MCT USE ONLY. STUDENT USE PROHIBITED Planning a Service Application Architecture 2-11 • The Security Token Service Application. This service manages authentication by acting as a broker for SharePoint 2010. It can support multiple authentication providers. Most of these services are self-descriptive, such as Excel Services and Access Services. However, there are some services that are important for your design but have less obvious roles. The following list describes these service applications: • Secure Store Service. This service provides single sign-on (SSO) proxy functionality. This is essential if you want to use the Business Data Connectivity Services to access line-of-business (LOB) servers seamlessly for users. • Managed Metadata Service. This service provides the capability to create and store the taxonomy information, such as document metadata, that is used throughout SharePoint 2010. This is a core function for many other services. • User Profile Service. This service provides social networking functionality, such as user profile import and People Search. • Business Data Connectivity Services. This service provides read and write access to LOB data sources. This is essential for deployments that must deliver composite application functionality to users. • State Service. This service provides temporary storage of user session data for SharePoint Server components. MCT USE ONLY. STUDENT USE PROHIBITED 2-12 Designing a Microsoft® SharePoint® 2010 Infrastructure Service Application Security Model Key Points SharePoint 2010 has updated its security model to offer claims-based authentication. There have also been changes that affect the service applications. Core to this is the fact that service applications use WCF to communicate between services. Although this does not change the user experience, it provides improved performance and security flexibility. It also supports Secure Sockets Layer (SSL) transports. The service application architecture enables you to isolate services from one another. You can achieve this at service instance, application pool, and database levels, depending on whether your service uses databases. If your business requires more rigorous security for applications, you can design your solution so that the service applications are separated, to ensure that users of a service application do not share any components with other users. Hosting companies or organizations that want to use multi-tenancy to separate divisions or departments can still share most service applications. This is because these applications are designed to be capable of multi-tenancy. You can also isolate service applications in a multi-tenancy environment. MCT USE ONLY. STUDENT USE PROHIBITED Planning a Service Application Architecture 2-13 These service applications can store tenant data and can be partitioned: • Subscription Settings (not actually partitioned) • User Profiles • Managed Metadata • Business Data Connectivity • Search • Secure Store • Word Automation • Project These service applications do not store tenant data, and do not support Partition Mode: • State • Access Database • Visio Graphics • Word Viewing • PowerPoint • Excel Calculation These service applications can store tenant data, but cannot be partitioned: • Web Analytics (site-based) • Usage and Health Data Collection (site-based) These service applications cannot be partitioned, and consequently do not make sense in multi-tenant environments: • PerformancePoint • FAST for SharePoint MCT USE ONLY. STUDENT USE PROHIBITED 2-14 Designing a Microsoft® SharePoint® 2010 Infrastructure Service Application Dependencies Key Points Not all services are entirely self-contained, so you must review possible service dependencies when you plan your logical architecture design. This was not an issue with Office SharePoint Server 2007, because the services were implemented in a monolithic design. However, with the granular framework in SharePoint 2010, it is now possible to deploy dependent service applications without enabling core service applications. Dependent service applications will not function as expected— and may not function at all—without the required platform services in place. Some dependencies are more obvious than others, such as that between functions such as People Search and the User Profile Service. If you do not have the ability to import user information from external sources, such as HR systems, you will not be able to make the best use of People Search. Others are less obvious. For example, Excel Services is dependent on the State Service to provide temporary storage. The slide shows some common dependencies that will affect your service application planning. You may find papers on the Web that categorize service applications as core or foundation services and the framework as hierarchical. This MCT USE ONLY. STUDENT USE PROHIBITED Planning a Service Application Architecture 2-15 is not a description that is used directly in SharePoint 2010 documentation, but it does describe the functional design. The list on the slide is not an exhaustive list of dependencies. Question: Which two services are prerequisites for the Business Connectivity Services? MCT USE ONLY. STUDENT USE PROHIBITED 2-16 Designing a Microsoft® SharePoint® 2010 Infrastructure Benefits