MOSS 2007 Deployment Fundamentals -Part2

September 10 – 13 • Kuala Lumpur

Microsoft Confidential

Part 1 - Basic DeploymentPart 1 - Basic DeploymentCatch up – MOSS 2007 the New WorldCatch up – MOSS 2007 the New World

Farm Topologies and SSPFarm Topologies and SSP

Database ArchitectureDatabase Architecture

Administration ModelsAdministration Models

Part 2 - Advanced DeploymentPart 2 - Advanced DeploymentPlanning and Deploying…Planning and Deploying…

Intranet SolutionsIntranet Solutions

Extranet SolutionsExtranet Solutions

Internet SolutionsInternet Solutions


Hope you broughtYour hard hat!


IntranetIntranetGlobal DeploymentsGlobal Deployments

Capacity PlanningCapacity Planning

Disaster RecoveryDisaster Recovery

ExtranetExtranetExtranets – Firewall RulesExtranets – Firewall Rules

Forefront SecurityForefront Security

ISA Web PublishingISA Web Publishing

InternetInternetMulti Farm TopologiesMulti Farm Topologies

Content & Solution DeploymentContent & Solution Deployment

CachingCaching


IntranetPortal/Publishing/Enterprise SearchCollaborationRecords RepositoryBI / BPM

ExtranetPartner CollaborationPublishing Portal

InternetPublishingCommunity: Discussions & Blogs


SetupBasic versus Advanced (farm = advanced)Web Front End versus “Complete”

Scripted setupSetup.exe – put binaries on computer

requires config.xml (answer file)

PSConfig.exe – enable services and creates config databaseSTSAdm.exe – configure SharePoint services and create shared services and sites

Central DeploymentPartner Solution: WAN Acceleration

REDMOND

WAN Accelerator Datacenter

All Services in one Central Farm

Central Search

Central Directory

WAN Accelerator remote office

BEIJING

10s-100s of Local WAN Accelerators

~5x - 1st Request

~43x - 2nd Request

Regional DeploymentOptimized Network Bandwidth/Latency

REDMOND

DUBLIN

SINGAPORE

Regional Scope Services

Local Office Server Farms (Intranet only)

Local SSP Farm

Centrally Managed from Redmond

Enterprise Scope Services

Local Office Server Farms (Intranet and Extranet)

Local SSP Farm


Regional Scope Services

Local Office Server Farms (Intranet and Extranet)

Local SSP Farm


Distributed-Branch Office WSS (Collab) with Central SharePoint Server Search

Denver

HQ Central Portal MOSS farm for Enterprise Search

Branch Office WSS Deployments (single server)

BANGALORE

Disconnected or Bandwidth Constrained

Deployment & Capacity Deployment & Capacity PlanningPlanning

Capacity Planning Framework

ObjectObject ScopeScope Guideline Guideline

Site collections Site collections DatabaseDatabase 50,00050,000

Sites Sites Site collectionSite collection 250,000250,000

(sub) Sites (sub) Sites Web siteWeb site 2,0002,000

ListsLists Web siteWeb site 2,0002,000

Items Items ListList 5 M5 M

Documents Documents Doc LibraryDoc Library 5 M5 M

Documents Documents Folder/Indexed Folder/Indexed

ViewView

2,0002,000

Document size Document size FileFile 2 GB2 GB

Indexed Documents Indexed Documents

(MOSS)(MOSS)SSPSSP 50 M50 M

# Profiles (MOSS)# Profiles (MOSS) SSPSSP 5 M5 M

List Scalability


Example of High Available SolutionUsers: 100,000 (light to typical usage)

Host: 100,000+ Site Collections

Store: 1,000,000s of documents

Index: 1,000,000s of documents

Server type RAM HDD CPU

Front end servers 4 GB 200 GB 2 x 2.8 Ghz dual core x64

Index server 4 GB 200 GB 2 x 2.8 Ghz dual core x64

SQL Server computer 16 GB 1 TB 4 x 2.8 Ghz, dual core x64

Web front end +Query + Calc

Index Clustered SQLserver

High Availability & Disaster Recovery

Content Recovery Disaster Recovery

Backup & Disaster Recovery Options Summary

2 Stage Recycle Bin2 Stage Recycle Bin

VersioningVersioning

Web Delete EventWeb Delete Event

SnapshotsSnapshots

Third Party ToolsThird Party Tools

STSADM STSADM backup/restorebackup/restore

SQL backupsSQL backups

33rdrd party tools party tools

Log-ShippingLog-Shipping

Remote SnapshotsRemote Snapshots

High Availability

Log-ShippingLog-Shipping

SQL ClusteringSQL Clustering

Database Database MirroringMirroring

Which combination of tools is right for you?

