sharepoint deployments

HIT308The Ultimate SharePoint Best

Practice SessionLessons Learned from Years of

SharePoint Deployments

Michael NoelConvergent ComputingConvergent ComputingTwitter: @michaelTnoel

Michael NoelMichael Noel• Technology book author; Over 15 titles translated into 20

languages worldwidelanguages worldwide• Partner at Convergent Computing (www.cco.com) – San

Francisco Bay Area based Consultants• Specialties in SharePoint, Exchange, Security, and more…

Session Agenda

• Farm Architecture

g

Farm Architecture• Virtualized Farm Architecture

Hi h A il bilit D i• High Availability Design• Logical Architecture• Hardware and Software• SharePoint InstallationSharePoint Installation• Kerberos Authentication

F A hit tFarm Architecture

Best Practice SharePoint Designs

Farm Architecture

• All Roles and SQL on one

All-in-one Server

server• Often seen in small farms

SQL t ti ith• SQL contention with SharePoint

• Easy to deploy, but not bestEasy to deploy, but not best practice

• No ability for test i tenvironment

• NOTE: Do not use SQL Express in Production!Express in Production!

Farm ArchitectureDedicated SQL Database Server

• Dedicated SQL Server• All SharePoint roles• All SharePoint roles

on single box• Less Disk IO• Greater Performance• Still no test

environmentenvironment…

Farm Architecture

• 2 Web/Query/Application

Smallest Highly Available Farm

/Central Admin/Inbound Email Servers

• 1 Dedicated Index Server (With Web role to allow it to crawl content)

• 2 SQL Standard Edition2 SQL Standard Edition Cluster Nodes (Active/Passive) – Mirror also optionalso option

• Smallest highly available farm

Farm Architecture

Scale up and Scale out

Scalability

Scale up and Scale out…

Virtualized FarmVirtualized Farm ArchitectureArchitecture

Less Hardware, less costcost…

Virtualized Farm ArchitectureEasy and Supported

• Microsoft Hyper-V (R2 current version) or VMware ESX supported (KB 897615)

• Great Windows Licensing Options (Ent = 4 licenses, Datacenter = unlimited)4 licenses, Datacenter unlimited)

• Allows for multiple farms, more serversL t f il ti (Li• Less cost, more failover options (Live Migration / Vmotion)

• Do not overcommit resources!

Virtualized Farm ArchitectureCost Effective Farm / No HA

All i ti th t ld ’t ll b bl tAllows organizations that wouldn’t normally be able to have a test environment to run oneAllows for separation of the database role onto a pdedicated serverCan be easily scaled out in the future

Virtualized Farm ArchitectureFully Redundant Farm with only Two Servers

High-Availability

H tacross HostsAll componentscomponents virtualizedUses onlyUses only two Windows Ent Edition LiLicenses

Virtualized Farm ArchitectureHighest transaction

Best practice, Highly Available and Scalable Farm

transaction servers are physicalM lti l fMultiple farm support, with DBs for all f hfarms on the SQL clusterOnly five yphysical servers total, but high gperformance

Virtualized Farm ArchitectureVirtualization Scalability

Hi h A il biliHigh Availability ArchitectureArchitecture

Network Load Balancing gand SQL Database

MirroringMirroring

High Availability ArchitectureNetwork Load Balancing

H d B d L d B l i i B t• Hardware Based Load Balancing is Best● F5● Cisco Content Switch● Citrix Netscaler

• Windows Network Load Balancing Supported● Unicast – Use two NICs● Multicast – Requires Router Supportq pp

High Availability Architecture Network Load Balancing - Sample

● Web Role Servers● Web Role Servers• sp1.companyabc.com (10.0.0.101) – Web Role Server #1• sp2.companyabc.com (10.0.0.102) – Web Role Server #2

Clustered VIPs shared between SP1 and SP2 (Create A● Clustered VIPs shared between SP1 and SP2 (Create A records in DNS)

• spnlb.companyabc.com (10.0.0.103) - Clusterb (10 0 0 104) SP C t l Ad i• spca.companyabc.com (10.0.0.104) – SP Central Admin

