Microsoft SharePoint 2013 Platform Options

What BDMs and architects need to know about Office 365, Windows Azure, and on-premises deployments
SharePoint in Office 365 Hybrid with Office 365 Windows Azure On Premises
Overview SharePoint Farm Windows Server Active
Directory and DNS On Premises
On Premises
On premises
On premises
Subscription Subscription Active
Web servers Directory
AD 1 AD 2 Active
Active SharePoint Online SharePoint
WFE 1 App SQL 1
SharePoint Online Directory Directory
Server 2013
Application
Cloud Service servers
80/443 WFE 2 App SQL 2
Directory Sites Sites
synchronization
Windows Azure VPN Tunnel
Reverse
proxy WFE 3 All databases Dedicated application
Windows Azure Active Search Search Cloud Service servers for search
Directory Tenant portal portal components
Virtual Network Windows Azure

Gain efficiency and optimize for cost with Office 365 Combine the benefits of Office 365 with an on-premises Take advantage of the cloud while maintaining full control You own everything.
multi-tenant plans. deployment of SharePoint 2013 of the platform and features.  Capacity planning and sizing.
 Software as a Service (SaaS). Choose which features to integrate.  Windows Azure is a platform that provides the infrastructure and app  Server acquisition and setup.
 Rich feature set is always up to date. services needed to host a SharePoint 2013 farm.  Deployment.
 Includes a Windows Azure Active Directory tenant (can be used with other Users can see search results from both environments.  Infrastructure as a Service (IaaS).  Scaling out, patching, and operations.
SharePoint Search
applications).  Best native cloud platform for SQL Server and SharePoint.  Backing up data.
Extranet users can log in remotely with an on-premises Active
 Directory integration includes synchronizing account names and passwords Directory account and use all available hybrid functionality.  Computing resources are available almost immediately with no  Maintaining a disaster recovery environment.
between the on-premises Active Directory environment and the Windows commitment.  Customizations are not limited.
Azure Active Directory tenant. Business Connectivity From SharePoint Online: Users can perform both read and  Focus on applications, instead of datacenters and infrastructure.
Services
 If single sign-on is a requirement, Active Directory Federation Services can write operations. The BCS service connects to an on-premises  Inexpensive development and test environments.
SharePoint Server 2013 farm. The BCS service configured on
be implemented.  SharePoint solutions can be accessible from the Internet or only accessible
the on-premises farm brokers the connection to on-premises
 Client communication over the Internet through encrypted and OData Service endpoints. from a corporate environment through a site-to-site VPN tunnel.
authenticated access (port 443).  Customizations are not limited.
Duet Enterprise
 Data migration is limited to what can be uploaded over the Internet. Online
From SharePoint Online: Users can perform read and write
 Customizations: Apps for Office and SharePoint, SharePoint Designer 2013. operations against an on-premises SAP system.

Best for . . . 

Secure external sharing and collaboration (unique feature!).
Intranet — team sites, My Sites, and internal collaboration.
 Use Office 365 for external sharing and collaboration instead of
setting up an extranet environment.
 SharePoint for Internet Sites — Public facing sites. Take advantage of
Windows Azure AD for customer accounts and authentication.


In-country farms (when data is required to reside within a jurisdiction).
Complex BI solutions that must reside close to BI data.
 Document storage and versioning in the cloud.  Move My Sites (Sky Drive Pro) to the cloud to make it easier for users  Developer, test, and staging environments — Quickly provision and un-  Private cloud solutions.
 Basic public-facing website. to access their files remotely. provision entire environments.  Highly customized solutions.
 Start new team sites in Office 365.  Hybrid applications — Applications that span your datacenter and the  Legacy solutions with 3rd party components that depend on hardware
Additional features with Office 365 Dedicated Subscription Plans:
 Integrate an Office 365 site with on-premises BCS SharePoint cloud. and software that are not supported on Windows Azure IaaS.
 Microsoft data center equipment that is dedicated to your company or
environment.  Disaster recovery environment — Quickly recover from a disaster, only pay  Privacy restrictions that prevent synchronization of Active Directory
organization and not shared with any other organization.
for use. accounts with Windows Azure Active Directory (a requirement for Office
 Each customer environment resides in a physically separate network.
 Farms that require deep reporting or auditing. 365).
 Client communication across an IPSec-secured VPN or customer-owned
 Web analytics.  Organizations that desire control of the entire platform and solution.
private connection. Two-factor authentication is optional.
 Data encryption at rest (data is encrypted in the SQL databases).
 ITAR-support plans.

License requirements Subscription model, no additional licenses needed Office 365 — Subscription model, no additional licenses needed.
On premises — All on-premises licenses apply.


