Configuring SharePoint Server 2010 Provider and Consumer farms (Farm Federation)


Note: This post is based on Beta 2 and is subject to change in future releases.

I highly recommend to review the Services in SharePoint 2010 Products diagram, Publish a service application (SharePoint Server 2010) and

Connect to a service application on a remote farm (SharePoint Server 2010) on SP 2010 TechNet site before trying the following steps.

In this post I am going over steps required to configure farm federation to share specific services in a provider farm to be consumed by consumer farm(s). These steps have been validated against Beta build (4536.1000) and is subject to change for RTM release.

In this scenario SHPT-MIG-07 acts as a provider farm publishing search and managed metadata services and SHPT-MIG-06 as consumer.

Exporting required certificates

  1. On machine hosting CA for provider farm export root certificate by running the following cmdlets :
    $rootCert = (Get-SPCertificateAuthority).RootCertificate
    $rootCert.Export("Cert") | Set-Content "C:\PublisherFarmRoot.cer" -Encoding byte
  2. On machine hosting CA for consumer farm export root certificate by running the following cmdlets:
    $rootCert = (Get-SPCertificateAuthority).RootCertificate
    $rootCert.Export("Cert") | Set-Content "C:\ConsumerFarmRoot.cer" -Encoding byte
  3. On machine hosting CA for consumer farm  export Security Token Service (STS) certificate by running the following cmdlets:
    $stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
    $stsCert.Export("Cert") | Set-Content "C:\ConsumerFarmSTS.cer" -Encoding byte
  4. Copy above certificates from Publisher to Consumer and vice versa.

Configuring trust between Consumer and Provider farms

  1. On machine hosting CA for provider farm import root certificate from consumer farm and create a Trusted Root Authority by running the following cmdlets:
    $trustCert = Get-PfxCertificate "C:\ConsumerFarmRoot.cer"
    New-SPTrustedRootAuthority "ConsumerFarm" -Certificate $trustCert
  2. On machine hosting CA for provider farm import STS certificated from consumer farm and create a Trusted Service Tokern Issuer by running the following cmdlets:
    $stsCert = Get-PfxCertificate "c:\ConsumerFarmSTS.cer"
    New-SPTrustedServiceTokenIssuer "ConsumerFarm" -Certificate $stsCert
  3. Go to CA on the provider farm, select “Security” and click on “Manage trust” link and make sure that the certificates are imported successfully:
    image
  4. On machine hosting CA for consumer farm import root certificate from provider farm and create a Trusted Root Authority by running the following cmdlets:
    $trustCert = Get-PfxCertificate "C:\PublisherFarmRoot.cer"
    New-SPTrustedRootAuthority "PublisherFarm" -Certificate $trustCert
  5. Go to CA on the consumer farm, select “Security” and click on “Manage trust” link and make sure that the certificates are imported successfully:
    image
  6. Run IISRESET on both farms.

Publishing services using Central Administration site (Provider farm)

  1. Go to CA for the provider farm, select “Application Management” and click on “Manage service applications”.
  2. Select the desired search service application and click “Publish” icon on the ribbon:
    image
    Make sure to check the “Publish this Service Application to other farms” and copy the “Published URL” and press “OK”.
  3. Follow the same step for desired managed metadata service.
  4. For managed metadata service make sure to click “Permissions” icon on ribbon and add required claims for service accounts:
    image

Connecting to published services in Consumer farm

  1. Go to CA for the consumer farm, select “Application Management” and click on “Manage service applications”.
    Click “Connect” icon on ribbon and select the desired service proxy:
    image
  2. Paste the  “Published URL” for the published service application you want to create the proxy and press “OK”.
    image
  3. Repeat the same steps for other services, make sure that all proxies are listed in the service application list in the consumer farm.
     image
  4. Make sure that you have access to “Term Store Management Tool” by selecting the remote managed metadata service proxy and then click “Manage” icon on the ribbon:
    image

Leveraging the shared services in consumer farm

  1. Go to “Search Center” in consumer farm and validate that you can get results from provider farm for both People and Content search.
    image
    image
  2.   Assuming that a content type hub is already configured for a site collection in provider farm, in consumer farm from site collection’s “Site Settings” page click “Content type publishing” and  select a shared content type.
    image 
    Note. make sure that “Content Type Subscriber” job is running for the web application hosting the consumer site collection.
  3. Add the shared content type to your desired list, form or document library and confirm that you have access to managed columns, etc.
    image
    image 
Comments (0)

Skip to main content