table of contents - office 365 and sharepoint enterprise tools · can prepare for the upgrade from...
TRANSCRIPT
Table of Contents
Summary............................................................................................................................................................................
About the Author...........................................................................................................................................................
Introduction.......................................................................................................................................................................
Introducing the SharePoint 2016 Feature Pack 1.......................................................................................
New Features Introduced with the Release of SharePoint 2016.............................................
Administrative Actions Logging..............................................................................................................
What Does SharePoint 2016 Mean for Hybrid Environments?....................... .................................
Hybrid Taxonomy (Preview)...........................................................................................................................
Hybrid Auditing......................................................................................................................................................
Discontinued Features in SharePoint 2016....................................................................................................
How to prepare for an Upgrade?.....................................................................................................................
Database Attach Upgrade.............................................................................................................................
How to retrieve all sites in SharePoint 2010 Before Upgrading.........................................
What Is New in the SharePoint 2016 Topology?....................................... ...............................................
Zero Downtime Patching..........................................................................................................................
New MinRole Features and Improvements...................................................................................
Other Roles.........................................................................................................................................................
Best Practices................................................................................................................................................................
Hardware................................................................................................................................................................
Upgrading to the Latest Version...................................................................................... ........................
DB Best Practices................................................................................................................................................
Primary Drive...................................................................................................................................................
ULS Logs..............................................................................................................................................................
Database Files.................................................................................................................................................
TempDB...............................................................................................................................................................
Disk Allocation Size .......................................................................................................................................
ModelDB..............................................................................................................................................................
Maximum Degree of Parallelism..........................................................................................................
3
4
5
6
8
9
10
10
11
12
13
13
14
16
17
17
19
20
20
20
22
23
23
24
24
25
25
26
Table of Contents
SQL Alias............................................................................................................................................................
Web.config Files and Solution Deployment.......................................................................................
Recommended Cumulative Updates....................................................................................................
Site Collection Upgrade.................................................................................................................................
SharePoint Security............................................................................................................................................
Site Collection Sizes ....................................................................................................................................
SharePoint Code Quality................................................................................................................................
Default URLs, SQL Alias, and Domain...................................................................................................
Services and Proxies..........................................................................................................................................
Blog Caching Enable.......................................................................................................................................
Updating All Server...........................................................................................................................................
Claims-Based Authentication ....................................................................................................................
Things You Are Most Likely Going to Misconfigure................................................................................
Enable Usage and Health Data Collection......................................................................................
Site Collection Size.............................................................................................................................................
Content Database Autogrowth..................................................................................................................
Number of Application Pools......................................................................................................................
Object Cache User Account........................................................................................................................
Loopback Disabled...........................................................................................................................................
Publishing Cache................................................................................................................................................
Web Application URL Check...................................................................................................................
Office Web Apps HTTPS...........................................................................................................................
AppPool User in Performance Log Group......................................................................................
Conclusion......................................................................................................................................................................
26
27
27
28
28
29
29
30
31
32
33
33
35
35
36
37
37
38
38
39
39
40
41
42
This white paper discusses SharePoint 2016 and what new functionalities it brings
to users from an architectural perspective.
The second section of this white paper focuses on how SharePoint administrators
can prepare for the upgrade from SharePoint 2010 and SharePoint 2013 to
SharePoint 2016 and what IT Pro best practices are when it comes to managing
a SharePoint environment.
Some of the new and updated features discussed in this document will be the
highly anticipated MinRole, hybrids in SharePoint 2016, compliance features,
SharePoint search, and more.
Among the carefully planned out preparations for migration, it is important to
keep in mind certain procedures that most users commonly forget.
Because of this, the white paper outlines different SharePoint best practices
for SharePoint on-prem and SharePoint Online before making a leap towards
upgrading to SharePoint 2016, as well as how to maintain a healthy SharePoint
environment.
Summary
3
He graduated from the Faculty of Electrical Engineering and Computing in Zagreb,
where he obtained his master’s degree and gathered valuable experience in
development, system administration, project management, and the requirement
analysis sector.
Over the years, Toni has contributed to the Microsoft community, becoming a
valuable member and earning awards in multiple categories. He is a seven-time
SharePoint MVP and currently holds the title for Microsoft Office Servers and
Services.
Having in-depth knowledge of SharePoint administration, Toni invested his time
and expertise into starting his own company—SysKit Ltd., which he has successfully
run for more than seven years. The company is based in Zagreb, Croatia and is
the name behind one of the most popular SharePoint admin solutions, SPDocKit.
SysKit Ltd. also develops enterprise solutions, helping numerous consultants deal
with their SharePoint, Office 365, Windows Servers, Remote Desktop Services,
Citrix, and SQL Server environments.
Toni Frankola is an entrepreneur, IT
consultant, seven-time SharePoint MVP, and
Microsoft Office Servers and Services MVP.
About the Author
4
Introduction
SharePoint 2016 brings quite a few new
features, as well as some updates, and
for that reason, certain preparations
are necessary before you start your
upgrade.
It is also important to go over the
most common problems that baffle
SharePoint administrators across
the globe as well as discuss how
SharePoint environment management
can be improved.
From an architectural perspective,
SharePoint hasn’t changed drastically
since the 2010 version; although, let
it be noted that changes occurred
regarding the use of SharePoint on-
prem since more and more users
are moving their environments to the
cloud. However, when comparing the
2016 and 2007 versions, you can see
some significant differences.
Regardless of which version is being
used, what is important is that
SharePoint administrators get all of
their best practices in order so that the
SharePoint environment can function
smoother. Thus, this white paper has
a clear purpose: to better understand
what novelties SharePoint 2016 brings
and what you should concern yourself
with when it comes to managing your
environment.
