Office Online Server Architecture Overview

Before we get start configuring Office Online Server, it’s important to understand the Office Online Server architecture in order to understand what we will install and configure in this chapter.

Office Online Server is in a way similar to SharePoint Server as we need one or more Office Online Servers to create an Office Online Server Farm. This farm can serve one, or multiple SharePoint, Exchange and Skype for Business deployments. In Figure 9-1, we can see an Office Online Server farm consisting of three servers that serve two different SharePoint Farms as well as an Exchange deployment and a Skype for Business deployment.

An Office Online Server Farm can be made accessible through two different URLs. We call the first one the Internal URL, and the second one the External URL as seen in Figure 9-2. The URLs can be either HTTP or HTTPS, and at least one of the URLs is mandatory. Office Online Server allows you to configure either the Internal URL, the External URL, or both. When configuring the Internal and External URLs, you have the choice to configure them either on HTTP or HTTPS. Since our SharePoint Server will use HTTPS, we will configure Office Online Server to use HTTPS as well. Securing your Office Online Server with SSL is extremely important, since the OAuth token is passed in a packet on the request, and you could be subject to a man-in-the-middle attack if that token is not secured. You can set up Office Online Server on HTTPS even if your SharePoint sites are running on HTTP.

To enhance security, you can block the ports that you do not use. For example, if your Office Online Server farm will be only made of one server and be accessible via SSL, you only need port 443.

Office Online Server supports the 64-bit versions of Windows Server 2012 R2 and Windows Server 2016. The Server with Desktop Experience feature needs to be enabled as Office Online Server cannot run on Windows Server core.

From a networking perspective, all the servers in an Office Online Server Farm must be in the same forest, and in order to use Business Intelligence Features, they must be in the same forest as the users who will use them.

Office Online Server must be installed on its own dedicated server. It can run on both Physical as well as in a Virtual Machine running on Hyper-V or VMware. Office Online Server cannot be installed on the same machine as Exchange, SharePoint, and Skype for Business, SQL, Domain Controller, or any server that has Office installed.

Furthermore, if you plan to open Office Online Server to the Internet for SharePoint or Exchange, you will also need a reverse proxy in order to securely make it available to external users.

If you plan to use SSL, the certificate must come from a trusted Certificate Authority and include the fully qualified domain name (FQDN) of your Office Online Server farm URL in the SAN (Subject Alternative Name). Furthermore, the FQDN of every server in your Office Online Server farm must be in the SAN of the certificate. The certificate we used in our book can be seen in Figure 9-3 and has office.cobaltatom.com as the Issued To, which is both our Internal and External URL and also has servers CALOS1 and CALOS2 in the SAN in their FQDN format.

Installing Office Online Server

Afterward, we need to activate the required Windows Server Features and Roles. This can be achieved with the following PowerShell script, which will require a reboot.

After all prerequisites are successfully installed, you can open the Office Online Server Setup.exe from the binaries you got either from MSDN or the Volume Licensing Center.

After accepting the terms, select where you want to install the Office Online Server binaries as seen in Figure 9-4.

Location of the log files as well as cache location can be specified later when creating the Office Online Server farm. Click Next, until you get a screen similar to Figure 9-5 indicating that the installation has finished.

With the installation of the Office Online Server binaries complete, it’s now time to install any Language Packs that you might want to offer to you users. For the Multilanguage UI to work, the language pack must be installed both on the Office Online Server, as well as on your host (SharePoint, Exchange, or Skype for Business).

Since our farm is not created at this point, installing Public Updates or Language Packs is as simple as starting the installer and clicking Next until it’s done. As Public Updates also include updates for the Language Packs, make sure to install the base Language Packs before installing Public Updates. By installing the base Language Packs before the Public Updates, all the language related updates in the Public Updates will be applied.

After your Office Online Server(s) are on the update level you want and have the required Language Packs for your business, it’s now time to create the Office Online Server farm.

