best practice sharepoint architecture
DESCRIPTION
Slide deck used at the India SharePoint User Groups in Pune, Chennai, and Bangalore, September 2009.TRANSCRIPT
Best Practice SharePoint Farm Architecture
Michael NoelConvergent Computing
Twitter: @MichaelTNoel
• Farm Architecture• Virtualised Farm Architecture• High Availability Design• Logical Architecture• Hardware and Software• SharePoint Installation• Kerberos Authentication
Session Agenda
Farm Architecture
Best Practice SharePoint Designs
• All Roles and SQL on one server
• Often seen in small farms• SQL contention with
SharePoint• Easy to deploy, but not best
practice• No ability for test environment• NOTE: Do not use SQL Express
in Production!
Farm ArchitectureAll-in-one Server
• Dedicated SQL Server• All SharePoint roles on
single box• Less Disk IO• Greater Performance• Still no test
environment…
Farm ArchitectureDedicated SQL Database Server
• 2 Web/Query/Application /Central Admin/Inbound Email Servers
• 1 Dedicated Index Server (With Web role to allow it to crawl content)
• 2 SQL Standard Edition Cluster Nodes (Active/Passive) – Mirror also option
• Smallest highly available farm
Farm ArchitectureSmallest Highly Available Farm
Scale up and Scale out…
Farm ArchitectureScalability
Virtualised Farm Architecture
Less Hardware, less cost…
Virtualised Farm ArchitectureEasy and Supported
• Microsoft Hyper-V (R2 recommended) or Vmware ESX supported (KB 897615)
• Great Windows Licensing Options (Ent = 4 licenses, Datacenter = unlimited)
• Allows for multiple farms, more servers• Less cost, more failover options (Live
Migration / Vmotion)• Do not overcommit resources!
Allows organisations that wouldn’t normally be able to have a test environment to run one
Allows for separation of the database role onto a dedicated server
Can be easily scaled out in the future
Virtualised Farm ArchitectureCost Effective Farm / No HA
High-Availability across Hosts
All components virtualised
Uses only two Windows Ent Edition Licenses
Virtualised Farm ArchitectureFully Redundant Farm with only Two Servers
Highest transaction servers are physical
Multiple farm support, with DBs for all farms on the SQL cluster
Only five physical servers total, but high performance
Virtualised Farm ArchitectureBest Practise, Highly Available and Scalable Farm
Virtualised Farm ArchitectureVirtualisation Scalability
High Availability Architecture
Network Load Balancing and SQL Database Mirroring
High Availability ArchitectureNetwork Load Balancing
• Hardware Based Load Balancing is Best– F5– Cisco Content Switch– Citrix Netscaler
• Windows Network Load Balancing Supported– Unicast – Use two NICs–Multicast – Requires Router Support
High Availability Architecture Network Load Balancing - Sample
– Web Role Servers• sp1.companyabc.com (10.0.0.101) – Web Role Server #1• sp2.companyabc.com (10.0.0.102) – Web Role Server #2
– Clustered VIPs shared between SP1 and SP2 (Create A records in DNS)• spnlb.companyabc.com (10.0.0.103) - Cluster• spca.companyabc.com (10.0.0.104) – SP Central Admin • ssp1.companyabc.com (10.0.0.105) – SSP• spsmtp.companyabc.com (10.0.0.106) – Inbound Email • home.companyabc.com (10.0.0.107) – Main SP Web App • mysite.companyabc.com (10.0.0.108) – My Sites
High Availability ArchitectureSQL Database Mirroring
• Available in SQL Server 2005/2008, both Standard and Enterprise Mirroring
• Keep a full copy of Database on another server
• Asynchronous (good for WAN scenarios, Enterprise edition only) or Synchronous
• Single Site• Synchronous
Replication• Uses a SQL Witness
Server to Failover Automatically
• Mirror all SharePoint DBs in the Farm
• Use a SQL Alias to switch to Mirror Instance
High Availability Architecture Database Mirroring – Single Site Option
• Two Sites• 1 ms Latency• 1GB
Bandwidth• Farm Servers
in each location
• Auto Failover
High Availability Architecture Database Mirroring – Cross Site HA Mirroring Option
• Two Sites• Two Farms
(one warm farm)
• Mirror only Content DBs
• Failover is Manual
• Must Reattach DBs
• Must re-index
High Availability Architecture Database Mirroring – Warm Farm Asynchronous Option
Logical Architecture
Do it right the first time…
Logical ArchitectureWeb Application Architecture
• Consider creating multiple Web Apps• Example:– spca.companyabc.com– ssp1.companyabc.com–mysite.companyabc.com–home.companyabc.com
• Flexible and scalable!
