Installing and Configuring SharePoint Technology Ryan Duguid Technical Specialist Microsoft New...

Installing and Configuring SharePoint Technology

Ryan DuguidTechnical SpecialistMicrosoft New Zealand

APAC Microsoft SharePoint Conference 2007May 14th to 15th, 2007Sydney, Australia

Session Objectives

Detailed understanding of product architecture Understand admin components and their usesUnderstand admin security

Understanding your deployment optionsDetermine topologyBuild your deployment plan

Topics

Design GoalsLogical Architecture

Re-architecting SharePoint administrationSecurity Map

Physical ArchitecturePicking your topologyMulti-farm topologiesHardware requirements

Key Customer Pain Points

Inconsistent setup between productsCentral admin just too hardTopology restrictions

Farms of various sizes and shapesFlexibility in renaming and repurposing servers

Network supportNT authentication onlyReverse proxies, SSL termination, IP-bound IIS virtual servers

Poor resource utilization and isolationPortal services model very inflexible

Upgrade

Administration Design Goals

Windows SharePoint ServicesSimplicityConsistencyExtensibility

Office SharePoint Server = WSS goals +Resource OptimizationDelegation

Topics


Re-architecting SharePoint AdminSecurity Map

Physical ArchitecturePicking your topologyMulti-farm topologiesHW Requirements

Re-Architecting AdminKey Concepts

SharePoint “farm”Servers

App servers: Generic server – all services installedWFEs: Web bits only

Config DB: Heart and soul of the farmSPTimer Service: Heartbeat of farmSharePoint Administration Service

Repeats tasks done in SharePoint by box admins across the farm

Shared servicesGrouped, high-value, resource intensive servicesOne to many per farmInter-farm capable

Admin sitesCentral administration: 1 per farmShared services administration: “special” content site

Central AdminIT AdministratorsFarm-level

Resource managementStatus

One per farmE.g. Create new site

Administrative Architecture

Three Tier AdminWeb-basedRole and Task DelineatedControlled DelegationSecure Isolation

Site SettingsBusiness site ownerSite specific configuration and tasksE.g. Create new list

Shared ServicesBusiness unit ITUp to one per business groupService level configE.g. Create search content source

Tier 1: Central AdministrationGoals

Reduce administrator timeQuickly identify what must be doneRapidly locate UI to do what’s needed

Single point administrationManage the applicationSingle change updates all servers in farm

Extensible platform for SharePoint adminConsistent UI experience for all products

Central AdministrationMajor Elements

Administrative task list Informs operators what must be doneExplains action needed, and provides link to UI

Home page topology view Quick view of farm servers and what is running on them

Services on Server pageManage the components running on a single server

Flat menu structureOperations: tasks affecting farm resource usageApp Management: tasks specific to a single application or servicewithin the farmSecurity trimming reduces UI clutter

Remote administrationWeb-based administration UITimer-based system updates

Central Administration

Tier 2: Shared ServicesKey Concepts

“Shared Services” = Office SharePoint Server InfrastructureGoal

Separation of services from PortalsRemove scale limitation for # of portals

Required for site and cross site-level Office Server features Logical/secure partition of farmServices act as a group

SSP ComponentsSSP admin siteSSP databases

Shared ServicesOffice Server SearchDirectory importUser profile synchAudiences

TargetingBusiness data catalogExcel calculation serviceUsage reporting

Shared Services Associations

SSP Default = 1st SSPCan be changed to different SSPCannot be deletedNew, existing web apps auto-associated

Content web applicationsALWAYS associated to 1 and only 1 SSPSecurity implications

Content app pool granted rights across SSPDisassociation: Accounts NOT auto-cleaned up

Actions auto-started/stopped:Search: Add start address to portal content sourcePeople: User Profile Synch

Shared Services

Web App Web App

CorpWeb FinWeb HRWeb LegalWeb

Office Server SearchDirectory importUser profile synchAudiences

TargetingBusiness data catalogExcel calculation serviceUsage Reporting

Shared Services



Shared Services – # 2

Shared ServicesMultiple SSPs?