5
Since the release of SharePoint 2016 in March 2016, a lot of new features have
been introduced, with its main focus on IT pro stuff, especially in relation to
SharePoint Online.
Microsoft has followed with additional public updates that have been announced
every month. With the release of the SharePoint 2016 Feature Pack 1, you will get
cumulative updates each month.
In this section, we will try to point out some of the most important novelties and
what to look out for when implementing them.
This arrangement with feature packs is completely new to SharePoint. In fact, the
Feature Pack 1 is the first time that SharePoint has provided new features without
users having to upgrade to an entirely new version of SharePoint. You can see
just how much it has changed since the time when cumulative updates were
coming out every two months.
The innovations that are coming directly to SharePoint Online are the current
focus of Microsoft’s plans, and it is focusing on a proper way to deliver these new
features to on-prem users.
Introducing the SharePoint 2016 Feature Pack 1
6
As for SharePoint in general, Microsoft plans to continue with major releases
every two years, release new updates every month, and offer a new Feature
Pack roughly once a year.
Where we are now?
7
SECURITY UPDATE
Release
PUBLIC UPDATE
As required
New features
Monthly
Every 2-3 yearsMAJOR RELEASE
Frequency Contents
SharePoint 2016 has a converged code base that serves both cloud and on premises customers.
Major releases remain on atraditional 2-3 year release cycle.
SharePoint
SharePoint2016(Mar 2016) PU PU
PU PU PU
FeaturePack 2(H2 2017)
FeaturePack 1(PU)PU
What’s new with the 2016 Feature Pack:
Administrative actions logging for common SharePoint administrative actions
MinRole enhancements to support small and medium-sized farms
OneDrive for Business modern experience
Custom tiles in the SharePoint app launcher
SharePoint hybrid auditing unified across site collection on-premises and Office 365
Hybrid taxonomy unified across on-premises and Office 365
OneDrive API for SharePoint on-premises
Now, what is important to SharePoint administrators is questioning how these
new features affect their environment. How do you plan for deployment? Hybrid
environments pose an important question.
If you’re wondering whether you can get Feature Pack 1 for SharePoint 2013, you
cannot. Only SharePoint 2016 is available.
As previously mentioned, there are a lot of new features. Some worth mentioning
are the MinRole, which will be discussed in further detail later on; new controls
for working with OneDrive for Business; Site Folders view; customized web parts;
document and library accessibility; Information Rights Management; Encrypted
Connections; SharePoint business intelligence; and more.
New Features Introduced with the Release of SharePoint 2016 Feature Pack 1
8
We should mention some other things that have been improved when it comes
to end users and user interface.
Microsoft also offers the ability to connect all the audit logs stored into SharePoint
on-prem with the Office 365 environment. This means you can sync these logs into
your Office 365, giving users access to the search engine for all logs as well as
the ability to search all events and analyze them. In order to use this feature, you
need to have Office 365 and then connect it with your on-premise installation.
Just a quick warning for this feature: although it has been shipped as part of the
Feature Pack 1, it’s still in preview and not yet ready for production.
In reference to the auditing feature, SysKit Ltd. worked with administrators
managing large SharePoint farms, and what we realized years back is that the
feature our clients wanted most was actually the ability to track changes; for
example, changes made in the Central Administration. Today more than ever,
users find it important to keep track of users who delete, modify, and in any way,
change the content.
SysKit Ltd. came up with SPDocKit and developed a feature able to track changes
made in farm configuration, web applications, permissions, and web.config
files. This is one of the features that revolutionized the way you now manage
your environment. For this reason, our tool, SPDocKit, became popular, helping
numerous SharePoint administrators and consultants around the world.
The 2016 Feature Pack 1 brings an auditing feature that can tell you exactly who
has made changes in the Central Administration. SPDocKit offers full support for
Feature Pack 1 so you can view this report in SPDocKit application. In addition,,
SPDocKit enables you to take snapshots of current farm settings and store them
for future comparison.
Administrative Actions Logging
9
Today, we can see an increase in hybrid environments, and configuring such
environments is now a lot easier than it was a few years ago.
When we talk about hybrids, SharePoint 2016 brings good news by improving
hybrid abilities.1 Microsoft has put a lot of work into developing a hybrid
configuration that would make such an environment easier to handle. Hybrid
environments are useful in scenarios where part of your environment is on-prem,
such an internal collaboration site, while a segment of it is stored in the SharePoint
Online environment; for example, provisioning a part of the infrastructure in
SharePoint Online for a specific project that you have been working on with
another company.
Hybrid Taxonomy (Preview)
What Does SharePoint 2016 Mean for Hybrid Environments?
Hybrid taxonomy is a solution intended to create and maintain a shared
taxonomy between SharePoint on-premises and a SharePoint Online tenant.
With an updated taxonomy in SharePoint Online, changes are automatically
propagated across all site collections and lists.
The key element in every hybrid environment is the hybrid sites, making it possible
to have sites both on-prem and online. Microsoft made it possible to sync profiles
between SharePoint on-prem and SharePoint Online. You can even connect
OneDrive to a hybrid OneDrive.