Creating the Office Online Server Farm

Unlike most Microsoft products, Office Online Server does not have a user interface at all and the only way to manage it is by Windows PowerShell. Furthermore, unlike other Office Server products such as SharePoint, there is no “Office Online Management Shell” that you will find on your computer; the required module manage Office Online Server will be loaded by default every time you open PowerShell.

To create the farm, we need to run the New-OfficeWebAppsFarm PowerShell cmdlet. Office Web Apps is the old name of Office Online Server in the 2013 suite of Office Servers. You will see that most of the PowerShell cmdlets to manage Office Online Server still refer to Office Web Apps.

Before running the PowerShell to create our farm, there are a few things we need to plan. The first item to plan is what the URL will be that the consuming services (SharePoint, Exchange, or Skype for Business) will use to connect to the Office Online Server farm. From a SharePoint-only point of view, you could only have one URL if you want, since SharePoint can only use one of them, but not both. If you also plan to connect Skype for Business and Exchange to your Office Online Server Farm, they will sometimes need the External URL. A good example is when doing a Skype for Business meeting and sharing a PowerPoint presentation. Skype for Business will connect external users to the external URL of your office Online Server Farm. Something to consider is that to enable full functionality, the External URL must be accessible from the Internet. Some of the features are Document Previews from Outlook on the Web (formerly known as Outlook Web App), Skype for Business PowerPoint Presentations with external users, and document previews in Office 365 Search Results when using Cloud Hybrid Search.

While in this book we recommend SSL Bridging for security, Office Online Server also supports SSL Offloading. SSL Offloading is not recommended because the traffic between the Load Balancer and your Office Online Server will not be encrypted, and you can be subject to a man-in-the-middle attack. If you plan to use SSL up to the Office Online Server, either by using pass through or SSL bridging on your Network Load Balancer, make sure to import the certificate into IIS on every server of your Office Online Server Farm. Make sure the certificate has a Friendly Name in IIS, as that’s what we will need to use in our PowerShell cmdlet.

This certificate must also be trusted by the SharePoint Server Farm. If the certificate is from a Certification Authority such as DigiCert that is included by default in the Root Certification Authorities in Windows, it will work without doing any special configurations. However, if using a Self-Signed Certificate or an authority that is not in the root authority cert store by default, make sure to add it as a trusted certificate in the SharePoint Central Admin ➤ Security ➤ Manage Trust. Make sure to add the root certificate and not the end Certificate. You can view an example in Figure 9-6.

After running the command, PowerShell will configure everything needed to get the farm configured. To validate the configuration was successful, point your DNS A record or host file to the server you just configured the farm on and navigate to the Internal or External URL + /hosting/discovery. In this case that URL would be https://office.cobaltatom.com/hosting/discovery/ . If everything works as planned, you should see an XML file similar to Figure 9-7.

Where in the MachineToJoin Parameter, you give it the FQDN of the first Office Online Server in the farm. In our case, that FQDN is CALOS01.Lab.cobaltatom.com.

The output should be all the servers in your Office Online Server farm, with a health status of healthy.

Connecting Office Online Server with SharePoint 2019

To test that the connection was successfully configured, navigate to any SharePoint Site and open an Office document. That document should open in the browser and you should be able to go through the entire document. Test Office Online Server with all of the supported Office document types, including editing functionality, if enabled.

One of the features of Office Online Server is document previews directly in the search results, as seen in Figure 9-8.

In order to enable this functionality, you will need to do a Full Crawl on your Content Sources and the previews will work afterward. With everything setup, let’s learn how to maintain Office Online server, and how to debug it in case something goes wrong.

Office Online Server Maintenance

ULS log viewing tools such as UlsViewer will also work with Office Online Server as seen in Figure 9-9.

Next Steps

With Office Online Server successfully configured, in the next chapter we will learn how to configure Workflow Manager in order to provide modern workflows in SharePoint 2019.