Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Microsoft 365 Community / Community Demos / 8 Apr 2019
Microsoft 365 Community / Community Demos / 8 Apr 2019
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Community Demo - SharePoint Provisioning Service - Multi-tenant solution architecture for Office 365

Description

This community call demo is taken from the SharePoint General Development Special Interest Group recording on 4th of April 2019. In this video, Paolo Pialorsi (Piasys.com) covers the solution architecture for the SharePoint Provisioning Service, which can be used to easily provisioning sample content and solutions to any tenant in Office 365.

Presenter - Paolo Pialorsi (DMI) - @piasys

Full details on the community call from https://developer.microsoft.com/en-us/sharepoint/blogs/sharepoint-dev-community-pnp-general-sp-dev-sig-recording-4th-of-april-2019/

More details on the SharePoint dev community calls from http://aka.ms/sppnp.

A

The Sherpa community service is a relatively new service that we release few weeks ago. I think mid-march, if I'm not mistaken, through which you can provision solutions based on provisioning templates on your own tenant, really easily just going to a website. Selecting the template that you want to apply on your target tenant. Providing the mean constant.

A

If you want to have our service to being able to provision stuff on your tenant, and then you will find a new site or new site created on your environment, with custom templates applied on top of them in order to be able to reproduce the lookbook solutions that we have in SharePoint Online, as well as generally speaking, being able to have a demo environment in a matter of few minutes in order to show the potential and the capabilities of the sharepoint online and the modern UI to your customers or to your users through real solutions deployed in your tenant.

A

Under the cover of this service, there is the PMP provisioning engine, and so let me show you briefly a walkthrough of the sharepoint online provisioning service, and then I will explain you the architecture which is under the cover of the solution. This is the website and, as you can see here, you can browse through all of the available templates.

A

You can pick up whatever template you like, and you can see what are the main features and capabilities of every template, including, and you should really read them any prerequisites which will give you some information about what is required to being able to provision the template on your tenant. For example, this one is a pretty simple one, but there are some templates which require, for example, to have your user with an admin account in the taxonomy service or for some of the templates.

A

We need to have an already-existing up catalog in your tenant, and you need to take care of those prerequisites. Otherwise, the provisioning will not happen, of course, because the prerequisite will not be satisfied, and if you want to apply any of the templates that we have available in the service, you just need to click on the add to your tenant button. As you can see here, we highlight the required permissions to apply this template right now.

A

We have just and only templates, which require tenant admin permissions, but we are working on making it possible to provision this template just with site collection at mean right, which can be a nice improvement to allow people to test stuff without the need to being tenant.

A

That means, and once you click on the add to your tenant, you will be prompted with a forma which you can use to configure the very basic settings for a provision in the template like, for example, an email address that you want to use to get notified when the provisioning will be completed.

A

The title that you will have for this site that will be created and actually, if the site will be created, this will be the URL of the site and in order to being sure that we don't overwrite anything that you already have we validate that URL. If the site is already existing, you have two choices. You can select to override the existing site or update the exists inside with the template, or you can just cancel and provide a different URL. Most likely this one will be available. Let's see you can select a custom.

A

My graphical theme for your template, if you like, as you can see, I made quite a bit of testing on this tenant, so I have just a couple of themes available, but you can select the custom theme and apply that one to the target site that will be created once you are done. You click the provision button. You get a recap of what will happen, what we will do with the provisioning service targeting your tenant and by clicking the confirm button, the provisioning process will start under the cover.

A

There will be the PNP provisioning engine which will do the magic will do the provisioning of all the stuff in your tent. It can be the provisioning of a single site. It can be the provisioning of a hierarchy of site, for example, inside hub, if you want, based on the template that you will pick up there just to be clear. All of the templates that we use in the provisioning service are stored in a github repo, which is public and available on the network.

A

This is the URL get up the come: SharePoint SP dev provisioning templates, and here you can find all the tenant level templates, which are does that require tenant admin. Permissions, for example. The drone landing is the one I picked up before. If I'm not mistaken, and here it is- and here you can see what is the dot BMP file, you can even see the source code of the dot BMP file and you can just download it and use it in your own environment.

