Managing and
Configuring Apps
SharePoint 2013 introduces the Cloud App Model, a new development model for adding and extending
SharePoint capability. Developers are encouraged to build their solutions using
this new model for a few key reasons. First, more companies are utilizing cloud
functionality, creating the need for a robust model designed to handle the
challenges of both on-premises SharePoint deployments and those in SharePoint
online.
Developing and deploying custom solutions to SharePoint
enhances the functionality and adoption of the collaboration platform, but it
can affect overall performance and the ease of upgrading to a new version. SharePoint
has matured as an application development platform with each new release.
·
SharePoint
2003 application development platform was somewhat limited: Developers
could build and install Web parts to the web part gallery, and deploy web
applications in to SharePoint’s layouts folder.
·
SharePoint
2007 was significantly more robust with the introduction of solution
packages, features, control delegates, and a strongly supported developer
infrastructure
·
SharePoint
2010 built upon these capabilities but also added capabilities for less
pervasive solutions through client technologies such as REST APIs and client
side object models. SharePoint 2010 also introduced sandbox solutions, a new
development model designed for a multi-tenant hosted infrastructure such as the
one used in Office 365 and SharePoint online.
With each new release, the SharePoint platform has made it
easier and more developer-friendly to create and deliver custom solutions.
Unfortunately, each solution adds complexity and requires testing when upgrading
to the next version is considered. Clearly, we need a model that doesn’t impact
performance and upgradability.
·
The new SharePoint
2013 App Model provides an architecture that enables customizations to run
in isolation so that they don’t affect other apps or applications.
·
SharePoint apps effectively have a
zero-deployment footprint on a SharePoint farm.
·
Developer code is not deployed to the SharePoint
server.
·
Apps can leverage SharePoint application
components such as lists, libraries, and workflows.
·
The apps themselves can be hosted within the
SharePoint farm, or they can be cloud hosted in Windows Azure or privately
hosted elsewhere in the cloud. Because apps don’t physically deploy any assets
to the SharePoint servers, they eliminate a significant challenge to adding new
customizations to multi- tenant cloud environments such as Office 365.
·
Apps can be written using the standards of the
Web, HTML, and JavaScript, or developers can choose PHP, Java, or .NET. For the
first time, this new model unifies the development process for on premise or
cloud-hosted applications.
Understanding the SharePoint 2013 App
A brief review of the three different development models
illustrates the significant differences of the new App Model. Application code
built using the new App Model runs predominantly on the client’s browser, on
application servers, or in a company’s data center. This is very different from
the full trust solution and sandbox solution.
With the SharePoint apps, the logic is not deployed to the
SharePoint server, and instead lives predominantly on hosted application server
or on the client devices connecting to SharePoint.
Architecture
SharePoint Apps are available from two locations:
·
Microsoft hosts and governs a public Office Store, where any developer can
publish and sell his or her app for general use by any SharePoint user.
Publishing an app is as simple as uploading a file to a SharePoint library.
·
A private corporate
app catalog can be hosted on SharePoint 2013 on-premises or online, and
owned by the company hosting on-premises SharePoint 2013 or the online tenant.
Company Personnel or licensed tenants will be able to acquire and install these
apps for personal or corporate use.
SharePoint 2013 App Marketplaces
SharePoint
apps can be obtained from the public Office Store or from the private corporate
app catalog.
-
Publishing
an app to the Office Store makes the app publically available; therefore, it
can be obtained by any SharePoint user. To publish an app to the Office Store,
the developer must first register with the Microsoft Seller Dashboard.
-
Apps
published to an Organization’s private app catalog are available for
company-only use, and accessible to corporate users with appropriate
permissions.
SharePoint
2013 provides a full licensing platform for apps. The licensing model enables
administrators to govern how and where apps are installed on their platform.
SharePoint 2013 App Hosting Options
The App
Model utilizes two broad approaches to hosting apps: SharePoint-hosted and
cloud-hosted.
-
SharePoint-hosted
apps include only SharePoint components, and they are installed in the
corporate-owned SharePoint Online tenant or the on-premises SharePoint farm.
-
Cloud-hosted
apps include at least one remote component and may also include
SharePoint-hosted components. The cloud-hosted model is further divide in to
two-categories, ultimately resulting in three different approaches and three
different types of apps that can be deployed to a SharePoint site:
a)
SharePoint-hosted
apps
b)
Provider-hosted
apps
c)
Auto-hosted
apps
App Model Security
App
permissions are broken down into permission requests and request scopes. Additionally,
SharePoint 2013 has a set of app authorization policies that determine whether
the app should be authorized to act on behalf of the user, the app and the
user, or just the app.
High-Trust Apps
High-trust
apps simply refer to apps that are responsible for creating the user portion of
the access token. This effectively means that a high-trust app can assert any
user identity it chooses, and instead of using OAuth the app authenticates to
SharePoint just like any user.
This is a
useful scenario for organizations that want to position the app model as the
primary solution for SharePoint customizations.
High-trust
on-premises apps provide a framework for flexible extensions to the SharePoint
platform while maintaining farm and process isolation between the
customizations and the core SharePoint environment.
Setting up an App-Enabled SharePoint environment
Step-by-step
walk-through demonstrating how to set up a SharePoint 2013 farm to support
apps, if SharePoint 2013 is already installed and configured.
The steps
require the following:
·
The
user account performing the configuration must be a member of the Farm administrators
group
·
The
SharePoint Timer Service and SharePoint Administrator Services must be running
·
The
web application must be configured for claims-based authentication.