• ssp1.companyabc.com (10.0.0.105) – SSP• spsmtp.companyabc.com (10.0.0.106) – Inbound Email p p p y ( )• home.companyabc.com (10.0.0.107) – Main SP Web App • mysite.companyabc.com (10.0.0.108) – My Sites

High Availability ArchitectureSQL Database Mirroring

A il bl i SQL S• Available in SQL Server 2005/2008, both Standard and E t i Mi iEnterprise Mirroring

• Keep a full copy of Database on another server

• Asynchronous (good for WANAsynchronous (good for WAN scenarios, Enterprise edition only) or Synchronousor Synchronous

High Availability Architecture

• Single Site

Database Mirroring – Single Site Option

• Synchronous Replication

• Uses a SQL• Uses a SQL Witness Server to Failover A i llAutomatically

• Mirror all SharePoint DBs inSharePoint DBs in the Farm

• Use a SQL Alias to it h t Miswitch to Mirror

Instance


T Sit

Database Mirroring – Cross Site HA Mirroring Option

• Two Sites• 1 ms

Latencyy• 1GB

Bandwidth• Farm

Servers in eacheach location

• Auto F ilFailover


• Two Sites

Database Mirroring – Warm Farm Asynchronous Option

• Two Farms (one warm farm)farm)

• Mirror only Content DBs

• Failover is ManualM t R tt h• Must Reattach DBs

• Must re-indexMust re index

Logical Architecture

Do it right the first time…

Logical ArchitectureWeb Application Architecture

• Consider creating multiple Web Apps• Consider creating multiple Web Apps• Example:

● spca.companyabc.com● ssp1.companyabc.comssp1.companyabc.com● mysite.companyabc.com

home companyabc com● home.companyabc.com• Flexible and scalable!

Logical ArchitectureDistribute by Default

• Distribute content across multiple SiteDistribute content across multiple Site Collections

• Distribute Site Collections Across• Distribute Site Collections Across Multiple DBsM lti l d t b t ll d• Multiple databases = more controlled DB growth

• Try to keep your Content DBs manageable in size (50-100GB)g ( )

Logical ArchitectureSample Logical Architecture

H d dHardware and SoftwareSoftware

Determining the right toolsDetermining the right tools for the job

Hardware and SoftwareDisk, Memory, and Processor

• SQL Databases Require large amounts ofSQL Databases Require large amounts of space!

• Allocate Disk Space for Index and Query p Q yServers as well

• Index corpus can grow to 5%-20% of total size p gof data indexed

• Database and Index Servers require most RAM (4GB, 8GB, or more)

• Multi-core processors recommended

Hardware and SoftwareWindows Server Versions

• Windows Server 2008 R2 (or RTM) highlyWindows Server 2008 R2 (or RTM) highly recommended!

• Critical that new servers run x64, required for , qSharePoint 2010

• SharePoint servers are fine with Standard edition of Windows, no extra gain for Enterprise

• SQL Servers may require Enterprise edition if using SQL Enterprise

Hardware and SoftwareSQL Server Versions

• SQL Server 2008 RecommendedQ• 64 bit also highly recommended (required for

SharePoint 2010)• SQL Server 2005 still supported• SQL 2000 supported for Sharepoint 2007, but

t f 2010 d t d dnot for 2010, and not recommended• Separate SQL Reporting Services server may

be required for intensive reportingbe required for intensive reporting• Standard edition of SQL generally fine, except

for very large environmentsy g

SharePointSharePoint InstallationInstallation

Getting the steps rightGetting the steps right

SharePoint InstallationService Accounts

• Never use a single service account!Never use a single service account!• Create the Following Accounts

SQL Ad i A t● SQL Admin Account● Installation Account

S● SharePoint Farm Admin● Search Admin● Default Content Access Account● Application Pool Identity Accounts

SharePoint InstallationInstallation Process

• Choose ‘C l t ’‘Complete’ Installation

• Do not select ‘Stand-alone’ forStand alone for a Production environment!environment!