An interesting new feature is the hybrid search: the ability to search both
environments at the same time, which is very useful if you are not sure where
your site is located. Other features that might interest hybrid users include Office
365 profiles and Hybrid Follow.2
1Julien Stroheker & Nicolas Georgeault, SharePoint and Office 365 hybrid configuration from A to Z:(http://www.slideshare.net/ngeorgeault/sharepoint-and-office-365-hybrid-configuration-from-a-to-z-spstoronto-2015) 2Graham Gillen, SharePoint 2016 Hybrid Search: “One Search to Rule Them All”: http://www.searchtechnologies.com/sharepoint-2016-hybrid-search
10
Hybrid Auditing is a new feature that came with the SharePoint 2016 Feature
Pack. This feature allows users to upload their SharePoint diagnostic and usage
logs and have reports generated for them in Office 365.3 Hybrid Auditing in
SharePoint 2016 is done via the Microsoft SharePoint Insight service; however, the
feature is still in preview and is not recommended for current use in the production
environment. Refer to this Microsoft TechNet article to find out how to configure
SharePoint Hybrid Auditing in SharePoint 2016.4
3SharePoint Hybrid Auditing (Preview): https://technet.microsoft.com/en-us/library/mt764270(v=office.16).aspx4SharePoint Hybrid Auditing in SharePoint 2016: https://technet.microsoft.com/en-us/library/mt622371(v=office.16).aspx
There is also a feature that offers the ability to connect to Term Stores, meaning
you can now have a single Term Store across the entire environment, both
SharePoint on-prem and SharePoint Online. This could be useful, for example, if
you have unified taxonomy on both environments. This feature is also in preview
at this moment, so if you are planning on using it, make sure you test it out first.
Hybrid Auditing
11
Of course, when certain new features surface, there are features that also get
discontinued. That is not a problem by itself; however, it tends to become a
problem when upgrading. For example, users upgrading from SharePoint 2013
may not be able to use specific features once they migrate to SharePoint 2016.
Therefore, a lot of attention and detail need to be put into upgrades.
Features that will not be available in the SharePoint 2016 are as follows:
SharePoint Foundation
Standalone Install mode
ForeFront Identity Manager client (FIM)
Excel Services in SharePoint
SharePoint BI capabilities (SQL2016)
Tags and Notes
SharePoint Designer
InfoPath
Due to these discontinued features, you may encounter a hiccup if you have
been running SharePoint Foundations. Also, it will not be possible for you to install
SharePoint as a standalone install, meaning you will not be able to auto-provision
the SQL Server (that option was available with SharePoint 2013 and SharePoint
2010).
Now, for SharePoint Designer, you have an option to use SharePoint Designer
2013 with SharePoint 2016 and SharePoint Online, although you should avoid this
whenever possible. A good piece of advice would be to focus on upcoming
features to upgrade existing workloads, such as PowerApp, Flow, SharePoint
Framework, and others.
Discontinued Features in SharePoint 2016
12
Before you can upgrade to SharePoint 2016, you need to make sure you are
running an adequate version of SharePoint 2013.
SharePoint Server 2016 supports an upgrade from SharePoint Server 2013 with
Service Pack 1 with the March 2013 PU, version 15.0.4481.1005 or higher.
Even if you don’t plan on moving to SharePoint 2016 at the moment, you still need
to lay out a plan and prepare your environment for the upgrade because your
current SharePoint needs to be up to date to upgrade.
How to prepare for an Upgrade?
5AutoSPInstaller available online at: https://autospinstaller.com/
Database Attach Upgrade
The only available way to upgrade from Microsoft is the database attach.
Once you have SharePoint 2013 that is on version 15.0.4481.1005, you need to
take the database and attach it to a new farm—in this case, a SharePoint 2016
farm and then you will be able to upgrade. The other way is to contact a third-
party migration vendor and migrate your content to a new database. By using
a migration tool, you will not be stuck with upgrading to Service Pack 1, and you
can also upgrade from an earlier version of SharePoint like SharePoint 2010.
When creating a new farm, we would also recommend you use the AutoSPInstaller5
script that will prepare and install everything so you don’t have to bother with
the process. AutoSPInstaller is an open-source project and, by joining forces
with the SPDocKit, it helps SharePoint administrators provision SharePoint farms
automatically. With SPDocKit, you can generate the input XML configuration file
that you can use with AutoSPInstaller and create a new SharePoint farm that is
identical or very similar to your current farm environment.
13
How to retrieve all sites in SharePoint 2010 Before Upgrading
This input from SPDocKit is an XML file that contains farm topology as well as
other details about the SharePoint farm. The configuration file reduces the time
needed to deploy SharePoint, and since everything is reusable, you can create
production and staging/testing environments that are identical.
A tool such as the AutoSPInstaller is very useful, especially in cases where you
have multiple SharePoint farms, such as DEV, QA, TEST, etc. Then, you can use
the same script to auto-provision farms and tidy up your environment. Note that
your databases names are not going to have those horrible GUIDs, and the
names are going to follow the naming convention of your choice.
If you are doing a database attach yourself, and we cannot stress this enough,
make sure you are on a proper version.
If you recall, when we upgraded from SharePoint 2010 to SharePoint 2013, there
was the ability to retain the 2010 look and feel and still run it on a SharePoint 2013
server. Sadly, this is no longer supported in SharePoint 2016. That is why you must
make sure you have converted all sites to the SharePoint 2013 user interface.
There is no concept of “site collection compatibility modes” in SharePoint Server
2016. You must be running the latest version at all times.
If you have a SharePoint environment that was upgraded from SharePoint 2010
to 2013, the following is the PowerShell command that can be used to retrieve all
sites that are still in the SharePoint 2010 mode.
14
You can use the following commands to get more information on the compatibility
level:
Get-SPSite -Limit All | ? { $_.CompatibilityLevel -eq 14 }
Get-SPSite -ContentDatabase <database name> -Limit All | ? {
$_.CompatibilityLevel -eq 14 }
Once you retrieve all the sites, you will need to upgrade these before proceeding
with the upgrade to 2016.
15
What Is New in the SharePoint 2016 Topology?
A typical topology for SharePoint 2013 and earlier versions as well would look
like this: you would have Web Front End servers, and we have only two in my
case; then a layer of Application servers; and, finally, a couple of SQL Servers.
Of course, you might also have additional servers, like Search server or Cache
server.6
Now, the SharePoint 2016 topology has MinRoles, which come out of the box
and look like this:
Front-End
Service applications, services, and components that serve user requests belong on a Front-end server. These servers are optimized for high performance.
