Office Web Apps is an added value to every collaboration deployment, especially if you like to use SharePoint with business intelligence features. Dashboard on Excel rendered on browser, for example, gives your boss the most out of experience. I’ve recently seen several cases of Office Web Apps deployment on Azure IaaS and even been engaged in investigation and troubleshooting.
What is interesting to me is that all people who have asked me for help do not know about licensing model that Microsoft conducts for Office Web Apps on Azure IaaS. From the technical perspective, deploying Office Web Apps on Azure IaaS is similar to the one on your on-premises environment. Unfortunately, from the licensing perspective, Office Web Apps is not supported to be used on Azure IaaS. It’s like if you do not have a driving license you still can drive your car on the road, but if you are caught by a police and get asked your license, you will run into a big problem in terms of legality. To fully use Office Web Apps, you must be licensed Microsoft Office product which is not applied to license mobility program Microsoft offers for Azure IaaS. Trevor gave his thought on the right of Office Web Apps on Azure IaaS here (SharePoint on Azure – Why I won’t recommend it). This post also gives you sort of full story of the license Office Web Apps in a hosted environment breaks your licensing agreement. At the end of the post there is a conclusion that Office Web Apps is still supported.
This licensing agreement is also applied to Office Online Server
Anyway, it’s much better to talk to your license representative or directly to Microsoft licensing team. I asked a friend of mine working with Amazon AWS and got the link here regarding Office Online Server on Amazon AWS
Hybrid deployment for Office Web Apps
I would assume running Office Web Apps on Azure IaaS is not allowed. So, what would be possible to deploy right now? Whether you choose to deploy Office Web Apps on another IaaS provider or your own on-premises environment, you still need pretty much to get into a hybrid deployment. In such a hybrid deployment, there is a site-to-site VPN which connects your on-premises Office Web Apps to an Azure-hosted domain controller in Azure network. The Azure VPN gateway model you choose depends on your allocated budget, scenario and security policy. Saying if you need to have a secured connection throughout IPSec tunnel, do have a look into Site-to-Site. If you just need a pilot test of hybrid deployment, use Point-to-Site as this model does not require complex setup.
This diagram above illustrates simplest topology for a hybrid deployment. Office Web Apps machine (WAC) is joined to an Azure domain controller VM (don’t confuse with Azure AD which is a PaaS Active Directory service). Your web application shall consume WOPI service to provide your end users Office Web Apps functionality. If your domain controller is hosted on the same on-premises environment with your Office Web Apps machine (but make sure these machines are different from each other), everything from Office Web Apps part should be fine.
In the environment that requires security policy, you may need to submit outbound IP address if your custom web app is hosted on Azure App Service. You can find the list of outbound IP Address via Properties field in your web app. Refer to this article for more information Azure Web Apps – Outgoing IP Question/Answer
Of course, technically Office Web Apps can be deployed and fully function on Azure IaaS.
Finally, just a note that if you are going to propose Office Web Apps or Office Online Server to your customer, make sure you have a confirmation from Microsoft licensing representative.
[Updated December 22, 2016 11:30 PM GMT+7] In the case of using Azure App Service, you are still able to achieve Office Web Apps functionality in your custom web app (e.g ASP.NET MVP) by building a WOPI host to work with Office Web Apps WOPI service. Some references below help you get started
- Introducing WOPI
- Office Web Apps 2013 Integration Series
- An implementation of WOPI protocol in ASP.NET Core MVC
[Update December 26, 2016 02:00 PM GMT +7] Update link to getting outbound IP address for Azure App service hosted custom web app in case your organization needs to configure network-based firewall.