Vast majority of installs = 1 SSPUse cases for multiple SSPs

Secure isolation of services and service dataHosted environmentsRestricted sitesOrganizational/Political concerns

Web App Web App

CorpWeb FinWeb HRWeb LegalWeb



Shared ServicesOffice Server SearchDirectory importUser profile synchAudiences


Shared Services

Shared Services Demo

Tier 3: Site Settings

UI for users to manage their sitesPermissions and users of siteStorage taken up within siteSite hierarchy

Key conceptsDelegate management of common tasks to usersExtensible

Consistent experienceFeatures merged directly into UI

Operators lack permission for contentChange from v2 Can take ownership or add policy (audited)

Security trimmed UI improves usability

Site Settings

Security Best Practices

Unique accounts for the followingFarm accountSSP process account

NOTE: Cannot be Network Service in a farm config.

SSP shared web service accountContent app pool

Kerberos on (default = NTLM)Each process account must be a registered SPN to work

SSL enabled (default = off)Turn on for admin sites and server to serverWarning provided on credentials pages if SSL is off

SPAdmin serviceSingle server: Off (recommend ‘On’ for OSS)Farm: On

Topics


Re-architecting SharePoint AdminSecurity Map

Physical ArchitecturePicking your topologyMulti-farm topologiesHW Requirements

Physical ArchitectureKey Concepts

TopologyGroup services on hardware as neededScale hardware based on your needs

# servers/role32 bit, 64 bit, mixed 32 and 64 bit

Server “roles”Web front end App server: Indexing, Search, Excel Calc, Project

No Job Server – replaced by SPTimer and SPAdmin service

DatabaseNetwork capabilities

Extranet as a 1st tier “feature”Span DomainsMultiple authentication providers

SQL auth supportSSL, IPSec, etc.

This Topology is Not Supported !!

User requests

Load balances webfront end servers

Applicationservers

Clustered SQL server

Index Search Excel Project

Large Farm

User requests

Web front ends + application(s)

Application(s)


Medium Farm

Small FarmUser requests

Each load-balanced server includes:

• Web front end• Applications

Dedicated SQL server

Single Server

• Web front end • Application • Database

One Server which contains:

User Requests

Picking Your Topology

Availability

Perf

orm

ance

StrengthsFast & EasyNetwork considerations

LimitationsLimited data & user load capabilityAvailability & reliability

Single Server

User Requests


• Web front end

• Application

• Database

Small Farm

User requests




StrengthsData & user load capabilityAvailability & reliabilityExercise feature deployment

LimitationsLong running operationsNetwork considerations

Medium Farm

StrengthsData & user load capabilityAvailability & reliabilityExercise feature deploymentPerformance

LimitationsSetup / configurationNetwork considerations

User requests


Application(s)


Large FarmStrengths

Data & user load capabilityAvailability & reliabilityExercise feature deploymentPerformance

LimitationsSetup / configurationNetwork considerations

User requests


Applicationservers



User requests


Applicationservers



Large Farm

User requests


Application(s)


Medium Farm

Small FarmUser requests




Single Server

• Web front end • Application • Database


User Requests

Picking Your Topology

Availability

Perf

orm

ance

Multi-Farm Topologies

Security and process isolationDevelopment, test, productionBusiness demands

Content ManagementStaging environments in different networks

Authoring in intranet with AD authenticationProduction in premier network with forms authentication

Content Deployment copies content between networksPath connects source and destination site collectionJob defines schedule for incremental deploymentQuick Deploy feature allows authors to expedite specific articles

Inter-Farm Shared Services

Multi-Farm Topology

Hardware Recommendations

Single box installation - recommendedCPU: 2 x 3GHz Memory: 2GB +HDD: Scenario dependent

Farm Deployment Web server: 2 x 3GHz, 2GB + RAM

HDD – Sufficient storage for index if also a query serverApp server: 2 x 2.5GHz, 4GB RAM

HDD – Sufficient storage for index fileSQL: Dual proc 2.5GHz; 4GB RAM

HDD – Sufficient storage for content dataSupport both 32 and 64 bit

SummaryProduct Architecture

3-Tier Administration ArchitectureCentral AdministrationShared Services – what are they; how do they work?

ExtensibilityDelegation to power users

Site Admin

Deployment OptionsMachine “Roles”Picking Your Topologies

Single boxSmall, medium, large farmsMulti-Farm topologies (IFSS, Publishing)

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Installing and Configuring SharePoint Technology Ryan Duguid Technical Specialist Microsoft New...

Documents

Transcript of Installing and Configuring SharePoint Technology Ryan Duguid Technical Specialist Microsoft New...