High AvailabilityMulti-Server Farm Scenario

• Optimizes performance of web servers

• Increases redundancy and reduces points of failure• Redundancy at WFE and Database server roles

• Determine configuration based on your business needs and goals• Determine config of other Application roles (Excel Services, Index, Forms,

etc)

Web Servers Application Server

Clustered/Mirrored

SQL Server

Log-Shipping Mirror Farm

Big IP forhttp://www.microsoft.com

Tra

ns

acti

on

Lo

g S

hip

pin

g

ContentDatabase 1

ContentDatabase 2

Configuration Database

ContentDatabase 1

ContentDatabase 2

Configuration Database

IP 1

WSS SQL Log-shipping Environment

Passive read-only farm

Active read-write farm

.ldf

.ldf

.ldf

.ldf

Database Mirroring

Witness Server

Principal Mirror

Encrypted channel

Ever

ythi

ng

ok?

Everything

ok?

Principal Down!

I’m OK!

New Principal

Extranet


Windows Auth (NTLM) is Default (Kerberos is recommended)

Flexible .NET Pluggable Providers for Authentication

Forms based AuthenticationLDAP provider included in MOSSAD provider includedSQL provider included


Centrally enforced and overwrites permissions for all sites in the web application

GRANT and DENYBound to web application/zone

ScenariosFull read – search crawling accounts, auditors, legal complianceDeny all – security control, regulatory complianceDeny write – extranet lockdown

1. Configure Firewall Rules lock down to most restrictive w/ acceptable level of usability (consider blocking HTTP out)

2. Secure client communication with trusted SSL certificates (128bit HTTPS)

3. IP Sec (Secure communication between servers)4. Enable Kerberos Authentication (Intranet)5. SQL SSL encrypted Traffic + Non Standard Port6. Configure Central Admin on App DMZ servers7. Restrict IP Traffic on Central Admin and SSP Admin (IIS)8. Configure Deny Web App Policies for Content & Admin9. Configure ISA Secure Publishing10. Configure Forefront Antivirus and Content scanning

TechNet: Plan Logical Architecture

Why more than 1 Farm?Application/Customization SLAs, Licensing (Internet vs. Intranet CAL), Isolation (No Scale)

Why more than 1 SSP?Isolation and Service Needs

Why more than 1 App Pool?Security Isolation, Memory and CPU isolation, Auth requirements

Why more than 1 Site Collection?Separation/delegation of ownership, quotas, ability to split across databases

Why one site collection?Global Navigation, Inheritance of style/Master page, Security inheritance, Query web parts, Site Collection policy and content types enforcements

Configcontains list of all site collections, web apps, web parts, solutions (Most critical db in farm from availability view)

Content databasecontains all blobs, sites webs, etc… Most content (consider RAID 5)

Search & SSP DbsOptimize… High Disk I/O contains configuration & search property store (index/query contain index on disk)

Don’t forget Database Maintenance!!!DBCC Check Database, Shrink Database, Reorganize Index, Clean up History, Defrag… Disk IO

34

Secure Web Publishing with ISA

Exchange

Intranet Web Server

SharePoint

Active Directory

External Web Server

Administrator

User ISA 2006 DMZ

Internal Network

Internet

HEAD QUARTERS

Integrated SecurityIntegrated Security Efficient ManagementEfficient Management

NE

W Smartcards & one-time password support

NE

W Customized logon forms for most devices & apps

NE

W LDAP authentication for Active Directory

NE

W Web publishing load balancing

Fast, Secure AccessFast, Secure Access

NE

W Authentication delegation (NTLM, Kerberos)

NE

W Improved idle-based time-outs for session mgmt

NE

W Exchange & SharePoint publishing tools

NE

W Enhanced certificate administration

NE

W Single sign-on for multiple resource access

NE

W Automatic translation of embedded internal links

Forefront Security for SharePoint

SQL Document Library

DocumentUsers

Document

SharePoint Server

Virus Protection for Document LibrariesIntegrates scan engines from eight industry leading vendorsReal-time scanning of documents uploadedand downloaded from document libraryManual and scheduled scanning of document library

Content Policy EnforcementFile filtering to block documents frombeing posted based on name match, file type or file extensionContent filtering by keywords withindocuments for inappropriate words and phrases

Protects MOSS 2007 and WSS 3.0

Extranet Architecture Example

All protocols are HTTP-basedHTTP/S: Browser sessionsSOAP: Editing from Office Applications, Web Services & IndexingRSS: All lists can be viewed this wayFP-RPC: SharePoint Designer, UsageWeb-DAV: Explorer View, Web Client AccessXMLHTTP - Forms


Alternate Access Mappings - “Zones” Namespaces used to access a single set of content, e.g.

http://office

https://office.microsoft.com

Default Zone for Alerts URLs and Search results

Authorization == what can you doAuthentication == confirm who you are

ASP.Net model for pluggable Authentication

Understand - “Enable Client Integration” Matches Office client’s behavior for someFBA providers

Authoring -> Production

Deploy the Solution package to the farm Retract the Solutions package When a new web server is added, automatically deploy the solution to it Deploy new versions of the SolutionSolution - A CAB file containing

Manifest.xml file All the files for the Features, Web Parts, Site or list def changes, etc... that make up your solution

What do SharePoint Server and Donald Trump Have in Common?

