Export (0) Print
Expand All

Deploy a Business Connectivity Services hybrid solution in SharePoint 2013

SharePoint 2013
 

Applies to: SharePoint Server 2013, SharePoint Online

Topic Last Modified: 2014-04-20

Summary: Learn how to configure the Business Connectivity Services (BCS) hybrid scenario to access on-premises data through SharePoint Online.

NoteNote:
This documentation is preliminary and subject to change.

The Microsoft Business Connectivity Services (BCS) hybrid deployment scenario allows you to securely publish on-premises data to an external list or app for SharePoint in SharePoint Online. From there, users can view and edit the data, depending on the permissions that they have.

The BCS hybrid scenario requires the successful deployment of either a one-way inbound or a two-way SharePoint hybrid configuration. For more information about how to plan and configure a SharePoint Server 2013 hybrid environment, see Hybrid for SharePoint Server 2013.

WarningWarning:
To configure a hybrid SharePoint environment, you must have a combination of expert skills and significant hands-on experience with SharePoint Server 2013, SharePoint Online, and related products and technologies. We recommend that you engage Microsoft Consulting Services to provide technical guidance and support during the design and deployment of your hybrid environment.
For more information about Microsoft Consulting Services, see Microsoft Services.
WarningWarning:
You must have a successful implementation of the base SharePoint hybrid scenario before you can continue with the BCS hybrid implementation. If you don’t, see Hybrid for SharePoint Server 2013.

In this scenario, you will learn how to:

  • Configure your on-premises environment so that you can securely publish confidential business data to your SharePoint Online tenancy.

  • Create and configure an OData service endpoint and an external content type with Visual Studio 2012.

  • Prepare your SharePoint Online tenancy to host an app for SharePoint or an external list, which makes the external data available to your extranet users.

  • Create a connection settings object that tells Business Connectivity Services in SharePoint Online how to connect to the on-premises OData service endpoint.

  • Deploy an app for SharePoint or external list to your SharePoint Online tenancy.

  • Validate and troubleshoot the BCS hybrid scenario.

In this article:

NoteNote:
Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Business Connectivity Services (BCS) is a centralized infrastructure in SharePoint Server 2013, Office 2013, and SharePoint Online that enables you to integrate data that is not in SharePoint products or Office 2013 into SharePoint products. BCS implementations take many forms. This includes this hybrid form that uses SharePoint Online and SharePoint 2013 on-premises. These procedures show how to install and configure BCS to integrate data from an on-premises OData service endpoint into a SharePoint Online tenancy. For this scenario, we use the AdventureWorks sample SQL database and create an OData service head for the database. The solution looks as shown in the following diagram. For more information about SharePoint hybrid configurations and how data and authentication flow in the SharePoint BCS hybrid solution, see Hybrid for SharePoint Server 2013.

Figure: Hybrid BCS solution

Shows the sequence of actions for BCS hybrid
  1. An information worker logs on to the SharePoint Online tenancy by using the information worker's federated account and opens an app for SharePoint or external list that needs data from an on-premises OData data source. OData is an open protocol that is used to query and update data. For more information about OData, see Introducing OData: Data Access for the Web, the cloud, mobile devices, and more in the MSDN Library.

  2. The external list creates a request for the data and sends it to Business Connectivity Services. Business Connectivity Services looks at the connection settings object to see how to connect to the data source and which credentials to use.

  3. Business Connectivity Services retrieves two sets of credentials:

    1. The Secure Channel certificate from the Secure Store in SharePoint Online. This is used for SharePoint Online authentication to the reverse proxy.

    2. An OAuth token from the Windows Azure AD Service. This is used for user authentication to the SharePoint 2013 on-premises farm. You gain access to the Windows Azure AD service with your SharePoint Online subscription. It is a security token service that manages security tokens for users of SharePoint Online. For more information about the Access Control Service, see Access Control Service 2.0 in the MSDN Library. For more information about OAuth, see OAuth 2.0 on the web.

  4. Business Connectivity Services sends an HTTPS request to the published endpoint for the data source. The request includes the client certificate from the Secure Store, the OAuth token, and a request for the data. The reverse proxy authenticates the request by using the client certificate and forwards it to the on-premises SharePoint 2013 farm. For more information about publishing SharePoint to the Internet, see SharePoint publishing solution guide in the Forefront Technical Library.

  5. The on-premises farm retrieves the user’s cloud identity from the OAuth token (for example, user123@contoso.com), and through the Client Side Object Model (CSOM) code, maps it to the on-premises identity (for example, contoso\user123). The on-premises credentials are mapped to credentials that have access to the external data via a Secure Store target application.

  6. The on-premises Business Connectivity Services forwards the request to the OData Service endpoint. The OData Service authenticates the request (via IIS) and returns the data, which is passed back through the chain to the external list for the user to work with.

