Interactions Between SharePoint Products and Team Foundation Server
The integration between Visual Studio Team Foundation Server and SharePoint Products provides administrators, project leads, and project contributors with powerful knowledge-sharing and organizational tools. This integration includes the option to create a website, referred to as a team project portal, for each team project. Teams can use this portal to share process guidance, project documents, templates, and reports according to each team member's role in the project. You can use any supported version of SharePoint Products with Team Foundation Server.
Note
The information in this topic should help you understand the general process of integrating SharePoint Products with Team Foundation Server, but other resources might help you understand the specific steps that your deployment might require. For the most recent information, see the following forum post on the Microsoft website: SharePoint Integration with Team Foundation Server - Important Information.
To understand the interaction between SharePoint Products and Team Foundation Server, you must first determine what kind of deployment you have. Deployments of Team Foundation Server that integrate with SharePoint Products generally fall into two categories:
Team Foundation Server and SharePoint Products are deployed in environments that share full trust, and permissions that can be granted between the two programs have few or no restrictions.
Team Foundation Server and SharePoint Products are deployed in environments that have different operational requirements, and permissions that can be granted between the two programs have significant restrictions.
If your deployment is in the first category, integration with SharePoint Products is simpler. If you already have a deployment, you can follow the procedures in Add Integration with SharePoint Products to a Deployment of Team Foundation Server. Otherwise, you can install Windows SharePoint Services 3.0 as part of installing Team Foundation Server, or you can install Windows SharePoint Services 3.0, Microsoft Office SharePoint Server 2007, or Microsoft SharePoint Server 2010 to support Team Foundation Server. For more information about how to install Team Foundation Server with SharePoint Products, see this page on the Microsoft website: Installation Guide for Team Foundation.
If your deployment is in the second category, integration with SharePoint Products requires more configuration. In an ideal situation, you would defer creating any team project collections until after you have configured integration with SharePoint Products. For more information, see Integrate Team Foundation Server with SharePoint Products Without Administrative Permissions.
In this topic
SharePoint Products and Team Foundation Server
Architecture
Ports, Service Accounts, and Services
Users and Groups
Documentation for SharePoint Products
Example Deployment of Team Foundation Server with Microsoft Office SharePoint Server 2007
SharePoint Products as a Component in Your Deployment of Team Foundation Server
SharePoint Products is an optional part of the logical application tier for Team Foundation. You can install SharePoint Products on the same physical server as the other logical components of the application tier, or you can install SharePoint Products on a separate physical server or server farm. If you want to use a deployment of SharePoint Products that is on a different server, you must install the Team Foundation Server extensions for SharePoint Products on that server or servers. However, the extensions will be installed automatically if you install Windows SharePoint Services 3.0 as part of installing Team Foundation Server. For more information, see Extensions for SharePoint Products, see Team Foundation Server Architecture, and download the most recent version of the installation guide for Team Foundation from the following page on the Microsoft website: Installation Guide for Team Foundation.
Architecture
If you integrate a deployment of SharePoint Products with Team Foundation Server, you must grant access between Team Foundation Server and the SharePoint web application or applications that you create for use with it. After you configure that access, your deployment will have the following logical architecture:
.png "Database relationships with SharePoint Products")
You should consider how you will maintain the deployments of SharePoint Products and Team Foundation Server and their interdependencies, especially how you will back up and restore data. In SharePoint Products, you can back up and restore site collections but not individual SharePoint sites. Similarly, you can back up and restore team project collections but not individual team projects. Therefore, you should consider deploying Team Foundation Server and SharePoint Products so that each team project collection has its own site collection associated with it. You can map the relationships as in the following illustration:
.png "Analogous relationships")
You should also consider restricting creation of team project portals within a team project collection to the site collection that is associated with that team project collection. By implementing this policy, you can help ensure that you can successfully back up and restore all data for a team project collection.
If you encounter difficulties with one or more SharePoint web applications in your deployment of Team Foundation Server, you can reconfigure the access between the SharePoint web application and Team Foundation Server.
Note
You must be a member of the Farm Administrators group to perform all of the actions that compose this reconfiguration.
If you open the administration console for Team Foundation and then click Reconnect, Team Foundation Server automatically configures the SharePoint web application and reattaches all portals that the application hosts. Specifically, the following steps are performed in sequence:
If a service account that the SharePoint web application uses is not a member of the SharePoint Web Application Services group in Team Foundation Server, that account is added to that group.
