Multi tenancy ACS

Similar Messages

• Multi-tenancy for a seperate business unit

  Apparently, we can't do multi-tenancy with SCSM 2012 R2 (see link below).  We'd like setup SCSM for one of our business units, but we don't want any of their stuff mingling with our IT stuff.  It looks like we'll have to create a
  new Management Group.  Is it possible to create a new Management Group on the same server as our current IT Management Group, or do we need a new server ?
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/0891a803-c5f6-4e21-9958-ea4adc2381c6/scsm-2012-multitenant-architecture
  Also, to save some work, is there a way to export settings (eg. for the connectors) from our current IT Management Group to the new Management Group ?
  Thanks

  Hi,
  as per Microsoft Definition "The Service Manager management server and its associated Service Manager database make up a Service Manager management group." This means, that if you need additional Service Manager Management Groups, you have to install
  additional servers.
  I find it very handy, that you can leverage a single data warehouse Management Group and centralize your reporting if you register your many Service Manager management groups with a single data warehouse management group:
  "In your enterprise, you might create multiple Service Manager management groups. You can centralize reporting for multiple Service Manager management groups by registering multiple Service Manager management groups with a single data warehouse management
  group."
  Source:
  Planning for System Center 2012 - Service Manager Deployment
  https://technet.microsoft.com/en-us/library/hh519640.aspx
  About exporting your settings...They should be stored in management packs, which you can import in the new management group. About the connectors - you have to recreate them in the new environment and this shouldn't be a big administrative effort. It will
  take probably not more than 30 Minutes to recreate all possible connectors.
  I hope I could help you further.
  Best Regards,
  Stoyan

• Sharepoint 2013 setup with multi tenancy

  Hi,
  Anybody have a proper guidance on how to setup SP 2013 with multi tenancy ? And aslo it should be with hosting mode, because we are the big hoster.
  We need hosting SP 2013 with multi tenancy.
  Thanks in advance.

  Hi,
  I have made setup a SharePoint 2013 multi-tenancy.
  I have some issues regarding SharePoint 2013. I have created one SharePoint site collection. I've designated myself as a site administrator.  I'm able to login to the new site collection, however when I try to add people from my created SharePoint
  site collection. It shows me "No results found".
  But In central administration, I can add people as well as can give the permissions.
  Any suggestions, How can I troubleshoot ?
  Thanks in Advance.
  /Harish R.

• Anyone using multi-tenancy in 11.1.1.7?

    anyone using multi-tenancy in 11.1.1.7?
  What method are you using. I am looking at using the single schema with the TenantGUID column.

  Can you give me the URL to access that document?
  Thanks,

• Operations Manager 2012 r2 Multi-tenancy

  I'm searching the solution on Multi-tenancy on SCOM 2012 r2. Are there best practices for design and deployment for it? Thanks!!

  Are you looking for this or you can provide more info.
  http://blogs.technet.com/b/servicemanager/archive/2009/12/22/does-service-manager-support-multitenancy-managed-service-providers.aspx
  Juke Chou
  TechNet Community Support

• VPD - suitable for multi-tenancy?

  Would it be a bastardization of the intended capabilities of Oracle virtual private DB to try to use them to convert a single tenacy application into multi-tenancy? The idea would be that there not a 1:1 mapping of schemas to customer, but rather a single schema where all customers' data is retained. Bad idea?

  That would be perfectly in keeping with the intended use of VPD. That's one of the primary reasons for that functionality to exist.
  Justin

• Multi tenancy with schema per tenant

  Hello,
  I am tryign to run multi tenancy with schema per tenant. It seems to work good when tenant ID is set in XML as a property for persistance unit.
  But I need to set tenant in code. Is that possible? How?
  I found this article:
  codecrafters.blogspot.it/2013/03/multi-tenant-cloud-applications-with.html
  So I tried to set it in doBegin method in custom transaction manager. But that doesn't work. I guess relation descriptors aren't updated right.
  I could provide more info with exception stack also but first... have I pick the right approach?
  Thanks!
  Martin