Application
Service applications, services, and components that serve back-end requests, such as search crawl requests, belong on an Application server. These servers are optimized for high throughput.
Distributed Cache
Service applications, services, and components that are required for a distributed cache belong on a Distributed Cache server.
Search
Service applications, services, and components that are required for search belong on a Search server.
Custom
Service applications, services, and components that you want tomanage, instead of using MinRole to manage them, belong on a Custom server.6
6Planning for a MinRole server deployment in SharePoint Server 2016: https://technet.microsoft.com/en-us/library/mt743704(v=office.16).aspx
16
So what in fact you have is a Web Front End that handles all the user interaction,
Application role that handles all the background tasks, Distributed Cache that
caches all the components, and a Search role.
This means SharePoint 2016 has four key roles and you can configure them by
clicking on a server and assigning it a certain role. What happens then is that
SharePoint turns off all features that are not necessary for the chosen role, and
it switches the services for that particular role as well. This is not hardcoded and
you can change that as you please. Of course, there are rules that check these
roles all the time, and configure the services as they run.
The MinRole is important when it comes to zero downtime patching. It allows you
to deploy updates and fixes while minimizing downtime and user disruption.
When you had SharePoint 2013 or SharePoint 2010, it was a challenge to create
an internal procedure that would allow you to patch your SharePoint and still
have zero downtime. Changes that are being made with MinRoles are going to
allow you to patch your SharePoint with zero downtime.
Now that we have concluded that a SharePoint 2016 farm needs at least four
servers to run it, if you want to have a zero downtime patching, you might consider
getting eight servers into your farm. That way, you can have a copy of each of
your four servers with their unique roles in order to patch it with a zero downtime.
With MinRoles, you needed a lot of servers to run, and that is why in Feature Pack
1 of SharePoint 2016, Microsoft has changed that a little bit and introduced
Zero Downtime patching
New MinRole Features and Improvements
17
improvements to support small environments—something that the community
affectionately calls the Mini MinRole.
Now you are getting two additional roles: Microsoft combined roles for smaller
installations for companies that do not need eight servers to run a SharePoint
farm and added combined roles.
The new combined role is a Web Front End with a distributed cache; it combines
Web Front End and Distributed Cache, and the other combines Application with
Search. Now, you can run your SharePoint farm with just two servers. However, if
you want to have higher availability, you will still need four servers.
To configure roles, navigate to the configuration wizard, and the wizard will ask
you which server role you wish to assign to which server. For typical Mini MinRoles
patching, you only need four servers to have a zero downtime patching, and
once one server goes offline, the other one will handle all tasks and so on and
so forth.
Figure 1 - SharePoint 2016 Products Configuration Wizard
18
Basically if you want to have higher availability, you should go with four servers as
a minimal topology, although, as mentioned earlier, it is possible to run SharePoint
2016 with just two.
The bottom line is that the Mini MinRoles are the most important changes when
it comes to SharePoint 2016, and this is something that you need to plan ahead
for by making calculations for how many servers you need and how many roles
you are going to provision.
Other roles
One special role is the Custom role, and this role can be configured in any way
you please. Basically, you can configure it to run as any role; for example, as
custom services. What’s important is that this role is not controlled by specific
rules like the remaining four we mentioned in the previous section.
Also, there are some special roles, such as the single server farm, which are used
for development and testing only and are not meant to be used as production. This
means that SharePoint in production does not support a single server scenario
because you need more than one server to run the production SharePoint farm.
19
When it comes to upgrading, there are certain best practices that help you
transition to the new SharePoint version rather quickly.
Best Practices
Hardware
In regard to hardware for SharePoint 2016, there is no significant change;
requirements are similar to those in 2013 and are as shown below:
Single serverrole that usesSQL Server
Single serverrole that usesSQL Server
Web Server orapplicationserver in athree-tier farm
Web Server orapplicationserver in athree-tier farm
16GB
24GB
12GB
16GB
64 BIT, 2 CORES
80 GB for system drive100 GB for second drive
80 GB for system drive80 GB for second drive
80 GB for system drive100 GB for second driveand additional drives
80 GB for system drive80 GB for second driveand additional drives
64 BIT, 4 CORES
Upgrading to the Latest Version
Firstly, if you are planning to upgrade to the next major release of SharePoint,
make sure your existing environment is running a version of SharePoint that
supports upgrades. Then, check that you have a proper build number, and since
these numbers are hard to track down on the Internet, we will list them on the
next page.
20
SCENARIO RAM PROCESSOR HARD DISK SPACE
64 BIT, 1 CORE
64 BIT, 1 CORE
Upgrade from SharePoint 2007 to 2010, minimal build: SharePoint 2007 SP2, build number (12.0.6421.1000)
Upgrade from SharePoint 2010 to 2013, minimal build: SharePoint 2010 SP1, build number (14.0.6029.1000)
Upgrade from SharePoint Server 2013 to 2016, minimal build: SharePoint Server 2013 SP1 + March 2013 PU, build number (15.0.4481.1005)
Upgrading takes time and meticulous planning, and this is especially important
if you are a consultant—it is crucial you plan ahead in case your customer is not
using a proper version of SharePoint as upgrading a large database takes a
certain amount of time.
When we discuss updates, there are other things you need to update that are
frequently forgotten. There are other components, except the main part, either
within SharePoint or outside of SharePoint servers, which need to be patched.
This is a list of updates you should jot down, just in case you forget about them:
For example, if you have Office Web Apps, these need to be patched (they are
now called the Office Online Server). Note that this is a separate server that
renders your Word, Excel, and PowerPoint documents.
Office Web App/Office Online Server
App Fabric (2013)
Language packs
Project Server
21
When it comes to databases, there are a lot of things users need to do. Keep in
mind that most SharePoint administrators are not SQL administrators, and they
don’t know much about DBs. That is why you need to check if these things are
configured properly.
