MOSS 2007 Deployment Fundamentals -Part2
-
Upload
information-technology -
Category
Technology
-
view
1.707 -
download
1
description
Transcript of MOSS 2007 Deployment Fundamentals -Part2
September 10 – 13 • Kuala Lumpur
Microsoft Confidential
Part 1 - Basic DeploymentPart 1 - Basic DeploymentCatch up – MOSS 2007 the New WorldCatch up – MOSS 2007 the New World
Farm Topologies and SSPFarm Topologies and SSP
Database ArchitectureDatabase Architecture
Administration ModelsAdministration Models
Part 2 - Advanced DeploymentPart 2 - Advanced DeploymentPlanning and Deploying…Planning and Deploying…
Intranet SolutionsIntranet Solutions
Extranet SolutionsExtranet Solutions
Internet SolutionsInternet Solutions
Microsoft Confidential
Hope you broughtYour hard hat!
Microsoft Confidential
IntranetIntranetGlobal DeploymentsGlobal Deployments
Capacity PlanningCapacity Planning
Disaster RecoveryDisaster Recovery
ExtranetExtranetExtranets – Firewall RulesExtranets – Firewall Rules
Forefront SecurityForefront Security
ISA Web PublishingISA Web Publishing
InternetInternetMulti Farm TopologiesMulti Farm Topologies
Content & Solution DeploymentContent & Solution Deployment
CachingCaching
Microsoft Confidential
IntranetPortal/Publishing/Enterprise SearchCollaborationRecords RepositoryBI / BPM
ExtranetPartner CollaborationPublishing Portal
InternetPublishingCommunity: Discussions & Blogs
Microsoft Confidential
SetupBasic versus Advanced (farm = advanced)Web Front End versus “Complete”
Scripted setupSetup.exe – put binaries on computer
requires config.xml (answer file)
PSConfig.exe – enable services and creates config databaseSTSAdm.exe – configure SharePoint services and create shared services and sites
Central DeploymentPartner Solution: WAN Acceleration
REDMOND
WAN Accelerator Datacenter
All Services in one Central Farm
Central Search
Central Directory
WAN Accelerator remote office
BEIJING
10s-100s of Local WAN Accelerators
~5x - 1st Request
~43x - 2nd Request
Regional DeploymentOptimized Network Bandwidth/Latency
REDMOND
DUBLIN
SINGAPORE
Regional Scope Services
Local Office Server Farms (Intranet only)
Local SSP Farm
Centrally Managed from Redmond
Enterprise Scope Services
Local Office Server Farms (Intranet and Extranet)
Local SSP Farm
Centrally Managed from Redmond
Regional Scope Services
Local Office Server Farms (Intranet and Extranet)
Local SSP Farm
Centrally Managed from Redmond
Distributed-Branch Office WSS (Collab) with Central SharePoint Server Search
Denver
HQ Central Portal MOSS farm for Enterprise Search
Branch Office WSS Deployments (single server)
BANGALORE
Disconnected or Bandwidth Constrained
Deployment & Capacity Deployment & Capacity PlanningPlanning
Capacity Planning Framework
ObjectObject ScopeScope Guideline Guideline
Site collections Site collections DatabaseDatabase 50,00050,000
Sites Sites Site collectionSite collection 250,000250,000
(sub) Sites (sub) Sites Web siteWeb site 2,0002,000
ListsLists Web siteWeb site 2,0002,000
Items Items ListList 5 M5 M
Documents Documents Doc LibraryDoc Library 5 M5 M
Documents Documents Folder/Indexed Folder/Indexed
ViewView
2,0002,000
Document size Document size FileFile 2 GB2 GB
Indexed Documents Indexed Documents
(MOSS)(MOSS)SSPSSP 50 M50 M
# Profiles (MOSS)# Profiles (MOSS) SSPSSP 5 M5 M
List Scalability
Microsoft Confidential
Example of High Available SolutionUsers: 100,000 (light to typical usage)
Host: 100,000+ Site Collections
Store: 1,000,000s of documents
Index: 1,000,000s of documents
Server type RAM HDD CPU
Front end servers 4 GB 200 GB 2 x 2.8 Ghz dual core x64
Index server 4 GB 200 GB 2 x 2.8 Ghz dual core x64
SQL Server computer 16 GB 1 TB 4 x 2.8 Ghz, dual core x64
Web front end +Query + Calc
Index Clustered SQLserver
High Availability & Disaster Recovery
Content Recovery Disaster Recovery
Backup & Disaster Recovery Options Summary
2 Stage Recycle Bin2 Stage Recycle Bin
VersioningVersioning
Web Delete EventWeb Delete Event
SnapshotsSnapshots
Third Party ToolsThird Party Tools
STSADM STSADM backup/restorebackup/restore
SQL backupsSQL backups
33rdrd party tools party tools
Log-ShippingLog-Shipping
Remote SnapshotsRemote Snapshots
High Availability
Log-ShippingLog-Shipping
SQL ClusteringSQL Clustering
Database Database MirroringMirroring
Which combination of tools is right for you?
