2016 back to the future pt 2nellisconsultingllc.com/resources/sptechconsf2016slides... ·...
TRANSCRIPT
SHAREPOINT 2016 DESIGN AND IMPLEMENTATION: BACK TO THE FUTURE!
PART 2
Presenter:BenCurry
• FoundingPartnerofSummit7Systems,Inc.• Summit7SystemsLeadArchitect• 7timeMicrosoftMVPforSharePointServer• 3 timeMicrosoftMVPforOffice365• CISSP,MicrosoftCertifiedTrainer,CCNA,MCITP:
SharePointServer• AuthorofseveralSharePointbooksbyMicrosoftPRESSS• MasterSCUBADiverTrainer• [email protected]
BEN CURRY / MANAGING PARTNER
@curryben http://summit7systems.com/blogs/author/ben-curry/
About Ben Curry
AGENDA
• FarmInstallationandarchitectureoverview• WebApplicationsandServiceApplications• What’snewinDocumentManagement• DLPbuildandconfig
WHAT’S GONE• ExcelServices
• But…OOShastheanswer!• SPFStandalone
• O365replacedthatusecase• StandaloneInstall
• Didanyoneuseitanyway?• FIM
• Backto2007Import• MIMifyouneedit...seescriptsandKBarticle
HARDWARE REQUIREMENTS FOR 2016• StretchfarmsAREsupportediflessthan1mslatency,99.9%overatenminute
span,and1GBorgreaterbandwidth
• We’lltalkaboutthatlaterinServiceApplications…but besmartwhereyouenableservices
• “appserver”haschangedmakingthismorepaletteable• SQLServer
• 16GB– 24GB
• AppServers
• 12GB– 16GB,4Cores
• WebServers• 8GB– 16GB,4cores
Seehttps://technet.microsoft.com/en-us/library/cc262485 fordetails
ACCOUNTS
• ConfigurationWizards(PoShell,CA,PSConfig)willmodifymostpermissionsrequiredtorunSP2016
• InstallAccount/SetupAdministratorAccount(don’teverdelete)• Sameaccount,folkscalliteither/or
• FarmAccount(CAAppPool)• SQLServerSecurityAdmin,DBCreator
• Grantsetupadministratoraccountpermissionstoinstallsoftware
ACCOUNTS AND PRE-REQS
• OneormanyWebApplicationPoolIdentities• OneormanyServiceApplicationPoolIdentities• VerifyGPOsarenotoverridingsecuritysettingsforfileandregistry See
https://technet.microsoft.com/en-us/library/cc678863 fordefaultsecurityconfig
• CheckAnti-VirusSettings• Disableduringinstallation• ExcludeDirectorieshttps://support.microsoft.com/en-us/kb/952167• Basically:logs,bin,FIM,search,BLOB,WebTempandApplications
• Remembertogobackandchangelogsettingsifneeded• Runpre-reqinstallerorinstallfromnetwork
PRE-REQUISITE INSTALLER
Do NOT change user after reboot!! You must log on as the user that kicked off the Pre-req tool!
MAXDOP = 1
• Yup,stillrequired
NOT MUCH NEW IN PSCONFIGUI
CONFIGURATION DATABASE• DoyouwanttoconnecttoanexistingconfigDBor
createanewone?
RTM
• Minrole• Ok,thisisnew…
FEATURE PACK 1: MINROLE
MINROLE NOTES
• HelpsZDP(ZeroDowntimePatching)• FarmServicesArchitectureGovernance
APP LAUNCHER
• RequiresUPA• AfterUPAprovisioning,waitand/orrefreshpages• UPAFIMisgone!
• Centralizedmanagement isn’tthere…yet• Let’sALLkeepaskingMStoputthisinthere!• Iwishwehadglobaledit
• O365nowhassomeofthis,sofingerscrossed!
UPA CHANGES
• Importonly• NomoreFIM• UseMIMifyouneedmorethansimpleADImport• Overview:https://technet.microsoft.com/en-
us/library/mt627723(v=office.16).aspx• Convertscripts:https://technet.microsoft.com/en-
us/library/mt627724(v=office.16).aspx
WEB APPLICATION• SSLisstillintheinterfaceJ
• TLS1.2isthenewstandard• Besmartifyouareeventuallygoingtocloud
• Goodsitenames• RelativeURLs• Don’tdependonon-premisefeatures!
