Archive for category: Office Web Apps 2013

SPC14: Real-world SharePoint architecture decisions

04 Mar 2014
March 4, 2014

Being a SharePoint architect can be challenging – you need to deal with everything from hardware, resources, requirements, business continuity management, a budget and of course customers. You, the architect, have to manage all this and in the end deliver a good architecture that satisfies all the needs of your customer. Along the line you have to make decisions based on experience, facts and sometimes the gut feeling. In this session we will cover some of the architectural changes in the SharePoint 2013 architecture, some of the new guidance from Microsoft and provide insight into a number of successful real-world scenarios. You will see what decisions were made while designing and implementing these projects with emphasis on why they were made.

Session “Real-world SharePoint architecture decisions” by Wictor Wilén, here are my notes:


Distributed Cache Service: Patches will be separately delivered. Wictor recommends to use the latest CU.

Request Management: Rule-based, software load balancing. Missconfigured rules can take down your farm.

Search: Rearchitectured and rewritten with using features from both FAST and SharePoint Search are implemented. Same engine is used for Exchange.

Office Web Apps (WAC): Wictor’s favorite service – separate application, separate server, separate patches.

Workflow: separate product – can be shared with multiple farms (not recommended)

Claims Based Authentication: the new default.

OAuth: Used for Authentication. A basic understanding really helps.

S2S Auth: Apps, Workflow use server to server authentication.


There is no perfect architecture you can download and apply.

Or as I would say: It depends.

3 is the new 2 – and 7 is the new 5


Means you need more servers – but think about the fault domain, if you virtualize you need redundant VM servers, if you do load balancing you need redundancy there. Always ask yourself how to patch this?


Routing, caching and database must be fast – every request go through there, if they are slow your farm will be slow.

Search Layer should have <500 msec latency. Many components are based on Search – make it fast!


Search requires different planning in 203 – cross site publishing, analytics, recommendations need to be taken care of. October 2013 CU contains huge improvements.


Workflow Server: You can install it on 1 or 3 servers – no other options.

Office Web Apps: Separate servers – no other option.

App Server: On prem, co-locate with SP server, Azure or other hosting options (LAMP) to offload the workload.

Certifcates: You should use certificates for about everything – when someone steals your oauth token they could access sensible data. Apps, WAC – and more.

Firewall: Firewall team should be involved early. Wictor will provide a firewall cheat sheet, because Technet lacks a good one.

User Profile: ADI, built-in FIM, External FIM are the options. He suggest to use external FIM but you need to license it.

MySites, Social, Yammer: MySite is a must. DirSync is a must for Yammer (to make it fault tolerant you need 4 additional servers, 2 ADFS, 2 Web Proxies)

Hybrid: Search is the key to hybrid, Mysites can be deployed on-prem or on O365.

Look and Feel: If you want to customize deploy the MySite on-prem.

Social. Yammer is the way forward.

Single Web Application approach

One WebApp to listen to all host headers, and is recommended. AppCatalog has to be in the same WebApp – if you use two, you need two AppCatalogs.

Memory footprint reduced.

Most often requires Host Named Site Collections.

For Host Named Site Collections he recommends a custom site creation provider.


Root Site Collection is required.


You need a load balancer for the custom http header.


Wictor showed us how to create a Host Named Site Collection (HNSC) with PowerShell. Very straight forward, worked like a charm and is another good reason to use PowerShell.


Then Wictor showed some pretty extensive samples – can not write them down, was too complex to summarize, but was very useful to see complex scenarios – would love to see them in Technet as reference.

Forgotten stuff

List of things people often forget in SharePoint architectures:

  1. High Availability and Desaster recovery
    1. 20% of the farms Wictor sees have 99.9% uptime
    2. 10% had 100% uptime requirements (impossible).
    3. Affects the cost
  2. Workflow
  3. Provider Hosted Apps
  4. Access Services 2013

Things to avoid / consider

Multi-tenancy, often done for the wrong reasons. For large-scale hosting consider O365.

Streched Farms – read

Service Farms and Service Application federation: Makes solution more complex, understand limitations upfront. Managed Metadata Service is a good service to federate.


So many good sessions in parallel – Future of Infopath or the session by Spencer Harbar about Identity Federation (homework) – I am still glad that I attended Wictor’s session, good stuff, I learned quite a lot and “refreshed” many topics I tend to forget. The room was packed, there is obviously a huge demand!

