SharePoint 2016 Architectural Models

Hesam Seyed Mousavi, December 23, 2016


Source: slideshare

Introduction to fundamental SharePoint 2016 architectural models

This series is intended to raise awareness of the different fundamental architectural models through which SharePoint Online and SharePoint on-premises can be consumed. Start with whichever configuration best suits your organizations needs and future plans. Consider and use others as needed.

Four architectural models

  • SharePoint Online/SaaS – You consume SharePoint through a Software as a Service (SaaS) subscription model. SharePoint is always up to date, but you are responsible for managing SharePoint itself.
  • SharePoint Hybrid – You combine a SharePoint Online subscription with your on-premises SharePoint offering. You can incorporate SharePoint Online services into your overall SharePoint offering, start building SaaS management skills in your organization, and move your SharePoint sites and apps to the cloud at your own pace.
  • SharePoint in Azure/IaaS – You extend your on-premises environment into Microsoft Azure Infrastructure as a Service (IaaS) and deploy SharePoint 2016 servers there. This is recommended for high availability/disaster recovery and dev/test environments.
  • SharePoint on-premises – You plan, deploy, maintain, and customize your SharePoint environment in a datacenter that you maintain.

IT responsibilities

SharePoint provides the same rich set of capabilities no matter how you architect your deployment. The main difference between these four architectures is which IT responsibilities you own, and which you pay Microsoft to support through your subscription.

No matter which architecture is best for your organization, there are four core responsibilities that you will always own:

  • Data governance & rights management – You should classify your sensitive data and ensure it is protected and monitored wherever it is stored and while it is in transit.
  • Client Endpoints – Establish, measure, and enforce modern security standards on devices that are used to access your data and assets.
  • Account & access management – Establish a profile for normal account activity and be alerted for unusual activity.
  • Identity – Use credentials secured by hardware or Multi-Factor Authentication (MFA) for all identities.


SharePoint Online

Let Microsoft host your user accounts and manage your SharePoint datacenter infrastructure.



  • Microsoft hosts and manages the IT infrastructure, you manage your information and users.
  • With Software as a Service (SaaS), a rich feature set is always up to date.
  • Includes a Microsoft Azure Active Directory tenant.
  • User log on with Microsoft Account from anywhere.
  • Supports secure client communication (HTTPS).
  • Customizations: Apps for Office and SharePoint.
  • Dedicated Microsoft data center equipment through Office 365 Dedicated Subscriptions, includes IPsec-secured VPN, MFA and ITAR-support plan .

Architecture tasks

  • Plan and design integration with Azure Active Directory.
  • Ensure network capacity and availability on-premises.
  • Get third-party SSL certificates if required.
  • If you have on-premises directory, get third-party SSL certificates.
  • Plan the tenant name, design site collection architecture, and governance.
  • Plan customizations, solutions, and apps for SharePoint Online.

Best for…

Licensing requirements
Subscription model, no additional licenses needed

SharePoint hybrid

Add SharePoint Online to your on-premises SharePoint environment and move workloads to the cloud at your own pace.



  • Customers who want to bring the benefits of the SaaS SharePoint Online service to their organization and then move workloads to the cloud at a pace of their choice.
  • External sharing and collaboration instead of setting up an extranet.
  • Developing cloud skill sets in a safe way that doesn t introduce unnecessary risk to your organization.
  • Reducing your SharePoint on-premises footprint.
  • Charting a supported, safe and viable course for your SharePoint environment into the future.

Best for…

SharePoint Search
Hybrid SharePoint Search
OneDrive for Business Redirect
Office 365 Cloud Services

  • Your users access the SharePoint hybrid environment from anywhere
  • Their searches run against the whole SharePoint environment
  • Help unify your users portal navigation experience across SharePoint on-premises and Office 365.
  • Consolidate your user profiles in Office 365.
  • Consolidate your followed sites list in Office 365.
  • Bring tiles from the Office 365 app launcher to SharePoint on-premises
  • When you configure OneDrive for Business redirect, all user interaction with their existing OneDrive for Business On-premises is seamlessly redirected to their OneDrive for Business in SharePoint Online in Office 365
  • Offload on-premises OneDrive for Business storage overhead to OneDrive for Business in SharePoint Online in Office 365.