The SharePoint web application is granted access to Team Foundation Server.
If SharePoint Products is installed on the same computer as Team Foundation Server, the service accounts that Team Foundation Server uses are added to the Farm Administrators group in SharePoint Products.
The SharePoint Products features that Team Foundation Server requires are activated in SharePoint Products.
If SQL Server Reporting Services is configured for the deployment, the new members of the SharePoint Web Application Services group are added to the Reader role for the warehouse and the cube in Reporting Services.
Each portal that is associated with the web application is reattached to its team project, helping ensure that the server that is associated with the site is this deployment of Team Foundation Server. This step does not change any permissions for the site.
For more information, see Add Integration with SharePoint Products to a Deployment of Team Foundation Server, Add a SharePoint Web Application to Your Deployment, Create a Team Project Collection, and Add a Team Project Portal.
Note
You can manually integrate Team Foundation Server and SharePoint Products by following the steps in Add Integration with SharePoint Products to a Deployment of Team Foundation Server. As an alternative, you can use a configuration tool to automatically integrate Team Foundation Server with either Microsoft Office SharePoint Server 2007 or SharePoint Server 2010 if your deployment topology is compatible with the default settings that the tool requires. For more information, see the following page on the Microsoft website: Visual Studio Team Foundation Server 2010 Pre-configuration Tool for Office SharePoint Server 2007 and SharePoint Server 2010.
Ports, Service Accounts, and Services
Both Team Foundation Server and SharePoint Products use certain ports for network traffic. Depending on how you installed these applications, some or all of these ports might already have access configured for them in your firewalls or other security software. If they have not been configured, you must allow network traffic between the two applications as part of integrating Team Foundation Server with SharePoint Products. The following illustration shows an example of a network diagram:
.png "Ports and communications simple diagram")
For more information, review the network ports and protocols section of Team Foundation Server Architecture.
In addition to enabling network access between the applications, you must also configure the service accounts that these applications use with certain permissions, and you must add these accounts to security groups as the operational needs of your deployment require. These service accounts are used to run certain services, such as the Windows SharePoint Services Timer service and the Team Foundation Background Job Agent, that the deployment requires. The number of service accounts that you must configure is relatively small if you are using Windows SharePoint Services 3.0, but the number is much larger if you are using Microsoft Office SharePoint Server 2007 or SharePoint Server 2010. For more information, see Service Accounts and Dependencies in Team Foundation Server.
Note
On servers that are running SharePoint Products on Windows Server 2008 or Windows Server 2008 R2, you must also enable the Desktop Feature Experience feature before Microsoft Office applications will interoperate correctly with Team Foundation Server. For more information, see Desktop Experience Overview.
Users and Groups
When you configure users and groups in Team Foundation Server, you must also manually configure role membership and permissions appropriately for those users and groups in SharePoint Products. The steps for configuring role membership and permissions for users and groups will vary depending on the version of SharePoint Products that you use. For more information, see Roles in SharePoint Products, Add Users to Team Projects, Set Administrator Permissions for Team Project Collections, and Set Administrator Permissions for Team Foundation Server.
Documentation for SharePoint Products
SharePoint Products is a full-featured collaboration and information-sharing solution that has its own documentation. For more information about how to administer SharePoint Products, see the following page on the Microsoft website: SharePoint Products Tech Center.
Note
If you use SharePoint Server 2010 in your deployment of Team Foundation Server, you might experience errors that relate to header length. For more information, see SharePoint Server 2010 Error: HTTP Error 400. The size of the request headers is too long.
Example Deployment of Team Foundation Server with Microsoft Office SharePoint Server 2007
A. Datum Corporation wants to integrate its deployment of Team Foundation Server with its Web farm deployment of Microsoft Office SharePoint Server 2007. Both programs are deployed on servers in the Active Directory domain DATUM1.
Note
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, places, or events is intended or should be inferred.
Jyoti Kulkarni (DATUM1\JyotiK) is a member of the Farm Administrators group for the deployment of Microsoft Office SharePoint Server 2007. David Campbell (DATUM1\DavidC) is a member of the Team Foundation Administrators group for the deployment of Team Foundation Server. These administrators make the following determinations when they meet to schedule the configuration, discuss the requirements, and identify the accounts that they will use for the configuration:
Both administrators must have access to the following information:
URL for Team Foundation Server: http://Datum-TFS:8080/tfs
URL for SharePoint Central Administration: http://Datum-SP5:17012
The URL for the web application that is configured for use with Team Foundation Server, which Jyoti will send to David as soon as she has created it.