High AvailabilityMulti-Server Farm Scenario
• Optimizes performance of web servers
• Increases redundancy and reduces points of failure• Redundancy at WFE and Database server roles
• Determine configuration based on your business needs and goals• Determine config of other Application roles (Excel Services, Index, Forms,
etc)
Web Servers Application Server
Clustered/Mirrored
SQL Server
Log-Shipping Mirror Farm
Big IP forhttp://www.microsoft.com
Tra
ns
acti
on
Lo
g S
hip
pin
g
ContentDatabase 1
ContentDatabase 2
Configuration Database
ContentDatabase 1
ContentDatabase 2
Configuration Database
IP 1
WSS SQL Log-shipping Environment
Passive read-only farm
Active read-write farm
.ldf
.ldf
.ldf
.ldf
Database Mirroring
Witness Server
Principal Mirror
Encrypted channel
Ever
ythi
ng
ok?
Everything
ok?
Principal Down!
I’m OK!
New Principal
Extranet
Microsoft Confidential
Windows Auth (NTLM) is Default (Kerberos is recommended)
Flexible .NET Pluggable Providers for Authentication
Forms based AuthenticationLDAP provider included in MOSSAD provider includedSQL provider included
Microsoft Confidential
Centrally enforced and overwrites permissions for all sites in the web application
GRANT and DENYBound to web application/zone
ScenariosFull read – search crawling accounts, auditors, legal complianceDeny all – security control, regulatory complianceDeny write – extranet lockdown
1. Configure Firewall Rules lock down to most restrictive w/ acceptable level of usability (consider blocking HTTP out)
2. Secure client communication with trusted SSL certificates (128bit HTTPS)
3. IP Sec (Secure communication between servers)4. Enable Kerberos Authentication (Intranet)5. SQL SSL encrypted Traffic + Non Standard Port6. Configure Central Admin on App DMZ servers7. Restrict IP Traffic on Central Admin and SSP Admin (IIS)8. Configure Deny Web App Policies for Content & Admin9. Configure ISA Secure Publishing10. Configure Forefront Antivirus and Content scanning
TechNet: Plan Logical Architecture
Why more than 1 Farm?Application/Customization SLAs, Licensing (Internet vs. Intranet CAL), Isolation (No Scale)
Why more than 1 SSP?Isolation and Service Needs
Why more than 1 App Pool?Security Isolation, Memory and CPU isolation, Auth requirements
Why more than 1 Site Collection?Separation/delegation of ownership, quotas, ability to split across databases
Why one site collection?Global Navigation, Inheritance of style/Master page, Security inheritance, Query web parts, Site Collection policy and content types enforcements
Configcontains list of all site collections, web apps, web parts, solutions (Most critical db in farm from availability view)
Content databasecontains all blobs, sites webs, etc… Most content (consider RAID 5)
Search & SSP DbsOptimize… High Disk I/O contains configuration & search property store (index/query contain index on disk)
Don’t forget Database Maintenance!!!DBCC Check Database, Shrink Database, Reorganize Index, Clean up History, Defrag… Disk IO
34
Secure Web Publishing with ISA
Exchange
Intranet Web Server
SharePoint
Active Directory
External Web Server
Administrator
User ISA 2006 DMZ
Internal Network
Internet
HEAD QUARTERS
Integrated SecurityIntegrated Security Efficient ManagementEfficient Management
NE
W Smartcards & one-time password support
NE
W Customized logon forms for most devices & apps
NE
W LDAP authentication for Active Directory
NE
W Web publishing load balancing
Fast, Secure AccessFast, Secure Access
NE
W Authentication delegation (NTLM, Kerberos)
NE
W Improved idle-based time-outs for session mgmt
NE
W Exchange & SharePoint publishing tools
NE
W Enhanced certificate administration
NE
W Single sign-on for multiple resource access
NE
W Automatic translation of embedded internal links
Forefront Security for SharePoint
SQL Document Library
DocumentUsers
Document
SharePoint Server
Virus Protection for Document LibrariesIntegrates scan engines from eight industry leading vendorsReal-time scanning of documents uploadedand downloaded from document libraryManual and scheduled scanning of document library
Content Policy EnforcementFile filtering to block documents frombeing posted based on name match, file type or file extensionContent filtering by keywords withindocuments for inappropriate words and phrases
Protects MOSS 2007 and WSS 3.0
Extranet Architecture Example
All protocols are HTTP-basedHTTP/S: Browser sessionsSOAP: Editing from Office Applications, Web Services & IndexingRSS: All lists can be viewed this wayFP-RPC: SharePoint Designer, UsageWeb-DAV: Explorer View, Web Client AccessXMLHTTP - Forms
Microsoft Confidential
Alternate Access Mappings - “Zones” Namespaces used to access a single set of content, e.g.
http://office
https://office.microsoft.com
Default Zone for Alerts URLs and Search results
Authorization == what can you doAuthentication == confirm who you are
ASP.Net model for pluggable Authentication
Understand - “Enable Client Integration” Matches Office client’s behavior for someFBA providers
Authoring -> Production
Deploy the Solution package to the farm Retract the Solutions package When a new web server is added, automatically deploy the solution to it Deploy new versions of the SolutionSolution - A CAB file containing
Manifest.xml file All the files for the Features, Web Parts, Site or list def changes, etc... that make up your solution
What do SharePoint Server and Donald Trump Have in Common?
