Sunday, 18 October 2015

SharePoint 2016 Preview (Public Beta 1) on-prem Notes

Disclaimer:  This notes I made from workshops, what I have heard and the Unity Conference in Amsterdam 12-14 Oct 2015.  A lot of this information is from the workshop with Neil Hodgkinson and Spencer Harare), this is my takeaway summary.

Notes for Sp2016:
  • Same HW req as 2013.  Farm servers min still Mem 12-16 CPU x64 1x4 Disk, Disk 80GB
  • Pre-reqs: Win 2012 R2, Win Mgmt Framework 3.0 gives us DSC, .NET 4.5.2 ..., DSC can be used to pre-bake the VM image.
  • Same DB rules as recommended by MS, loosing dbs from 2013;  No new DBs, need SQL 2012 or 2014 (except project Server DB which is not part of SP).
  • Need Win 2012 standard or higher, not web edition, also dev can support windows 10
  • Still no support for VMWare dynamic memory
  • End-point encryption for SMTP
 - Upgrades and Patching
  • No Foundation edition, SP2013 found to Sp2016 Server
  • Path SP2013 > SP2016
  • SC must be in 15 mode to upgrade
  • Service Apps need to go SP2010 > SP2013 > SP2016
  • SP2010 to SP2016 need to go to 2013 RTM baseline
  • Changed patching, smaller packages and fewer restarts
  • PSConfig not locking farm, can run multiple psconfigs and lower/zero down time patching (with HA farms)
 - Roles & Services
  • Consider moving low impact services onto the traditional WFE role, keep the long running/batch processing (Crawl, search, MTS,  et al) on the app servers.
  • WFE (Access services, SSS, Subscription Services, UPS)
  • Distributed Cache has a quorum so need 3 not 2 for NA.
  • Health Analyser rule for min role enforcement:  Puts min role in the correct state.
  • Min Role does not manage the search topology
  • Watch, switching min roles as index would be lost unless it is replicates (2 instances of each index)
  • Services in Farm overrides the starting of services in the Min Roles,  so can never start "Request Management" in the "Services in Farm" but still use "Distributed Cache" min role.
  • Can always switch min roles "Convert server role" or create custom roles (watch as needs multiple instances to keep running and index could disappear).
 - Key Thresholds for 2016:
  • CDB sizing
  • 100K SC per CDB
  • Max file size 10GB
  • Search index up to 50 million items
  - User Profile Sync:
  • UPS Sync (FIM) is not Microsoft Identitiy Management (MIM)
  • 2 modes: Active Directory Import (light weight, not useful for most large enterprise clients, e.g. Can't import pics or use BCS) or MIM 2016
  • AD Import: faster than 2013, can only use AD, no profile picture. 
  • MIM 2016 was FIM - Standalone product, only using the sync engine part for SharePoint (free if only use this service, does need Win 2012 and SQL Server licence)
  • Using MIM management agent map AD properties to SP user Profile properties
  • Syncing is driven by MIM not by SharePoint (UPS sync)
- What's New:
  • Post to yammer from SP2016 doc library
  • Improved integration
  • Image and Video Preview (changed)
  • Doc Lib accessibility (improved keyboard short cuts, VI user experience improved)
  • SC creation faster on SP Site template using SPSite.Copy
  • Project Server is part of the SP binaries/install, project server using it's own project db and adds 4/5 tables to the content database.  Project Server affects 3 DB (Project db, content db and config db)
  • Save and share email attachments in SP2016

- Release Dates
  • Preview = Beta 1 Aug 2015
  • Beta 2 RC  = +- Nov/Dec 2015
  • RTM Q1/Q2 2016

Thursday, 15 October 2015

Hybrid Search 2016 Notes

Hybrid Search (Also applies to SP2013):  Mixing on-prem and SPO results
  • Search can add all crawls into a single index within SharePoint online (historically we have had to use Search Federation to try combine result sets).
  • Index is help on SPO.
  • Crawls done on SP2016, 2013 and maybe 2010 are pushed into an Azure queue which in turn is combined onto the SPO index (I believe the Index is encrypted as rest in SPO)
  • Dir Sync is required between on prem AD and Azure AD 
UnityConnect Conference 2015 Amsterdam Search session - Architecture of Hybrid Search

Sunday, 13 September 2015

SharePoint 2013 Workflow options - notes

Overview:  There are a lot of workflow options and each of the solutions lend themselves favourably to different circumstances.  In this post I look at the more common options around workflow for SharePoint.  The 3 options I'm exploring are: K2 blackperl, Nintex and SP2013 WorkFlow Manager.  Also note that existing SP2010 workflow still exists and is an option if your business has workflows on the platform already or you have this skill set available.  There are other products but these are the main stream options.