A

If you don't wanna use the website, but you simply want to get the template and use it wherever you want. So let me go briefly back to the slide deck, to explain you what's under the cover of these service.

A

So, first of all, as I said, if the service is the kind of PMP provisioning engine as a service, let me call it this way and through the website you can select the templates by category right now we have samples and solutions, and once you have done that, the very first time you will have to login with your tenant and grant the permissions to the application which represent at the in your active directory level, the solution once you've done, that you will be able to schedule the provisioning of your templates as I said, which can be a single site or a hierarchy of size under the cover.

A

We have quite a complex scenario, quite a complex solution based on a bunch of age, your services and I think this is a clear example of how you can leverage the powerful capabilities provided by Microsoft Azure. This is the whole list of services that we use. I, don't want to read all of them, but, as you can see, there are quite a lot of them and this solution will be open sourced soon or soonish.

A

As soon as we will be ready to do that, but stay tuned, you will have the source code of the solution, which is an interactive, actually multi, tenant solution from an architect's perspective. What happens or what we have under the cover is, first of all the website. The provisioning, gadot SharePoint, BMP dot-com website you log in and we use Azure Active Directory to authenticate your user and to get through the open authorization. 2.0 flow, all the required information to hack the on your behalf. So an access token and the Refresh token.

A

We use the a jerky vault to store in a safe and secure way, those information so that, when you request to provision aside, we store in the storage queue of asier a message which will pick up from a block from a job or from a function and within the job or function.

A

We can read from the key vault the tokens that we need to act on your behalf and we can get eventually, if needed, even a fresh new access- token, using a refresh token store in the user keyboard, so that we can use those tokens to talk with the micro graph with the SharePoint Online, REST API and all of the api's that we need to talk with, and by doing that, we can create the sides we can provision the artifacts we can do all we need to do in order to get ready to release to provision the template onto your tenant.

A

Once the job is completed, we get rid of the tokens so that we don't keep any sensitive information in our side and we simply get rid of them. Removing them from the issue evolved from a sharing perspective. I want to share with you the challenges or the key topics of the architecture of this solution. First of all, we have to make a solution which is highly available, because there are quite a lot of people using this service nowadays, and we are pretty happy of that.

A

We are really happy of that actually, and we are using the well-known a synchronous pattern that we promote as PMP that we have been promoting since a while ago. We also use a bunch of issue of services, which, of course, makes our life easier in having a highly available solution from a security perspective. What we do in the architecture of our solution has been reviewed by the market identity platform, and there is an ongoing update coming out which will use a mess.

A

Al 3.0, together with a custom, token cache, which will store the tokens in the a jerky vault right now we do something different, but now that we have a mess, al 3.0, we are going to up degrade the service toward MSL 3 from a high-level permission, demanda that we need to satisfy in order to be able to provision the stuff. If you don't wanna, grant those high level permissions tenant level admin permissions to our application.

A

Well, you can always download the packages and the solutions from the heater repo and you can apply them with the classic approach, using PowerShell or PNP side score, and one challenge that we faced the and that we had to keep into account is, of course throttling because with a multi-tenant solution, which is used by quite a lot of users on a daily basis, we need to take care of not being throttled by all of the services that we interact with.

A

So those are the main key points of interest and challenges that we faced and that we solved with the architecture that I shared right now with you and I. Think that's it on my side, if you don't have any specific feedback or question bases are coming from each other, you.

B

Know so nothing really major on chat area baling, that's actually moving their screen, but what we're doing that Thank You Paula on this one just so for me, gautam is asking: is its gdp are compliant? And so it says we're not storing anything. So there is no information stored about anybody about the information to person so service, and that's one of by the way, one of the reasons why we don't actually store any information. So there's no need, then, for two dpr challenges. Now only johannes comment super intresting tanks.

B

As a mic set, we will start, that's meant to be open sourced as fast as possible as a reference. The implementation on how to build multi, tenant applications with then access, multiple, multiple tenants and we are still working on the open source permissions and that's a legal thing, but that should be happening sooner or later.