Inside the New Office 2013 and SharePoint 2013 Cloud Apps
While it may sound too good to be true, Microsoft's new app model for Office 2013 and SharePoint 2013, introduced back in July, promises to let workers run third-party vendor apps without bogging down Microsoft's software. In the past, apps designed to work with Office or SharePoint could cause performance problems when run on the same server. Under the new app model, these applications run separately, either via the Internet cloud or on the customer's premises.
The new apps for Office 2013 and SharePoint 2013 have a few differences vs. traditional Web apps. An app can act within a document, for instance, and it can "travel" with that document to be accessed by other users, provided they assent to use it. These apps appear to the end user to be running within Office or within a SharePoint site, although they're running outside those applications on a separate server. The apps may be as simple as a Bing Maps app that works with an Excel spreadsheet, for instance. An app gets permissions to run if it is installed by a Web site administrator, a tenant administrator or an end user who provides consent, according to an MSDN library article.
New App Model
One of the controls that facilitates this model is the "Office Store," which has a user-driven app rating system and a vetting process maintained by Microsoft for third-party software vendors. Users get access to the Office Store by default and can install their own applications. However, IT pros still have ultimate control because they can shut down access using Active Directory.
"The old model is still there on premise," said Mike Fitzmaurice, vice president of product technology at Nintex, a Bellevue, Wash.-based maker of SharePoint workflow extension products, in a phone interview. "If someone still wants to do things they've gotten very comfortable doing, they can still do it perfectly fine."
Applications now can be built for Office or SharePoint that do not expose those programs to risk. Developers can build those apps without having to know a lot about SharePoint, Fitzmaurice added, which wasn't the case with the 2010 version. Microsoft previously enforced security on apps via specific sandbox restrictions, but the new model avoids those complications. It builds trust between applications instead. Moreover, the Office Store requires that Secure Sockets Layer (SSL) communications be used by the application host platform.
"The sandbox was actually how they [Microsoft] did it prior to [SharePoint] 2013," Fitzmaurice explained. "They allowed sandboxed code to run but they put very severe limitations on what kind of code could run in the sandbox. And this effectively meant that very few people built any serious extensions for SharePoint that would run in the cloud. In the new era, we can run our apps right next door to SharePoint and talk back and forth to it in a very secure fashion. The user thinks it's all one system, and IT can delight in the fact that we aren't actually sitting inside SharePoint and exposing it to risk."
Apps that crash won't affect Office because they run in "a separate, isolated process," according to Brian Jones, principal group program manager for the Office Solutions Framework team, in an August 6 "Office Next" blog post. The new approach allows multiple Office apps to run side-by-side without conflict, he adds. IT pros can monitor the performance of apps and add-ins using a new feature called "Office Telemetry." It automatically delivers information about the CPU use, performance and loading times of apps and add-ins via a dashboard. It will work with earlier versions of Office (back to Office 2003) via an agent.
What Are Office Apps?
Hauduc claimed that IT pros won't lose compatibility with previous add-ins and code that worked with earlier versions of Office and SharePoint. IT pros have the ability to test that premise using the customer preview releases, which Microsoft released for download in July.
Kurt Mackie is online news editor for the 1105 Enterprise Computing Group.