This document provides a technical overview for the LiveTiles Intranet Enterprise solution running on Office 365. Our architecture is built to be in compliance with Microsoft, and our technologies conform to all the requirements of the official Microsoft app add-in model that creates a clear decoupling between Microsoft and Independent Software Vendor (ISV) concerns. Beyond following architecture recommendations laid out to us that guarantee that our software won’t conflict with Microsoft updates to your tenant, as a Microsoft gold ISV partner we are provided with clear directions from Microsoft of any critical changes well in advance of them being released to market, sometimes even years before.
LT Intranet Enterprise SharePoint add-in
This article describes how the LT Intranet Enterprise SharePoint Add-in integrates with SharePoint/Office 365 and the Azure infrastructure required.
LT Intranet Enterprise for Office 365 is using the SharePoint Add-in model (previously named app-model).
When using the Add-in model the application has a minimal footprint on the SharePoint tenant. Application code/logic is executed outside of the SharePoint platform. LT Intranet Enterprise integrates with SharePoint through web service/application endpoints hosted in Azure.
The high-level overview can be seen below, with the footprint on the customer's tenant shown on the left, and the add-in model components hosted outside the tenant shown on the right.
Installation of LT Intranet Enterprise
The LT Intranet Enterprise SharePoint Add-in is installed in the tenant app-catalog on the SharePoint tenant. LT Intranet Enterprise can be installed on any number of site collections on the tenant. LiveTiles Enterprise Intranet runs on both classic and modern versions of SharePoint.
For Classic: Site collections with LT Intranet Enterprise installed will have the LiveTiles UI, angular script controls, web-parts, page-layouts and business applications available. LiveTiles can also easily be uninstalled on a site collection, leaving it as a standard SharePoint site collection.
For Modern: Site collections created with the LiveTiles site designs have the LiveTiles UI and web-parts available. Site collections created without LiveTiles site designs will also have LiveTiles web-parts available, since they are deployed to the tenant-wide app-catalog. It is also possible to restrict LiveTiles web-part availability to only the site collections created with LiveTiles site designs. In this case, local app catalogs in each site collection must be enabled.
Azure infrastructure requirements
LiveTiles Intranet Enterprise for Office 365 requires the following services.
Office 365 tenant and Azure Active Directory
Azure Active Directory is the primary directory for all organizational Microsoft online services including Office 365.
LiveTiles Intranet Enterprise needs programmatic access to Azure AD through REST API endpoints. This is provided by registering the LiveTiles Intranet Enterprise application in the Azure Portal and grant it API access to perform read operations on directory data and objects.
LiveTiles Intranet Enterprise uses a single website to host all application REST endpoints. The website serves two purposes:
- Receives and responds to HTTPS requests from the LiveTiles web-parts hosted in a SharePoint page.
- Hosts the LiveTiles Intranet Enterprise Configuration Center
The website can be scaled up (more CPU) and out (more instances) to support many simultaneous users. Scaling websites is easily done in the Scale tab of the Azure management portal.
LiveTiles Intranet Enterprise uses a SQL database to store relational data for applications.
Redis Cache is a secure, dedicated cache service. LiveTiles Intranet Enterprise uses Redis Cache to store intensive and slow queries to optimize response times in applications.
BLOB storage is used to store large amounts of unstructured data, such as text or binary data. LiveTiles Intranet Enterprise uses BLOB storage to store certain assets (e.g. images uploaded in the Noticeboard component) and configuration items that span across SharePoint site collections.
LiveTiles Intranet Enterprise also uses Table storage to store diagnostic logging.
A summary of the components above, and how they are arranged in the Azure subscription is shown below.
SharePoint integration model
When a LiveTiles web-part is included in a SharePoint page, the web-part communicates with the application backend using a hidden iframe. The SharePoint Add-in automatically verifies its validity through the SharePoint appredirect.aspx page and returns an access-token that LiveTiles components can use to query SharePoint and its services.
LiveTiles components communicate with our Azure hosted REST endpoints. The Azure endpoints then communicate with SharePoint, SQL or Redis Cache. The incoming requests are verified using the session and SharePoint cache-key and processed if valid.
Credentials for accessing these azure services are stored in the app settings for the app service or optionally encrypted in the key vault. Access-tokens are retrieved using these credentials.