ofc418 advanced moss administration
DESCRIPTION
From TechED 2007 (New Zealand)TRANSCRIPT
Microsoft SharePoint Products & Technologies 2007: Deployment & Advanced Administration Topics
OFC418
Chandima Kulathilake (Microsoft MVP - Microsoft Office SharePoint Server)http://www.chandima.net/Blog/
Solutions Consultant
Microsoft Confidential
2 Part Session ObjectivesPart 1 - Basic Deployment
SharePoint 101: The New World - FundamentalsLogical ArchitecturePhysical ArchitectureAdministration Models
Part 2 - Advanced DeploymentPlanning and Deploying…
Intranet Solutions
Extranet Solutions
Internet Solutions
SharePoint 101 – The New World: 5 Administration FundamentalsLogical Architecture
Re-architecting SharePoint AdminSecurity Map
Physical ArchitecturePicking your topologyMulti-farm topologiesHardware Requirements
Putting it all Together
Topics – Part 1
Microsoft Confidential
Topics - Part 2Intranet
Global DeploymentsCapacity PlanningDisaster Recovery
ExtranetExtranets – Firewall RulesForefront SecurityISA Web Publishing
InternetMulti Farm TopologiesContent & Solution DeploymentCaching
WSS 3.0 and SharePoint Server 2007
MOSS 2007 Enterprise
MOSS 2007 Standard
WSS 3.0Platform &
Collaboration
ECM, WCM,Search, &
Portals
Web Forms, Excel Services,
BDC
Fundamental Principle #1
IIS WSS 2.0 / SPS 2003WSS 3.0 /
SharePoint Server
Web Sites Virtual Servers Web Applications
Physical Server
Web Application(s)
Top Level Site(s)
Site Collections
Site(s)
Site Collection
Fundamental Principle #2
Consistency in HierarchyWSS 3.0
Web Applications
Site Collections
Sites
Templates & Features
MOSS 2007Web Applications
Site Collections
Sites
Templates & Features
Fundamental Principle #3
What happened to “Portals”?Portal = Site Collection + Portal Template + Shared Services + Features
SharePoint Server
Web Application(s)
SSP Admin Central AdminPortal Template
Portal Template
Fundamental Principle #4
FLEXIBLE TOPOLOGIESServers have Roles
Web Front End (WFE)Application Server (Query, Calculation, Index)Database Server
Farms can have relationshipsAuthoringPublishingDev, Test, ProductionSSP
Scaling for High Availability and Load
PerformanceHigh availabilityApplicationsData growthOffload Capabilities- Scale Out
MOSS
POP QUIZ!!!! What is an IIS Virtual Server/Web Site?
Web Application!
What does the acronym SSP stand for?
Shared Service Provider!
Can I add servers Modularly?
Yes! (Plan physical and logical architecture)
Do I have to use AD for user authentication?
Nope
Topics
SharePoint 101 – The New WorldLogical Architecture
Planning Logical Architecture3 Tiered SharePoint Admin
Physical ArchitecturePicking your topologyMulti-farm topologiesHardware Requirements
Putting it all Together
Containment Hierarchy
ItemsFiles, calendar items, contacts, customers, images, custom
ListsDoc Lib, Pages, Events, Discussions, Surveys, etc…
SitesWikis, Blogs, Team, Doc, Mtg
Site CollectionsInternet, Intranet Portal, Wikis, Blogs, Team, Doc, Mtg
DatabasesContent, Config, SSP, Search
Web ApplicationsCentral Admin, SSP Admin, Content
ServersWeb Front End, APP, SQL
Farm
SharePoint Server Logical Model
Permanent Central PortalWeb Application
Division Portals
Groups & Teams
Projects & Workspaces
My Sites
PermanentStructured SharePoint Server Sites
SharePoint ServerSites
Ad HocWSS SiteTemplates
Permanent Division PortalsWeb Applications or Site Collections
Semi StructuredConsolidation on 1 to 3Web Applications
1 Web App perRegion
CentralPortal
SharePoint Dedicated Portal
http://inside
/Search /HR
/Finance /LCA /IT
SharePoint Shared "Scale Hosted" Collab
http://team
/sites
/sites /IT /sites
http://blogshttp://my
One or moreWeb ApplicationsHosting 1000s of Site collections
Plan for Software Boundaries
For all recommendations, visit “Plan for software boundaries (Office SharePoint Server)” at http://technet2.microsoft.com/Office/en-us/library/6a13cd9f-4b44-40d6-85aa-c70a8e5c34fe1033.mspx
