Product Documentation

SharePoint

Jun 05, 2015
Updated: 2013-10-31
The SharePoint 2010 and 2013 services deliver SharePoint web sites to customers for sharing documents and information from the cloud. Services Manager integrates with SharePoint servers through a Windows Communication Foundation (WCF) service. This topic includes the following sections:

Supported versions

The SharePoint services support the following SharePoint server, IIS, and Services Manager versions:
Service Name SharePoint Server Version IIS Version CloudPortal Services Manager Version
SharePoint 2013
  • SharePoint Enterprise 2013
  • SharePoint Standard 2013
  • SharePoint Foundation 2013
  • IIS 7.5
  • IIS 8.0
CloudPortal Services Manager 11.0.1
SharePoint 2010
  • SharePoint Enterprise 2010
  • SharePoint Foundation 2010
  • IIS 7.0
  • IIS 7.5
  • CloudPortal Services Manager 11.0
  • CloudPortal Services Manager 11.0.1

To upgrade your Services Manager deployment from Version 11.0 to Version 11.0.1, see CTX138867, "Upgrading CloudPortal Services Manager 11.0 to Version 11.0.1," in the Citrix Knowledge Center.

Service coexistence

CloudPortal Services Manager 11.0.1 supports deploying the SharePoint 2010 and SharePoint 2013 services in a single location.

Service migration

Migrating customers from the SharePoint 2010 service to the SharePoint 2013 service includes the following tasks:

SharePoint server requirements

When preparing the server that will be hosting the SharePoint web service, ensure the following requirements are met. These requirements apply to both SharePoint 2010 and SharePoint 2013 unless otherwise specified.
Operating system
Install one of the following operating systems:
  • SharePoint 2010: Windows Server 2008 (minimum)
  • SharePoint 2013:
    • Windows Server 2008 R2 SP1 Standard, Enterprise, or Datacenter (64-bit)
    • Windows Server 2012 Standard or Datacenter (64-bit)
Remote Desktop Services Enabled.
Windows Server roles
Enable the following roles:
  • Web Server > Application Development > ASP.NET
  • Web Server > Security > Windows Authentication
  • Management Tools > IIS Management Console
  • Management Tools > IIS Management Scripts and Tools
SharePoint site DNS management Install and configure the DNS service to enable Services Manager to manage DNS for SharePoint sites.
Web hosting service Install and configure the Windows Web Hosting service on the same SharePoint server that hosts the SharePoint web service.
Service ports Open ports 8095-8098 and 5985 from the server hosting the SharePoint and Windows Web Hosting services to the Services Manager Web and Provisioning platform servers.
Loopback check
SharePoint 2010: Disabled. To do this:
  1. From the Registry Editor, select the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
  2. Right-click Lsa, point to New, and select DWORD Value.
  3. Type DisableLoopbackCheck.
  4. Right-click DisableLoopbackCheck, then select Modify.
  5. In the Value field, type 1.
  6. Restart the server.

PowerShell remoting requirements

SharePoint 2010 and 2013 use PowerShell remoting to communicate with other servers in the environment. PowerShell remoting must be enabled on the SharePoint server as well as on the Web and Provisioning servers in your Services Manager deployment. Additionally, Credential Security Service Provider (CredSSP) authentication must be enabled.

SharePoint 2010

When you install the SharePoint 2010 web service, the Services Manager Configuration Tool configures PowerShell remoting by performing the following tasks:
  • Configures local policies:
    • Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service > Allow CredSSP Authentication
    • Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Client > Allow CredSSP Authentication
    • Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Fresh Credentials with NTLM-only Server Authentication (SPN=WSMAN/*domain)
    • Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Delegating Fresh Credentials (SPN=WSMAN/*domain)
    • Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Specify maximum amount of memory in MB per Shell
  • Checks for existing WinRM listeners. If a listener is not detected, winrm quickconfig is executed.

SharePoint 2013

Before you install the SharePoint 2013 web service, perform the following tasks to configure PowerShell remoting:
  • Enable PowerShell remoting by running the following cmdlet on the SharePoint, Web, and Provisioning servers:
    Enable-PSRemoting -Force
  • Enable CredSSP by running the following PowerShell cmdlets:
    • On the SharePoint 2013 server:
      Enable-WSManCredSSP -Role Server
      Note: After the script finishes, restart the server.
    • On the SharePoint, Web, and Provisioning servers:
      Enable-WSManCredSSP -Role Client -DelegateComputer *.domain
  • Enable and configure the following local policies on the SharePoint 2013 server:
    • Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Fresh Credentials with NTLM-only Server Authentication (SPN=WSMAN/*.domain)
    • Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow Delegating Fresh Credentials (SPN=WSMAN/*.domain)
    • Computer Configuration > Administrative Templates > Windows Components > Windows Remote Shell > Specify maximum amount of memory in MB per Shell

SharePoint account requirements

The requirements in this section are applicable to both SharePoint 2010 and SharePoint 2013 unless otherwise specified.

  • Add the service account used for the SharePoint web service deployment and configurations to the farm. Use the cmdlet Get-SPShellAdmin to look up the account name.
  • Add the web service account to the local Administrators group on the server hosting the SharePoint 2010 or SharePoint 2013 web service.
  • Add the web service account to the following security groups:
    • SharePoint Farm Administrators (SharePoint 2010)
    • Farm Administrators (SharePoint 2013)
    • Domain Admins
    • CortexWSUsers
    • CortexAdmins
  • Add the web service account to the following roles on the SQL Server deployed with SharePoint 2010 or SharePoint 2013:
    • SharePoint_Shell_Access
    • Dbcreator
    • Securityadmin
    • Sysadmin
    • Public
  • Ensure the web service account is a member of SharePoint Shell Admins and the SharePoint Process Account. You can verify these memberships by using the following cmdlets:
    • Get-SPShellAdmin
    • Get-SPProcessAccount

Reporting requirements for SharePoint 2013

Important: To ensure usage of the SharePoint 2013 service is correctly reported on the distributor report included in Services Manager, apply the fix as described in the Knowledge Center article CTX139274, "CloudPortal Services Manager Distributor Report Incorrectly Reporting Usage," to your Services Manager deployment. This fix is required prior to deploying the SharePoint 2013 service.

