This section answers some typical follow up questions that you may have once you start to think about the different cloud computing options and potential deployment scenarios.
A: Security in the cloud computing world is still a major concern for many organizations. It is an expansive topic that can't be thoroughly covered in this tiny guide. However, we can provide some guidance to get you thinking about potential options. Let's use a SharePoint deployment in an Amazon VPC to illustrate some of these concepts. At the macro level, we can divide security concepts into two general categories:
- Amazon security
- SharePoint security
Amazon provides us with a few constructs that we can use to help secure our infrastructure. These include Security Groups, network Access Control Lists (ACLs), and Amazon Identity Access Management (Amazon IAM).
- Security Groups: These can be used to help secure the SharePoint servers within our Amazon VPC by specifying both inbound and outbound network traffic to and from each SharePoint server or category of server.
- Network ACLs: These can be used to allow or deny network traffic entering and exiting each subnet in your deployment. Host-based firewalls can also be launched as additional instances in the VPC as another layer of inspection.
- Amazon IAM: This enables you to securely control access to the Amazon services and resources your SharePoint environment utilizes.
We can further subdivide SharePoint security into two general categories: Data in Transit and Data at Rest.
- Data in Transit: To secure data communication between servers in our VPC, we can implement the following options:
- Data at Rest: To secure Data at Rest, we can implement the following solutions:
- BitLocker: Native Windows Server 2008 solution, which can be used to encrypt all SharePoint application logs, indexes, and confidential data on Amazon Elastic Block Store (Amazon EBS) volumes
- Transparent Data Encryption (TDE): Native SQL Server 2008 Enterprise feature encrypts databases, log files, any information written to TempDB, snapshots, backups, and mirrored DB instances
A: Mainstream SharePoint adoption took place with Microsoft Office SharePoint Server 2007, with the majority of SharePoint deployments being on-premise deployments. At that time, cloud-based computing was not as pervasive and initial offerings were deficient in their features so hosted environments were the preferred alternative. As cloud computing has become more mature and attractive as a deployment option, many organizations are starting to consider migrating their environments. Migrating on-premise SharePoint to SharePoint Online is the most common scenario and, while all the migration scenarios will be unique due to the nature of the SharePoint platform, there are some general techniques to consider. In the order of ascending complexity, these techniques include:
- Manual Migration through the GUI: This is the most straightforward approach, especially for organizations that don't have a lot of content. It is free and easy, but can be time-consuming since it is done on a site-by-site and library-by-library basis. Note that all of the sites, lists, and libraries will need to be recreated and none of the original metadata or permissions will be migrated. If you have a complex SharePoint environment with content distributed across many sites, this would not be a good option for you.
- Manual Migration via Templates: An alternative manual method is to package the list, library, or site as a template solution and save it into your destination solution gallery. This template would contain all of the pages, libraries, lists, documents, list items, web parts, and workflows. As always, certain limitations and caveats apply including the default allowable template size, the SharePoint Online maximum file upload size, inability to save subsites, potential issues with custom web parts and workflows, stripped metadata, and so on. Be sure to thoroughly investigate all of the limitations and how they might impact your target goals.
- Mailing and Restoring Content Databases: This option is only available for the SharePoint Online Dedicated hosting model. Essentially this is a "dump and restore"; it requires you to back up your on-premise content databases and mail them to Microsoft who will, in turn, handle the restoration of your content into your SharePoint Online farm. If the databases are small enough, they can be sent over a secure WAN link. If the databases are large, you will need to ship them on external hard disks. Microsoft assumes a simple, out of the box SharePoint on-premise site, and will not restore your content if it doesn't meet its supported capacity guidelines. Be sure to review these guidelines thoroughly before mailing your data. Sample constraints include content databases being less than 200 GB, less than 250,000 sites per site collection, and so on. In addition, configurations that are not stored in content databases (such as audiences, profiles, and search settings) will need to be explicitly communicated to Microsoft. Custom managed paths are not supported, custom web parts are likely to fail, and all explicit customizations are subject to Microsoft approval. Planning ahead is a must.
- Third-party migration tools: Third-party migration tools support gradual migrations, hybrid scenarios, the reorganization of content, and the ability to migrate from different sources. However, they can be expensive and there are a limited number of viable vendors. Also, different capabilities exist depending on your version of SharePoint Online, standard or dedicated. For example, AvePoint's DocAve for SharePoint Online can migrate workflows, alerts, personal views, wiki pages, and master pages to SharePoint Online Dedicated. However, the same product cannot migrate these objects to SharePoint Online Standard. Some products such as Metalogix Migration Manager will only work with SharePoint Online Dedicated, as it requires the installation of approved agent software on the SharePoint servers. Additional vendors offering migration solutions include Quest Software, MetaVis, and Idera.
However, note that there are scenarios where not all content needs to be migrated to the public cloud. An organization might want to maintain some content on-premise and some in the cloud. Yes, we are referring to a hybrid cloud. There are many reasons why this could be. Some organizations might want to migrate their SharePoint environments gradually rather than all at once. Some SharePoint environments might be so sprawled that they could only be migrated gradually. Other organizations might want to publish content publicly in an extranet scenario, while keeping their internal infrastructures isolated. Some firms might have architectural reasons for retaining a hybrid farm: backup and failover, disaster recovery, geographic synchronization, and so on. Whatever the reason, it is a deployment model that is readily available and is worth your consideration.
A: SharePoint Online does have specific limitations in terms of storage, customization, and functionality. The different plans explicitly specify limits in terms of users and storage, and customization is generally limited to SharePoint Sandboxed Solutions, approved classes and methods, and resource quotas. When creating your deployment roadmap, be sure to thoroughly review the individual offerings and the Office 365 for Enterprise Service Descriptions. That said, some of the most important features missing from SharePoint Online are:
- Business Intelligence Center, PowerPivot, PerformancePoint Services, and integration with reporting services
- Business Data Connectivity Services
- FAST Search
- Records Center
- Word Automation Services
- Secure Store Service
- Custom iFilters other than PDF not supported
- Integration with and access to LOB data is not supported
- E-mail Enabled Document Libraries
- Limited changes to public-facing websites and MySite customizability
Please note that an exact list of all missing capabilities can be found in the Service Description for SharePoint Online. Missing features can potentially be introduced into the offering over upcoming service releases.