locked
Multi Tenancy and Security Principles RRS feed

  • Question

  • I'm looking for the following regarding Multi tenancy and any help would be appreciated.

    Slightly changed requirements - There are 2 farms. 2 web applications, a Portal & MySites on first farm and multi-tenancy with 6 seperate clients on the other.  Each of the Multi-tenancy clients to have access to a mysites but only to see the information of others in their tenancy.  Simple enough I think but there are users in these multi-tenancies that will also have access to the first farm and the portal and therefore also need to be found on the 1st farms MySite application.  The client does not want multiple user profiles.

    Any ideas? 


    PT_UK http://redmanta.co.uk/blog Twitter: @redmantauk MCTS:WSS,MOSS,2010 MCITP:2010
    • Edited by Paul Turner _ Thursday, November 25, 2010 11:55 AM updated
    Wednesday, November 24, 2010 7:13 PM

Answers

  • there is no avoiding multiple user profiles in this scenario. it doens't really matter what the client wants here :) you have two farms and therefore two UPAs. and therefore two lots of user profiles.

    Of course User Profiles are not a prereq for mysites, but you really need them for things to light up. you can use the User Profile Replication Engine (part of the admin toolkit) to keep the data in sync without doing additional sync in one of the farms.  


    Cheers
    Spence
    www.harbar.net
    Microsoft Certified Master | SharePoint 2010
    Microsoft Certified Master | SharePoint 2007
    • Marked as answer by Paul Turner _ Friday, November 26, 2010 9:06 AM
    Friday, November 26, 2010 1:38 AM

All replies

  • Just to add, there are custom profile properties that do no exist within AD on each user profile.
    PT_UK http://redmanta.co.uk/blog Twitter: @redmantauk MCTS:WSS,MOSS,2010 MCITP:2010
    Thursday, November 25, 2010 11:58 AM
  • there is no avoiding multiple user profiles in this scenario. it doens't really matter what the client wants here :) you have two farms and therefore two UPAs. and therefore two lots of user profiles.

    Of course User Profiles are not a prereq for mysites, but you really need them for things to light up. you can use the User Profile Replication Engine (part of the admin toolkit) to keep the data in sync without doing additional sync in one of the farms.  


    Cheers
    Spence
    www.harbar.net
    Microsoft Certified Master | SharePoint 2010
    Microsoft Certified Master | SharePoint 2007
    • Marked as answer by Paul Turner _ Friday, November 26, 2010 9:06 AM
    Friday, November 26, 2010 1:38 AM
  • Pretty much as I expected, thanks for taking the time Spencer.
    PT_UK http://redmanta.co.uk/blog Twitter: @redmantauk MCTS:WSS,MOSS,2010 MCITP:2010
    Friday, November 26, 2010 9:06 AM
  • Spence,

    Is there anything that can be done with Trusted locations to ensure the MySites for those users with access to both farms are only created once?


    PT_UK http://redmanta.co.uk/blog Twitter: @redmantauk MCTS:WSS,MOSS,2010 MCITP:2010
    Friday, November 26, 2010 12:54 PM
  • Not really. From what I understand you have a MySite Host in Farm A which is related to a non partitioned UPA, and you have a My Site Host in Farm B which is related to a partitioned UPA. This wouldn't work with the "distributed mysites" approach. If both your UPAs are non partitioned then it would work.

    Your original question regarded profiles. It now seems you are talking about mysites. Can you clarify which of these you don't wish to have a duplicate of?

    s.

     


    Cheers
    Spence
    www.harbar.net
    Microsoft Certified Master | SharePoint 2010
    Microsoft Certified Master | SharePoint 2007
    Friday, November 26, 2010 5:55 PM
  • Hi Spencer,

    Sorry, reading back what I've written I can see I've not made it very clear.

    FarmA - UPA, Mysites, 200 users

    FarmB - Multitenancy, 5 partitions, Mysites, 40 Users in each tenancy

    Users in each tenancy in FarmB should be able to see the other 39 users in Mysites.  Some of the users in FarmB will have access to FarmA and therefore should also see the other 199 users in FarmA when looking at mysites.

    The Mysites and info pulled from the UPA for each site should be the same, ie. changing a mobile number in FarmA should be represented in FarmB and vice versa


    PT_UK http://redmanta.co.uk/blog Twitter: @redmantauk MCTS:WSS,MOSS,2010 MCITP:2010
    Sunday, November 28, 2010 11:40 AM