So each of these products has their place and suit different organisations.  This post is my opinion and I am not a workflow expert and show my thoughts on when I would favour 1 of the approaches.

Licencing:  WorkFlow Manager does not have the licencing costs.  Nintex has a server and CAL licencing model and K2 has a server licencing model.

Skills:  what are your existing in-house skills.  If you already have K2 or Nintex expertise it makes these products far more attractive.

Size:  How big is your organisation, how complex are the workflows, how many workflows and how often do they change shall influence the workflow option to select.

SharePoint 2013 WorkFlow Manager
  • SharePoint Designer 2013
  • Ideal for simple or medium complexity workflow processes
  • Limited to a pre-defined set of activities and actions
  • Relatively quick and easy to configure
  • Custom workflow development through Visual Studio
  • Can implement state-machine workflows
  • Supports custom actions/activities
  • Supports debugging
  • Ideal for modelling complex processes
  • Requires a developer
  • Workflow Manager
  • High Density and Multi-Tenancy
  • Elastic Scale
  • Fully Declarative Authoring
  • REST and Service Bus Messaging

  • On-premise and cloud workflows – but cloud workflows do not allow custom actions
  • Nintex uses the SharePoint workflow engine
  • Easy to create Nintex workflows (good tooling) but not so easy to upgrade and maintain if complex – they require a proper dev environment if workflows require changing
  • Tight coupling with SharePoint – so upgrades need to be planned. Some workflows have broken after upgrade.
  • Can create custom activities but these are limited to constraints imposed by Nintex design surface
  • More suited to State machine workflows using reusable custom modules and user defined actions.
  • Nintex uses its own database which you will need intimate knowledge of when it comes to performance issues.

K2 – technology agnostic – best suited if SharePoint is only a part of your technology snapshot, some folks consider K2 a BPM product.
  • Off box WF hosting:  Allows for increasing the number of blackperl servers and no resource overlap, flexible licencing model as it is server based
  • Well tried and tested workflow engine
  • Good reporting and troubleshooting
  • Excellent SOA layer (SmartObjects) with multiple products.  This is more an EA feature as it can be a great way to create an SOA.  Allows API to connect to custom SQL, CRM, SAP, Web Services.
  • Proven advanced tooling, good visual tooling (not as good as Nintex IMHO)
  • Cost is relatively high, support costs are extensive, need to pay for dev and pre-prod licence
  • Not based on the latest MS workflow engine
  • Not easy for end users to build WF (despite marketing noise)
  • Setup and monitoring is specialised and will require advanced K2 expertise
    Difficult to back out of product
  • Tooling requires training and breaking out of OOTB features requires a high level of expertise and dependency on K2
  • Support tended to be patchy with technical knowledge


K2 is a good product if you need to build an SOA layer for integration, are prepared to install correctly (cost) and maintain.  You shall need dedicated workflow people to create the workflows.  So in the right circumstances it has it’s place.

Thursday, 20 August 2015

Non Functional Testing for SharePoint

Work in Progess...

Overview:  Functional Requirements are the business requirements that the business define for the application being built.  Non-functional testing is concerned with performance, reliability, scalability, recovery, load,  security and usability testing.  For SharePoint it is a good idea to test this at a platform level and then verify the individual application non functional testing is appropriate.

A nice diagram explaining the various testing caucus's (Source Guru 99):

SharePoint Non Functional Testing:
All of these test should be performed against your various SharePoint platforms and will dictate the SLA's offered to the business using SharePoint as a service.  Baseline testing is a good idea as the differences can be used to determine the efficiency of the individual application being created.


Sunday, 16 August 2015

FedAuth Notes for Problem Solving

Overview:  These are my notes on FedAuth relating to SharePoint 2013.
SharePoint (SP) 2013 uses Claim Based Authentication (CBA).  In this example I am looking at SiteMinder (a CA product) as the Federation Service (this is the equivalent to ADFS (Active Directory Federation Service) as the Identity Provider (IdP)). 
Basic Flow of SP CBA Authentication:
  1. SP looks for a FedAuth cookie, it is does not have a FedAuth cookie for the users, it shall redirect the user to login via the IdP (SiteMinder/ADFS). 
  2. The IdP returns a valid SAML token to SharePoint's STS.
  3. The STS generated a FEDAUTH cookie for the user to hold the current users session lifespan state (to keep the user log in).  User holds the STS token not the SAML token.  The FedAuth in is a pointer to the SAML token held in the SharePoint Token Cache.
The default behavior of SharePoint is to store the FEDAUTH cookie on the user’s disk, with fixed expiration date. The expiration of the FEDAUTH cooking can be for a fixed time or a sliding session (if the user interacts with SP, the SP session is extended).  FedAuth can be stored on the Disk (default or in memory (not persisted between broser close downs). 