Here is a little reminder of all the things you should keep in mind:
Database files and transaction log files should not be on the primary drive
Storing all files in the same location and on the system drive can lead to severe performance issues in the SQL Server
TempDB (number of files, size, and response times)
Disk allocation size
ModelDB (growth and initial file size)
Maximum Degree of Parallelism (MAXDOP) (SP2013+)
Use an alias whenever possible
You can find these best practices and more on the Best Practices SPDocKit
website. For now, let us discuss the abovementioned ones.
DB Best Practices
In SharePoint 2013, we had the App Fabric as a separate update, and we suppose
by now, most users have the latest version. There have been some challenges
with this one, so be sure it is up to date.
If you are running a multi-lingual SharePoint, then you need to patch your
language packs as well. In SharePoint 2013, if you had a Project Server as a
separate update, do not forget to patch it.
22
Never use a primary drive for logs and data. Many people just provision a virtual
machine with a C drive— that’s not a good practice. If you have an SQL Server,
the databases should be on a secondary drive. Also, logs should be there as well
as SharePoint logs, the SharePoint search index, ULS logs, usage logs, IIS logs,
and SQL logs— if any of these logs also generate.
In this section, we will try to point out some of the most important novelties and
what to look out for when implementing them. Many log entries will cause your
primary drive to run out of space, and that leads to the shutdown of your server
and potential corruption of the entire server or virtual machine.
Make sure your ULS logs are enabled. It’s a common practice to forget about them;
here is an article on how to enable ULS logging files in Central Administration7.
Most people forget to enable them, and then they run into a problem. If there
isn’t a logging turned on, they are unable to diagnose what is going on.
Also, make sure logs are restricted because they can easily accumulate to an
unimaginable scale. Additionally, be sure to monitor your SharePoint for a couple
of days to check if you have enough disk space for the abovementioned logs.
When troubleshooting something, change the setting of your logs to verbose,
but when you are done, turn it off.
Primary Drive
ULS Logs
23
7Configure diagnostic logging in SharePoint Server 2016: https://technet.microsoft.com/en-us/library/ee748656(v=office.16).aspx
There are three types of data files: primary (.mdf), secondary (.ndf), and
transaction log files (.ldf). It is important that you don’t keep the database files
and the transaction logs in the same location.
As a matter of fact, keep them on a dedicated physical drive. If these files are all
on the same physical disk, it can cause the disk to run slower because the reads
and writes occur at the same time.
It is worth repeating: don’t use the primary drives. If the drive gets filled with
database data and logs, it is going to wreak havoc on the operating system, and
the entire server will probably shut down.
TempDB is a system database and serves as a global resource available to all
users connected to the instance of the SQL Server. For the TempDB, the most
important things to keep an eye on are the files, recovery model, response time,
and size.
Be sure to allocate dedicated disks for the drive that stores TempDB data files.
It is best to have an equal number of TempDB data files to the number of CPU
cores. Then comes the matter of size: each TempDB data file should be the same
size. Let’s say you have four CPU cores; then you need to have four separate
TempDB files. For SharePoint, these files need to be at least 10 percent of the
largest content database because when an SQL is performing queries, it needs
to be able to use the TempDB in an optimal way. Then, check the recovery model
for the TempDB and set it to “SIMPLE.” Keep in mind that changing to the simple
option will no longer have log backups.
TempDB
Database Files
24
The Block Size on the partitions holding data and log files should be configured
properly. This means that the Block Size value should be 64K, and the Partition
Offset/Block Size should be an integer number. However, please check your
storage documentation and cross-reference to check if this rule applies to your
particular case.
ModelDB, or model database, serves as a template when creating databases,
and there should always be a correctly configured ModelDB on an SQL Server.
If that is not the case, the DBA will have to adjust the database options on each
database manually.
It is crucial that your ModelDB has the appropriate growth and file size; otherwise,
some SharePoint databases are going to end up with, for instance, 1MB size and
a growth of 2MB. That is why you need to make sure you have chosen the proper
ModelDB initial size.
The ModelDB autogrowth should be in megabytes and set to a value higher than
the default (which is 1MB). This means avoiding the default settings and adjusting
the value according to your environment needs.
Adjust the recovery model for the ModelDB to “FULL.” It is the recommended
option because, if needed, you can recover the data or even restore to a certain
point in time; for example, prior to an application or user error.
As far as the response time is concerned, check whether the value is higher than
20 ms. If so, you need to troubleshoot and find out the cause for a slow response
time; usually, the problem might be the disk or network or some other issue.
Disk Allocation Size
ModelDB
25
9Aliases (SQL Server Configuration Manager): https://technet.microsoft.com/en-us/library/dd981072(v=sql.105).aspx10SPDocKit Best Practices: SQL Server Alias: https://docs.syskit.com/bp/v1/databases/sql-alias/
SQL Alias
SharePoint servers should be configured to use SQL aliases whenever possible.
An alias is an alternate name that can be used to make a connection. The alias
encapsulates the required elements of a connection string and exposes them
with a name chosen by the user.9 In SharePoint, once you enter the server name,
it is forever associated with the SharePoint farm, and there is no supported way
to simply change the database name later on.
Keep in mind that you should configure the SQL Server aliases BEFORE deploying
SharePoint.10
8Recommendations for the “max degree of parallelism” configuration option in SQL Server: https://support.microsoft.com/en-us/help/2806535/recommendations-and-guidelines-for-the-max-degree-of-parallelism-configuration-option-in-sql-server
Figure 2 - Specifying the configuration settings without using an SQL Server client alias.
