SHAREPOINT 2016 DESIGN AND IMPLEMENTATION: BACK TO THE FUTURE!

PART 2

Presenter:BenCurry

• FoundingPartnerofSummit7Systems,Inc.• Summit7SystemsLeadArchitect• 7timeMicrosoftMVPforSharePointServer• 3 timeMicrosoftMVPforOffice365• CISSP,MicrosoftCertifiedTrainer,CCNA,MCITP:

SharePointServer• AuthorofseveralSharePointbooksbyMicrosoftPRESSS• MasterSCUBADiverTrainer• ben.curry@summit7systems.com

BEN CURRY / MANAGING PARTNER

@curryben http://summit7systems.com/blogs/author/ben-curry/

About Ben Curry

AGENDA

• FarmInstallationandarchitectureoverview• WebApplicationsandServiceApplications• What’snewinDocumentManagement• DLPbuildandconfig

WHAT’S GONE• ExcelServices

• But…OOShastheanswer!• SPFStandalone

• O365replacedthatusecase• StandaloneInstall

• Didanyoneuseitanyway?• FIM

• Backto2007Import• MIMifyouneedit...seescriptsandKBarticle

HARDWARE REQUIREMENTS FOR 2016• StretchfarmsAREsupportediflessthan1mslatency,99.9%overatenminute

span,and1GBorgreaterbandwidth

• We’lltalkaboutthatlaterinServiceApplications…but besmartwhereyouenableservices

• “appserver”haschangedmakingthismorepaletteable• SQLServer

• 16GB– 24GB

• AppServers

• 12GB– 16GB,4Cores

• WebServers• 8GB– 16GB,4cores

Seehttps://technet.microsoft.com/en-us/library/cc262485 fordetails

ACCOUNTS

• ConfigurationWizards(PoShell,CA,PSConfig)willmodifymostpermissionsrequiredtorunSP2016

• InstallAccount/SetupAdministratorAccount(don’teverdelete)• Sameaccount,folkscalliteither/or

• FarmAccount(CAAppPool)• SQLServerSecurityAdmin,DBCreator

• Grantsetupadministratoraccountpermissionstoinstallsoftware

ACCOUNTS AND PRE-REQS

• OneormanyWebApplicationPoolIdentities• OneormanyServiceApplicationPoolIdentities• VerifyGPOsarenotoverridingsecuritysettingsforfileandregistry See

https://technet.microsoft.com/en-us/library/cc678863 fordefaultsecurityconfig

• CheckAnti-VirusSettings• Disableduringinstallation• ExcludeDirectorieshttps://support.microsoft.com/en-us/kb/952167• Basically:logs,bin,FIM,search,BLOB,WebTempandApplications

• Remembertogobackandchangelogsettingsifneeded• Runpre-reqinstallerorinstallfromnetwork

PRE-REQUISITE INSTALLER

Do NOT change user after reboot!! You must log on as the user that kicked off the Pre-req tool!

MAXDOP = 1

• Yup,stillrequired

NOT MUCH NEW IN PSCONFIGUI

CONFIGURATION DATABASE• DoyouwanttoconnecttoanexistingconfigDBor

createanewone?

RTM

• Minrole• Ok,thisisnew…

FEATURE PACK 1: MINROLE

MINROLE NOTES

• HelpsZDP(ZeroDowntimePatching)• FarmServicesArchitectureGovernance

APP LAUNCHER

• RequiresUPA• AfterUPAprovisioning,waitand/orrefreshpages• UPAFIMisgone!

• Centralizedmanagement isn’tthere…yet• Let’sALLkeepaskingMStoputthisinthere!• Iwishwehadglobaledit

• O365nowhassomeofthis,sofingerscrossed!

UPA CHANGES

• Importonly• NomoreFIM• UseMIMifyouneedmorethansimpleADImport• Overview:https://technet.microsoft.com/en-

us/library/mt627723(v=office.16).aspx• Convertscripts:https://technet.microsoft.com/en-

us/library/mt627724(v=office.16).aspx

WEB APPLICATION• SSLisstillintheinterfaceJ

• TLS1.2isthenewstandard• Besmartifyouareeventuallygoingtocloud

• Goodsitenames• RelativeURLs• Don’tdependonon-premisefeatures!