Windows Azure subscription (includes the server operating system)
SQL Server


Server Operating System
SQL Server
 SharePoint 2013 Server License  SharePoint 2013 Server License
 SharePoint 2013 Client Access License  SharePoint 2013 Client Access License

Architecture tasks  Plan and design directory integration. Two  Acquire third-party SSL certificates to In addition to tasks for both the Office 365 and on-premises environments: Design the Windows Azure network Design the SharePoint environment in Design the SharePoint environment in an
environment: Windows Azure: existing on-premises environment:
options (either option can be deployed on provide enterprise-security for Office 365  Determine how much feature integration
 Virtual network within Windows Azure,  SharePoint farm topology and logical  SharePoint farm topology and logical
premises or in Windows Azure): service offerings. is desired and choose the hybrid topology.
 Password sync (requires one 64-bit  Plan the tenant name, design site. including subnets. architecture. architecture.
See this model poster: Which hybrid
 Domain environment and integration with  Windows Azure availability sets and  Server hardware.
server). collection architecture and governance. topology should I Use?
on-premises servers. update domains.  Virtual environment, if used.
 Single sign-on (requires ADFS and  Plan customizations, solutions, and apps  If required, determine which proxy server
 IP addresses and DNS.  Virtual machines sizes.  Load balancing.
multiple servers). for SharePoint Online. device will be used.
 Affinity groups and storage accounts.  Load balanced endpoint.  Integration with Active Directory and DNS.
 Ensure network capacity and availability  Decide if you want to connect to Office
 External Endpoints for public access, if  Design the disaster recovery environment.
through firewalls, proxy servers, gateways, 365 by using the Internet Protocol 6 (IPv6)
desired.
and across WAN links. — not common.
 Design the disaster recovery environment.

IT Pro  Ensure user workstations meet Office 365

client prerequisites.
 Implement the directory integration plan.
 Create and assign permissionsto site
collections.
 Implement customizations, solutions, and
In addition to tasks for both the Office 365 and on-premises environments:
 Configure the proxy server device, if  Configure the integration of chosen
Deploy and manage the Windows Azure and SharePoint environment:
 Implement and manage the Windows  Increase or decrease virtual machine sizes,
Deploy and manage the SharePoint on premises environment:
 Provision servers.  Backup the SharePoint environment.

responsibilities
required. features: search, BCS, Duet Enterprise Azure network environment. as needed.  Deploy the SharePoint environment.  Implement the disaster recovery
 Plan and implement internal and external apps for SharePoint Online.  Configure the hybrid identity Online.  Deploy the SharePoint environment.  Backup the SharePoint environment.  Update SharePoint farm servers. environment and protocol.
DNS records and routing.  Monitor network availability and identify management infrastructure: SSO and  Update SharePoint farm servers.  Implement the disaster recovery  Add or remove farm servers as needed
 Configure the proxy or firewall for Office possible bottlenecks. server-to-server authentication between  Add or shut down virtual machines as environment and protocol. based on farm utilization.
365 IP address and URL requirements. the two environments. needed based on farm utilization.

Three Make-Sense Workloads to Move to Windows Azure

1 Office 365 + Directory Components in Windows Azure 2 Public-facing Internet Site + Windows Azure AD for Customer authentication 3 On-premises Farm + Disaster Recovery in Windows Azure
Deploying Office 365 directory integration components in Windows Azure is faster due to the ability to deploy Take advantage of the ability to easily scale to demand by placing your Internet site in Windows Azure. Choose a disaster recovery option that matches your business Cold standby
Virtual Machines on-demand. Use Windows Azure Active Directory to store customer accounts. requirements. Windows Azure provides entry-level options for  The farm is fully built, but the VMs are
stopped (you re only paying when they re
companies getting started with disaster recovery, as well as advanced running!).
Directory synchronization server only options for enterprises with high resiliency requirements.  Maintaining the environment includes
Windows Azure advantages for Internet sites
Instead of deploying the 64-bit directory synchronization server in your on- starting the VMs from time-to-time, patch,
 Pay only for the resources you need by scaling the The configuration of zones and authentication is important for Internet-facing sites.
premises environment, provision a virtual machine in Windows Azure instead update, and verify the environment.
number of VMs based on farm utilization.
(illustrated right). On Premises
On Premises  Start the full environment in the event of a
On premises  Add deep reporting and Web analytics.
disaster.
 Focus on developing a great site rather than building
Directory synchronization + Active Directory Federation Windows Azure Active Directory Tenant
Subscription infrastructure. Warm standby
Services Web servers  Includes a small farm that is provisioned and
This option allows you to support Office 365 federated identities (single sign- SharePoint Online
Active Windows Azure Active Directory Active SharePoint Disaster running.
Directory SharePoint Farm
on) without adding hardware to your on-premises infrastructure. It also Windows Azure AD provides identity management and Directory Recovery Environment  The farm can immediately serve a few
WFE 1 WFE 1
provides resiliency if the on-premises Active Directory environment is access control capabilities for cloud services. Capabilities Zone: Internet Zone: Default Application
thousand users in the event of failover.
servers
unavailable. include a cloud-based store for directory data and a core Anonymous NTLM for Crawl  Scale out the farm quickly to serve the full
 Directory integration components reside in Windows Azure. set of identity services, including user logon processes, Authenticated Windows Auth SQL 1 SQL 1 App App user base.
Windows Azure VPN Tunnel VPN Tunnel
 AD FS is published to the Internet through AD FS proxies in Windows Directory authentication services, and Federation Services. The
Visitors and SQL Server Log Shipping
Azure. Windows Azure Active synchronization identity services that are included with Windows Azure AD
 Client authentication traffic, for users that are connecting from any Directory Tenant customers Cloud Service
Cloud Service Hot standby
easily integrate with your on-premises Active Directory Site developers Databases
Virtual Network and authors A fully-sized farm is provisioned and running
location, is handled by AD FS servers and proxies that are deployed on deployments and fully support third-party identity Windows Azure Virtual Network Windows Azure
on standby.
Windows Azure. providers.

© 2013 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at [email protected].