Maximum degree of parallelism (MAXDROP) is a configuration option that controls
the number of processors used for executing a certain query in a parallel plan.8
For SharePoint 2013 and SharePoint 2016, you must set the maximum degree of
parallelism to 1. This setting will disable the parallel execution on the instance.
While this is a must for the SP 2016 and 2013, it is recommended for SharePoint
2007 and SharePoint 2010.
Maximum Degree of Parallelism
26
Make sure that:
If you have any farm solutions, one of the common best practices is to check that
web.config is equal across all your servers. Typically, people make changes, which
is normal; however, they then forget to replicate those changes throughout all
severs. This mistake can cause problems when you have a different configuration
on each server.
When deploying the code, make sure that the exact same version of your code
has been deployed to all your servers. If you are using solution deployment from
the Central Admin, please be aware it might fail in some cases, so double-check
the version of your assemblies. Otherwise, people hitting different servers might
get different results depending on the difference in code. We will discuss this
topic in further detail in the SharePoint Code Quality section.
Our fellow MVP, Todd Klindt11, has his own site where he offers users a list of all
changes. He also makes some interesting notes; for instance, if there is a bug in
a particular cumulative update.
In recent years, Microsoft has improved its own list; however, we recommend you
visit Klindt’s because it makes the whole approach easier to follow.12
11Todd Klindt’s SharePoint Admin Blog: http://toddklindt.com/blog/Lists/Posts/Post.aspx?ID=346 12SharePoint Updates: https://technet.microsoft.com/en-us/library/mt715807(v=office.16).aspx
Recommended Cumulative Updates
Web.config Files and Solution Deployment
All web.config files are the same across all servers and web application zones
You are running the same code on all servers
27
First things first: make sure you have updated all your site collections to the latest
UI version. We have already discussed in the previous sections why it is not
advisable to run the SharePoint 2010 mode if you are on SharePoint 2013.
When auditing SharePoint, it is of the utmost importance that the environment
runs smoothly. The other important thing is to know who your privileged users
are.
The farm administrator can assign himself or herself access to the entire content,
and that is why you must know who your primary farm administrator is. While you
are at it, check that the primary administrator is not a local administrator as well
because a situation like this can lead to many problems. Users with Privileged
Access are individuals that have access to your content even if they’re not listed
in your SharePoint. For security reasons, you should be aware of who those users
are.
Once you establish and sort out the permissions, double-check who your site
collection owners are and who has access to which sites.
The best practice for cumulative and public updates is to not update unless there
is something in the knowledge base article that you might be affected by. For
example, if there is a bug you are hitting, go and update; otherwise, to stay on
the safe side, wait for the Service Pack or the Feature Pack because these new
cumulative updates might bring on new bugs that lead to other problems in your
environment.
Site Collection Upgrade
SharePoint security
28
Over the years, we have commonly encountered problems among our clients in
relation to difference in code.
The best advice we can give you, through our experience, is that the key to
avoiding these problems is to understand what kind of code is being deployed
to your SharePoint farm. We understand that not all SharePoint administrators
are code savvies, but it is a must to check these kind of things since difference in
code affects the entire SharePoint performance and can serious problems. Trust
us on this one, we have seen our fair share of disasters—this was one of them.
What you have at your disposal is to use common code conventions. You could
also try out-of-the-box tooling to analyze your code. For SharePoint 2010, you
can use the free tool SPDisposeChecker. We can also recommend a third-party
tool called SPCAF13 which will analyze what kind of code you have as well as list
if there are any issues with the given code.
13SharePoint Code Analysis Framework: https://www.spcaf.com/
If you need to monitor something closely and continuously, it should be the size
of your site collections. Here are the recommended figures and values so you
can keep track what is going on:
The maximum number of content databases per farm is 500. For content
databases, when it comes to general usage scenarios, the maximum size is
200GB per content database. For all other usage scenarios, the content database
should be no more than 4TB per content database. These are not numbers set in
stone; however, try to at least run SharePoint in the proximity of these numbers.
Site Collection sizes
SharePoint Code Quality
29
15Rename a stand-alone server (Office SharePoint Server): https://technet.microsoft.com/en-us/library/cc261986(v=office.12).aspx
14SharePoint 2010 Client Object Model: https://msdn.microsoft.com/en-us/library/ee537247(v=office.14).aspx
There is an initiative in Microsoft to move all of the code outside SharePoint. In
the previous version of SharePoint products and technologies, your options for
accessing data from client applications were largely limited to the SharePoint
ASP.NET Web services.
For example, SharePoint Online was very restricted when it came to code
deployment—you couldn’t deploy a farm solution code. Now, Microsoft is trying
to move everything to a client-object model14 where the majority of things will
be running in browsers, and there are a few good reasons for this. Client code is
more secure since it doesn’t have direct access to the entire farm, and yet, again,
it is compatible with SharePoint Online. One of the most important things is that
the client-object model can hardly make a mess in your farm while a faulty server
code can rip it to shreds.
That is how you have the new SharePoint Framework, where all changes, such
as UI changes, can be performed by simply using JavaScript and CSS. For what
it’s worth, it might be a really good change because you might be driven to do
more on the client side and less on the server side of SharePoint while running
optimal performance.
Default URLs, SQL Alias, and Domain
You should use an SQL alias. Now you might ask, “Why?” Well, if anything
happens to your SQL Server, and its name needs to be changed, it is going to
be a nightmare to change it back again.
However, by using an SQL alias, you can easily change SQL Servers while still
retaining the functionality of your SharePoint installation.
In some situations, certain clients will need to change the name of the server
where SharePoint is installed. Server rename is not supported15 out of the box,
and you will have to reinstall the entire farm and move your databases to the
new installation.
30
The same applies if you need to move your servers from one domain to another.
If users are also being moved, you will have to perform user SID mapping.16
Having SharePoint in a separate domain might be a good idea to ease some
of the situations mentioned above because you would not need to reinstall
SharePoint.