Recommendations & Guidelines (subset)
Object Recommended Maximum Scope Object Category
Site collection 50,000 per web application Web application Logical architecture
Content database 100 per Web application Web application Logical architecture
Document 5 million per library (2,000 per nested folder)
Library Site object
User profile 5 million per farm Farm People object
Indexed documents
50 million per search index (1 index per index server, 1 index server per SSP)
SSP Search object
Web server / database server ratio
8 Web servers per database server (4 Best Bang for Buck)
Farm Physical object
Administration Model
Central
Admin
SSP Admin
Site Settings
Administration Model
Central Administration
Web applications and Site collections
Create and administer content databases
Create site quotas
Enable Information Policies
Enable Information Rights Management
Shared Services
Search and Index - content sources
Profiles and Audiences for content targeting
Business data catalog – Search and display structured LOB data
Excel Services – administer trusted file locations
Site SettingsSecurity Trimmed UI
Item-level security
Recycle bin
Master pages
Navigation settings and breadcrumb control
Metadata – Content Types and Site Columns
Information Policies
Information Rights Management
Workflow
Search
Plan Shared Services
CorpWeb WinWebOfficeWeb LegalWeb
Office Server SearchDirectory importUser profile synchAudiences
TargetingBusiness data catalogExcel calculation serviceUsage Reporting
Shared Services
Topics
SharePoint 101 – The New World Logical Architecture
Re-architecting SharePoint AdminSecurity Map
Physical ArchitectureSoftware and RolesPicking your topologyHardware Requirements
Putting it all Together
Deployment
x86 or x64 or MixedPrerequisites
.NET Framework 3.0ASP.NET 2.0
Windows Workflow Foundation (Part of .NET 3.0)
InstallBasic –
WSS - Windows Internal Database Engine; MOSS - Installs SQL Express (Not recommended for more than a couple of GB)
Advanced – Allows you to connect to SQL
WFE only vs. Full install
Language Packs (Downloads on the Web)WSS
MOSS – Include WSS LPs
Key concepts
Picking Your Topology
Factors to consider# UsersAuthentication Type (Anonymous vs. AD)CachingClient & Server Performance RequirementsSLAs (Uptime/High Availability Req.)WAN ConsiderationsGBs/TBs of data Total # Files and Items
User requests
Load balances webfront end servers
Applicationservers
2 Clustered SQL server
Index Query Query Calc +
10 Server Farm (Large)
User requests
Web front ends + application(s)
Application(s)
Clustered SQL server
5 Server Farm (Medium)
3 Server Farm (Small)User requests
Each load-balanced server includes:
• Web front end• Applications
Dedicated SQL server
Single Server
• Web front end • Application • Database
One Server which contains:
User Requests
Picking Your Topology
Availability
Per
form
ance
Hardware Recommendations
Single box installation *CPU: 2.5 GHz (Go dual/quad core!)Memory: 4+ GB recommended, 1 GB minimum
Farm Deployment *Web server: 2.5 GHz, 4+ GB RAMApp server: Dual proc 2.5 GHz, 4+ GB RAMSQL: Dual proc 2.5 GHz; 4+ GB RAM
Load Balanced Web Farm can support ~25K users
WSS Modular Scale Out
1. ALL in One (Windows Internal Database Engine)2. 1 WFE - 1 SQL3. 2 WFE - 1 SQL (Split Indexing between WFEs)4. 2 WFE - 2 SQL (HA)5. 3 WFE - 2 SQL6. 3 WFE – 1 WFE/(WSS Search) * - 2 SQL7. Consider failover farm… (Db Mirroring or SQL
Log Ship)..20. 12 WFE 4 - 2 Node SQL (A/P)
MOSS Modular Scale Out
1. ALL in One (SQL or SQL Express (basic))2. 1 WFE/Query/Calc/Index, 1 SQL3. 1 WFE/Query/Calc, 1 WFE/Calc/Index – 1 SQL *4. 2 WFE/Query/Calc, 1 Index, 1 SQL5. 2 WFE/Query/Calc, 1 Index, 2 SQL (HA) 6. 2 WFE/Query, 1 Calc, 1 Index, 2 SQL7. Consider failover farm… (Db Mirroring or SQL
Log Ship)20. 10 WFE/Calc, 3 Query, 1 Index, 3 - 2 Node SQL
(A/P)Never put Query and Index on same server if there is
another Query server.
