To avoid overdose of Exchange, this weekend, I took some time to look at SharePoint 2010 and just to see how much has changed since the SharePoint version we used in HMC 4.5.
In HMC 4.5, we used Windows SharePoint Services 3.0 SP1. I blogged about this back in January 2009. It is here if you are interested, HMC 4.5 and Windows SharePoint Services 3.0 SP1 (http://blogs.technet.com/b/provtest/archive/2009/01/14/hmc-4-5-and-windows-sharepoint-services-3-0-sp1.aspx). In that article, I spoke about 3 main things that HMC did to introduce multi-tenancy support in WSS 3.0. The 3 main things are,
At the end of the article, as you could see, unlike Hosted Exchange, there were really very little HMC needs to do to change WSS to provide multi-tenancy support in SharePoint. Of course, there were many things could have been done much better but in a nutshell, WSS 3.0 itself is capable of multi-tenant support already without much customization.
In my earlier post, I recommended those who are interested in to take a look at the diagram as posted by Microsoft. It is here in case you missed it, Hosting Environment for SharePoint 2010 Products? (http://blogs.technet.com/b/provtest/archive/2010/06/24/hosting-environment-for-sharepoint-2010-products.aspx). Now, there are also another set of documents that you should look at, they are the Dynamic Data Center Toolkit for Hosters. The link is here,
Dynamic Data Center Toolkit for Hosters (http://code.msdn.microsoft.com/Release/ProjectReleases.aspx?ProjectName=ddc&ReleaseId=4297)
The above, you will find the document very similar to those in the HMC walk through but for SharePoint 2010 and it will have steps and scripts (primarily Powershell) on how you create site isolation, site administration isolation and user isolation.
Of course, it does more than that. It provides better explanation also described various way you can deploy customer sites to a SharePoint farm. Such as you can do the following,
It also provided better guideline such as,
It provides architecture option you can choose for your hosting environment. It also provides architecture guideline on how to scale out a hosted environment for your Services farm, Search farm and Tenant content farms. It provides information how one should design their Active Directory and SharePoint 2010 also introduces some new concept like managed accounts, proxy groups, business data catalog and etc. The underlining tenant provisioning hasn't changed much though. It still uses host header concept and for people picker, it still uses user account directory path concept. The Powershell script works pretty well for me for most parts, it even included some stuff that you don't really need in production environment such as putting some entries in the HOST file.
Here is the summary of multi-tenant setup steps (which I am not going to go into each of them in detail because the document has all the needed explanations). It is assumed that the server has been installed and setup,
Follow the above through, you should be able to create a SharePoint Site for your tenant organization like me like the following,
And the Admin site for your tenant organization,
The above are pretty straightforward. There is really one thing I like to highlight here which is Step D: Set Site User Account Directory Path. In this step, you are supposed to set the path to the Tenant organization OU. In the SharePoint document, you will find they recommended the AD to be designed in the following,
Doesn't the above look familiar? Now, the question comes in is that what happen when I introduce Exchange Server 2010 SP1 into the mix? Exchange itself provision the organization OU into a specific OU, which is, OU=Microsoft Exchange Hosted Organizations like the following,
Well, it means, if you are providing both Hosted Exchange and Hosted SharePoint, you may want to first create the OU using the Exchange cmdlet first and then when you perform Step D, just set it to the appropriate path like the following,
stsadm -o setsiteuseraccountdirectorypath -path "OU=ProvTest, OU=Microsoft Exchange Hosted Organizations,DC=FABRIKAM,DC=com" -url http://intranet.
I strongly recommend you to download the documents, go through the steps, the Powershell and get yourself familiarized with it. The concept hasn't changed tremendously from WSS 3.0 but obviously, the product has grown much more matured and it is being developed, like Exchange Server 2010 SP1, with hosters in mind.
This command : "stsadm -o setsiteuseraccountdirectorypath -path "OU=ProvTest, OU=Microsoft Exchange Hosted Organizations,DC=FABRIKAM,DC=com" -url http://intranet." works with SharePoint Foundation ?
SharePoint foundation support multi-tenant organization like SharePoint server 2010 ?
To be honest with you, I haven't run this or tested this before in SharePoint Foundation, so I really am not too sure about this.
I would say this though, Server will probably suits you better as a hoster more so than Foundation. If you are doing hosting, you probably want to make sure you can host as many customers as possible on each server and at the same time has the level of scalability, so, my recommendation is to go with SharePoint Server rather than Foundation.
Yes, I agree with kip.ng, SharePoint server 2010 is better than foundation. Sharepoint server has many features than foundation. And I have try SharePoint server with http://www.asphostportal.com. And everything looks very great. I started from their MOSS silver hosting, cheaper than the other.
Hi Kip, great post! I was trying to figure this one out. Out of curiosity though, if a user is created as a hosted SharePoint user first and then becomes a hosted Exchange customer, would it be possible to create the Exchange Hosted organization and then move the AD objects from the SharePoint Hosted Organizations in to there, then perform your updated command? We have two clients that are likely to go CRM and SharePoint first, before going Exchange at a later date so this will be an issue for us further down the track.
Jason: I think it wont hurt your Sharepoint users when you move them in AD. I tested it few months ago, and it worked without any problem. In my view, Sharepoint doesn't care where the user is, it stores user's Domain\samAccountName in Sharepoint Database.
Currently we are offering Hosted exchange solution on exchange 2007 (HMC)
Now we are adding up few more services like Hosted SharePoint foundation and Lync 2010.
With the help of custom designed control panel we are able to host Exchange 2010 sp1 along with Lync 2010
Unfortunately I am totally new to SharePoint and could not able to get step by step guide or documentation on SharePoint foundation hosting.
I request you to please guide us or share some document links to build SharePoint site and host tenant organizations with proper isolation.
i have tried several times and can not get this to work. kip can you tell us how you did it on the sharepoint 2010 server version?
Hi Kip Ng,
Great article, thanks.
I've got one question. i've got a sharepoint site going and working well. Can i simply run the command above to create a site locked down to that OU used in Exchange???
Hope so as really keen and i'm using enterprise version not foundation.
Cheers, and thanks again.
Everything is extremely open and quite clear explanation of concerns. that is truly data for the my ideas.... Your site
is really useful. Many thanks for sharing.
oes a multi tenant SharePoint web application stores user accounts on "child" websites or in the root web?
I need to provide forms authentication at this multi tenant web application but the users can't be shared between "child" websites and if the user types the root web url, he must be redirected to the "child" website he has permissions (when logging in). Is it possible?