It is always important to make sure your services and proxies are running. The
following are important not to forget:
When preoccupied with upgrades, databases, and other tasks, clients often
forget the services. What we have come across are clients’ environments that
are in an operational state, but some of their background services aren’t running
properly or running at all.
When checking your farm health, you need to be aware that all your background
services are actually running, including proxies. If there are certain services you
do not need, remove them, or if you do not use them often, disable them.
For clients that are doing continuous tests in their environment or that have an
16Creating a SID Mapping File with Windows PowerShell: https://blogs.technet.microsoft.com/deploymentguys/2009/12/14/creating-a-sid-mapping-file-with-windows-powershell/
Services and Proxies
State Service
Search
Sandbox Code Service
UPA
Web Analytics (SharePoint 2010)
Apps (SharePoint 2013+)
Distributed Cache (SharePoint 2013+)
31
What some of our clients also forget is to enable binary large object (BLOB)
caching.
You can enable it by editing the web.config file for the web application and
changing the code block below and setting enable=true.
You can also change the storage location for blob files and lists of file that are
going to be cached.
If you have a lot of files such as, for instance, image files, SharePoint can run
much faster if these files are cached and stored on a local disk drive.
Blog Caching Enabled
<BlobCache location=”C:\BlobCache\14” path=”\.
(gif|jpg|jpeg|jpe|jfif| emedbmp|themedcss|themedgif|t
hemedjpg|themedpng|ico|png|wdp|hdp|css|js|asf|avi|flv
|m4v|mov|mp3|mp4|mpeg|mpg|rm|rmvb|wma|wmv|ogg|ogv|og
a|webm|xap)$” maxSize=”10” enabled=”true” />
outside vendor coming in to help them with deployment, our company occasionally
comes across a scenario where clients have duplicated their service applications.
This can sometimes be a valid choice, and we repeat, in some situations; however,
for most cases, users have made a mistake. For instance, clients have two search
engines or two user profile sync engines running or already deployed to a farm.
To avoid these cases, check the Service Applications list for any duplicate service
applications.
32
There are cases where clients update just one server in a multiple server
environment.
That is why before running an upgrade, you must make sure that all servers have
been upgraded to the same version. Double-check this in the administration!
To see the installed Windows and SharePoint Server updates, open the Control
Panel, go to Programs>Programs and Features, and then click View installed
updates.
The Control Panel, however, will just show installed binaries. Installing SharePoint
binaries is only a part of the patching process. To verify the upgrade status of a
SharePoint farm and servers in the farm, open the Central Administration tool,
and in the Upgrade and Migration section, click Check upgrade status.
Once all the bits have been installed, make sure you run the configuration wizard.
This is especially important for people who have eight servers or more—make
sure they are all on the same patch level.
Updating All Servers
Claims-Based Authentication
If you are upgrading from SharePoint 2010 to SharePoint 2016, you need to move
to the claims-based authentication.
Claims-based authentication is an essential component in SharePoint 2013.
Although you can migrate a non-claims web application to SharePoint 2013,
many underlying components will not function properly. If you are planning
an upgrade, we recommended that you upgrade your existing non-claims
SharePoint 2010 application to claims-based applications prior to your upgrade.
33
17Migrate from classic-mode to claims-based authentication in SharePoint 2011: https://technet.microsoft.com/en-us/library/
gg251985.aspx
We also recommend that you perform a couple of test runs before you complete
the production upgrade.
Converting from classic authentication to claims-based authentication can be
achieved using the Convert-SPWebApplicationPowerShell cmdlet. If you are in
the mixed mode, refer to this article from TechNet.17
Audit SharePoint farm configuration
– Best Practices reports:
www.spdockit.com
34
We will conclude this white paper with a list of the most important things that
need to be configured if you want your environment to function as a whole.
We will also include the links to related articles so you can do the research later
by yourself.
The rest of the section covers the most commonly misconfigured options and
a short description on how to configure them properly as well as additional links
for more information.
SharePoint Server 2016 writes usage and health data to the logging folder and
logging database. You can use the SharePoint Central Administration website to
configure health data collection settings.18
SharePoint Usage and Health Log Data should be enabled, and it is useful
when in need of information on how your system is functioning. However, keep
in mind that turning this on can load the system with logs, thereby affecting the
performance. The solution for this is to log only the necessary events. Refer to
configure usage and health data collection in SharePoint Server 2016 for more
information.
18Configure usage and health data collection in SharePoint Server 2016: https://technet.microsoft.com/en-us/library/ee663480(v=office.16).aspx
Things You Are Most Likely Going to Misconfigure
Enable Usage and Health Data Collection
35
19Move site collections to a new database (split a content database) (Windows SharePoint Services 3.0): https://technet.microsoft.com/en-us/library/cc825327(v=office.12).aspx
It is recommended that you track whether site collections are growing out of
control.
When starting with a new SharePoint site, it is usually uncertain whether the
adoption is going to take off. What you can then do is monitor your site collections
and try to analyze and predict how big your content database for a particular
site might get.
For general usage, it is recommended that the site collection size ought to be set
to 100GB.
The best practice of limiting the size to 100GB has its reasons and is mostly to
keep the SQL Server unballasted because demanding SQL Server operations
affects the overall server performance.
The other reason is that the SharePoint site collection back and restore option is
only supported for a maximum site collection size of 100GB. If you have a larger
site collection, you must back up your entire content database.
By itself, this is not such a big issue unless you have a few site collections larger
than 100GB contained in a single content database. THEN you have a problem.
To back up and restore this, it will take quite some time and is not the safest
operation to perform. In situations like this, it is advised to create a new content
database and move other site collections to the new database.
