Connecting SharePoint 2010 Farms with Service Applications: Part 1

Standard

With SharePoint 2010 we can now connect the service applications we have in one SharePoint 2010 farm to another and have a central metadata or user profile service application.  We can connect more than just these two service applications.  In this example below we will be doing this with the metadata service application.

There are a few steps before we just connect a service application to the other farm.  We first have to create a trust between the two farms.  To do this we need to use some powershell commands to export certificates and then import them into each others farms.

For this scenario we will call the farms, Publishing Farm and Receive Farm.

Exporting Required Certificates
Open the SharePoint 2010 Management Shell by going to Start, All Programs, Microsoft SharePoint 2010 Products and right clicking on SharePoint 2010 management Shell and selecting Run as administrator.

We now need to run 2 powershell commands to first collect the certificate and the other to place it in a folder.


This will collect the certificate


Note: I have create the folder c:cert to store the certificate files in.  If you have not created this folder you will receive an error message.

The Publish Farm only need to pass 1 certificate to the other farm where as the receiving farm must pass 2.  The receiving farm will pass the root certificate as the commands above but it must also pass the  Security Token Service (STS) certificate

On your receiving farm open the Powershell Management Shell as above and then run


This will collect the certificate


We now need to export the Security Token Service certificate


This will collect the certificate


Copying the Certificates

You are going to need the certificates on the other server farms.

Copy the Publishing Certificate to the Receiving Server

Copy the 2 receiving Certificates to the Publishing Server

Creating the Trust

On the receiving server open SharePoint 2010 Management Shell as described above and import the publishing farm certificate using the below scripts.


We now need to register the certificate into the farm

In the below script you will see PublishingFarm.  This is the name of the trust.  You may want to change this depending if you are going to be publish and receiving many SharePoint 2010 farms.


On the publishing server open SharePoint 2010 Management Shell as described above and import the receiving certificates using the below scripts.

First we will import the root certificate.


We now need to register the certificate into the farm

In the below script you will see PublishingFarm.  This is the name of the trust.  You may want to change this depending if you are going to be publish and receiving many SharePoint 2010 farms.


As we exported the STS Certificate we will now import that into the Publishing Farm


Now register the Certificate


Checking the Trust

We have imported all the certificates and we want to check that these certificates have been registred in our two SharePoint farms

We are going to check both farms.

Navigate to Security and then Manage Trust

image

On the Publishing farm you will see something similar to this

image

The receiving farm will have some thing similar but with PublishingFarm instead.  If you have both of these you have successfully created your trust.

Permission of Farm Topology

Even though we have not trusted these 2 farms with each other you need to give permission for the farms to talk.

This is not currently documented on Technet but I found this great post by Spence Harbar (SharePoint MVP and MCM) that did this through a PowerShell command.  Thanks to Spence for this.

We need the SharePoint Farm ID from the receiving farm.  Log onto the receiving farm and open the SharePoint Management Shell and run the following.


You will get something like this in returns

image 

Now run the following command replacing <FarmID> with the GUID number above.










Your farms are now trusted to connect Service Applications from the Publishing Farm to the Receiving Farm

In part 2 (click here we will connect service applications to the receiving farm)

4 thoughts on “Connecting SharePoint 2010 Farms with Service Applications: Part 1

Leave a Reply

Your email address will not be published. Required fields are marked *