188  CHAPTER 7 UNderstaNdiNg the service aPPlicatioN architectUre 18. Click OK. 19. Click the service application name so that it is highlighted in yellow. 20. You can choose whether or not to include this service application in the default service appli- cation group. When you are done, click OK. 21. Now you can accept the default connection name or enter your own. When you are finished, click OK. 22. At the success screen, click OK. You can now work with the service application just as if it were part of your farm. The first time you work through this process, take your time; it is very easy to make a small mistake that causes yourself hours of troubleshooting. MULTITENANCY IN SHAREPOINT 2010 No conversation about service applications would be complete without digging into the multi- tenant capabilities that have been built into SharePoint 2010. Under normal circumstance, the multi-tenant discussion usually pertains to hosted environments where a SharePoint farm is providing services to any number of different companies. But as you will see in this section, the concepts of multi-tenancy apply very directly to the enterprise as well. Segmentation of Data and Processing In SharePoint 2007, the walls of security and the isolation of data and services fell along the lines of Web Application to Site Collections to webs (if you need a refresher check out the “Terminology” section Chapter 3). New to SharePoint 2010 is the capability to create a new layer of segregation of data and services between the Application layer and the associated site collections. This segmentation is possible through the use of site subscriptions. Site subscriptions enable you to group together site collections that are part of the same web application. Site subscriptions are a logical group of site collections that can share settings (in the Subscription Settings database), features, and service data. Site Subscriptions are identified with a subscription ID. The subscription ID is used to map services, features, and sites to tenants, and to partition service data by tenant. Note the following characteristics of site subscriptions: A site can be a member of only one site subscription at a time. This prevents any conflicts  with licensing schemas. There is no Central Administration interface for managing site subscriptions. Management  must be handled through PowerShell, including creating, managing, and removing sites from a site subscription. Sites can only join a site group in the same web application as that specific site subscription.  Sites can’t join site groups associated with other Web Applications. Site subscriptions can span multiple content databases.  Multi-Tenancy in sharePoint 2010  189 Once you have a site subscription with associated site collections, they can now consume data from service applications. While this concept is not necessarily new, what is new is that some of these service applications can be provisioned such that their functions and data are kept separate from other tenants who may be consuming that service application. SharePoint 2010 refers to this type of service application as a partitioned service appli- cation. For instance, if Enterprise Search were provi- sioned as a partitioned service application and associated with two site subscriptions, then search results from customer A would never be returned to customer B. It should also be pointed out that no changes or additions are made to the number of databases required to support this capability. SharePoint merely segments the content within the single data- base (see Figure 7-16). Although nonpartitioned service applications can be created with Central Administration or PowerShell, the latter is required to provision a partitioned service application. When creating a partitioned service application in PowerShell, the addition of the –Partitioned switch is all that is required. Some service applications do not lend themselves to being partitioned, such as those that do not store user-specific data. Table 7-2 shows which service applications within SharePoint 2010 can be partitioned. TABLE 72 SharePoint 2010 Service Application Partitioning CAN BE PARTITIONED CANNOT BE PARTITIONED People Managed Metadata Business Data Connectivity SharePoint Search Secure Storage Service Web Analytics Usage and Health Data Connection Project\Subscription Settings Excel Calculates Services Access Services Visio Service Word Service Word Viewing PowerPoint State Service InfoPath Fast Search Another set of capabilities that was previously managed at the web application layer was Features. When a Feature was installed and activated at a Web Application layer, it was automatically available for activation at the Site Collection level. In SharePoint 2010 you can now group Features together into what are called Feature sets. Feature sets are logical groupings of Features that are then made available for activation to a site subscription by an administrator of that site subscription. Single Content Database Partitioned Data HR Data Legal Data Department Data FIGURE 716 190  CHAPTER 7 UNderstaNdiNg the service aPPlicatioN architectUre SharePoint 2010 is smart enough to prevent