A high-level
summary of the steps is as follows:
·
Create
and Configure a DNS name to host all apps
·
Add/install
and SSL certificate for the DNS name
·
Configure
the service applications
·
Configure
app URLs.
Configuring a forward lookup zone in
DNS
Configuring SSL for the App Domain
(Optional)
Once the domain host name is set up and configured in DNS,
SSL should also be set up. In this scenario, the app domain is a unique root
domain separate from other SharePoint site domains. Therefore, a new wildcard
SSL certificate should be created to support HTTPS.
Configuring the Service Applications
Prior to configuring the specific app settings, additional
configuration is necessary on the service applications that the apps will
utilize. The Subscription Settings service establishes subdomains for apps. The
App Management service predominantly serves the role of providing app
permissions. Both service applications need to be configured and started.
Configuring and
starting the service applications
The following PowerShell command gets and starts the two
necessary service instances:
Get-SPServiceInstance
| where {$_. GetType().Name -eq “AppManagementServiceInstance” -or
$_.GetType().Name -eq “SPSubscriptionSettingsServiceinstance”} |
Start-SPServiceInstance
Creating application pools
for the service applications
Once the services are started, the service applications need
to be configured to use an application poo in IIS. For security reasons, these
app pools need to run as the farm account. The following steps configure the
application pool.
·
First, get and store the farm account in a
variable
$account = Get-SPManagedAccount
“domain\farm_account”
·
Next, create applications pools for each service
app, and store them in appropriate variables
$apSub = New-SPServiceApplicationPool
-Name SettingsServiceAppPool -Account $account
$apApp = New-SPServiceApplicationPool
-Name AppServiceAppPool -Account $account
·
Now create the service applications and proxies;
the database names are passed to the cmdlets by the administrator executing the
commands.
$subSvc = New-SPSubscriptionSettingsServiceApplication
-ApplicationPool $apSub -Name SettingsServiceApp -DatabaseName
<SettingsServiceDB>
$subSvcProxy =
New-SPSubscriptionSettingsServiceApplicationProxy -ServiceApplication $subSvc
$appSvc = New-SPAppManagementServiceApplication
-ApplicationPool $apApp -Name AppServiceApp -DatabaseName <AppServiceDB>
$appSvcProxy =
New-SPAppManagementServiceApplicationProxy -ServiceApplication $appSvc
Configuring App URLs
Via Central
Administration
Via the SharePoint
PowerShell Administrative Console
Execute the PowerShell cmdlets:
Set-SPAppDomain <isolated app
domain>
Set-SPAppSiteSubscriptionName -Name
“app prefix” -Confirm: $false
Where <isolated app domain> is the DNS host name
configured for the isolated app domain, and “app prefix” for provisioned app
URLs.
Setting up a high-trust app
environment
The current process for setting up a High-Trust App
environment is as follows:
·
Configuring
dependent SharePoint 2013 services.
To ensure that at least one user
profile has been created, select Application Management-> Manage Service
Applications. Then select User Profile Service Application->People->
Manage User Profiles. Verify that Total Number of Profiles is greater than
zero.
The dependent SharePoint service applications
are now configured.
·
Configure
SharePoint 2013 to trust the provider hosted app
Finally SharePoint 2013 needs to be configured to use and trust the app.
This is accomplished by executing the following script.
$appCertPath = “c:\HighTrustCert.cer”
$issuerId = [System.Guid]::New
Guid().ToString().ToLower()
$spurl = https://<host
site URL>
$spweb = Get-SPWeb $spurl
$realm = Get-SPAuthenticationRealm
-ServiceContext $spweb.Site
$certificate = Get-PfxCertificate $appCertPath
$fullAppIdentifier = $issuerId + ‘@’
+ $realm
New-SPTrustedSecurityTokenIssuer
-Name “<unique name>” -Certificate $certificate -RegisteredIssuerName
$fullAppIdentifier
$appPrincipal =
Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb
-DisplayName “<uique display name>”
·
Ensure
the provider hosted app is configured properly
The Provider-Hosted App must also be configured to be a part of the server-to-server
trust, which requires changes to the app’s web.config
and appmanifest files.
Managing SharePoint 2013 Apps
Configuring an App Catalogs
Managing Apps in the
App Catalog
Adding an App to a SharePoint site
There are several ways to add apps to SharePoint sites
·
Using the list of SharePoint apps available to
the current site
·
Using the App Catalog associated with the SharePoint
farm
·
Downloading from the SharePoint store (App
Marketplace)
·
Using Windows PowerShell
Adding an App from
the site’s available app list
Adding an App from
the App Catalog
Adding an App from
the SharePoint store
Adding an App via
Windows PowerShell
-Path provides the fully
qualified path to the app file on the file system
-Site provides the URL of the site collection to which the app
should be imported
-Source is one of the following (SharePoint store, App Catalog, or
SharePoint service)
-web provides the URL of the SharePoint website where the app should
be installed
-Identity is the variable in which the imported app was stored
Removing an App from a SharePoint
site
Monitoring SharePoint Apps
Adding an App to the
Monitor List
Removing an App from
the Monitor List
Monitoring App Usage
from Central Administration
Monitoring App Errors
from Central Administration
Monitoring App Usage
in a SharePoint Site
Apps are automatically monitored at the site level in
SharePoint 2013. This mean that it is possible to view the App Monitoring
Details of an individual app within an individual site.
Monitoring and Managing App Licenses
Viewing App License
Details, Adding users to an App license, Purchasing More Licenses for an App
& Adding a License
Manager
No comments:
Post a Comment