  UPDATE 26.6.2015: This isn't completelly right solution. Read also comments below or go to my article at http://www.mafospace.com/articles/multi-tenancy-with-eclipselink-and-inherited-entities
  I've solved it finally. Maybe it will be helpful for someone. I've done that in similar way as described in article I linked in first post. Through custom transaction manager.
  import org.eclipse.persistence.config.PersistenceUnitProperties;
  import org.eclipse.persistence.internal.jpa.EntityManagerImpl;
  import org.eclipse.persistence.sessions.coordination.MetadataRefreshListener;
  import org.eclipse.persistence.sessions.server.ServerSession;
  import org.springframework.orm.jpa.JpaTransactionManager;
  import sk.bantip.hotel.server.security.SecurityHelper;
  import javax.persistence.EntityManager;
  import java.util.HashMap;
  import java.util.Map;
  public class MultiTenantJpaTransactionManager extends JpaTransactionManager {
  * NOTE:
  * Maybe it would be also possible to replace existing entityManager in transaction with new but it
  * isn't a good idea because of rollback and other problems.
  * So when new tenant is required always start new transaction for it.
  @Override
  protected javax.persistence.EntityManager createEntityManagerForTransaction() {
  EntityManager em = super.createEntityManagerForTransaction();
  boolean refreshed = false;
  String actualTenant = null;
  ServerSession ss = ((EntityManagerImpl) em.getDelegate()).getServerSession();
  Map sessionProp = ss.getProperties();
  actualTenant = (String) sessionProp.get(PersistenceUnitProperties.MULTITENANT_PROPERTY_DEFAULT);
  // don't run it if tenant didn't change
  // it should be quite faster then
  if ((actualTenant == null && SecurityHelper.getActiveTenantSchema() != null) ||
  (actualTenant != null && !actualTenant.equals(SecurityHelper.getActiveTenantSchema()))) {
  // set new tenant as property for actual session
  // while refreshing metadata it will be used from actual session for new session
  sessionProp.put(PersistenceUnitProperties.MULTITENANT_PROPERTY_DEFAULT, SecurityHelper.getActiveTenantSchema());
  MetadataRefreshListener mrl = ((EntityManagerImpl) em.getDelegate()).getServerSession().getRefreshMetadataListener();
  // metadata refresh listener is empty if it was already run for actual transaction (same entity manager)
  // because it is placed in createEntityManagerForTransaction now this shouldn't happen but to be sure...
  if (mrl != null) {
  Map<String, Object> prop = new HashMap<String, Object>();
  // metadata will be refreshed for next created entity manager
  mrl.triggerMetadataRefresh(prop);
  refreshed = true;
  // if metadata for "old" entity manager wasn't refreshed we don't need to create a new one
  return refreshed ? super.createEntityManagerForTransaction() : em;
  Everything seems to work except inheritance with strategy type JOINED now. To fix that use customizer.
  import org.eclipse.persistence.annotations.TenantTableDiscriminatorType;
  import org.eclipse.persistence.config.DescriptorCustomizer;
  import org.eclipse.persistence.descriptors.ClassDescriptor;
  import org.eclipse.persistence.descriptors.TablePerMultitenantPolicy;
  * For some reason when using table per tenant with schema discriminator isn't set good for child
  * entities with inheritance JOINED strategy. It stay as SUFFIX and therefore it doesn't work.
  public class InheritanceJoinedMTFixCustomizer implements DescriptorCustomizer {
  @Override
  public void customize(ClassDescriptor descriptor) throws Exception {
  // set discriminator to SCHEMA
  ((TablePerMultitenantPolicy) descriptor.getMultitenantPolicy())
  .setTenantTableDiscriminatorType(TenantTableDiscriminatorType.SCHEMA);
  And in child entities use it like this:
  @Customizer(InheritanceJoinedMTFixCustomizer.class)
  public class Person extends Contact {

• Learning Solution and Multi-tenancy

  Hello All,
  Does SAP Learning Solution support multi-tenancy/SaaS models?

  Hi,
  I would describe Learning Solution to be built upon the TEM.
  Learning solution provides a web interface where an employee can prebook/book/cancel for the courses available. Also the approvals if required can take place.
  Learning Solution offers E-learning facility that is, web based training courses through its interface.
  The concept of prebook/book/cancel and followup activities is same as TEM but the transactions in ECC are different PSV1 is LSO_PSV1 similarly PSV2 is LSO_PSV2 and so on.
  So if you are going for ESS and Portal and want your employee book courses from web interface then go for learning solution as learning solution also gives e-learning as well.
  Incase of TEM if you want the administrator is only responsible for the training activities then go for TEM,
  But learning solution offers both administrative tasks through LSO* transactions as well as online booking.
  So i suggest you go for Learning solution which by default is present in the new versions of SAP ECC.
  Regards,
  Divya

• HANA multi-tenancy feature

  1. May i know if HANA supports multi-tenancy on production system now?
  2. Also, we found that 'HANA supports the multi-tenancy that built in the application (e.g. CRM) itself'.
     Is it about the SAP HANA cloud applications but not for on premises applications?
     Is this statement valid and what are the differences between the 1. and 2.?