Courtesy Si.com
Cache!
TechNet: (Cache Settings) Additional performance and capacity factors
Web App – Disk based caching in web.configSite collection – configure output cache and object cache settingsSite – output cache settingsPage layout – output cacheWeb Part – settings in dwp code Query – i.e. RSS Feed cache is 5 min by default, cross list query
Cache is but….Setting memory based caching can waste valuable memory (ASP.NET may flush cache to make room!)Never cache search results – disable search results layout page cacheNever cache personalized web parts
Microsoft Confidential
DeploymentFlexible Streamlined deployment and admin sense of place
Solution and Content DeploymentCacheCall to Action!
Keep up to date with TechNet and MSDN and Subscribe to our blogs:
http://technet.microsoft.com/mosshttp://msdn.microsoft.com/mosshttp://blogs.msdn.com/sharepointhttp://blogs.msdn.com/joelo
For ITPros: (RTM Exam)70-631 - Windows SharePoint Services 3.0 - Configuring70-630 - Office SharePoint Server 2007 - Configuring
For Developers: (Beta Exam)70-541 - Microsoft Windows SharePoint Services 3.0 - Application Development70-542 - Microsoft Office SharePoint Server 2007 - Application Development
DON'T DELAY – TAKE 'EM TODAY!!!Be one of the first to pass the NEW MCTS Exams!!!
For IT Pros:70-631 - Windows SharePoint Services 3.0 - Configuring70-630 - Office SharePoint Server 2007 - Configuring
For Developers:70-541 - Microsoft Windows SharePoint Services 3.0 - Application Development70-542 - Microsoft Office SharePoint Server 2007 - Application Development
SharePoint Exams!SharePoint Exams!Get Certified on the New Exams!!!Get Certified on the New Exams!!!
Please fill out a session evaluation form and either put them in the basket near the exit or drop them
off at the conference registration desk.
Thank you!
Breakout Sessions
SEP 10 3:00PM OFC 212 – SharePoint FundamentalsSEP 11 4:15PM OFC 425 – SharePoint Advanced DeploymentsSEP 12 3:15PM OFC 324 – SharePoint Governance and Information Architecture Guidance
Instructor-led LabsSharePoint 2007 Features and Functions – Sarbjit Singh Gill
Hands-on LabsCheck ‘em out!
Technical Communities, Webcasts, Blogs, Chats & User Groupshttp://www.microsoft.com/communities/default.mspx
Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn http://microsoft.com/technet
Trial Software and Virtual Labshttp://www.microsoft.com/technet/downloads/trials/default.mspx
Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx
Mark YOUR Success with Microsoft Certified Professionals
Visit the Visit the Microsoft Learning PavilionMicrosoft Learning Pavilion
In Exhibition HallIn Exhibition Hall
Mark YOUR Success
by visiting our p
avilion
today!
LEARN
Stay competitive. Get trained. Get
hands on with our Official Microsoft
Learning Products and discover lots of great deals – ONLY
AT Tech•Ed!
MEET
Come & talk to our Microsoft Certified
Professionals, Certified Trainers, and our Microsoft CPLS (Certified
Partner for Learning Solution) to identify
your learning roadmap to success!
EXPERIENCE
Register yourself for a FREE Microsoft pre-test session to help identify your
areas of improvements before sitting for an actual
Microsoft Professional exam!
Download presentation slidesDownload presentation slides
Presentation slides will be Presentation slides will be available for download at the available for download at the
Tech•Ed Internet Café or after Tech•Ed Internet Café or after the event at:the event at:
www.microsoft.com/malaysia/events www.microsoft.com/malaysia/events
Download presentation slidesDownload presentation slides
Presentation slides will be Presentation slides will be available for download at the available for download at the
Tech•Ed Internet Café or after Tech•Ed Internet Café or after the event at:the event at:
www.microsoft.com/malaysia/events www.microsoft.com/malaysia/events
Did you like this session?Did you like this session?
Please complete the track Please complete the track evaluation form and return it to the evaluation form and return it to the track managers on your way out…track managers on your way out…
You may be a lucky winner of some You may be a lucky winner of some cool prizes!cool prizes!
Did you like this session?Did you like this session?
Please complete the track Please complete the track evaluation form and return it to the evaluation form and return it to the track managers on your way out…track managers on your way out…
You may be a lucky winner of some You may be a lucky winner of some cool prizes!cool prizes!
We value your feedback!We value your feedback!
Please remember to complete the Please remember to complete the overall conference evaluation form overall conference evaluation form
(in your bag) and return it to the (in your bag) and return it to the Handout Counter on the last dayHandout Counter on the last day
We value your feedback!We value your feedback!
Please remember to complete the Please remember to complete the overall conference evaluation form overall conference evaluation form
(in your bag) and return it to the (in your bag) and return it to the Handout Counter on the last dayHandout Counter on the last day
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.