Service deployment overview

Typically, deploying the SharePoint 2010 and 2013 services involve the following tasks:
  1. Configure the DNS service using the Services Manager control panel and provision to customers.
  2. Install and configure the Windows Web Hosting web service on the SharePoint server that hosts the SharePoint web service.
  3. Install the SharePoint web service on the SharePoint farm server.
  4. Configure the SharePoint web service using the control panel.
  5. Add SharePoint farms to the control panel and configure for multi-tenancy.
  6. Add and configure SharePoint feature packs, if applicable.
  7. Configure SSL certificates for provisioning to customer sites. (SharePoint 2013)
  8. Provision the SharePoint service to customers.

The SharePoint web service is deployed on the application (front-end) server in the SharePoint farm. During the web service installation process, the Services Manager Configuration Tool sets the SharePoint web service to the same application pool identity as the SharePoint Central Administration site. This configuration is required for Services Manager to provision SharePoint resources.

For deployment instructions, see Deploy the SharePoint 2010 service.

Web service deployment methods

You can deploy the SharePoint web service in the following ways:
  • As a dedicated web service, where each SharePoint server in your deployment hosts the SharePoint web service. To complete provisioning requests, each SharePoint server communicates directly with the Web and Provisioning servers as appropriate.
  • As a shared web service, where the SharePoint web service is hosted on a single SharePoint server in your deployment. To complete provisioning requests, this server communicates directly with the Web and Provisioning servers, and also connects with the other SharePoint servers in the deployment as needed using PowerShell remoting.

Citrix recommends deploying the SharePoint web service as a dedicated web service. This method improves performance by avoiding the potential for "double-hopping," where web service connections are relayed through a single point to other SharePoint servers. Using a dedicated web service also improves reliability in the event of a server failure, as there are other SharePoint servers that can provide web service connections.

DNS provisioning

You can enable DNS provisioning for SharePoint sites you provision through Services Manager. To do this, you must deploy the DNS service and provision it to customers. The following table describes DNS provisioning support in the SharePoint 2010 and SharePoint 2013 services.
Service name Supported DNS record types DNS record configuration DNS enabled by default?
SharePoint 2010
  • Host (A)
  • CNAME
  • Control panel: Configuration > System Manager > Service Deployment > SharePoint 2010 > Service Settings
  • Manages only one record type at a time. Changing the DNS record type after sites are created is not recommended as it results in duplication of DNS records.
No
SharePoint 2013 Host (A) Control panel: Configuration > System Manager > Service Deployment > SharePoint 2013 > Service Settings Yes
When a SharePoint site is provisioned, a DNS record is created if the following requirements are met:
  • A DNS record type is defined for the site.
  • The SharePoint site URL includes a subdomain (for example, http://site01.sharepoint-domain.com).
  • The DNS zone for the site is provisioned to the customer (for example, if the site URL is "site01.sharepoint-domain.com," the DNS zone "sharepoint-domain.com" must be provisioned to the customer before the site is provisioned.
After the DNS record is created, you can view the record using the following methods:
  • From the control panel: Services > DNS > DNS Records
  • From the DNS server, using the DNS Manager snap-in, under Forward Lookup Zones for the domain

For instructions on enabling DNS provisioning for SharePoint 2010 sites, see To enable DNS for the SharePoint 2010 service.

SharePoint 2013 licensing and Web Apps

In Services Manager, SharePoint 2013 farms can have one of the following licenses: Foundation, Standard, or Enterprise.

When a SharePoint farm has only Foundation features enabled, customers are billed for each site with access to those features. When a farm has Standard or Enterprise features enabled, customers are billed for each user provisioned to a site with access to those features. For users of Standard or Enterprise sites, the license they are provisioned governs the set of features that are available when they access the site. For example, if a user has a Standard license and accesses a site with Enterprise features, the license allows the user to access only the Standard set of features on the site.

To determine whether or not per-user licensing is enabled for a farm, use the SharePoint cmdlet Get-SPUserLicensing.

When you create a SharePoint farm through the control panel, the farm has Foundation licensing by default. You can configure the license on the Services > SharePoint 2013 > Farm Configuration page. However, after the farm is provisioned to a customer, you cannot modify the license.

For farms with Standard or Enterprise licenses, you can also enable Microsoft Office document editing and Microsoft Project features within SharePoint. These options have the following requirements:
To use this option... These items are required...
Edit Office Web Apps
  • Users must have licenses to use Office applications
  • SharePoint farm must be configured to work with Office Web Apps Server
Project Web Apps
  • Users must have licenses to use Project
  • SharePoint farm must be configured to work with Project Web App

When these options are enabled for the farm, you can choose to enable these options for users that are provisioned with Standard or Enterprise user plans (and the appropriate product licenses). These options apply to all sites to which users are provisioned. For example, if a user has the Edit Office Web Apps option enabled and has a Microsoft Word user license, the user can modify Word documents stored on all of the SharePoint sites to which the user has access. However, if the Edit Office Apps option is disabled for the user, then the user can no longer modify Word documents on any of their sites.

When these options are enabled for a user, the user is added to the following security groups:
  • SharePoint2013 EditOfficeWebApps
  • SharePoint2013 Project