Logical ArchitectureDistribute by Default
• Distribute content across multiple Site Collections
• Distribute Site Collections Across Multiple DBs
• Multiple databases = more controlled DB growth
• Try to keep your Content DBs manageable in size (50-100GB)
Logical ArchitectureSample Logical Architecture
Hardware and Software
Determining the right tools for the job
Hardware and SoftwareDisk, Memory, and Processor
• SQL Databases Require large amounts of space!• Allocate Disk Space for Index and Query Servers as
well• Index corpus can grow to 5%-20% of total size of data
indexed• Database and Index Servers require most RAM (4GB,
8GB, or more)• Multi-core processors recommended
Hardware and SoftwareWindows Server Versions
• Windows Server 2008 R2 (or RTM) highly recommended!
• Critical that new servers run x64, required for SharePoint 2010
• SharePoint servers are fine with Standard edition of Windows, no extra gain for Enterprise
• SQL Servers may require Enterprise edition if using SQL Enterprise
Hardware and SoftwareSQL Server Versions
• SQL Server 2008 Recommended• 64 bit also highly recommended (required for
SharePoint 2010)• SQL Server 2005 still supported• SQL 2000 supported for Sharepoint 2007, but not for
2010, and not recommended• Separate SQL Reporting Services server may be
required for intensive reporting• Standard edition of SQL generally fine, except for
very large environments
SharePoint Installation
Getting the steps right
SharePoint InstallationService Accounts
• Never use a single service account!• Create the Following Accounts– SQL Admin Account– Installation Account– SharePoint Farm Admin– Search Admin– Default Content Access Account– Application Pool Identity Accounts
SharePoint InstallationInstallation Process
• Choose ‘Complete’ Installation
• Do not select ‘Stand-alone’ for a Production environment!
SharePoint InstallationInstallation Process
• Choose Index Location during Install
• Index location can be changed later, but more difficult
SharePoint InstallationCommand-line Installation of SharePoint
• Learn to install from Command-line• Only way to specify SPCA Database
Name• SETUP, PSCONFIG and STSADM• PSConfig is your friend!• Powershell is the future here…
SharePoint InstallationRunning the Config Wizard to Install Servers
• Consider PSConfig• Use Easy to remember port for
SPCA (i.e. 8888)• Better still, change SPCA to 443
later• Use Common Database Naming
Convention• Account running wizard needs
DBCreator and Security Admin rights on SQL Server
• Run the wizard on additional servers as necessary
SharePoint InstallationCreate a SQL and/or DNS Alias!
• Most flexible approach!• spsql.abc.com = sql1
Kerberos Authentication
Security, Security, Security
• Use Kerberos when creating Web Apps• Extra steps required, but worth it…
Kerberos AuthenticationEnable for Best Practise Security!
• Create Service Principle Names (SPNs)• Used for impersonation
Kerberos AuthenticationStep 1: Create SPNs for Web Apps
• Create SPNs for SQL• Syntax similar to following:– Setspn.exe -A MSSQLSvc/spsql:1433 COMPANYABC\SRV-
SQL-DB– Setspn.exe –A MSSQLSvc/spsql.companyabc.com:1433
COMPANYABC\SRV-SQL-DB
• MSSQLSvc = Default instance, if named instance, specify the name instead
• In this example, SRV-SQL-DB is the SQL Admin account
Kerberos AuthenticationStep 2: Create SPNs for SQL
• Use ADUC• SharePoint
Web Server Computer Accounts• App Pool
Identity Accounts
Kerberos AuthenticationStep 3: Allow App Pool accounts and SP Computers to Delegate
• Windows Server 2008 only• Modify the ApplicationHost.config file
<windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true">
Kerberos AuthenticationStep 4: Edit Applicationhost.config
• Enable Kerberos on the Web App (if not already turned on)– Go to Application Management – Authentication
Providers– Choose the appropriate Web Application– Click on the link for ‘Default’ under Zone– Change to Integrated Windows Authentication -
Kerberos (Negotiate)• Run iisreset /noforce from the command
prompt
Kerberos AuthenticationStep 5: Enable Kerberos on Web App
Key Takeaways
• Highly consider Virtualization for SharePoint• Create a test farm!• Consider Database Mirroring and/or NLB for
SharePoint HA• Deploy the ‘five server farm’ for full High
Availability• Plan today for SharePoint 2010 (more on this in
the next session!)• Enable Kerberos Authentication
• Speaker Books• (http://www.samspublishing.com)• SharePoint Database Mirroring Whitepaper• (http://tinyurl.com/mirrorsp)• Database Mirroring Failover Case Study• (http://tinyurl.com/mirrorspcs) • Microsoft ‘Virtualizing SharePoint Infrastructure’ Whitepaper (
http://tinyurl.com/virtualsp) • SharePoint Log Shipping Whitepaper• (http://tinyurl.com/logshipsp)
For More Information
Thanks for having me in Pune!
Questions?
Michael NoelTwitter: @MichaelTNoel
www.cco.com