Without going into any technicalities, there are two ways to do search federation in SharePoint 2013.
- SharePoint 2013 Search Service Application Federation
- SharePoint 2013 Search Results Federation
Both of these approaches are good but depends on your requirements. Now let’s take a a look at this following scanario.
You have two large SharePoint 2013 Farms (ContentFarmA, ContentFarmB) in the same domain and search is configured in both farms. Most of you would agree that SharePoint 2013 search requires lot of resources to make it work optimal. Now you have two farms to manage search. The best and recommended approach in this scanario is to move the search out of these two farms to a third service farm.
Service Application Federation using Service Farm
- Configure a Service Farm (FarmC)
- Create Search Service Application, Extend the Search Topology then Content Sources and point to Both (ContentFarmA, ContentFarmB) Farms and configure crawls as required.
- From here you have two options
- Build an Enterprise Search Web Application and Search Center from Service Farm. Train users of both content farms to use central search center for search.
- Setup the OAuth Trust betwen Service Farm and Content Farms and Publish the Search Service application. This will allow you to use local search site collections in each farm
I have just published a Post on this topic here.
Service Application Federation accross Farm (Not Possible)
I know a thought may have come to your mind to setup a two way trusts betwen Content Farms and publish Search service application in each other but it is not possible. You can only use a Single Search Service Application as default.
Search Result Federation using Result Sources
I am sure you have heard Hybrid Search few times since Office 365 is evolved. We are not talking about Office365 at this moment but I am thinkg about writing a guide on it already. We can setup server to server trust between both content farms to provide results to each other using Result source. This is much simpler way to bring search results from one to the other. Although the process is easy but can be confusing. Below are the steps to configure and test the process.
- You must have two farms FarmA and FarmB.
- Both must have atleast one web application and some sample content. Web application must be configured with SSL (Non SSL did not worked for me).
- Search Service application must be configured and crawling content.
- You have Farm configured for App Management (App Management and Subscription Settings Service Application)
- End users from Farm A would like to get federated search results from Farm B.
Steps to Configure and Test the Trust
You have two farms FarmA and FarmB.
Farm A is Sender of Search Request.
This means that “Farm B” is Receiver (of Search Requests and Results from Farm A). This is the core steps. Make sure you put the text in front of you to remember who is sender and who is receiver.
You will login in to Farm B and Execute the following cmdlets on Management Shell or PowerShell ISE (Please load the snapin).
# Create a trusted security token issuer
$i = New-SPTrustedSecurityTokenIssuer -Name "SendingFarm" -IsTrustBroker:$false -MetadataEndpoint "https://FarmA_WebApplication/_layouts/15/metadata/json/1"
New-SPTrustedRootAuthority -Name "SendingFarm" -MetadataEndPoint https://FarmA_WebApplication>/_layouts/15/metadata/json/1/rootcertificate
Now Run for Each Web application on Farm B to provide access.
$realm = $i.NameId.Split("@")
$s1 = Get-SPSite -Identity https://FarmB_WebApplication>
$sc1 = Get-SPServiceContext -Site $s1
# Set up an authentication realm for' # a web application that hosts content in ReceivingFarm
Set-SPAuthenticationRealm -ServiceContext $sc1 -Realm $realm
# Get a reference to the application principal' # for that web application in Farm B
$p = Get-SPAppPrincipal -Site https://<ReceivingFarm_web_application> -NameIdentifier $i.NameId
# Grant rights to the application principal' # that SendingFarm will use' # when it sends queries to ReceivingFarm
Set-SPAppPrincipalPermission -Site https://FarmB_WebApplication> -AppPrincipal $p -Scope SiteCollection -Right FullControl
#IISRESET on both farms. Browse the sites on receiver and otherwsie you may get time out.
Note: According to TechNet we should repeat this for all web application. We got the results from all web apps with trust for one because it only applies if we have multiple search service application or external search using BCS or you have multiple proxy group. It is not the case for me in my lab.
Creating and Testing Results Source
Now we should go to FarmA Central Administration => Application Management => Manage Service Application => Click on Search Service Applicatio ==> Result Source
- Click Create a result source
- Enter Name as Farm B Results
- Choose Type as Remote SharePoint type
- Provide Provide URL of FarmB web application in site url.
- Click OK.
- Click on the Dropdown next to Farm B Results Result Source and choose Test
- If you get Timeout error then go to Farm B and Browse the site. If you get 401 Unauthorized then you have not setup the trust correct. You must remove all existing certificates from Central Administration => Security ==> Manage Trust.
- To remove SPTrustedSecurityTokenIssuer and SPTrustedRootAuthority you must use
- Get-SPTrustedSecurityTokenIssuer and Get-SPTrustedRootAuthority then Remove them using Remove-SPTrustedRootAuthority and Remove-SPTrustedSecurityTokenIssuer cmdlets. Please do not remove local.
Note: We must Test the result source to make sure we are not getting 401 unauthorized.
Adding Web parts to Search Results page
Now Go to Search Center on Farm A and search for SharePoint. Once you get the results use Site Actions button ==> Edit apge ==> now add another search results web part on results.aspx page, Edit the Web part properties and set the web part result source to “Farm B Results”. Change the Tile and Chrome Type to Title and Border to make sure you see the difference. Click OK Save and Publish the web part pages. Perform the search. You can also get the results in one web part. This TechNet article provides the steps.
Now to setup the two way trust for search result federation Farm B will become sender and Farm A will be receiver and same steps will be executed (Urls will be updated in scripts). Here is an example of how this looks like
Looks Nice :). Next step would be to test Remote Result sources with Office365.