Refer to the TechNet article titled Move Site Collection to a New Database for
more information on how to perform this action.19
Site Collection Size
36
When the content database is configured correctly, the system should run at its
best. That is why it is advised to avoid letting your content database grow
beyond 200GB.
To support content databases of up to 4TB, a disk sub-system performance of
0.25 IOPS per GB is required. The content database’s initial size should be set to a
value larger than the default. These values should be set in accordance with your
environment and expected amount of data.
Note that you can have content databases without a defined size limit; for
example, bigger than 4TB but under strict requirements. The key is to monitor
the databases and, if needed, tweak a few settings. It is also a good idea to run
database maintenance on an SQL level that will allow you to have a disk in the
optimal state.
The best practice for IIS is that there should only be ten application pools running
on a single server.
Because application pools allow a set of web applications to share one or more
similarly configured work processes, they offer a way to isolate a set of web
applications from other web applications on the server. However, since every IIS
app pool that serves a SharePoint web application consumes a lot of memory, it
is recommended to keep the number of pools at ten (this amount can be different
depending on the hardware setup).
To do this, the best solution is to host site collection within the existing web
application. The other option is to host named site collections.
Content Database Autogrowth
Number of Application Pools
37
For improved performance, certain SharePoint features may use the object
cache, so make sure to configure the accounts needed for caching. For that, you
will need two accounts: Portal Super User Account and Portal Super Reader
Account. Please refer to the Best Practices SPDocKit article20 to get an additional
explanation and a how-to guide for configuring object cache user accounts in
SharePoint.
Windows Server 2003 Service Pack 1 introduced a loopback security check
designed to prevent reflection attacks on the server. If the FQDN or the custom
host header of the SharePoint web application does not match the local computer
name, authentication will fail. What you would get is an “access denied” error
when trying to access something you know with certainty you have
privileges to access.
This is where the loopback comes in, and what you need is the so-called
“loopback fix.”
To have optimal performance, the loopback should be disabled. This can
sometimes cause problems with the authentication, but when it is properly
configured, you will see an improvement in search performance and services
running on the SharePoint server. Sometimes, what happens is that the application
pool user is not part of the performance log group on the SharePoint server.
The account needs to be in this local group to be able to retrieve performance
metrics. This is important when you are troubleshooting something and looking
into logs and other places to see what is going on.
20Object Cache User Accounts: https://docs.syskit.com/bp/v1/web-applications/caching/object-cache-user-accounts/
Object Cache User Accounts
Loopback Disabled
HTTP 401.1 – Unauthorized: Logon Failed
38
You can improve your browser performance for users by reducing the database
load with a disk-based binary large object, also known as BLOB.21
You enable and configure the BLOB cache and make configuration changes to
the page output cache profiles and the object cache in the Web.config file in the
web application to which you want to apply those changes. The changes you
make to the Web.config file will be applied to all site collections within the web
application.22
The page output cache uses cache profiles that specify how long items should
be held in the cache. Keep in mind that activating the output cache can also
introduce certain side effects, so make sure the page output cache is
configured and turned on for the affected sites.
Community best practices advise that you don’t use the server name for the
SharePoint web application URL. What will happen is that the DNS record will
only point to the server whose name is used in the URL.
The best option is to use a dedicated name for the SharePoint web application.
First of all, try to use a URL that’s easy to remember. Also, choose fully qualified
domain names (FQDN) for URLs for SharePoint web applications.
Follow this link to learn how to change the URL and IIS bindings of a web
application.
21Plan for caching and performance in SharePoint Server 2013: https://technet.microsoft.com/en-us/library/ee424404.aspx22Configure cache settings for a web application in SharePoint Server 2013: https://technet.microsoft.com/en-us/library/cc770229.aspx
Publishing Cache
Web Application URL Check
39
This section discusses the best practices for the Office Web Apps Server and
using SSL for HTTPS.
Office Web Apps Server delivers browser-based versions of Office apps in
an on-premises environment, giving users more flexibility and collaboration
opportunities.23 The Office Web Apps infrastructure should be configured to use
SSL connections.
If you want to use the Office Web Apps with SharePoint, you must configure the
Web Application Open Platform Interface (WOPI endpoints first and then create
a WOPI binding between the SharePoint and Office Web Apps infrastructure.)
23Plan Office Web Apps Server: https://technet.microsoft.com/en-us/library/jj219435.aspx
Figure 3 - Office Web Apps infrastructure
Office Web Apps HTTPS
40
Application pool user accounts must have required permissions to gather
performance counter metrics, and this means that the application pool account
must be in the local Performance Log Users group.
You have to verify this permission setting on all servers. It is recommended that
you go over the Plan for Administrative and Service Accounts in SharePoint 201324
article for more information.
24Plan for administrative and service accounts in SharePoint 2013: https://technet.microsoft.com/en-us/library/cc263445.aspx
AppPool User in Performance Log Group
For production Office Web Apps Deployments, it is recommended your use the
SSL-secured HTTPS; however, in TEST and DEV, it is okay to use unsecured HTTP
interfaces. Follow the steps in the Configure Office Web Apps for SharePoint 2013
article for more details regarding the test environment that uses HTTP.
41
We are all human and make mistakes every day—this is something that is
absolutely understandable. Managing a SharePoint environment is not easy, no
matter how hard you try. However, that is why we, at SysKit Ltd., have made it
our mission to make it as easy as possible for all SharePoint administrators and
consultants through the use of SPDocKit.
As mentioned in previous sections, everything you need to know about tweaking
your SharePoint environment can be found on the SharePoint Best Practices
Library by SysKit website, which we update regularly, allowing you to validate
your farm configurations and optimize them according to the latest SharePoint
best practices.
Conclusion
42
Professionals treat time as the most valuable
asset at their disposal. Use SPDocKit.
www.spdockit.com
www.spdockit.com