MULTI-TENANCY SharePoint 2010
Agenda Multi-Tenancy in SharePoint 2010 Multi-Tenancy 구성 Database Data Architecture Site Subscription Multi-Tenancy 설치방법 Windows server 2008 R2, MSSQL-Express, SharePoint 2010 Enterprise Server WindowsAuthProvider NTLM, Kerberos Claims-Based Authtication SharePoint Services(Application & Proxy) PartitionMode Demo
Multi-Tenancy of SharePoint 2010 Hosting Tenant 데이터, 서비스, 기능, 관리페이지의분리 자원의공동사용 Multi-Tenancy 구성 Farm, Web Application, Site Subscription, Site Collection
Hosting 구성 Hosting Company (Farm Administrator) 하드웨어및 Farm 레벨세팅관리 Database 설정관리 기능및솔루션설치관리 Tenant 관리자페이지관리 Hosted Company Administrator (Tenant Administrator) 사용공간및기능, 그리고대역폭구입 Customer Sites 구성관리 Tenant 세팅설정 Customer Sites 용량관리 Hosted Company (Site Administrator) Site Collection 의소유 사이트세팅설정 사용량관리
Multi-Tenancy 구성 Company 1 Company 2 SharePoint Farm Web Application 1 Site Subscription 1 Site Subscription 2 Admin Site Site Collection 1 Site Collection 2 Site Collection 3 Admin Site Site Collection 1 Site Collection 2 Site Collection 3
Multi-Tenancy Data Architecture Separate Databases Shared Database, Separate Schemas Shared Database, Shared Schema
Separate Databases Tenant 1 Tenant 2 Tenant 3 장점 단점 확장성백업및복구의간결함 유지장비및백업비용증가하드웨어장비비용증가서버에서지원하는 DATABASE 개수의제약보안및수정의추가비용발생
Shared Database, Separate Schemas Tenant 1 Tenant 2 Tenant 3 장점 확장성 하나의데이터베이스에많은 Tenants를확보할수있음 비용이저렴단점 Schemas가서로달라복구실패시복구의어려움
Shared Database, Shared Schema TenantID Name Address 000001 abc abc 000002 TenantID Product Name 000001 abc abc TenantID Doc Name 000002 000001 abc File 1 000002 abc File 2 장점 가장적은하드웨어및백업비용 가장많은 Tenants 가하나의 DB 공유 단점 추가적인개발의필요 ( 지역보안 ) 백업복구실패시복구의어려움 많은양의데이터로인한속도저하
Tenant 구성방법 각각의 Tenant 는고유한 Web Application 을가짐 장점 Web.config 를가질수있음 관리자의위임이가능함 분리된프로세스 단점 컴퓨터의자원을많이사용함 각각의 Tenant 는같은 Web Application 에서하나또는그이상의 Site Collection 을가짐 (Site Collection 들은 Subscription ID 로그룹화됨 ) 장점 확장성 단점 Web.config 를공유함
비용및선택 비용
비용및선택 선택
SharePoint 2010 Database Size 항목 추천사이즈 ( 추천하는최고사이즈 ) 리스트아이템 5,000 라이브러리당문서 10,000,000 데이타베이스사이즈 200GB ( 최고 1TB) 동시문서편집사용자수 10 ( 최고 99) Content Databases 300 웹서버당 Application Pools 10 Web Application당 Site Collection 500,000
Site Subscription SiteCollection 모임 관리자페이지 SiteCollection 관리 Services, Settings, Features - Foundation, Standard, Enterprise GUID 로관리됨 Only PowerShell / Object Model 한번 SiteCollection 이 SiteSubscription 에추가되면 SiteColection 은변경될수없음
Tenant Administration 중앙관리의특정기능을위임받아관리함 Tenant에만적용됨 서비스관리자 SiteCollection 관리자
Multi-Tenancy 설치방법 Multi-Tenancy 설치는 PowerShell Script를이용한다. 설치순서 Database 설치 SharePoint 2010 설치 SharePoint Web Apps 설치 PowerShell 을이용한설치 Farm 설치 제공되는기능설치 (ResourceSecurity, Services, Features, Help ) Services 설치 SiteSubscription 생성및사이트생성
Multi-Tenancy 설치방법 Farm 설치 New-SPConfigurationDatabase -DatabaseServer $databaseserver -DatabaseName $configdatabase -AdministrationContentDatabaseName $admincontentdb -Passphrase $passphrase -FarmCredentials $farmaccount
Multi-Tenancy 설치방법 제공되는기능설치 Initialize-SPResourceSecurity Install-SPService Install-SPFeature -AllExistingFeatures Install-SPHelpCollection All Install-SPApplicationContent New-SPCentralAdministration -Port 8080 -WindowsAuthProvider Kerberos
WindowsAuthProvider : NTLM, Kerberos NTLM(NT LAN Manager) Windows Authentication 장점 간단한구성 도메인멤버가아니거나, 신뢰하는도메인이아니어도작동 단점 Domain Controller에매번접속해서응답요구 Domain Controller의 Traffic 증가 클라이언트인증을서버에서다른서버로전달불가 단일조직또는개인프로토콜
WindowsAuthProvider : Kerberos, NTLM Kerberos Ticket-Based Authentication 보안프로토콜 장점 안전한 Winsdows 인증프로토콜 클라이언트인증을다른서버로의전달가능 클라이언트와서버간인증지원 많은 Platform 과 Vender 에서의지원 단점 추가되는정보의요구 클라이언트 KDC(Key Distribution Center) 와의연결요구
