In-Depth

Inside the New Office 2013 and SharePoint 2013 Cloud Apps

While it may sound too good to be true, Microsoft's new app model for Office 2013 and SharePoint 2013, introduced back in July, promises to let workers run third-party vendor apps without bogging down Microsoft's software. In the past, apps designed to work with Office or SharePoint could cause performance problems when run on the same server. Under the new app model, these applications run separately, either via the Internet cloud or on the customer's premises.

The new apps for Office 2013 and SharePoint 2013 have a few differences vs. traditional Web apps. An app can act within a document, for instance, and it can "travel" with that document to be accessed by other users, provided they assent to use it. These apps appear to the end user to be running within Office or within a SharePoint site, although they're running outside those applications on a separate server. The apps may be as simple as a Bing Maps app that works with an Excel spreadsheet, for instance. An app gets permissions to run if it is installed by a Web site administrator, a tenant administrator or an end user who provides consent, according to an MSDN library article.

New App Model
One of the controls that facilitates this model is the "Office Store," which has a user-driven app rating system and a vetting process maintained by Microsoft for third-party software vendors. Users get access to the Office Store by default and can install their own applications. However, IT pros still have ultimate control because they can shut down access using Active Directory.

"The old model is still there on premise," said Mike Fitzmaurice, vice president of product technology at Nintex, a Bellevue, Wash.-based maker of SharePoint workflow extension products, in a phone interview. "If someone still wants to do things they've gotten very comfortable doing, they can still do it perfectly fine."

Applications now can be built for Office or SharePoint that do not expose those programs to risk. Developers can build those apps without having to know a lot about SharePoint, Fitzmaurice added, which wasn't the case with the 2010 version. Microsoft previously enforced security on apps via specific sandbox restrictions, but the new model avoids those complications. It builds trust between applications instead. Moreover, the Office Store requires that Secure Sockets Layer (SSL) communications be used by the application host platform.

"The sandbox was actually how they [Microsoft] did it prior to [SharePoint] 2013," Fitzmaurice explained. "They allowed sandboxed code to run but they put very severe limitations on what kind of code could run in the sandbox. And this effectively meant that very few people built any serious extensions for SharePoint that would run in the cloud. In the new era, we can run our apps right next door to SharePoint and talk back and forth to it in a very secure fashion. The user thinks it's all one system, and IT can delight in the fact that we aren't actually sitting inside SharePoint and exposing it to risk."

Apps that crash won't affect Office because they run in "a separate, isolated process," according to Brian Jones, principal group program manager for the Office Solutions Framework team, in an August 6 "Office Next" blog post. The new approach allows multiple Office apps to run side-by-side without conflict, he adds. IT pros can monitor the performance of apps and add-ins using a new feature called "Office Telemetry." It automatically delivers information about the CPU use, performance and loading times of apps and add-ins via a dashboard. It will work with earlier versions of Office (back to Office 2003) via an agent.

What Are Office Apps?
The new Office apps consist of a Web page plus an XML-based "manifest file," according to an August 14 "Office Next" blog post. The apps are managed either through the Office Store or through an "app catalog," which is basically equivalent to a SharePoint library. However, apps for Outlook follow a slightly different approach and require the use of Exchange Server 2013, which is used to point to the manifest files. Office apps interact with Office 2013 or SharePoint 2013 using a few JavaScript APIs and Web protocols, according to Ludovic Hauduc, Microsoft's general manager for the Office Platform and Store teams.

"Apps are just web applications, developed with client-side and server-side code and interacting with Office and SharePoint thanks to a new JavaScript API for Office, the new OAuth support, REST end points, and expanded JavaScript CSOM for SharePoint," Hauduc explained in a July 17 "Apps for Office" blog post. "Apps are not tightly-coupled to Office and SharePoint. They run off-box, in the cloud, giving developers and IT administrators the flexibility that they need to respectively develop and maintain apps, or manage Office and SharePoint products life cycles and version upgrades. Apps have minimal footprint on the desktops or the servers."

Hauduc claimed that IT pros won't lose compatibility with previous add-ins and code that worked with earlier versions of Office and SharePoint. IT pros have the ability to test that premise using the customer preview releases, which Microsoft released for download in July.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

comments powered by Disqus
Upcoming Events

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.