of Service Applications Key Points As you have already seen, the new service application architecture in SharePoint 2010 provides a number of benefits. When you start to plan to provide for business functionality, you must ensure that you take advantage of the options for deploying service applications. Listed below are some overarching benefits that you should remember: • Granular deployment. You should identify the Web applications where users require service application functionality and design that is based on a principle of minimal deployment. • Flexible configuration. You can provide scalability in your design by ensuring that you provide the right configuration of instances to maximize performance and resilience. Round robin load balancing is an integral feature of SharePoint 2010 service applications, and it is a major benefit when you design for multiple instances. MCT USE ONLY. STUDENT USE PROHIBITED Planning a Service Application Architecture 2-17 • Delegated administration. You can minimize central IT overheads and provide more effective local management by delegating administration of service applications. This capability means that local administrative users can provide first line support, but it is essential that you plan training as part of your design. • Shared services across Web applications. You can share service applications across Web applications. This enables you to create requirement-specific service application instances to provide greater performance, perhaps by scaling up servers that host these services. Rather than deploying across all Web applications, SharePoint 2010 enables you to develop designs that share service applications only between Web applications where users need specific services. For example, you may share a Managed Metadata Service between Web applications that share common taxonomies. You can extend this to provide multiple Managed Metadata Service instances to deploy a common taxonomy for the entire organization, with Web application–specific taxonomies. This is functionality that is unique to the Managed Metadata Service. • Shared services across farms. You can also design your solution to share service applications across farms. This is called publishing a service application. You can design a solution that installs one farm’s application proxy on another farm and point it to a universal resource indicator (URI) location. MCT USE ONLY. STUDENT USE PROHIBITED 2-18 Designing a Microsoft® SharePoint® 2010 Infrastructure Lesson 2 Service Application Architecture and Components For a solution architect, it is important to understand the options for service application design. It is also important to understand how the structure of the farm topologies in an organization can benefit from the various topology options for service applications. Many service applications integrate with external data, so a solution architect must also understand how the SSO options that the Secure Store Service offers can benefit a design. Objectives After completing this lesson, you will be able to: • Describe the workflow of a service application. • List the components of service applications. • Describe the logical architecture of service applications. MCT USE ONLY. STUDENT USE PROHIBITED Planning a Service Application Architecture 2-19 • Describe the options for cross-farm service application sharing. • Explain the requirements for service applications that need to consume external data. MCT USE ONLY. STUDENT USE PROHIBITED 2-20 Designing a Microsoft® SharePoint® 2010 Infrastructure Service Application Workflow Key Points Service applications deliver service functionality to users. When a user triggers a service request from a browser, the request—such as a keyword search—is sent through the WFE server, which may be preceded by a hardware network load balancer. The WFE server sends a request through to the application server that serves the service application. The service application architecture in SharePoint 2010 enables multiple servers to deliver instances of the same service application, so there is a software load balancer that routes requests to the appropriate server. All communication uses WCF, so there is no direct access to the service application databases. By default, communication between Web servers and service applications in a farm takes place by using HTTP (port 32843), but you can select either HTTP (port 32843) or HTTPS (port 32844). Third-party companies that develop service applications can also implement NetTcpBinding (port 32845) to provide high-performance communications with WCF clients. NetTcpBinding is generally the best option for services operating inside a firewall, such as on an . PROHIBITED 2 -12 Designing a Microsoft SharePoint 2 010 Infrastructure Service Application Security Model Key Points SharePoint 2 010 has updated its security model to offer claims-based authentication applications can store tenant data, but cannot be partitioned: • Web Analytics (site-based) • Usage and Health Data Collection (site-based) These service applications cannot be partitioned, and. PROHIBITED 2 -16 Designing a Microsoft SharePoint 2 010 Infrastructure Benefits of Service Applications Key Points As you have already seen, the new service application architecture in SharePoint 2 010