharePoint Apps / SharePoint Add-ins su

preferirani način za razvoj i deployment custom

rješenja

• Neophodna je dodatna konfiguracija na

SharePoint farmi

Demo

• Add-in iskustvo za krajnjeg korisnika

Konfiguracija farme

1. DNS konfiguracijaa. Forward Lookup zona

b. CNAME Alias

2. Wildcard SSL sertifikat

3. Konfigurisanje SharePoint servisnih aplikacija a. Subscription Settings SA

b. App Management SA

4. Konfigurisanje add-on URL-ova

DNS konfiguracija

• Forward Lookup Zona

– u slucaju odvojenog domena (opciono)

• CNAME Alias

– „wildcard“

– Redirekcija svih zahtjeva sa app domenom (ili

poddomenom) na FQDN SharePoint farme

Wildcard SSL sertifikat

• Potreban je samo u slučaju ako su i

SharePoint i add-on konfigurisani za SSL

SharePoint Service Apps (1)

1. Pokrenuti neophodne servise

SharePoint Service Apps (2)

2. Konfigurisati Subscription Service app (PoSh)$account = Get-SPManagedAccount "<AccountName>"

# Gets the name of the managed account and sets it to the variable $account for later use.

$appPoolSubSvc = New-SPServiceApplicationPool -Name SettingsServiceAppPool -Account $account

# Creates an application pool for the Subscription Settings service application.

# Uses a managed account as the security account for the application pool.

# Stores the application pool as a variable for later use.

$appSubSvc = New-SPSubscriptionSettingsServiceApplication -ApplicationPool $appPoolSubSvc -Name SettingsServiceApp -DatabaseName <SettingsServiceDB>

# Creates the Subscription Settings service application, using the variable to associate it with the application pool that was created earlier.

# Stores the new service application as a variable for later use.

$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $appSubSvc

# Creates a proxy for the Subscription Settings service application.

SharePoint Service Apps (3)

2. Konfigurisati App Management Service app (PowerShell ili Centralna Administracija)$account = Get-SPManagedAccount "<AccountName>"

# Gets the name of the managed account and sets it to the variable $account for later use.

$appPoolAppSvc = New-SPServiceApplicationPool -Name AppServiceAppPool -Account $account

# Creates an application pool for the Application Management service application.

# Uses a managed account as the security account for the application pool.

# Stores the application pool as a variable for later use.

$appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolAppSvc -Name AppServiceApp -DatabaseName<AppServiceDB>

# Creates the Application Management service application, using the variable to associate it with the application pool that was created earlier.

# Stores the new service application as a variable for later use.

$proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc

# Creates a proxy for the Application Management service application.

Konfigurisanje add-in URL-ova

• PowerShell-om ili iz

Centralne Administracije

Set-SPAppDomain <appDomain>

Set-SPAppSiteSubscriptionName -Name "app" -Confirm:$false

Demo

• Kako izgleda konfigurisana farma

Low Trust Autorizacija• Microsoft preporučuje ovaj način autorizacije

• Prvenstveno namijenjena za add-ine koji su cloud-hostani

• Trusted Token Issuer je Azure Access Control Service

• Koriste se access-tokeni za autorizaciju

• Neophodna internet konekcija

• Add-ini se mogu objaviti na Office Store i instalirati na SharePoint Online (Office 365)

• Detaljna konfiguracija na https://github.com/OfficeDev/PnP-Tools/tree/master/Scripts/SharePoint.LowTrustACS.Configuration

Low trust

SharePoint Farm

Add-in Admin

End Users ACS

Registration of add-in

Verification of registration

Approve and publish

Remoteconnectivity

2

34 5

6

7

Server & Tenant Admin

1Associate server

to Office 365 tenant

Provider hosted add-ins

spapp_appnane.contoso.com

High Trust Autorizacija– Koriste se digitalni sertifikati

– Namijenjena za full on-premises okruženja

– Malo komplikovanija za konfiguraciju

– Nije neophodna internet konekcija

– Add-ini se ne mogu instalirati na SharePoint Online

– Detaljna konfiguracija na https://msdn.microsoft.com/en-

us/library/office/fp179901.aspx

– Konfiguracijske PowerShell skripte na

https://msdn.microsoft.com/en-us/library/office/dn579380.aspx

High trust (S2S)

SharePoint Farm

Add-in Admin

End Users

Registration of certificate

1

Server Admin

Provider hosted add-ins

spapp_appnane.contoso.com

Configuration of certificate

Approve and publish apps

2

7

6

4 5

3

Remote connectivity

Verification of certificate

Demo

• High Trust u DEV okruženju

Dijeljeno okruženje Najčešća konfiguracija

Svaki add-in ima svoj ASP.NET web sajt na dijeljenoj IIS farmi

Load balanced za visoku dostupnost

1

Different services used by add-ins

Network load balancer ASP.net applications hosted in IIS

Load balanced servers

https://spapp_app1.contoso.com

https://spapp_app2.contoso.com

https://spapp_app3.contoso.com

2

45

https://spapp_app3.contoso.com

3

Dedicated okruženje

Svaki add-on ima svoju ASP.net IIS aplikaciju na zasebnim serverima

Load balanced za visoku dostupnost

1

Different services used by add-ins

Network load balancer ASP.net applications hosted in IIS

Load balanced servers

https://spapp_app1.contoso.com

https://spapp_app2.contoso.com

https://spapp_app3.contoso.com

2

3 45

Izolovano okruženje

Za svaku organizaciju se projektuju zasebna okruženja projektovana ponaosob kao dijeljeno okruženje

1

Different services used by add-ins

Network load balancer ASP.net applications hosted in IIS

Load balanced servers

https://spapp_org2_app2.contoso.com

2

3 45

https://spapp_org2_app1.contoso.com

https://spapp_org1_app2.contoso.com

https://spapp_org1_app1.contoso.com

https://spapp_org3_app2.contoso.com

https://spapp_org3_app1.contoso.com

Za više informacija• Configure an environment for apps for SharePoint

(SharePoint 2013)

• Set up an on-premises development environment for SharePoint Add-ins

• Architecture models for SharePoint provider hosted add-ins in on-premises

• Office Dev PnP Web Cast – Provider hosted add-in infrastructure setup for SharePoint on-premises

• Patterns and Practices videos (Channel 9)

Ne zaboravite ispuniti upitnike.

Čekaju vas vrijedne nagrade!