New Server Topology Roles
Query = SearchCalculation = Excel Services Calculation Server
Special Servers:WFE Only (for security/internet)Dedicated WFE for Indexing (optimizing perf)Dedicated WFE/Index * (verify the host file)WSS Search Server (special)
Non SharePoint Servers in the TopologyMail (SMTP) (Outbound and/or Inbound) Project, Analysis, Reporting
Supporting Infrastructure
SMTP/Exchange
DNS/DCs (recommend 1 DC per 3 WFEs on Windows Auth) or LDAP servers
Load balancing devices and Network Infra
Firewall – ISA: Secure Web Publishing/Cache and Firewall
Whale Security/Delegated Auth Devices
Antivirus Infra – Forefront Management
SAN or other Shared Storage
Related Farms
Failover/ DR Farm (Log Shipping/Db Mirroring)
Dev/Test Support for Virtualization with Virtual Server
Staging/UAT & Authoring environments
Summary
Be sure to PLAN your logical infrastructure & GovernanceTopologies are FlexibleScalable Business Solutions are LimitlessAwesome/Powerful Intranet, Extranet, and Internet Platform!
Where do you get your information? TechNet, MSDN
http://blogs.msdn.com/sharepointhttp://blogs.msdn.com/joelohttp://msmvps.com/shane
Microsoft Confidential
Part 2 Session Objectives
Part 2 - Advanced DeploymentPlanning and Deploying…
Intranet Solutions
Extranet Solutions
Internet Solutions
Microsoft Confidential
SolutionsIntranet
Portal/Publishing/Enterprise SearchCollaborationRecords RepositoryBI / BPM
ExtranetPartner CollaborationPublishing Portal
InternetPublishingCommunity: Discussions & Blogs
Intranet
Microsoft Confidential
Setup & Deployments Hints and Watch-outs
SetupBasic versus Advanced (farm = advanced)
WFE versus “Complete”
Scripting setupSetup.exe – put binaries on computer
(requires config.xml)
PSConfig.exe – enable SharePoint services
STSAdm.exe – configure SharePoint services and create shared services and sites
Role: Dedicated front-end Web server for indexing adds Host file entries
Central Admin will push IIS config, Cert & Dedicated IP can be lost if WSS Web Admin Service is cycled (role changes)
Central DeploymentPartner Solution: WAN Acceleration
REDMOND
WAN Accelerator Datacenter
All Services in one Central Farm
Central Search
Central Directory
WAN Accelerator remote office
BEIJING
10s-100s of Local WAN Accelerators
~5x - 1st Request
~43x - 2nd Request
Regional DeploymentOptimized Network Bandwidth/Latency
REDMOND
DUBLIN
SINGAPORE
Regional Scope Services
Local Office Server Farms (Intranet only)
Local SSP Farm
Centrally Managed from Redmond
Enterprise Scope Services
Local Office Server Farms (Intranet and Extranet)
Local SSP Farm
Centrally Managed from Redmond
Regional Scope Services
Local Office Server Farms (Intranet and Extranet)
Local SSP Farm
Centrally Managed from Redmond
Distributed-Branch Office WSS (Collab) with Central SharePoint Server Search
Denver
HQ Central Portal MOSS farm for Enterprise Search
Branch Office WSS Deployments (single server)
BANGALORE
Disconnected or Bandwidth Constrained
Deployment & Capacity Planning
Planning for Availability
Acceptable uptime percentage
Downtime per day
Downtime per month
Downtime per year
95 72.00 minutes 36 hours 18.26 days
99 14.40 minutes 7 hours 3.65 days
99.9 86.40 seconds 43 minutes 8.77 hours
99.99 8.64 seconds 4 minutes 52.60 minutes
99.999 0.86 seconds 26 seconds 5.26 minutes
Capacity Planning Framework
Object Scope Guideline
Site collections Database 50,000
Sites Site collection 250,000
(sub) Sites Web site 2,000
Lists Web site 2,000
Items List 5 M
Documents Doc Library 5 M
Documents Folder/Indexed
View
2,000
Document size File 2 GB
Indexed Documents
(MOSS)SSP 50 M
# Profiles (MOSS) SSP 5 M
Microsoft Confidential
Capacity Planning HA Example – 3x1x2 farm
Example of High Available SolutionUsers: 100,000 (light to typical usage)
Host: 100,000+ Site Collections
Store: 1,000,000s of documents
Index: 1,000,000s of documents
Server type RAM HDD CPU
Front end servers 4 GB 200 GB 2 x 2.8 Ghz dual core x64
Index server 4 GB 200 GB 2 x 2.8 Ghz dual core x64
SQL Server computer 16 GB 1 TB 4 x 2.8 Ghz, dual core x64
Web front end +Query + Calc
Index Clustered SQLserver
High Availability & Disaster Recovery
Content Recovery Disaster Recovery
Backup & Disaster Recovery Options Summary
2 Stage Recycle Bin
Versioning
Web Delete Event
Snapshots
Third Party Tools
STSADM backup/restoreSQL backups3rd party toolsLog-ShippingRemote Snapshots
High Availability
Log-ShippingSQL ClusteringDatabase Mirroring
Which combination of tools is right for you?