• Wecanhavebigdatabases!!• AskyourSQLDBA• It’smostlyaboutbackup/restore

DURABLE LINKS

• Well,kindof…• SPSiteScoped(IDisstoredincontentdatabaseand

can’tbecopiedtoanothercontentdatabase...yet)• RequiresOfficeWebApps

ODF SUPPORT IN DOCUMENT LIBRARY

• Supportotherdocumenttools• Changetemplatevia:• One-offODFtemplateviaFormsfolder• Contenttypestomanage“sitetemplates”

ACCESSIBILITY SHORTCUTS I USE

• Alt+N - New• Alt+E - Edit• Alt+U - Upload• Alt+M - Manage• Alt+S - Share• Alt+Y - Synchronization

MISC IMPROVEMENTS• Goodbye,SSL,helloTLS1.2• CarefulwithAdminUIandterminology

• Dist CacheisImproved• Newsfeeds,AuthN,OneNoteclientaccess,securitytrimming,

pageloadperf• SearchScaling• http://blogs.technet.com/b/wbaer/archive/2015/08/28/search-

scale-and-resiliency-improvements-in-sharepoint-server-2016-it-preview.aspx

DLP

• SteveSmithBlog-https://blogs.msdn.microsoft.com/mvpawardprogram/2016/01/13/data-loss-prevention-dlp-in-sharepoint-2016-and-sharepoint-online/

• Nota replacementforexistingpoliciesandpractices• It’sExchangeDLPandFASTthatgotmarried,basically• “DataLossPrevention”– find,restrict,andtakeactiononconfidentialor

sensitivedata• FasterthanSPO(generally)becausewecanforcecrawls• It’sabigbenefittoOneDrive

• InadditiontoCustomAuditLogaggregation

• keywordmatches,dictionarymatches, theevaluationofregularexpressions, internalfunctions,andothermethods

WHY DLP?

• Thisisa“how”and“what’snewin2016”workshop…but... https://technet.microsoft.com/en-us/library/fp161516.aspx

• Confidentialdata• LawsandRegulations• Litigation• Misc non-compliance solutions

DLP FOUNDATIONS – SEARCH!!• Youneedawellrunningsearchserviceapplication• MakesureDistributedCacheisrunning• Checkforhungupgrade,pack,configDB lock• VerifyFileTypesarebeingcrawled• Newcontentprocessingcomponent“ClassificationOperator”• Asourcenotcrawledcannotbediscovered

• TaginPageHTML• SiteSettings• ListSettings• Erroronpage/sitethatpreventssuccessfulcrawling

DLP CONT’D

• Searchhastowork...fromstep1• Setuptakessearch,notjustDLPfeatures!• SearchisusedtocreatepoliciesandfindSPSitesfor

deletionpolicies

DEMO• http://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/

credit_card_numbers.htm• MusthaveReadsitepermissionstorunDLPqueries• CreateaNewItem• Choosereasonableinstancethreshold(lowerwillhavemorefalse

positives)• ToapplypoliciesacrossSPSites,youneedtocreateanew

CompliancePolicyCenter…seenextslide(DocumentDeletionPolicyCenter)• Yupagain,sameSPSite,2featuresmanaged

OVERVIEW

• Searchmustbepurring• E-Discoverermusthaveatleastreadpermissionson

contenttobediscovered• SitesmustnothaveNoCrawl set• ListsmustnothaveNoCrawl set• Youmusthaveoneormoree-DiscoveryCenter• YoumusthaveoneormoreCompliancePolicyCenters• CreateDLPQuery(findit,reportit)• CreateDLPPolicy(takeaction)

DOCUMENT DELETION POLICY CENTER

• CreatePolicies• Assoc withSPSite• Assoc withSPSiteTemplate• Ensureuniformity• Policiesaremadeupofoneormorerule

OFFICE 365 INTEGRATION

• HybridConfigurationRequiresUPAprovisioned• Sites• Audience-driven• Auditing

Contact Information

BenCurryBen.Curry@summit7systems.com