MCT USE ONLY. STUDENT USE PROHIBITED
Planning a Service Application Architecture 2-11
• The Security Token Service Application. This service manages authentication by
acting as a broker for SharePoint 2010. It can support multiple authentication
providers.

Most of these services are self-descriptive, such as Excel Services and Access
Services. However, there are some services that are important for your design but
have less obvious roles. The following list describes these service applications:
• Secure Store Service. This service provides single sign-on (SSO) proxy
functionality. This is essential if you want to use the Business Data
Connectivity Services to access line-of-business (LOB) servers seamlessly for
users.
• Managed Metadata Service. This service provides the capability to create and
store the taxonomy information, such as document metadata, that is used
throughout SharePoint 2010. This is a core function for many other services.
• User Profile Service. This service provides social networking functionality, such
as user profile import and People Search.
• Business Data Connectivity Services. This service provides read and write access
to LOB data sources. This is essential for deployments that must deliver
composite application functionality to users.
• State Service. This service provides temporary storage of user session data for
SharePoint Server components.

MCT USE ONLY. STUDENT USE PROHIBITED
2-12 Designing a Microsoft® SharePoint® 2010 Infrastructure
Service Application Security Model

Key Points
SharePoint 2010 has updated its security model to offer claims-based
authentication. There have also been changes that affect the service applications.

Core to this is the fact that service applications use WCF to communicate between
services. Although this does not change the user experience, it provides improved
performance and security flexibility. It also supports Secure Sockets Layer (SSL)
transports.
The service application architecture enables you to isolate services from one
another. You can achieve this at service instance, application pool, and database
levels, depending on whether your service uses databases. If your business requires
more rigorous security for applications, you can design your solution so that the
service applications are separated, to ensure that users of a service application do
not share any components with other users.
Hosting companies or organizations that want to use multi-tenancy to separate
divisions or departments can still share most service applications. This is because
these applications are designed to be capable of multi-tenancy. You can also isolate
service applications in a multi-tenancy environment.
MCT USE ONLY. STUDENT USE PROHIBITED
Planning a Service Application Architecture 2-13
These service applications can store tenant data and can be partitioned:
• Subscription Settings (not actually partitioned)
• User Profiles
• Managed Metadata
• Business Data Connectivity
• Search
• Secure Store
• Word Automation
• Project

These service applications do not store tenant data, and do not support Partition
Mode:
• State
• Access Database

• Visio Graphics
• Word Viewing
• PowerPoint
• Excel Calculation

These service applications can store tenant data, but cannot be partitioned:
• Web Analytics (site-based)
• Usage and Health Data Collection (site-based)

These service applications cannot be partitioned, and consequently do not make
sense in multi-tenant environments:
• PerformancePoint
• FAST for SharePoint

MCT USE ONLY. STUDENT USE PROHIBITED
2-14 Designing a Microsoft® SharePoint® 2010 Infrastructure
Service Application Dependencies

Key Points
Not all services are entirely self-contained, so you must review possible service
dependencies when you plan your logical architecture design. This was not an
issue with Office SharePoint Server 2007, because the services were implemented
in a monolithic design. However, with the granular framework in SharePoint 2010,
it is now possible to deploy dependent service applications without enabling core
service applications. Dependent service applications will not function as expected—
and may not function at all—without the required platform services in place.
Some dependencies are more obvious than others, such as that between functions
such as People Search and the User Profile Service. If you do not have the ability to
import user information from external sources, such as HR systems, you will not
be able to make the best use of People Search. Others are less obvious. For

example, Excel Services is dependent on the State Service to provide temporary
storage.
The slide shows some common dependencies that will affect your service
application planning. You may find papers on the Web that categorize service
applications as core or foundation services and the framework as hierarchical. This
MCT USE ONLY. STUDENT USE PROHIBITED
Planning a Service Application Architecture 2-15
is not a description that is used directly in SharePoint 2010 documentation, but it
does describe the functional design. The list on the slide is not an exhaustive list of
dependencies.
Question: Which two services are prerequisites for the Business Connectivity
Services?

MCT USE ONLY. STUDENT USE PROHIBITED
2-16 Designing a Microsoft® SharePoint® 2010 Infrastructure
Benefits of Service Applications

Key Points
As you have already seen, the new service application architecture in SharePoint
2010 provides a number of benefits. When you start to plan to provide for
business functionality, you must ensure that you take advantage of the options for
deploying service applications. Listed below are some overarching benefits that
you should remember:
• Granular deployment. You should identify the Web applications where users
require service application functionality and design that is based on a principle
of minimal deployment.
• Flexible configuration. You can provide scalability in your design by ensuring
that you provide the right configuration of instances to maximize performance
and resilience. Round robin load balancing is an integral feature of SharePoint
2010 service applications, and it is a major benefit when you design for

multiple instances.

MCT USE ONLY. STUDENT USE PROHIBITED
Planning a Service Application Architecture 2-17
• Delegated administration. You can minimize central IT overheads and provide
more effective local management by delegating administration of service
applications. This capability means that local administrative users can provide
first line support, but it is essential that you plan training as part of your
design.
• Shared services across Web applications. You can share service applications
across Web applications. This enables you to create requirement-specific
service application instances to provide greater performance, perhaps by
scaling up servers that host these services. Rather than deploying across all
Web applications, SharePoint 2010 enables you to develop designs that share
service applications only between Web applications where users need specific
services. For example, you may share a Managed Metadata Service between
Web applications that share common taxonomies. You can extend this to
provide multiple Managed Metadata Service instances to deploy a common
taxonomy for the entire organization, with Web application–specific
taxonomies. This is functionality that is unique to the Managed Metadata
Service.
• Shared services across farms. You can also design your solution to share service
applications across farms. This is called publishing a service application. You
can design a solution that installs one farm’s application proxy on another
farm and point it to a universal resource indicator (URI) location.


MCT USE ONLY. STUDENT USE PROHIBITED
2-18 Designing a Microsoft® SharePoint® 2010 Infrastructure
Lesson 2

Service Application Architecture and
Components

For a solution architect, it is important to understand the options for service
application design. It is also important to understand how the structure of the farm
topologies in an organization can benefit from the various topology options for
service applications.
Many service applications integrate with external data, so a solution architect must
also understand how the SSO options that the Secure Store Service offers can
benefit a design.
Objectives
After completing this lesson, you will be able to:
• Describe the workflow of a service application.
• List the components of service applications.
• Describe the logical architecture of service applications.
MCT USE ONLY. STUDENT USE PROHIBITED
Planning a Service Application Architecture 2-19
• Describe the options for cross-farm service application sharing.
• Explain the requirements for service applications that need to consume
external data.


MCT USE ONLY. STUDENT USE PROHIBITED
2-20 Designing a Microsoft® SharePoint® 2010 Infrastructure
Service Application Workflow

Key Points
Service applications deliver service functionality to users. When a user triggers a
service request from a browser, the request—such as a keyword search—is sent
through the WFE server, which may be preceded by a hardware network load

balancer.
The WFE server sends a request through to the application server that serves the
service application. The service application architecture in SharePoint 2010 enables
multiple servers to deliver instances of the same service application, so there is a
software load balancer that routes requests to the appropriate server.
All communication uses WCF, so there is no direct access to the service application
databases. By default, communication between Web servers and service
applications in a farm takes place by using HTTP (port 32843), but you can select
either HTTP (port 32843) or HTTPS (port 32844). Third-party companies that
develop service applications can also implement NetTcpBinding (port 32845) to
provide high-performance communications with WCF clients. NetTcpBinding is
generally the best option for services operating inside a firewall, such as on an