the use of Web Parts that are part of a service applica- tion that is not partitioned to a specific site in a site subscription. For instance, if the farm is built with SharePoint Server Enterprise but the site subscription does not have Enterprise Search available, then SharePoint will not make the Search template (and Web Parts) available for use by the end users. Once a site subscription is created and sites are associated with it, the sites are managed through a new site template called a Tenant Administration site. (It’s called this because a hosted customer (or department) is referred to as a “tenant.” The Tenant Administration site gives the administrator full administrative rights over the site collections, including permissions to create new sites if self-service site creation is enabled. Creating a Site Subscription When you are ready to start working with SharePoint in the Hosted mode, keep in mind that nearly all of your system administration will be done through PowerShell, as these new features are not built into the SharePoint Central Administration console. This is true for creating site subscriptions, feature sets, and partitioned service applications, and provisioning Tenant Administration sites. The PowerShell cmdlet to create a new site subscription is: New-SPSiteSubscription When building your site subscriptions, using variables for your commands will enable them to be reused and/or nested within other cmdlets. For example, to create and view a new site subscription, use the following: $SiteSub = New-SPSiteSubscription Once you have the subscription, you need to get the site collection(s) you want to add to the subscription into a variable. To add a single site collection to a variable use the following command: $TargetSite = get-spsite http://portal.contoso.com/sites/marketing To add all site collections within a web application to a variable, use this command: $TargetSite = Get-SPWebApplication http://portal.contoso.com | Get-SPSite Now that you have your site collection(s) in a variable, use the following command to add their subscription: $TargetSite | foreach-Object{set-SPSite -Identity $_ -SiteSubscription $SiteSub} To view all the site collections that are now part of the site subscription you would just type the name of the variable: (Get-spsitesubscription $SiteSub).sites From here you could create the Tenant Administration site using the PowerShell cmdlet new-spsite, making sure to identify the site template as tenantadmin#0: New-spsite –url http://portal.contoso.com/sites/tasite -template “tenantadmin#0” –owneralias domain\username –sitesubscription $SiteSub Multi-Tenancy in sharePoint 2010  191 As previously mentioned, site collections aren’t the only SharePoint artifacts that can be grouped; Features can be grouped into Feature sets. Another benefi t to site subscriptions is that usage analysis data and logging data is also segmented, like the user data. This enables the IT pro to troubleshoot and debug based on a specifi c site subscrip- tion. In addition, segmenting the usage data enables a hosting company or enterprise that’s using a charge-back model for IT services to charge according to usage based on data, processes, or number of users. Multi-Tenant Use Cases You should now have a basic understanding of the use of multi-tenancy in the traditional hosted services scenario. To summarize: A hosting company decides that they would like to be able to sell SharePoint services to their custom- ers. All of the customers will be different individuals or companies that want to ensure that their infor- mation is kept separate from the other sites that are hosted on the common infrastructure. Windows SharePoint Services (WSS) 3.0 included mechanisms to keep a customer’s content separate from other customer’s data, but what was lacking was the ability to separate processing and data from additional services like Enterprise Search. These customers would need to be provisioned using an STSADM command and be given site collec- tions that would be held in shared web applications. The hosting company was also bound to using WSS because of the common Shared Service Provider found in MOSS. One of the challenges that the SSP created in this specifi c scenario was with Enterprise Search. Enterprise Search was designed to index all content associated with that SSP. The query service would then provide results to users when requested. The challenge specifi c to this scenario is that there was the very real possibility of exposing customer A’s data to customer B via Enterprise Search as there we lacked the capability to segment the data based on site collection. Adding SSPs was not an option as there is a limit on the number of SSPs that can be provisioned in a single farm. SharePoint 2010 fi xes this through Service Application Partitioning. Partitioning creates very real boundaries between information and processing based on site subscriptions, making it impossible to expose customer A’s data to customer B. As previously mentioned, provisioning must be done when the service application and proxy are created. Now let’s apply the concept of partitioning to the enterprise. Partitioning