Connect SharePoint Data Center On-premises

This section describes the process to create a SharePoint Data Center on-premises connector.

Sync data from SharePoint Data Center on-premises

Use the following procedure to sync data from SharePoint Data Center on-premises.

After setting up your data source and importing data for the first time, the data store synchronizes data from the source at the frequency specified during configuration.

Before you begin

Before setting up your connection, do the following:

  1. Service attachment (required for private destination type only): Use the following steps to generate a service attachment for secure data transfer.

    1. Decide endpoint type: Select Public or Private endpoint.

    2. For Public endpoint: If the SharePoint Data Center Destination type is Public, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console when creating your connector.

    3. For Private endpoint:

      1. Use private service connect (PSC) to enable connections from private instances to Google Cloud
      2. Create a Virtual Private Cloud network and required subnets.
      3. Create a virtual machine (VM) instance and install the backend service.
      4. Optional: Set up a health check probe to monitor backend health.
      5. Add a load balancer to route traffic to the VM or backend.
      6. Define firewall rules to allow traffic between the PSC endpoint and the backend
      7. Publish the endpoint by creating a PSC service attachment.

  2. Username and password: Obtain valid credentials for authentication from your SharePoint administrator.

  3. Optional for the private destination type: Domain URL: Keep the domain URL of the SharePoint Data Center instance if the instance is behind a proxy or SSL-based connection.

  4. Optional: Base domain name: Provide the base domain name for the SharePoint instance.

  5. Optional: Destination port: Identify the port used for communication with the SharePoint Data Center.

  6. Use the following configuration guidelines to establish connections with Private Service Connect (PSC). Adjust or add resources as needed. Make sure the PSC service attachment is properly configured to connect to the private instance and meets the requirements for a published service.

    1. Configure network settings:

      1. Place the PSC service attachment and load balancer in different subnets within the same Virtual Private Cloud network.

      2. The backend system must remain closed to the public network for security reasons. However, ensure it can accept traffic from the following sources:

        • For proxy-based/HTTP(s) load balancers (L4 proxy ILB, L7 ILB), configure the backend to accept requests from the proxy subnet in the Virtual Private Cloud network.

        • For more information, see the Proxy-only subnets for Envoy-based load balancers documentation.

    2. Adjust firewall rules:

      1. Ingress rules:

        • Allow traffic from the PSC service attachment subnet to the internal load balancer (ILB) subnet.
        • Make sure that the ILB can send traffic to the backend.
        • Permit health check probes to reach the backend.

      2. Egress rules: Enable egress traffic by default, unless specific deny rules apply.

  7. Additional considerations: Make sure to keep all the components, including the PSC service attachment and load balancer, in the same region.

Create a SharePoint minimum access permission user and set up permissions

To create a SharePoint minimum access permission user, obtain a username and password from an administrator. The administrator must sign in and follow these steps to create a new user in the SharePoint Data Center instance:

  1. Click the Start menu and navigate to Windows administrative tools > Active directory users and computers.
  2. Launch the Active directory users and computers application.
  3. Expand the organization unit and navigate to the Users container where the new user is added.
  4. Right-click on Users and select New > User.
  5. In the New object:User window, enter the following details:
    • First name (do not use a comma or dot)
    • Full name
    • User logon name
  6. Click Next.
  7. Enter and confirm the password, then select:
    • User cannot change password
    • Password never expires
  8. Click Next, then Finish.
  9. Locate the created user in the Users section, double-click on it, and select Properties.
  10. In the Properties window, add an email for the user and click Apply.

Assign minimum access permissions to the SharePoint user

  1. Navigate to the Site collection.
  2. Click Settings (gear icon menu).
  3. Go to Site Permissions.
  4. Select Advanced permissions settings.
  5. Locate and select the SiteName visitors group (this group is automatically created when the site is set up and has default read access).
  6. Add the user to the SiteName visitors group to grant them read-only access.

Note: This access inherits all permissions for lists, libraries, pages, and events that have read permissions.

Configure the site collection in SharePoint

  1. Sign in to the SharePoint admin console using the administrator username and password.
  2. In the Central administration page, navigate to Application management.
  3. Click Create site collections.
  4. In the Create site collection page:
    • Enter the required details in the Title and Description fields.
    • In the Web site address section, enter the URL name for the site.
  5. In the Primary site collection administrator section:
    • Click the Browse button next to the User name field.
    • In the Select people dialog, enter the administrator username and click the search icon.
    • Select the user and click Ok.
  6. The Site successfully created page appears, displaying the site URL.
  7. Copy the URL and open it in a new tab to access the site.

Sign in with the created user

  1. Use the created user's credentials to sign in to the SharePoint site.
  2. Verify access and permissions for the user.

Create a SharePoint Data Center On-premises connector

Console

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for SharePoint data center to connect your third-party source.

  5. Enter your authentication information and click Continue.

  6. From the Destination type drop-down list, select Public or Private.

    1. For Public destination type, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console.

    2. For Private destination type, enter all the required information:

      1. If your instance has a domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Base domain name: Enter your base domain.
        • Domain URL: Enter your domain URL.
        • Optional: Destination port: Enter your destination port.
      2. If your instance does not have a domain URL:
        • Service attachment: Enter your service attachment.
        • Optional: Destination port: Enter your destination port.

  7. Click Continue.

  8. Optional: Advanced options: Select and enable Proxy settings and SSL settings, if required.

  9. Under the Entities to sync, select all the required entities to sync and click Continue.

  10. Select a region for your data connector and enter a name for your data connector.

  11. Select a synchronization frequency.

To manage connector states, do the following:

  1. For private destination type:

    1. Submit the connector details.
    2. VAIS sends a connection request to your PSC.
    3. Navigate to your connector to see a message to allowlist a projectId in the PSC.
    4. Allow the connection in PSC:
      1. The connector remains in the Error state until you approve the request.
      2. After approval, the connector moves to the Active state during the next sync run.
    5. If your PSC is configured to accept all connections, the connector automatically moves to the Active state after creation.

  2. For public destination type:

    1. Submit the connector details.
    2. The connector automatically enters the Active state after submission.

To verify the state of the data store and the ingestion activity, do the following:

  1. Navigate to the connector in the data store list and monitor its state until it changes to Active.
  2. After the connector state changes to Active, click the required entity and confirm that all selected entities are ingested. The data store state transitions from Creating to Running when synchronization begins and changes to Active once ingestion completes, indicating that the data store is set up. Depending on the size of your data, ingestion can take several hours.

Next steps

  • To attach your data store to an app, create an app and select your data store following the steps in Create an app.

  • To preview how your search results appear after your app and data store are set up, see Preview search results. If you used third-party access control, see [Preview results for apps with third-party access control][access-control-preview].

  • To enable alerts for the data store, see Configure alerts for third-party data stores.