Wictor delivered so many stuff in a short time (my notes are therefore not complete!) – he is really fast paced Smiley

SharePoint 2013 Search Preview for Documents hosted in SharePoint 2010

22 Nov 2013
November 22, 2013

Recently I talked to some clients because of a “Search-First” SharePoint 2013 migration (more about this topic will follow). During a training this week I got aware of a serious issue with the “Search-first” approach, especially with the really nice Office Web Apps 2013 Search Previews you get for free (read only!).


Some clients want to start their migration with setting up a new SharePoint 2013 farm. This new farm then crawls the old SharePoint 2010 farm. After successfully crawling it, the SharePoint 2013 farm then publishes its Search Service to the SharePoint 2010 farm. So far so good. But what happens with all the new shiny features in the Search UI? Nothing. Until now everything works as it should – you now get better search results in your existing SharePoint 2010 environment.

Now let’s take it a step further. Replace the SharePoint 2010 Search Center with a Search Center hosted in SharePoint 2013 – replacing is actually wrong, you have to do a redirect from the SharePoint 2010 environment to the Search Center in SharePoint 2013 – with the Search Preview, Display Templates and all the good stuff. Pretty great, I totally love the new features and the business value you can create with it:

SharePoint 2013 Preview of PowerPoint document hosted in SharePoint 2013

SharePoint 2013 Preview of PowerPoint document hosted in SharePoint 2013

But here is the Problem: You crawled the SharePoint 2010 environment – by default you wont get a Preview for documents in the old environment:

Preview of a document hosted in SharePoint 2010

Preview of a document hosted in SharePoint 2010

There is a great article by Murad Sæter how you could substitute the Preview with Office Web Apps 2010 (the service application in SharePoint 2010 that needs expensive Office 2010 licenses!). Many of my clients don’t have the Office 2010 licenses – many of them still use Office 2007 – so a show stopper. PDF Preview with old Office Web Apps – nope. This additionally applies to documents hosted on a fileshare – that does not work either.


So we have Security Trimming in SharePoint Search – you only see what you are allowed to see. Why is there now Preview?

Thats because of oAuth – or better the inability of SharePoint 2010 to understand and accept oAuth (great explanation here by Kirk Ewans).

Behind the scenes

The following happens when you hover over search result that is suitable for a Preview – let’s name the searching user Max:

  1. The search crawler created a link to render a document in the browser. This link is stored in the property ServerRedirectedURL or ServerRedirectedEmbedURL.
  2. This link points to a SharePoint Page called WopiFrame (e.g. http://sharepoint2013/_layouts/15/WopiFrame.aspx?sourcedoc=/Documents/OSP218.pptx&action=default&DefaultItemOpen=1)
  3. This WopiFrame page knows the url to the bound Office Web Apps Server and redirects the request to it. With three parameters: The sourcedoc of the document to render, an oAuth access token and an oAuth time to live token.
  4. The Office Web Apps server, in order to render the document and deliver it back, needs the document to render – of course. Because we left the original server where Max was authenticated – we don’t have this client context anymore – the request from the Office Web Apps back to the SharePoint 2013 server to get the document is anonymously. But why does the SharePoint delivers our precious document? Thats because of the oAuth access token – SharePoint 2013 can validate it and accepts the request like one Max would actually do.
  5. After some computing and drawing time, the Office Web Apps server delivers the preview back to Max.

Because SharePoint 2010 does not understand and accept anonymously requests (most of the time) – and does not understand oAuth tokens – Office Web Apps 2013 do not render Documents hosted on SharePoint 2010.

 Solution: SharePoint 2013 Search Preview for Documents hosted in SharePoint 2010

Figuring out a solution cost me 4 days “brain time” – thinking about the problem – understand the root cause – analyzing options. And chatting with some really nice guys – more about this later.

In the following picture I show you the flow how the requests go from one server to another:

Flow of the requests to render a document hosted in SharePoint 2010

Flow of the requests to render a document hosted in SharePoint 2010

In order to make this all happen, I created a SharePoint Farm Solution (full trust) that needs to be deployed on the SharePoint 2013 side. This provides two handlers that do the following.

SP2010Redirect.ashx: Accepts the initial user request and generates a url that contains the document that should be rendered (full url), the requesting user (domain login) and a simple hash (prevents tampering with the data – no real security!) – that guy is for step (1) in the flow.