  Hi Joey
  Wikipedia meaning:
  Multitenancy refers to a principle in software architecture where a single instance of the software runs on a server, serving multiple client-organizations (tenants). Multitenancy contrasts with multi-instance architectures where separate software instances (or hardware systems) operate on behalf of different client organizations. With a multitenant architecture, a software application is designed to virtually partition its data and configuration, and each client organization works with a customized virtual application.
  reference: Multitenancy - Wikipedia, the free encyclopedia
  1. May i know if HANA supports multi-tenancy on production system now?
  There is a pilot program ongoing for VMWare.
  So far, such scenario's are not yet officially supported to my knowledge for productive use.
  What I understand under multi-tenancy here is that I could for example serve two customers with one HANA appliance, by running both customers ERP on the same HANA appliance (each with their own DB so two HANA database installations on one HANA appliance) and be supported doing that.
  So, the word "multi-tenancy" is often misused in my opinion and it depends what the source understands under multi-tenancy, on which level that would be (VM wise or SAP software wise or ...).
  If you see multi-tenancy as running both ERP and CRM on a single HANA database then I cannot answer the question as I don't know how much progress was made to make this happen. This is still the vision where things need to move towards, running a single HANA database with all your SAP applications plugged into it.
  2. Also, we found that 'HANA supports the multi-tenancy that built in the application (e.g. CRM) itself'.
  I don't have the context here and the sentence sounds "strange" but if I had to guess, I would guess they mean that some products can run together. For example ERP sidecar scenario + BW can run on a single HANA database (thus instance).
  These combinations are described in SAP notes.
  Best regards
  Tom

• SharePoint 2013 On premise Multi-Tenancy vs full SharePoint

  Hi,
  We have requirements coming in from joint ventures who need their own site collections/sites.
  Rather than trying to implement them on our current full Enterprise SharePoint environment we would setup a seperate SharePoint deployment in multi-tenancy mode with partitioned service applications.
  Before I offer this up as an option I need to let them know if there are any limitations to a multi-tenant environment over the full versions.  I have seen reference to PerformancePoint not being available and it being harder to migrate to O365 in the
  future if needed however I have not found a definitive list.
  Does anyone know where I can find a list of the limitations (if one exists!)?
  Thanks,
  Mark

  There is no specific list of limitations in one concise spot.  But if you read Spence Harbar's articles on Multi-tenancy (for 2010 and 2013) you will find lists of things that don't work in multi-tenancy.  For example, there are several services
  like the Visio graphics service that don't support partitioning of their databases and are therefore a problem for multi-tenancy.  As you mentioned PerformancePoint is another one.  Read both articles and you should be able to compile a list of what
  you need to know.
  http://www.harbar.net/articles/sp2010mt1.aspx
  http://www.harbar.net/articles/sp2013mt.aspx
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Sharepoint 2013 and ADFS 3.0 Multi-Tenancy Problems

  Hi 
  I am hoping someone might be able to help with my scenario.
  Architectural Overview:
  We have a 3-Tier Sharepoint 2013 deployed. In this infrastructure we have the following Servers (1x ADFS server, 1x TMG Proxy for External Access, 2x Web Front-End servers, 1x Application Server, 2x SQL Servers with P2P replication
  On sharepoint we have a multi-tenant setup based on HSNC i.e. with AD integration on domain example.com. We also integrate with a 3rd Party myexample.com which we have ADFS connected to
  site1.example.com
  site2.exmaple.com  
  For both of the sites we have configured the required application and run as per requirements of ADFS 3.0. 
  ADFSserver -> server1.example.com
  DefaultRealm -> urn:sharepoint:site
  site1.example.com -> "https://site1.example.com/_trust/", urn:sharepoint:site1
  with default login page specified /_trust/default.aspx
  site2.example.com -> "https://site2.example.com/_trust/", urn:sharepoint:site2
  with default login page specified /_trust/default.aspx
  On ADFS 3.0 we have realm trusts corresponding to this i.e.
  Trust 1:
  identifier -> "https://site1.example.com/_trust/" , urn:sharepoint:site1
  Endpoint -> "https://site1.example.com/_trust/Pages/Default.aspx
  Trust 2:
  identifier -> "https://site2.example.com/_trust/", urn:sharepoint:site2
  Endpoint -> "https://site2.example.com/_trust/Pages/Default.aspx, urn:sharepoint:site2
  The Problem:
  When accessing the sites from the client browser to test (using Chrome Incognito mode so cookies terminates at close of browser session), I get weird stuff happening on ADFS and Sharepoint. I try site1.example.com and it fails stating that urn:sharepoint:site1
  is not a recognised realm. When looking at the URL request sent to ADFS I can see irrespective of urn set on sharepoint to differentiate, it sends the default urn of urn:sharepoint:site which is not part of the Relay Party Trust in ADFS for site1 or site2.
  This causes the SAML authentication to fail. When I add the default Realm to one of the Trusts then it works fine but then It is not a true multi-tenant environment as requests for both sites gets redirected to a single ADFS endpoint