• Wecanhavebigdatabases!!• AskyourSQLDBA• It’smostlyaboutbackup/restore
DURABLE LINKS
• Well,kindof…• SPSiteScoped(IDisstoredincontentdatabaseand
can’tbecopiedtoanothercontentdatabase...yet)• RequiresOfficeWebApps
ODF SUPPORT IN DOCUMENT LIBRARY
• Supportotherdocumenttools• Changetemplatevia:• One-offODFtemplateviaFormsfolder• Contenttypestomanage“sitetemplates”
ACCESSIBILITY SHORTCUTS I USE
• Alt+N - New• Alt+E - Edit• Alt+U - Upload• Alt+M - Manage• Alt+S - Share• Alt+Y - Synchronization
MISC IMPROVEMENTS• Goodbye,SSL,helloTLS1.2• CarefulwithAdminUIandterminology
• Dist CacheisImproved• Newsfeeds,AuthN,OneNoteclientaccess,securitytrimming,
pageloadperf• SearchScaling• http://blogs.technet.com/b/wbaer/archive/2015/08/28/search-
scale-and-resiliency-improvements-in-sharepoint-server-2016-it-preview.aspx
DLP
• SteveSmithBlog-https://blogs.msdn.microsoft.com/mvpawardprogram/2016/01/13/data-loss-prevention-dlp-in-sharepoint-2016-and-sharepoint-online/
• Nota replacementforexistingpoliciesandpractices• It’sExchangeDLPandFASTthatgotmarried,basically• “DataLossPrevention”– find,restrict,andtakeactiononconfidentialor
sensitivedata• FasterthanSPO(generally)becausewecanforcecrawls• It’sabigbenefittoOneDrive
• InadditiontoCustomAuditLogaggregation
• keywordmatches,dictionarymatches, theevaluationofregularexpressions, internalfunctions,andothermethods
WHY DLP?
• Thisisa“how”and“what’snewin2016”workshop…but... https://technet.microsoft.com/en-us/library/fp161516.aspx
• Confidentialdata• LawsandRegulations• Litigation• Misc non-compliance solutions
DLP FOUNDATIONS – SEARCH!!• Youneedawellrunningsearchserviceapplication• MakesureDistributedCacheisrunning• Checkforhungupgrade,pack,configDB lock• VerifyFileTypesarebeingcrawled• Newcontentprocessingcomponent“ClassificationOperator”• Asourcenotcrawledcannotbediscovered
• TaginPageHTML• SiteSettings• ListSettings• Erroronpage/sitethatpreventssuccessfulcrawling
DLP CONT’D
• Searchhastowork...fromstep1• Setuptakessearch,notjustDLPfeatures!• SearchisusedtocreatepoliciesandfindSPSitesfor
deletionpolicies
DEMO• http://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/
credit_card_numbers.htm• MusthaveReadsitepermissionstorunDLPqueries• CreateaNewItem• Choosereasonableinstancethreshold(lowerwillhavemorefalse
positives)• ToapplypoliciesacrossSPSites,youneedtocreateanew
CompliancePolicyCenter…seenextslide(DocumentDeletionPolicyCenter)• Yupagain,sameSPSite,2featuresmanaged
OVERVIEW
• Searchmustbepurring• E-Discoverermusthaveatleastreadpermissionson
contenttobediscovered• SitesmustnothaveNoCrawl set• ListsmustnothaveNoCrawl set• Youmusthaveoneormoree-DiscoveryCenter• YoumusthaveoneormoreCompliancePolicyCenters• CreateDLPQuery(findit,reportit)• CreateDLPPolicy(takeaction)
DOCUMENT DELETION POLICY CENTER
• CreatePolicies• Assoc withSPSite• Assoc withSPSiteTemplate• Ensureuniformity• Policiesaremadeupofoneormorerule
OFFICE 365 INTEGRATION
• HybridConfigurationRequiresUPAprovisioned• Sites• Audience-driven• Auditing
Contact Information