Note:  Changing where the cookie is stored affects the way the user shall login and effects Office application login such as Word.  Test thoroughly before changing)

Note:  Watch the IdP providers expiration policy vs what you setup in SP.  As an example, you could remove a user from the IdP, however the session is still persisted and the user can still interact with SharePoint.   From MSDN "Make sure that the value of the LogonTokenCacheExpirationWindow property is always less than the SAML token lifetime; otherwise, you'll see a loop whenever a user tries to access your SharePoint web application and keeps being redirected back to the token issuer." 

Note: Closing a browser window with the FEDAuth stored to Disk does not invalidate the SharePoint session.

SharePoint Authentication and Session Management
Remote Authentication for SharePoint Online (RTFA)
Why IE and Office work together in SP
Adding, removing SP claims and managing security using claims  and NB! also
Logout of SharePoint

Saturday, 11 July 2015

Machine Translation Service for SP2013

Overview:  I have never use Machine Translation Services (MTS) and this post is my discovery of the Service.  These are my summarised notes.
  • Setup a MTS on the farm
  • Configure MTS on the farm
  • The Server/servers running the MTS need internet access as the need to connect to Microsoft Translator.
  • Used to translate word documents, html documents and plain text.
  • MTS has a single database
  • There is a length restriction of translations so long word document won't translate.  This can be amend in your MTS configuration but 500,000 characters is the default max translation length.
  • Full APIs: Server side Object model, or CSOM and REST API's. 
More Info:

Saturday, 4 July 2015

Provisioing Site Collections on-prem using the Tenant Admin API

Problem: Ability to provision Site Collections without using Server Side code.  Use CSOM and the Tenant Admin APIs.  This is a follow on the post: Provisioning Site Collections using CSOM (read it 1st).  Thanks to Sachin Khade, Frank M (check) and Alex N R (check) has given me his time to understand this:
I have reduced the Tenant Admin process into the least amount of steps that works.

The steps are:
Perform on an existing Web Application
Run the PS Script below:
  1. Create SC using a team site site template STS#0
  2. Set the AdministratorSite Type = TenantAdministrator
  3. Add ProxyLibrary that add the TenantAdmin dll
  4. Attach the Proxy to the existing Web Application
  5. Enable SelfServiceCreation on the Web Application
  6. IISReset

  • Using the C# console create new site collections using the Tenant Admin API
PS Script

# The first section contains the variables you need to specify based on your needs
$webapp =  get-spwebapplication # My Web application (already exists)
$url = "" # Tenant Admin Site Collection used for provisioing (does not exist)
$WebsiteName = "Tenant Admin"
$WebsiteDesc = "Tenant Admin Site"
# better to use the site template "tenantadmin#0" using the team site site template "sts#0" causes
# an error msg (SubscriptionId can't be null), both work but you get less admin options # for provisioning.
$Template = "STS#0" 
$PrimaryLogin = "radimaging\psmith"
$PrimaryDisplay = "Paul smith"
$PrimaryEmail =
# Create a site collection and top level website
New-SPSite -Url $url -Name $WebsiteName –Description $WebsiteDesc -Template $Template -OwnerAlias $PrimaryLogin –OwnerEmail $PrimaryEmail
$web = Get-SPWeb $url

#Set the TenantAdmin SC
$site = get-spsite -Identity $url
$site.AdministrationSiteType = [Microsoft.SharePoint.SPAdministrationSiteType]::TenantAdministration
$newProxyLibrary = New-Object "Microsoft.SharePoint.Administration.SPClientCallableProxyLibrary"
$newProxyLibrary.AssemblyName = "Microsoft.Online.SharePoint.Dedicated.TenantAdmin.ServerStub, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
$newProxyLibrary.SupportAppAuthentication = $true
Write-Host "Successfully added TenantAdmin ServerStub to ClientCallableProxyLibrary."
# Reset the memory of the web application
Write-Host "IISReset..."   
Restart-Service W3SVC,WAS -force
Write-Host "IISReset complete."