  Did you set the ProviderRealms on the Trusted Identity Token Issuer?
  http://sharepointobservations.wordpress.com/2013/08/13/adding-host-name-site-collections-to-existing-saml-claims-token-issuer/
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• SCOM 2012R2 Operations Manager Multi-tenancy

  Hi
  I am interested to hear people's deployment experiences with SCOM OpsMgr 2012 R2 in a multi-tenant / Service Provider environment.
  I have an interest in setting up a Management Group that will receive alerts (etc.) from external SCOM 2012 agents located in another geographical location & domain - WITHOUT any AD domain trusts involved. I plan to host my new SCOM 2012 R2 deployment
  in Azure.
  I've looked at the IPD Guide for SCOM but this scenario is out-of-scope of that document. I have read other articles suggesting a 'Gateway Server' - but now I'm confused by the choices for my requirements. Any help / guidance appreciated. Does Microsoft
  have any sample Architecture guides for this approach?
  Thank you

  Hi!
  Usually you put the whole Management Group (Management Server, OPS-DB and DWH-DB) in a shared zone (Azure in your case). In each customers network you place a Gateway Server which is joined to the customers domain. For trusts you need certs for the Management
  Servers and all Gateways from the same root CA. All agents in the customers domain will communicate with the GW, no need for certs as long as they are in the same domain or other domains that have domain level trusts to the domain where the GW is hosted..
  HTH,
  Patrick
  Please remember to click “Mark as Answer” on the post that helped you.
  Patrick Seidl (System Center and Private Cloud)
  Website: http://www.syliance.com
  Blog: http://www.systemcenterrocks.com

• Creating multiple subscriptions for collaborative site collections under same OU in multi-tenancy

  Hi,
  We have an application that creates host based collaborative site collections and MySite Host site collections. We have created two separate web applications for hosting collaborative site collections and Mysite host based site collections as recommended
  by MS.
  For creation of collaborative site collections, we are creating separate site subscriptions for separate site collections. For example, if a tenant has two collaborative site collections as CSC1 and CSC2, then two site subscriptions are created for two CSCs
  under the same tenant. The reason behind the implementation is as follows:
  There is a 1:1 mapping with the featurepack and site subscription. Now if two site collections are created under the same site subscription, then altering the feature pack of any site collection will affect the other one. Whereas, if separate subscriptions
  are created fro separate site collections, then altering the featurepack of any site collection will not affect the other site collections.
  Now, my concern is, will the basic functionalities of SharePoint, like search, user profile, etc, will break for the above implementation. Is there any technical hazard for the above implementation.
  A quick response is appreciated, as we need to deliver a customer  ASAP.
  Thanks in advance,
  Arnab

  Search and UPSA would be part of the Site Subscription, so I'm unsure as to what you're specifically asking.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• SGD and multiple AD domains - hosting apps in multi tenancy model

  Hi folks,
  is it possible to use one SGD installation to authenticate on several Active Directory Domains?
  Documentation says that SGD allows multiple authentication methods...
  If this would not be possible out-of-the-box, please think about how we could implement that? I thought about specifying the DCs in the krb.conf for the different realms....
  Thanks
  Julian

  Currently SGD supports only one LDAP / AD Directory tree.
  What we did is an local LDAP proxy on the SSGD Server, The proxy itsself request multible repositories, With this solution DSI works as well, and you can also mix LDAP/AD trees.
  The current problem with this is, the passwort change mechanisem.

• SharePoint Foundation 2013 - Multi-tenant Install and OneDrive for Business with Yammer i

  Hello,
  After installing SP Foundation 2013 (SP1) with Partitioned service applications we have noticed that while clicking on the "yammer and oneDrive" link the below error message comes up:
  _admin/yammerconfiguration.aspx
  any ideas??
  http://technet.microsoft.com/en-us/library/dn659286%28v=office.15%29.aspx
  we have also noticed that MS mentioned "OneDrive for Business with Yammer integration doesn’t work for multi-tenancy or partitioned service applications for on-premises deployments"
  ja

  ULS
  Application error when access /_admin/cloudconfiguration.aspx, Error=Object reference not set to an instance of an object.   at Microsoft.SharePoint.WebControls.SPPinnedSiteTile.OnInit(EventArgs e)     at System.Web.UI.Control.InitRecursive(Control
  namingContainer)     at System.Web.UI.Control.InitRecursive(Control namingContainer)     at System.Web.UI.Control.InitRecursive(Control namingContainer)     at System.Web.UI.Control.InitRecursive(Control
  namingContainer)     at System.Web.UI.Control.InitRecursive(Control namingContainer)     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  =====
  To me it seems SharePoint social networking features require the full SharePoint Server product AND are not available with the free SharePoint Foundation, If correct then why MS punching it here in Foundation without a friendly error message..
  ja