in the Enterprise Just as it would in a hosted scenario, a large enterprise needs to handle data and services in ways similar to the Hosted world. Consider, for instance, managed metadata. There are terms within the organization that need to be controlled by one central group and consumed by the entire organiza- tion. There are also terms that ought to be defi ned and managed by individual corporate divisions or departments. The same holds true for Enterprise Search. A partitioned Enterprise Search service 192  CHAPTER 7 UNderstaNdiNg the service aPPlicatioN architectUre application would enable content from the General Council department to remain wholly separate from content from other divisions, as depicted in Figure 7-17. Unpartitioned People Site Excel Services Access Services Word Services Service Applications Partitioned Search Subscription Settings Site Site Site Site Site HR Application Pool Site Site Site Site Site Site Site Site Departments Application Pool Site Site Site Site Site Site General Council Application Pool Corporate Intranet Site Site Site Site Site Site MySites Application Pool FIGURE 717 The ability to segment this data and to create Feature sets gives both the multi-tenant hoster as well as the enterprise customer an opportunity to offer different tiers of services to their customers. The hosting company can provision a single farm and provide SharePoint Foundation, SharePoint Server Standard, and SharePoint Server Enterprise products. To take things one step further, they could also layer on additional third-party tools to enhance their product offering and more easily manage the provisioning and billing of those services. From the enterprise customer’s point of view, they can now provide multiple versions of SharePoint to their users on a single farm. For instance, only half of a company’s 10,000 employees may need SharePoint Foundation capabilities. The remaining user community may need SharePoint Server Enterprise features. Individual SharePoint farms can now have multiple licensing schemas associated with them in a way that is easier to manage and control. In this case, only 5,000 users would need SharePoint Server Enterprise licenses, while the remaining users would use SharePoint Foundation licensing — and all of this would be perfectly acceptable to Microsoft. summary  193 The additional capabilities provided by the service application architecture, as well as the partition- ing features available in SharePoint 2010, provide additional scalability previously not available in SharePoint. For instance, as Enterprise Search grows in content size and usage, it can now be segre- gated into its own SharePoint farm created for the purpose of providing Search services to the content farm(s). These types of farms, known as service application farms, provide services and data to other SharePoint farms; they are not directly consumed by users (see Figure 7-18). Site Site Site Site Site Site HR Application Pool Subscription Settings Services Content Farm Access Services InfoPath Services Word Services Excel Calc Services PowerPoint Services Site Site Site Site Site Site Site Site Departments Application Pool Site Site Site Site Site Site General Council Application Pool Site Site Site Site Site Site MySites Application Pool Enterprise Metadata Services Services Farm Multi-Farm Hosting People BCS Search Services Search Farm FIGURE 718 SUMMARY The new service application framework in SharePoint 2010 provides a vast improvement over the shared service provider model offered previously. This new paradigm for sharing resources and managing ser- vices is scalable, flexible, and robust. As a SharePoint administrator who needs to make your farm sing, it is relatively easy to scale from a small, simple farm all the way up to multi-server farms with just 194  CHAPTER 7 UNderstaNdiNg the service aPPlicatioN architectUre a few simple clicks of the mouse or taps of the keyboard. And when you start to feel like even all of that flexibility isn’t enough, you can also incorporate the use of multi-tenancy. Now that you are familiar with all of the options for connecting your web applications to service applications, even from remote farms, you can rest easy. Although SharePoint can be configured in a seemingly infinite number of ways, this chapter has described how you can harness and manage its impressive capabilities. You have Central Administration for the easy tasks, and a large set of Windows PowerShell cmdlets for when you need to take things to the next level or just show off how cool you really are. . to being partitioned, such as those that do not store user-specific data. Table 7-2 shows which service applications within SharePoint 2010 can be partitioned. TABLE 72 SharePoint 2010 Service. service application. SharePoint 2010 refers to this type of service application as a partitioned service appli- cation. For instance, if Enterprise Search were provi- sioned as a partitioned service. partitioned. TABLE 72 SharePoint 2010 Service Application Partitioning CAN BE PARTITIONED CANNOT BE PARTITIONED People Managed Metadata Business Data Connectivity SharePoint Search Secure Storage Service Web