Courtesy Si.com

Cache!

TechNet: (Cache Settings) Additional performance and capacity factors

Web App – Disk based caching in web.configSite collection – configure output cache and object cache settingsSite – output cache settingsPage layout – output cacheWeb Part – settings in dwp code Query – i.e. RSS Feed cache is 5 min by default, cross list query

Cache is but….Setting memory based caching can waste valuable memory (ASP.NET may flush cache to make room!)Never cache search results – disable search results layout page cacheNever cache personalized web parts


DeploymentFlexible Streamlined deployment and admin sense of place

Solution and Content DeploymentCacheCall to Action!

Keep up to date with TechNet and MSDN and Subscribe to our blogs:

http://technet.microsoft.com/mosshttp://msdn.microsoft.com/mosshttp://blogs.msdn.com/sharepointhttp://blogs.msdn.com/joelo

For ITPros: (RTM Exam)70-631 - Windows SharePoint Services 3.0 - Configuring70-630 - Office SharePoint Server 2007 - Configuring

For Developers: (Beta Exam)70-541 - Microsoft Windows SharePoint Services 3.0 - Application Development70-542 - Microsoft Office SharePoint Server 2007 - Application Development

DON'T DELAY – TAKE 'EM TODAY!!!Be one of the first to pass the NEW MCTS Exams!!!

For IT Pros:70-631 - Windows SharePoint Services 3.0 - Configuring70-630 - Office SharePoint Server 2007 - Configuring

For Developers:70-541 - Microsoft Windows SharePoint Services 3.0 - Application Development70-542 - Microsoft Office SharePoint Server 2007 - Application Development

SharePoint Exams!SharePoint Exams!Get Certified on the New Exams!!!Get Certified on the New Exams!!!

Please fill out a session evaluation form and either put them in the basket near the exit or drop them

off at the conference registration desk.

Thank you!

Breakout Sessions

SEP 10 3:00PM OFC 212 – SharePoint FundamentalsSEP 11 4:15PM OFC 425 – SharePoint Advanced DeploymentsSEP 12 3:15PM OFC 324 – SharePoint Governance and Information Architecture Guidance

Instructor-led LabsSharePoint 2007 Features and Functions – Sarbjit Singh Gill

Hands-on LabsCheck ‘em out!

Technical Communities, Webcasts, Blogs, Chats & User Groupshttp://www.microsoft.com/communities/default.mspx

Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn http://microsoft.com/technet

Trial Software and Virtual Labshttp://www.microsoft.com/technet/downloads/trials/default.mspx

Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx

Mark YOUR Success with Microsoft Certified Professionals

Visit the Visit the Microsoft Learning PavilionMicrosoft Learning Pavilion

In Exhibition HallIn Exhibition Hall

Mark YOUR Success

by visiting our p

avilion

today!

LEARN

Stay competitive. Get trained. Get

hands on with our Official Microsoft

Learning Products and discover lots of great deals – ONLY

AT Tech•Ed!

MEET

Come & talk to our Microsoft Certified

Professionals, Certified Trainers, and our Microsoft CPLS (Certified

Partner for Learning Solution) to identify

your learning roadmap to success!

EXPERIENCE

Register yourself for a FREE Microsoft pre-test session to help identify your

areas of improvements before sitting for an actual

Microsoft Professional exam!

Download presentation slidesDownload presentation slides

Presentation slides will be Presentation slides will be available for download at the available for download at the

Tech•Ed Internet Café or after Tech•Ed Internet Café or after the event at:the event at:

www.microsoft.com/malaysia/events www.microsoft.com/malaysia/events

Download presentation slidesDownload presentation slides

Presentation slides will be Presentation slides will be available for download at the available for download at the

Tech•Ed Internet Café or after Tech•Ed Internet Café or after the event at:the event at:

www.microsoft.com/malaysia/events www.microsoft.com/malaysia/events

Did you like this session?Did you like this session?

Please complete the track Please complete the track evaluation form and return it to the evaluation form and return it to the track managers on your way out…track managers on your way out…

You may be a lucky winner of some You may be a lucky winner of some cool prizes!cool prizes!

Did you like this session?Did you like this session?

Please complete the track Please complete the track evaluation form and return it to the evaluation form and return it to the track managers on your way out…track managers on your way out…

You may be a lucky winner of some You may be a lucky winner of some cool prizes!cool prizes!

We value your feedback!We value your feedback!

Please remember to complete the Please remember to complete the overall conference evaluation form overall conference evaluation form

(in your bag) and return it to the (in your bag) and return it to the Handout Counter on the last dayHandout Counter on the last day

We value your feedback!We value your feedback!

Please remember to complete the Please remember to complete the overall conference evaluation form overall conference evaluation form

(in your bag) and return it to the (in your bag) and return it to the Handout Counter on the last dayHandout Counter on the last day

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market

conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MOSS 2007 Deployment Fundamentals -Part2

Technology

Transcript of MOSS 2007 Deployment Fundamentals -Part2