Lately, I’ve seen a common theme in our collaboration architecture design sessions with cloud-hesitant enterprise customers who want to simplify deployments and enable new scenarios. I’ve had two large Midwest manufacturing companies come to me with similar footprints and goals in just the last two weeks. The trend I’ve seen is common among customers and looks a lot like this:
Where Does the Cloud Come In?Manufacturing companies and most enterprises today work with a lot of trading partners, so there’s a strong need to share documents both within the organization and beyond. Enter: the cloud. Specifically, Microsoft Office 365 and Windows Azure Active Directory Rights Management (the new cloud service for Active Directory Rights Management Services).
So how do customers benefit from cloud services in a managed way? From its design, SharePoint 2013 is workload oriented and can be configured in a hybrid environment where some workloads exist on-premises and some run in the cloud. To begin, two entry-point workloads are prime candidates to consider for a hybrid SharePoint Online/SharePoint on-premises architecture:
Migrating an existing extranet to Office 365 is often a relatively simple process and offers the ability to use Office 2013 Web Apps to consume documents from the extranet. This is advantageous to enterprise customers because the documents can be searched and viewed in Office Web Apps without being downloaded and tends to work well across a wide area network (WAN) for worldwide partner consumption (the individual webpages are downloaded over the WAN, usually not the entire document). Additionally, moving the extranet to Office 365 gives customers the ability to “share” documents in SharePoint 2013 with an external recipient directly from the document library. This is much more difficult to enable from an on-premises deployment because it requires a reverse proxy and other infrastructural requirements. Office 365 supports external document sharing (as desired) without additional infrastructure.
SkyDrive Pro provides a way to capture and manage business documents that employees otherwise store on their devices and could be lost or stolen over time. Like many companies, the two manufacturing firms that came to MTC Chicago hadn’t yet deployed or fully utilized SharePoint My Sites. SkyDrive Pro (part of My Sites – now called Personal Sites) provides online and offline access to documents with automatic synchronization across various devices and will soon provide 25 gigabytes of storage space. By hosting this workload on Office 365, employees can access their SkyDrive repositories in a variety of mobile scenarios and share documents as they would in the extranet scenario (right-click a document and choose “share” to share with a trading partner).
More Secure, Encrypted Document ExchangeThere is another huge benefit to the hybrid architecture that many customers aren’t aware of and that is secure encrypted document exchange with Rights Management Services (RMS). Microsoft has offered RMS as an on-premises solution for a number of years, but the previous RMS (Active Directory RMS) was hard to deploy, didn’t work on many devices, and didn’t protect all file types.
With Office 365, customers can add services as needed because core “identity” will now be established between enterprise on-premises identity (Active Directory or other supported identity providers) and the cloud (Windows Azure Active Directory). Windows Azure Active Directory (AD) is the cloud identity service used by Office 365 and will synchronize with an on-premises AD, enabling single sign-on. Establishing an enterprise Windows Azure AD tenant (part of setting up Office 365) provides the ability to add features like Windows Azure AD Rights Management. An added benefit to establishing a hybrid Office 365 environment is that the customer can now leverage RMS with little to no additional work.
File Sharing Without Deploying InfrastructureWindows Azure AD Rights Management enables rights management today in SharePoint Online and Exchange Online with a single click. But the beauty of Windows Azure AD Rights Management extends well beyond Office 365. As mentioned, the previous RMS is an established document security technology that’s been difficult to deploy and has its challenges. But customers want to send documents to trading partners and have those documents consumed on heterogeneous devices while still protecting their intellectual property. The Windows Azure AD Rights Management cloud service will provide the ability to protect any file type, support six platforms through software development kits and apps (Windows, Windows tablets, Windows Phones, iOS, Android, and Mac OS), provide B2B file sharing, and enable free consumption for individuals on the receiving end of encrypted documents. All that without deploying more infrastructure.
Here’s how it works: Microsoft is building apps for a number of the platforms and devices mentioned above. If a manufacturing customer sends a Rights Management-encrypted document out to a partner (attached to an email, for example), the partner will first be challenged to prove that they own the email account and will then be allowed to sign up for the free Rights Management individual account (creating a Windows Azure Active Directory identity). They can then download the Rights Management app for their device and consume the document according to the rights they’ve been assigned.
The story is actually even more compelling for the hybrid SharePoint on-premises and Office 365 architecture. Not only can the customer more securely share content from the Office 365 extranet and SkyDrive Pro, but they can also connect their on-premises SharePoint 2013 and Exchange 2013 environments to Rights Management through the Windows Azure AD Rights Management Connector without deploying it on-premises. That’s the beauty of the cloud.
Deployment has always been the nemesis of on-premises RMS, but it’s no longer necessary. Customers also gain near real-time logging services for document usage. Additionally, Rights Management encryption will work in other repositories that are not RMS-aware, as the encryption flows with the document. This is incredibly cool and something that customers need to understand and consider. Windows Azure AD Rights Management is available as part of Office 365 today, but the extensions to multiple devices and an on-premises SharePoint/Exchange environment is rolling out very shortly. More information can be found here. There’s also a white paper that covers the architecture in detail.
I meet a lot of customers who come to the MTC looking for new ways to approach collaboration. Large enterprise accounts are often too big and complex for a rip-and-replace approach or to migrate everything to something new. A hybrid environment is a trend that enables new workloads to leverage the cloud and, subsequently, incorporate collaborative document security like Rights Management. Security-enhanced documents, collaboration with external partners, support for multiple devices, little to nothing to deploy—that’s huge!