Make Office 365 cloud services available to your SharePoint 2016 on-premises users:

  • Office 365 Video
  • Delve
  • App launcher
  • All the

Architecture tasks

  • Plan network connectivity between on-premises and SharePoint Online in Office 365
  • Plan server-to-server trusts and certificates.
  • Plan for identity synchronization.
  • Plan User Profile migration to SharePoint Online.
  • Plan for a dedicated on-premises search farm
  • Decide which features to integrate and workloads to move
  • Plan for moving your OneDrive for Business content to OneDrive for Business in SharePoint Online before implementing OneDrive for Business redirect.

Licensing requirements

  • Office 365 — Subscription model, no additional licenses needed.
  • On-premises — Windows Server 2012 R2
  • On-premises — SQL Server 2014 SP1
  • On-premises — SharePoint 2016 Server License
  • On-premises — SharePoint 2016 Client Access License

SharePoint 2016 in Azure

Offload your servers to Azure IaaS and maintain complete control of your SharePoint 2016 environment.



  • Use Azure IaaS to host a SharePoint 2016 farm.
  • Best native cloud platform for SQL Server and SharePoint.
  • Computing resources are available almost immediately with no commitment.
  • Focus on applications, instead of datacenters and infrastructure.
  • SharePoint solutions can be accessible from the Internet or only accessible from an on-premises environment through ExpressRoute or a site-to-site VPN tunnel.
  • Customizations are not limited.

Architecture tasks

  • Design the Azure virtual network, with addressing, subnets, and DNS.
  • Design domain environment and integration with on-premises servers.
  • Design availability sets and storage accounts
  • Design the SharePoint farm topology and logical architecture using MinRole
  • Design high availability with Microsoft Azure availability sets and update domains.
  • Choose virtual machines sizes
  • Create and configure load balancers.
  • Expose external web ports for public access, if needed.
  • Design the disaster recovery environment.

Best for…

  • Public-facing sites that use Microsoft Azure AD for accounts and authentication.
  • Quickly setting up and tearing down dev, test and staging environments.
  • Applications that span your datacenter and the cloud.
  • A cost-effective disaster recovery environment.
  • Farms that require deep reporting or auditing.
  • Web analytics.
  • Data encryption at rest (data is encrypted in the SQL databases).

Licensing requirements

  • Microsoft Azure subscription
  • SharePoint 2016 Server License
  • SharePoint 2016 Client Access License

SharePoint 2016 on-premises

Maintain complete control of your environment.



  • Traditional model where you plan, deploy, maintain and customize your SharePoint Server 2016 solution and all of the supporting infrastructure.
  • Software purchased from Microsoft through an Enterprise Agreement or volume licensing.
  • Microsoft can provide support at a cost through the Microsoft Services and Support organizations.

Architecture tasks

  • Identify the SharePoint services that your organization needs.
  • Design a SharePoint farm topology and logical architecture.
  • Size hardware (physical or virtual) and supporting infrastructure.
  • Perform validation testing.
  • Integrate with Windows Server AD and DNS.
  • Design the disaster recovery environment.

Best for…

  • Highly customized solutions where it is impractical or too costly to move them to SharePoint Online in Office 365.
  • In-country farms (when data is required to reside within a jurisdiction).
  • Private cloud solutions.
  • Legacy solutions with third-party components that depend on hardware and software that are not supported on Microsoft Azure IaaS.
  • Privacy restrictions that prevent synchronization of Active Directory accounts with Microsoft Azure Active Directory (a requirement for Office 365).
  • Organizations that desire control of the entire platform and solution.

Licensing requirements

  • Windows Server 2012 R2
  • SQL Server 2014 SP1
  • SharePoint 2016 Server License
  • SharePoint 2016 Client Access License

Source: slideshare