The SharePoint Farm Administrator will create a web application and site collection for use with Team Foundation Server. Jyoti determines that the web application will use port 80, that she will configure it to use NTLM, and she will name it DatumWebApp-TFS. She will name the site collection TFSCollection, and she will set the secondary site collection administrator and the single sign-on administrator to the same account. She will add David as an administrator of the DatumWebApp-TFS web application and as a site collection administrator on the TFSCollection site collection.
The SharePoint Farm Administrator will create an enterprise application definition for use with the Team Foundation Server deployment and name the definition TFS.
The SharePoint Farm Administrator and the administrator for Team Foundation Server review the configuration requirements for service and user accounts. Because of how many potential accounts are required and how many permissions are required for these accounts, Jyoti and David decide to simplify their configuration by using the same domain accounts for some of the different service accounts that they must configure in the deployment. Jyoti and David create accounts specifically for use as service accounts in the deployment, as needed, and grant appropriate permissions. Specifically, Jyoti and David decide to use the following domain accounts and groups that already have the required permissions:
Account |
Use domain account |
Required permissions and membership |
|---|---|---|
Administrator account for Microsoft Office SharePoint Server 2007 |
DATUM1\JyotiK |
|
Installation and administration account for Team Foundation Server |
DATUM1\DavidC |
|
Service account for Team Foundation Server (TFSService) |
DATUM1\tfssvc |
|
|
DATUM1\tfsrpt |
|
|
DATUM1\sptsvc1 |
|
|
DATUM1\sptsvc2 |
|
|
DATUM1\sptsvc3 |
|
Enterprise Application Definition Administrator account |
DATUM1\BrettSh (Brett Shirley is one of Jyoti's direct reports, but he could just as easily be a member of David's team) |
|
Enterprise Application Definition Group (TFS) |
DATUM1\Team Foundation Server Users |
|
1 You can configure integration between Team Foundation Server and SharePoint Products without adding the service account for Team Foundation Server to the Farm Administrators group in SharePoint Products, but you must perform additional steps. For more information, see Integrate Team Foundation Server with SharePoint Products Without Administrative Permissions.
For more information about how to configure the Allow log on locally permission, see the following topic on the Microsoft website: Allow log on locally. For more information about how to configure the Log on as a service permission, see the following topic on the Microsoft website: Add the log on as a service permission to an account.
The SharePoint Farm Administrator will install the Team Foundation Server Extensions for SharePoint Products on the server that hosts the web application that she created for use by Team Foundation Server.
The SharePoint Farm Administrator will grant access to Team Foundation Server in the administration console for Team Foundation, which was installed when she installed the extensions. David has provided her with the URL for Team Foundation Server (http://Datum-TFS:8080/tfs, as noted earlier in this topic) so that she can grant access. She also includes the name of the enterprise application definition (TFS) in the access grant.
The SharePoint Farm Administrator has now completed all of her configuration tasks. Jyoti will send David an e-mail message when these steps are complete, and she will include the following information:
The name and address of the web application that she created for use with Team Foundation Server (DatumWebApp-TFS)
The name of the domain account that she used as the server farm account (DATUM1\sptsvc1)
The name and address of the site collection that she created (TFSCollection)
The name of the enterprise application definition that she created for use with Team Foundation Server (TFS)
The administrator for Team Foundation receives the message, reviews the information, and grants access for the SharePoint web application.
David adds the DatumWebApp-TFS web application to Team Foundation Server by using the administration console for Team Foundation.
David adds the DATUM1\sptsvc1 account to the SharePoint Web Application Services group by using the administration console for Team Foundation.
The administrator for Team Foundation adds the SharePoint web application to team project collections that already exist in his deployment of Team Foundation Server.
The administrator for Team Foundation configures existing team projects within those collections with team project portals.
David sends an e-mail message to the administrator of each project, asking whether he or she wants him to add a team project portal to the project. He lists of all the projects to which he will add a portal.
David creates a SharePoint site for each team project, creating each site in the site collection that is associated with the team project collection in which the team project resides. David adds each team project administrator to the new site and grants him or her the Full Control permission.
David sends an e-mail message to the project administrators to notify them that they can access the site, activate any SharePoint Features they want to enable for the site, and populate the site with the users and permissions that each project requires.
See Also
Concepts
Extensions for SharePoint Products