Video: Watch a demonstration of the BCS hybrid scenario

Video (play button) icon

The steps to completely deploy this scenario are presented in smaller procedures. Some of the procedures are on TechNet, some are on Office.com, and some are on MSDN. Each procedure is numbered indicating its position in the overall sequence. At the beginning and end of each procedure, links direct you to the previous and following steps. The following list contains links to all of the procedures, in the required order, for your reference. Be aware that this list includes the steps to deploy an external list and an app for SharePoint. You can deploy one or the other or both, depending on your needs. You should skip the steps for whichever configuration you don’t want to deploy. You must follow them in sequence to build out the scenario. You can also use these procedures individually for your own unique scenarios. When you assemble individual procedures to build out your own scenarios, it is important that you test the complete set of procedures, in order, in a lab setting before you try them in production.

If you want to deploy only the BCS hybrid scenario by using an external list, perform all the procedures in the following order:

If you want to deploy only the BCS hybrid scenario by using an app for SharePoint, perform all the procedures in the following order:

If you want to use both external lists and an app for SharePoint, perform all of the steps in order and do not skip any steps.

 

Step number Link to procedure Description of procedure Where the procedure is performed

1

Prepare the on-premises environment for the Business Connectivity Services hybrid scenario

Prepare the on-premises account that you use to access the OData service endpoint (ODataAccount) and the Windows group (ODataGroup) that you use to control access to the OData service endpoint.

In your on-premises Active Directory domain.

2

Create an on-premises Secure Store Service target application for the Business Connectivity Services hybrid scenario

Associate the security group (ODataGroup) to the account (Account) that you created in step 1 via a Secure Store Service target app.

In your on-premises Secure Store.

3

Create and configure an OData service endpoint for the Business Connectivity Services hybrid scenario

Create the OData service endpoint, assign permissions, and verify that the OData service endpoint is publishing the external data.

You create the OData endpoint with Visual Studio 2012 in your on-premises environment, and you browse to it from inside your company intranet.

4

Prepare the SharePoint Online environment for the Business Connectivity Services hybrid scenario

Identify or create the SharePoint Online site where users will interact with the external data, and create an App Catalog, if it is necessary.

Prepare a site in your SharePoint Online tenancy for the app for SharePoint or external list.

5

Configure permissions on the SharePoint Online BDC Metadata Store for the Business Connectivity Services hybrid scenario

Prepare the Business Data Connectivity (BDC) Metadata store for manually imported BDCM models.

You set permissions on the BDC metadata store in your SharePoint Online tenancy.

6

Validate external access to reverse proxy published URL for the Business Connectivity Services hybrid scenario

Browse to the externally published address, and log on as a federated user.

You browse to the externally published site through the Internet from a client computer that is outside your company intranet.

7

Create and configure the connection settings object for the Business Connectivity Services hybrid scenario

Create a connection settings object that BCS in your SharePoint Online tenancy will use to connect to the on-premises OData service endpoint.

You create the connection settings object in your SharePoint Online tenancy.

8

Create and configure the external content type for the Business Connectivity Services hybrid scenario

Use Visual Studio 2012 to create and configure the external content type for the OData service endpoint.

You create the external content type with Visual Studio 2012 from inside your company intranet.

9.0

Deploy the Business Connectivity Services hybrid scenario as an external list

If you are creating an external list for the on-premises data, follow steps 9.1, 9.2, and 9.3.

9.1

Extract an external content type to a BDCM file for the Business Connectivity Services hybrid Scenario

Manually extract the BDCM model to a file, and prepare to import it into your SharePoint Online tenancy.

In Visual Studio 2012 in your on-premises environment.

9.2

Import the BDCM file into SharePoint Online BDC Metadata Store for the Business Connectivity Services hybrid scenario

Import the BDCM into the BDC metadata store of your SharePoint Online tenancy.

In the metadata store of your SharePoint Online tenancy.

9.3

Create an external list for the Business Connectivity Services hybrid scenario

Create an external list, and associate it with the external content type that you imported in step 9.2. After you finish this step, go to Validate the Business Connectivity Services hybrid scenario.

You create this list in the SharePoint Online site that you prepared in step 4.

10.0

Deploy the Business Connectivity Services hybrid scenario as an app for SharePoint

If you are deploying an app for SharePoint for users to access the external data, follow steps 10.0 and 10.1.

10.1

Deploy an app for SharePoint to SharePoint Online by using Visual Studio for the Business Connectivity Services hybrid scenario

Deploy the app for SharePoint to the App Catalog. After you finish this step, go to Validate the Business Connectivity Services hybrid scenario.

You use Visual Studio 2012 from your on-premises environment to automatically deploy the app for SharePoint.

11

Validate the Business Connectivity Services hybrid scenario

Validate read and write access to the on-premises data through your external list or app for SharePoint, and test security.

From the external list or app for SharePoint in the site that you prepared in Step 4.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft