Category: SharePoint

Why Hybrid SharePoint Isn’t Halfway to the Cloud

Despite a strong push or desire by organizations to move to the cloud, 2015 will undoubtedly be the year that many organizations move to a hybrid SharePoint environment. And that’s where the confusion begins. The term “hybrid SharePoint” can mean different things depending on how you choose to adopt the cloud.

Everyone from Microsoft to third-party cloud hosting providers offer differing definitions of hybrid SharePoint. For me, it means running SharePoint on-premises and in the cloud leveraging Office 365/SharePoint Online, third-party hosting providers, or simply running SharePoint with your favorite IaaS provider.

Ultimately hybrid SharePoint is a safer approach as organizations already have long tail plans to move to the cloud when the time is right. And hybrid solutions allow organizations to provision new workloads or start moving existing workloads to the cloud. For many organizations the long-term goal is to move as many workloads to the cloud as possible. Hybrid SharePoint offers these organizations additional flexibility and granularity that allows teams to move, manage and secure one or several workloads.

In addition, a new practice is emerging which sees SharePoint admins using the cloud to create new workloads in test environments that will eventually replace their current workloads. While this involves more effort, it’s a clean and practical approach that provides SharePoint professionals with an option eliminates the legacy dependencies that occur when moving existing workloads to the cloud.

As you can see, hybrid SharePoint has many meanings. For one admin, it might mean embracing Office 365 as a way to collaborate with external users or trading partners. For another, it could mean offloading critical workloads to better support a mobile workforce. Yet, the one overriding observation that we can take from all of this is that for many the hybrid cloud is considered a halfway step to the cloud.

If BLOB Externalization Is Right for Office 365 Then Why Not for My Growing SharePoint Environment?

It’s no secret that third party BLOB externalization solutions have provided tremendous value to organizations with growing SharePoint environments. The capability first appeared in SharePoint 2007 as BLOB Storage (EBS) and later in SharePoint 2010 as Remote BLOB Storage (RBS).

The value of RBS/EBS has always been clear. Removing BLOBs from the SharePoint database increases file access performance, allows for scalability in a cost effective manner, reduces storage costs and improves backup performance. Despite the clear value of BLOB externalization guidance on whether to use RBS/EBS varies wildly depending who was dispensing the advice, many SharePoint MVPs, consultants and even some Microsoft employees aggressively recommended against using BLOB externalization. Yes, there have been supporters of BLOB externalization including Microsoft’s own Bill Baer. However, guidance on whether to use RBS/EBS has been, at best, chock-full of contradictions.

Microsoft recently disclosed the inner workings of Fort Knox, a project that aims to bring increased security to Office 365 through the use of heavy encryption. Fort Knox is being described as RBS-like as it externalizes and stores file shreds across multiple Azure blob storage containers while encrypting each shred with AES 256 bit encryption. Yes, this isn’t RBS in its purest form but rather a custom, one-off BLOB externalization capability developed by the Microsoft product team for Office 365. Regardless, the Fort Knox project is BLOB externalization. Ironically this capability has been available from third party RBS providers since the introduction of SharePoint 2010 and even earlier leveraging EBS with SharePoint 2007.

The process of removing a BLOB from a SharePoint content database creates an opportunity to perform certain functions such as encrypting BLOBs, thus allowing a higher level of protection in transit and at rest. Encryption of files is only possible when externalizing BLOBs for SharePoint Content Databases. Yes, Transparent Data Encryption (TDE) is a possibility but requires that the entire database be encrypted. TDE is not without its caveats including the potential for performance degradation.

It may be time to revisit whether BLOB externalization is right for your growing, more secure SharePoint environment. Heavy encryption of externalized content is just another feather in the cap of BLOB externalization. Unofficially the BLOB externalization capability used by Office 365 is employed to provide more than just encryption of files at rest. Consider the massive size of Office 365 farms and you have to assume that scalability, backup, and high availability are all challenges for such a massive deployment of SharePoint. So you have to ask yourself, if BLOB externalization is the right answer for Office 365 shouldn’t it also be right for my growing SharePoint environment?