Share service applications across farms (SharePoint Server 2010)
Published: May 12, 2010
In Microsoft SharePoint Server 2010, some service applications can be shared across server farms. This article describes the process and caveats that are involved in sharing service applications.
By publishing a service application, you can optimize resources, avoid redundancy, and provide enterprise-wide services without installing a dedicated enterprise services farm. You can publish the following service applications in a SharePoint Server 2010 farm:
Business Data Connectivity
If the server farms are located in different domains, the User Profile service application requires both domains to trust one another. For the Business Data Connectivity and Secure Store service application administration features to work from the consuming farm, the domain of the publishing farm must trust the domain of the consuming farm. Other cross-farm service applications work without a trust requirement between domains.
The farm that contains the service application and publishes the service application so that other farms can consume the service application is known as the publishing farm. The farm that connects to a remote location to use a service application that the remote location is hosting is known as the consuming farm.
If you are familiar with Microsoft Office SharePoint Server 2007, you might find it useful to think of the publishing farm as the parent farm and the consuming farm as a child farm.
This article describes the steps that are required to publish and consume service applications across farms. These steps must be performed in the order listed.
Exchange trust certificates between the farms.
To start, an administrator of the consuming farm must provide two trust certificates to the administrator of the publishing farm: a root certificate and a security token service (STS) certificate. Additionally, an administrator of the publishing farm must provide a root certificate to the administrator of the consuming farm. By exchanging certificates, each farm acknowledges that the other farm can be trusted.
For more information, see Exchange trust certificates between farms (SharePoint Server 2010).
On the publishing farm, publish the service application.
On the farm on which the service application is located, an administrator must explicitly publish the service application. Service applications that are not explicitly published are available to the local farm only.
For more information, see Publish a service application (SharePoint Server 2010).
On the consuming farm, set the permission to the appropriate service applications
You must give the consuming farm permission to the Application Discovery and Load Balancing Service Application on the publishing farm. After doing this, give the consuming farm permission to the published service applications that it will be consuming.
For more information, see Set permission to a published service application (SharePoint Server).
On the consuming farm, connect to the remote service application.
After the publishing farm has published the service application, an administrator of the consuming farm can connect to that service application from the consuming farm if the address of the specific service application is known.
For more information, see Connect to a service application on a remote farm (SharePoint Server 2010).
You cannot share a User Profile service application across farms that reside in separate domains unless you first establish a domain-level trust between the two domains.
Add the shared service application to a Web application proxy group on the consuming farm.
An administrator must associate the new service application connection with a local Web application on the consuming farm. Only Web applications that are configured to use this association can use the remote service application.
For information about how to configure a Web application proxy group connection, see Add or remove a service application connection to a Web application (SharePoint Server 2010).
It is important that you plan the proxy group layout before you add service applications to proxy groups. For more information about how to plan the service application architecture, see Services architecture planning (SharePoint Server 2010).