No discussion about service
applications would be complete without digging into the multi-tenant
capabilities that have been improved from SharePoint 2010. Under normal
circumstances, the multi-tenant discussion usually pertains to hosted
environments where a SharePoint farm is providing services to any
number of different companies; but as you will see in this section, the
concept of multi-tenancy applies directly to the enterprise as well.
Managing Service Application Groups
In SharePoint 2007, the walls of
security and the isolation of data and services went along the lines of
web application to site collections to webs. Beginning with SharePoint 2010, it became
possible to create a new segregation layer of data and services between
the application layer and the associated site collections. This
segmentation is possible through the use of site subscriptions.
Site subscriptions enable you to group together site collections that
are part of the same web application. Site subscriptions are a logical
group of site collections that can share settings (in the Subscription
Settings database), features, and service data. Site subscriptions are
identified with a subscription ID. The subscription ID is used to map
services, features, and sites to tenants, and to partition service data
by tenant. Note the following characteristics of site subscriptions:
- A site can be a member of only one site subscription at a time. This prevents any conflicts with licensing schemas.
- There is no Central Administration interface for managing site
subscriptions. Management must be handled through PowerShell, including
creating, managing, and removing sites from a site subscription.
- A site can only join a site subscription(s) in the same web
application. Sites can’t join a site subscription(s) associated with
other web applications.
- Site subscriptions can span multiple content databases.
Once you have a site subscription associated with
site collections, the site collections can consume data from service
applications. While this concept is not necessarily new, what is new is
that some of these service applications can be provisioned such that
their functions and data are kept separate from other site collections
(tenants) that may be consuming that service application. SharePoint
2010 and 2013 refer to this type of service application as a partitioned service application.
For instance, if Enterprise Search were provisioned as a partitioned
service application and associated with two site subscriptions, then
search results from subscription A would never be returned to
subscription B. Note also that no changes or additions were made to the
number of databases required to support this capability. SharePoint
merely segments the content within the single database (see Figure 1).
Although non-partitioned service applications can
be created with Central Administration or PowerShell, the latter is
required to provision a partitioned service application. When creating
a partitioned service application in PowerShell, you only need to add
the –Partitioned or -PartitionMode switch depending on the service application.
Some service applications do not lend themselves to being partitioned, such as those that do not store user-specific data. Table 1 shows which service applications within SharePoint 2013 can be partitioned.
TABLE 1 SharePoint 2013 Service Application Partitioning
CAN BE PARTITIONED |
CANNOT BE PARTITIONED |
User Profiles (using Profile Synchronization) Managed Metadata Business Data Connectivity SharePoint Search Secure Store Service Search Machine Translation Service
Word Automation Service |
User Profiles (using AD Import)
Excel Services Access Services Access Services 2010
Visio Service State Service Work Management Service
PerformancePoint
Usage and Health
App Management Service
Subscription Settings |
Another set of capabilities that was previously
managed at the web application layer was Features. When a feature was
installed and activated at a web application layer, it was
automatically available for activation at the site collection level.
Beginning with SharePoint 2010, you can group features together into
what are called feature packs.
Feature packs are logical groupings of features that are then made
available for activation to a site subscription by an administrator of
that site subscription.
SharePoint 2013 is smart enough to prevent the
use of web parts that are part of a feature that is not part of a site
subscription.
Once a site subscription is created and sites are
associated with it, the sites are managed through a site template
called a Tenant Administration site. It’s called this because a hosted
customer (or department) is referred to as a tenant.
The Tenant Administration site gives the tenant administrator full
administrative rights over the site collections, including permissions
to create new sites if self-service site creation is enabled.
Creating a Site Subscription
When you are ready to start working
with SharePoint in the hosting mode, keep in mind that nearly all your
system administration will be done through PowerShell, as these new
features are not built into the SharePoint Central Administration
console. This is true for creating site subscriptions, feature packs,
and partitioned service applications, and provisioning Tenant
Administration sites. The PowerShell cmdlet to create a new site
subscription is as follows:
New-SPSiteSubscription
When building your site subscriptions, using
variables for your commands enables them to be reused and/or nested
within other cmdlets. For example, to create and view a new site
subscription, use the following:
$SiteSub = New-SPSiteSubscription
Once you have the subscription, you need
to get the site collection or site collections you want to add to the
subscription into a variable.
To add a single site collection to a variable, use the following:
$TargetSite = get-spsite http://portal.contoso.com/sites/marketing
To instead add all site collections within a web application to a variable, use this:
$TargetSite = Get-SPWebApplication http://portal.contoso.com | Get-SPSite
Now that you have your site collection(s) in a variable, use the following to add their subscription:
$TargetSite | ForEach-Object{Set-SPSite -Identity $_ -SiteSubscription $SiteSub}
To view all the site collections that are now part of the site subscription, just type the name of the variable:
(Get-spsitesubscription $SiteSub).sites
From here you could create the Tenant Administration site using the PowerShell cmdlet new-spsite, identifying the site template as tenantadmin#0:
New-spsite –url http://portal.contoso.com/sites/tasite -template "tenantadmin#0"
–owneralias domain\username –sitesubscription $SiteSub
NOTE As
previously mentioned, site collections aren’t the only SharePoint
artifacts that can be grouped; features can be grouped into Feature
packs.
Another benefit to site subscriptions is
that usage analysis data and logging data are also segmented, like the
user data. This enables the IT pro to troubleshoot and debug based on a
specific site subscription. In addition, segmenting the usage data
enables a hosting company or enterprise that’s using a charge-back
model for IT services to charge according to usage based on data,
processes, or the number of users.