Why?
Optimizing resources and reducing redundancy are two of the main reasons you would publish a service application.
Which Services can be published?
Only the cross fram services can be published.
Following are the cross farm services in sharepoint 2010
Business Data Connectivity,Managed Metadata,People (User Profiles),Search,Secure Store,Web Analytics
What need to be done?
For a farm to consume a service application that is published by another farm, the following actions must be performed in the following order.
Administrators of both the publishing and consuming farms must exchange trust certificates.
An administrator of the consuming farm must provide two trust certificates to the publishing farm: a root certificate and a security token service (STS) certificate.
An administrator of the publishing farm must provide a root certificate to the consuming farm.
To establish trust on the consuming farm, you must import the root certificate that was copied from the publisher farm and create a trusted root authority.
On the farm on which the application resides, an administrator must explicitly publish the service application.
An administrator must connect the consuming farm to the service application.
Steps
on consuming farm
1.Export the root certificate from the consuming farm
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content <C:\ConsumingFarmRoot.cer> -Encoding byte
2.Export the STS certificate from the consuming farm
$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export("Cert") | Set-Content <C:\ConsumingFarmSTS.cer> -Encoding byte
on publishing farm
3.Export the root certificate from the publishing farm
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content <C:\PublishingFarmRoot.cer> -Encoding byte
4.Import the root certificate and create a trusted root authority on the consuming farm
$trustCert = Get-PfxCertificate <C:\PublishingFarmRoot.cer>
New-SPTrustedRootAuthority <PublishingFarm> -Certificate $trustCert
5.Import the root certificate and create a trusted root authority on the publishing farm
$trustCert = Get-PfxCertificate <C:\ConsumingFarmRoot.cer>
New-SPTrustedRootAuthority <ConsumingFarm> -Certificate $trustCert
6.Import the STS certificate and create a trusted service token issuer on the publishing farm
$stsCert = Get-PfxCertificate <c:\ConsumingFarmSTS.cer>
New-SPTrustedServiceTokenIssuer <ConsumingFarm> -Certificate $stsCert
General Security
To establish trust by using Central Administration
Security>General Security>Manage trust
On the Trust Relationship page, on the ribbon, click New.
On the Establish Trust Relationship page:
Supply a name that describes the purpose of the trust relationship.
Browse to and select the Root Authority Certificate for the trust relationship.
(This must be the Root Authority Certificate that was exported from the other farm by using Windows PowerShell.
If you are performing this task on the publishing farm, select the check box for Provide Trust Relationship.
Type in a descriptive name for the token issuer and browse to and select the STS certificate that was copied from the consuming farm.
Click OK.
After a trust relationship is established, you can modify the Token Issuer description or the certificates that are used by clicking the trust, and then clicking Edit. You can delete a trust by clicking it, and then clicking Delete.
No comments:
Post a Comment