Ticket-Based Authentication Key Distribution Center(KDC) Active Directory 의사용자정보이용 User KDC Network Services 1. TGT(Ticket to Get Tickets) 요청 2. TGT 반환 3. Service Ticket 요청 with TGT 4. Service Ticket 반환 Authentication Service(AS) Ticket Granting Service(TGS) 5. 인증요청 with Service Ticket 6. Client/Server Session
Claims-Based Authentication Claims 정보 (Name, Role, Age ) Token Claim 의모임 STS Security Token Service IDP Identity Provider Token Name Role Age
Claims, Tokens, STSs
Identity Providers and identity Libraries
Using Multiple Identity Providers
Federation Provider(FP)
Multi-Tenancy 설치방법 SPServices $upa = New-SPProfileServiceApplication -PartitionMode -Name $upaname -ApplicationPool $saapppoolname -ProfileDBName $upaprofiledbname -SocialDBName $upasocialdbname -ProfileSyncDBName $upasyncdbname New-SPProfileServiceApplicationProxy -PartitionMode -Name "$upaname Proxy" -ServiceApplication $upa -DefaultProxyGroup
SharePoint 2010 Services Service Applications 설명 데이터저장 Cross Farm Foundation Standard Enterprise Store Tenant Data Access Service Business Data Connectivity- Excel Services Application Managed Metadata Service- PerformancePoint 브라우저에서 Microsoft Access 2010 Database 를읽기, 수정하고, 상호통신가능 Cache 외부의데이터를자유롭게접근할수있음 (Metadata store) DB O O O O O 브라우저에서 Excel 파일을보고, 상호통신가능 Cache O O SiteCollection 간의 Content Types and Metadata 를공유함 Dashboards 와 Scorecards 데이터를사용자에게보여주는서비스 DB O O O O Cache Search- 검색서비스 DB O O O O Secure Store Service- State Service- Usage and Health Data Collection- Applications, Services 에접근할수있도록인증작업담당서비스 데이터베이스의 HTTP 요청과연관된임시데이터를저장하는공유서비스 DB O O O O DB O O Farm 의용량, 데이터를모집하고보여주는서비스 DB O O O O User Profile- 내사이트, 사용자프로필페이지를지원하는서비스 DB O O O O Visio Graphics Service 브라우저에서 Microsoft Visio 다이어그램을볼수있는서비스 Blob cache Web Analytics 과부하및방문자통계, 그리고보고서를제공하는서비스 O O O O O O O Word Automation Services- 서버에서파일작업을할수있도록지원하는서비스 DB O O Microsoft SharePoint Foundation Subscription Settings Service- 파티션모드에서배포된서비스들의세팅및 Subscription ID 를기록하는서비스 DB O O O O
Multi-Tenancy 설치방법 SiteSubscription, Site 생성 $ssub = New-SPSiteSubscription Set-SPSiteSubscriptionConfig -id $ssub -FeaturePack $sfp -UserAccountDirectoryPath "OU=000222,OU=Customers,DC=sdsgw,DC=com" New-SPSite -url "http://www.abc.com" -SiteSubscription $ssub -HostHeaderWebApplication $webapp - owneralias "admin@abc.com" -owneremail "admin@abc.com" -template sts#0 New-SPSite -url "http://www.abc.com/admin" -SiteSubscription $ssub -HostHeaderWebApplication $webapp -owneralias "admin@abc.com" -owneremail "admin@abc.com" -template tenantadmin#0 - AdministrationSiteType TenantAdministration New-SPSite -url "http://www.abc.com/mysites" -SiteSubscription $ssub -HostHeaderWebApplication $webapp -owneralias "admin@abc.com" -owneremail "admin@abc.com" -template SPSMSITEHOST#0 $upaproxy = Get-SPServiceApplicationProxy where-object {$_.DisplayName -eq $upaproxyname} Add-SPSiteSubscriptionProfileConfig -id $ssub -SynchronizationOU "000222" -MySiteHostLocation "http://www.abc.com/mysites" -MySiteManagedPath "/mysites/personal" -SiteNamingConflictResolution "None" -ProfileServiceApplicationProxy $upaproxy New-SPSite -url "http://www.abc.com/cthub" -SiteSubscription $ssub -HostHeaderWebApplication $webapp -owneralias "admin@abc.com" -owneremail "admin@abc.com" -template sts#0 $mmsproxy = Get-SPServiceApplicationProxy where-object {$_.DisplayName -eq $mmsproxyname} Set-SPSiteSubscriptionMetadataConfig -identity $ssub -serviceproxy $mmsproxy -huburi "http://www.abc.com/cthub" -SyndicationErrorReportEnabled Enable-SPFeature -Identity ContentTypeHub -url "http://www.abc.com/cthub"
DEMO Feature Packs 생성 SiteSubscription 생성 Admin Page 생성 내프로필 Page 생성 Managed Metadata Site 생성