SharePoint Hybrid Search Requirements -- Redmondmag.com

SharePoint Hybrid Search Requirements

By Kurt Mackie
04/25/2016

Tapping hybrid SharePoint capabilities involves making some configuration changes and meeting certain software requirements, according to an expert.

Both the emerging SharePoint Server 2016 and the current flagship SharePoint Server 2013 product are capable of enabling capabilities such as "hybrid search," which promises a more unified search experience for end users. Another hybrid capability of note is the use of Office 365 Delve, which surfaces organizational content for end users.

Organizations won't get those hybrid capabilities if they just stick with the on-premises server products. However, it takes just a few configuration changes to take advantage of Microsoft's cloud-first innovations in a hybrid setup, contended Thomas Vochten, an Office Server and Services Microsoft Most Valuable Professional (MVP). He's also an architect at Xylos, a consultancy based in Antwerp, Belgium. Vochten explained how to set up SharePoint hybrid search in this Microsoft Channel 9 video, which was published earlier this month.

Vochten said that Office 365 Delve currently doesn't work 100 percent with hybrid setups and the costs aren't clear yet. People searches by default will send queries to the local index and that won't work, he added. User pictures won't render with SharePoint Online so to get them a PowerShell script has to be run with CrossDomainPhotosEnabled = true.

The most important prerequisite for hybrid setups is to have identity management in place to synchronize between on-premises server farms and online services. Organizations can't tap cloud services without it, Vochten said. Organizations will need:

Synchronized or federated identities
Internet-routable Active Directory domains
SSL certificates and secured communication channels
Good bandwidth and Internet connectivity
An Office 365 Enterprise subscription

Vochten recommended using Microsoft's Azure Active Directory Connect tool for identity synchronization, which supports multiforest scenarios.

One-Way Outbound Search
There are two types of hybrid search topologies for SharePoint Server. There's "one-way outbound search," which is the current method used with SharePoint Server 2013, and there's "one-way inbound search," which represents Microsoft's improved method.

With one-way outbound search, the search happens both online and on premises. However, the on-premises search query gets sent to SharePoint Online, which is called "query federation." The problem with this query federation is that it is complex to set up. You get separate result blocks. There's no ranking and relevance integration, and no refiners. End users get two search results. The separate results come from SharePoint Online and from SharePoint Server on premises. This approach is OK, but you can't do fancy stuff with it, Vochten explained.

The requirements for one-way outbound search include having Enterprise Edition products in place, plus setting up synchronization with Azure Active Directory. IT pros need to be a search admin for an on-premises farm in order to set it up. Organizations will need:

Active Directory
An Internet public domain
Office 365 Enterprise Edition
SharePoint Server 2013 Enterprise Edition on premises
Synchronization of Active Directory to Azure Active Directory
Trust between on-premises and online SharePoint, as established using PowerShell scripts

Additionally, IT pros will have to install some software, including the Microsoft Online Services Sign-In Assistant, the Azure Active Directory Module for Windows PowerShell and the SharePoint Online Management Shell, Vochten said.

Organizations using SharePoint Server on premises need to tap some required services, such as the User Profile Service, App Management Service and the Microsoft SharePoint Foundation Subscription Settings Service, he added.

One-Way Inbound Search
The new and improved search approach, known as "one-way inbound search," is also a query federation approach, except that it flows from SharePoint Online to SharePoint Server on premises.

The requirements for one-way inbound search are exactly the same as one-way outbound search, Vochten said. IT pros setting it up need to be a global admin for an Office 365 tenant. They'll need to configure a secure storage service in SharePoint Online.

For more information about using SharePoint Online storage for hybrid search, see this discussion by Microsoft MVP Vlad Catrinescu. He pointed out that SharePoint Online's 1TB of pooled storage is sufficient for about one million search index items. Organizations likely will have to calculate their costs if their indices exceed that number. Also, see Catrinescu's Q&A at this page.

To use one-way inbound search, organizations will need a reverse-proxy setup and they'll need to use SSL certificates. For the reverse proxy, Windows Server 2012 R2 can be used or Forefront Threat Management Gateway. Other reverse-proxy options include F5's BIG-IP or Citrix NetScaler, Vochten indicated.

Another requirement for one-way inbound search is the use of Microsoft's Cloud Search Service Application. It's still at the preview stage and pricing isn't known, Vochten said. The Cloud Search Service Application delivers a unified search index, which is only online. You don't get separate result blocks. Services such as Office 365 Delve will just work, he explained. It supports file shares, too. It's possible to index file shares and send them to SharePoint Online. It also supports "security trimming," so end users never see search results they weren't supposed to see.

With the Cloud Search Service Application, there's a normal search crawl on premises but the results get uploaded to Azure Blob Storage. The online index gets fed back to the SharePoint farm. It's possible to use SharePoint Server 2013 with the Cloud Search Service Application, but organizations have to have SharePoint Server 2013 with the August 2015 Cumulative Update or higher installed, Vochten said.

Adding the Cloud Hybrid Search Service Application requires the use of "straightforward PowerShell" as an onboarding script, but a new parameter, CloudIndex = $true, needs to be added. Vochten said that this installation should be tried in a test environment first because it could break provider apps if they are used. This issue with the onboarding script is something Microsoft is working on. Vochten advised caution in the meantime.

The rest of the presentation included demos. Microsoft, for its part, describes the requirements for setting up hybrid search for SharePoint Server 2013 at this page. For a walkthrough on setting up accounts to use hybrid search, see this Redmond-published guide authored by Microsoft MVP Brien Posey.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.