SP2010Preview.ashx: Accepts the request back from the Office Web Apps server with the full url of the document, the user login and the hash. With those three values it can check the integrity of the parameters, download the document of the SharePoint 2010 (or what system you like) and  returns it to the Office Web Apps server. This page handles step (3) to step (6).

Pictures / Video or it did not happen!


Working Preview of Document hosted in SharePoint 2010

Working Preview of Document hosted in SharePoint 2010

Flaws of the current implementation /

Room for improvement

The code I am going to share is no production ready code – there are magic, hard-coded values in it. I only demonstrate how I did it. No warranties for what so ever.

So why don’t I use oAuth and the WOPIFrame for all the security stuff? Thats because of wonderful internal classes. Dear Microsoft – please open up so I can implement a secure approach.  If I miss a thing and can actually use oAuth directly – please let me know!

Again in other words: If you can create the hash that is passed along for anti-tampering, the SP2010Preview.ashx will download you every document of the SP2010 (this is serious!!) – in my code I did not implement the security check for the given user anyways 🙂 Neither did I add the display template – but its so easy to change it, you will figure it out.

Grab the demo code here.


I really love the SharePoint community – there are a lot of helpful and awesome guys out there. To quote a few that really helped me figuring out this solution:


Install Office Web Apps 2013 for SharePoint 2013 – with PDF Preview

17 May 2013
May 17, 2013

Preview of Office Documents (this includes PDF) is a huge benefit when you are searching for information – you can quickly identify if the document is the one you are looking for or skimming/scanning a document efficiently. To get the preview up and running you have to install Office Web Apps 2013 – PDF preview was added in March Public Update 2013 – that’s great, many clients have asked me why there is no support in the 2010 stack. But its 2013 – so let’s install Office Web Apps 2013 for SharePoint 2013!


I did the following steps on my SharePoint 2013 DEV environment. The SP2013 environment was already on March PU because of the awesome AutoSPInstaller/AutoSPSourceBuilder combo. As host I used a virtualized (Hyper-V) Windows Server 2012 with 4 cores and 5gb RAM on my Notebook (Lenovo W520).


You can’t install Office Web Apps on a SharePoint or SQL Server. Additionally the SharePoint Server has to use claims-based authentication. Read all the requirements here.

7 easy steps!

  1. Install the PreRequisites
  2. Restart the computer
  3. Download and install Office Web Apps 2013
  4. Download and install March Public Update for OWA 2013
  5. Create the OWA Farm
  6. Configure the binding on the SharePoint side
  7. Do a full crawl

PreRequisites for Server 2012

Note: For PreRequisites of Server 2008 R2 read the technet article. If you can not install KB2592525 read this blog post by Markus Nöbauer.

The installer of the Office Web Apps 2013 is a little bit limited – other than the SharePoint 2013 it does not configure the host. But at least you can automate the whole process. Run PowerShell as admin on the OWA server:

Restart the computer afterwards.

PowerShell addicted – starting to automate the PreRequisites installation.

Download and install Office Web Apps 2013

The installation is quite simple, hit next several times – nothing magic here.

OWA installation folder

OWA installation in progress

OWA installation in progress

Download and install the March Public Update

After the installation just copy the OWA March 2013 PU on the box and install it. Again, an easy task.

Installing March PU 2013

Create the OWA Farm

After installation and patching, we have to use PowerShell again:

With New-OfficeWebAppsFarm – you have certainly guessed it – we created the first node of our OWA farm, just replace the internal url with your hostname/FQDN. Because I have a simple DEV environment I did not use https and allowed editing – for editing you need Office licenses, view-only is free (awesome, thanks!). Add the OWA binding on the SharePoint machine, run this in a SharePoint Powershell:

Two commands and the two are coupled – great.


In my opinion seeing the document upfront is huge – a picture worth a thousand words – sooo true! Lets look at the result:

A preview in a document library

A picture is worth a thousand words – I like the preview.

Enable PDF Preview in Search results

Wictor wrote a nice article about how to enable the PDF-Preview – if you followed my guide you do not need to enable it, it’s already set. The only part that is missing is the Display Template.

The quick and dirty Powershell approach to enable PDF Previews in search results:

Do a full crawl

There is one managed property containing the link how to embed the preview of the document – this one is built during a crawl. So just do a full crawl and everything should be set.

Short video

If you wanna see the Preview in action, watch the following video:


The Server must be joined to a domain:

Install PreReqs for OWA RC:




Office Web Apps Powershell cmdlets:

Do you like it?

Questions, comments or feedback, just hit the comments!

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.