3. Service Application Proxy Groups
When you create a service
application in SharePoint 2010, a service application connection is
created. A connection is a virtual entity that connects Web applications
to service applications. A connection is also referred to as an application proxy.
A service application connection associates the service application to
Web applications via membership in an application proxy group.
By default, a new service
application connection is added to the farm’s default proxy group of
service application connections when you create the service application
by using Central Administration. When you create a Web application, you
can select the default proxy group, or you can create a custom proxy
group of services. You can also add and remove service applications from
the default proxy group at any time.
Note:
Custom proxy groups are
not reusable across multiple Web applications. Each time you select the
Custom option when creating a Web application, you are selecting
services only for the Web application you are creating.
Some connections might
include settings that can be modified. For example, assume you have a
Web application called Finance, and it is connected to multiple
instances of Excel Services service (default Excel Services and custom
Finance Excel Services). You must indicate which of the connections is
connected to the primary service application that hosts the Finance
Excel Services, as Figure 2 illustrates.
Note:
To create a new service
application group without using the Central Administration user
interface (UI), you can use Windows PowerShell 2.0 commands; however, to
add this group as a member of the Default service application
connections group, you must use the default parameter.
Connections for services in the local farm are not created by the administrator, but these appear along with the list of service applications in Central Administration.
4. Publishing Service Applications
In SharePoint 2010, you now
have the ability to extend a service application across farms; these
service applications are called cross-farm services. Cross-farm services
must be published first to the appropriate farm to be consumed by other
farms.
Optimizing resources and
reducing redundancy are two of the main reasons you would publish a
service application. Another advantage is providing enterprise-wide
services without installing a dedicated enterprise services farm. This
was not the case in SharePoint Server 2007.
The following service applications are cross-farm services.
For a farm to consume a service
application that is published by another farm, the following three
actions must be performed in the following order.
Administrators of both the publishing and consuming farms must exchange trust certificates.
An
administrator of the consuming farm must provide two trust certificates
to the publishing farm: a root certificate and a security token service
(STS) certificate. An administrator of the publishing farm must provide
a root certificate to the consuming farm.
To
establish trust on the consuming farm, you must import the root
certificate that was copied from the publisher farm and create a trusted
root authority.
On the farm on which the application resides, an administrator must explicitly publish the service application.
An
administrator must connect the consuming farm to the service
application.
Note:
When working with
trust certificates, you will need to use Windows PowerShell. These
certificates are not available through the Certificate MMC.