SharePoint InstallationInstallation Process

• Choose Index Location duringLocation during Install

• Index location can be changed later, but more difficult

SharePoint InstallationCommand-line Installation of SharePoint

• Learn to install from Command-line• Only way to specify SPCA Database

Name• SETUP, PSCONFIG and STSADM

PSC fi i f i d!• PSConfig is your friend!• Powershell is the future here…

SharePoint InstallationRunning the Config Wizard to Install Servers

• Consider PSConfig• Use Easy to remember port for

SPCA (i e 8888)SPCA (i.e. 8888)• Better still, change SPCA to

443 later• Use Common DatabaseUse Common Database

Naming Convention• Account running wizard needs

DBCreator and Security Admin yrights on SQL Server

• Run the wizard on additional servers as necessary

SharePoint InstallationCreate a SQL and/or DNS Alias!

• Most flexible approach!• spsql abc com = sql1spsql.abc.com = sql1

KerberosKerberos Authentication

Security, Security, Securityy y y

Kerberos AuthenticationEnable for Best practice Security!

• Use Kerberos when creating Web Apps• Extra steps required, but worth it…p q ,

Kerberos Authentication

• Create Service Principle Names (SPNs)

Step 1: Create SPNs for Web Apps

Create Service Principle Names (SPNs)• Used for impersonation


• Create SPNs for SQL

Step 2: Create SPNs for SQL

Create SPNs for SQL• Syntax similar to following:

● Setspn exe -A MSSQLSvc/spsql:1433● Setspn.exe -A MSSQLSvc/spsql:1433 COMPANYABC\SRV-SQL-DB

● Setspn.exe –A MSSQLSvc/spsql.companyabc.com:1433 COMPANYABC\SRV-SQL-DB

• MSSQLSvc = Default instance if named• MSSQLSvc = Default instance, if named instance, specify the name instead

• In this example SRV SQL DB is the SQL Admin• In this example, SRV-SQL-DB is the SQL Admin account

Kerberos AuthenticationStep 3: Allow App Pool accounts and SP Computers to

• Use ADUC

Step 3: Allow App Pool accounts and SP Computers to Delegate

• Use ADUC• SharePoint

Web Server Computer pAccounts

• App Pool• App Pool Identity A tAccounts


• Windows Server 2008 only

Step 4: Edit Applicationhost.config

• Modify the ApplicationHost.config file<windowsAuthentication enabled="true" useKernelMode="true"

useAppPoolCredentials="true">


• Enable Kerberos on the Web App (if not

Step 5: Enable Kerberos on Web App

• Enable Kerberos on the Web App (if not already turned on)

G t A li ti M t● Go to Application Management –Authentication ProvidersChoose the appropriate Web Application● Choose the appropriate Web Application

● Click on the link for ‘Default’ under ZoneCh t I t t d Wi d A th ti ti● Change to Integrated Windows Authentication - Kerberos (Negotiate)

R ii t / f f th d• Run iisreset /noforce from the command prompt

Key Takeawaysy y

• Highly consider Virtualization for SharePointHighly consider Virtualization for SharePoint• Create a test farm!• Consider Database Mirroring and/or NLB forConsider Database Mirroring and/or NLB for

SharePoint HA• Deploy the ‘five server farm’ for full High p y g

Availability• Plan today for SharePoint 2010 (more on this

in the next session!)• Enable Kerberos Authentication

For More Information

• SharePoint Database Mirroring Whitepaper (htt //ti l / i )(http://tinyurl.com/mirrorsp)

• Database Mirroring Failover Case Study (http://tinyurl.com/mirrorspcs)

f ‘ S f ’• Microsoft ‘Virtualizing SharePoint Infrastructure’ Whitepaper (http://tinyurl.com/virtualsp)

• SharePoint Log Shipping Whitepaper (htt //ti l /l hi )(http://tinyurl.com/logshipsp)

• Microsoft Kerberos Guidance for SP (http://tinyurl.com/kerbsp)

Your Feedback is ImportantYour Feedback is Important

Please fill out a session evaluation form andPlease fill out a session evaluation form and either put them in the basket near the exit

or drop them off at the conferenceor drop them off at the conference registration desk.

Thank you!

Session Code: HIT308Session Code: HIT308

Michael NoelTwitter: @MichaelTNoel

www.cco.com

Session Code: HIT308

Slide Deck:http://www.devconnections.com/updates/LasVegas_Fall09/SharePoint