Log-Shipping Mirror Farm
Big IP forhttp://www.microsoft.com
Tra
ns
acti
on
Lo
g S
hip
pin
g
ContentDatabase 1
ContentDatabase 2
Configuration Database
ContentDatabase 1
ContentDatabase 2
Configuration Database
IP 1
WSS SQL Log-shipping Environment
Passive read-only farm
Active read-write farm
.ldf
.ldf
.ldf
.ldf
Extranet
Microsoft Confidential
Flexible AuthenticationWindows Auth (NTLM) is Default (Kerberos is recommended)
Flexible .NET Pluggable Providers for Authenticationhttp://www.codeplex.com/MOSSFormsFeature
Forms based AuthenticationLDAP provider included in MOSSAD provider includedSQL provider included
Microsoft Confidential
SharePoint Web App Security Policies
Centrally enforced and overwrites permissions for all sites in the web application
GRANT and DENYBound to web application/zone
ScenariosFull read – search crawling accounts, auditors, legal complianceDeny all – security control, regulatory complianceDeny write – extranet lockdown
10 Ways to Harden your SharePoint Environment
1. Configure Firewall Rules lock down to most restrictive w/ acceptable level of usability (consider blocking HTTP out)
2. Secure client communication with trusted SSL certificates (128bit HTTPS)
3. IP Sec (Secure communication between servers)4. Enable Kerberos Authentication (Intranet)5. SQL SSL encrypted Traffic + Non Standard Port6. Configure Central Admin on App DMZ servers7. Restrict IP Traffic on Central Admin and SSP Admin (IIS)8. Configure Deny Web App Policies for Content & Admin9. Configure ISA Secure Publishing10. Configure Forefront Antivirus and Content scanning
Intranet, Extranet, Internet2 Farms, 3 SSPs
TechNet: Plan Logical Architecture
Architecture ConsiderationsWhy more than 1 Farm?
Application/Customization SLAs, Licensing (Internet vs. Intranet CAL), Isolation (No Scale)
Why more than 1 SSP?Isolation and Service Needs
Why more than 1 App Pool?Security Isolation, Memory and CPU isolation, Auth requirements
Why more than 1 Site Collection?Separation/delegation of ownership, quotas, ability to split across databases
Why one site collection?Global Navigation, Inheritance of style/Master page, Security inheritance, Query web parts, Site Collection policy and content types enforcements
Database ConsiderationsConfig
contains list of all site collections, web apps, web parts, solutions (Most critical db in farm from availability view)
Content databasecontains all blobs, sites webs, etc… Most content (consider RAID 5)
Search & SSP DbsOptimize… High Disk I/O contains configuration & search property store (index/query contain index on disk)
Don’t forget Database Maintenance!!!DBCC Check Database, Shrink Database, Reorganize Index, Clean up History, Defrag… Disk IO
54
Secure Web Publishing with ISA
Exchange
Intranet Web Server
SharePoint
Active Directory
External Web Server
Administrator
User ISA 2006 DMZ
Internal Network
Internet
HEAD QUARTERS
Integrated SecurityIntegrated Security Efficient ManagementEfficient Management
NEW
Smartcards & one-time password support
NEW
Customized logon forms for most devices & apps
NEW
LDAP authentication for Active Directory
NEW
Web publishing load balancing
Fast, Secure AccessFast, Secure Access
NEW
Authentication delegation (NTLM, Kerberos)
NEW
Improved idle-based time-outs for session mgmt
NEW
Exchange & SharePoint publishing tools
NEW
Enhanced certificate administration
NEW
Single sign-on for multiple resource access
NEW
Automatic translation of embedded internal links
Forefront Security for SharePoint
SQL Document Library
DocumentUsers
Document
SharePoint Server
Virus Protection for Document LibrariesIntegrates scan engines from eight industry leading vendorsReal-time scanning of documents uploadedand downloaded from document libraryManual and scheduled scanning of document library
Content Policy EnforcementFile filtering to block documents frombeing posted based on name match, file type or file extensionContent filtering by keywords withindocuments for inappropriate words and phrases
Protects MOSS 2007 and WSS 3.0
Extranet Architecture Example
Protocols
All protocols are HTTP-basedHTTP/S: Browser sessionsSOAP: Editing from Office Applications, Web Services & IndexingRSS: All lists can be viewed this way (Kerberos!)FP-RPC: SharePoint Designer, UsageWeb-DAV: Explorer View, Web Client AccessXMLHTTP - Forms
Firewall PortsInbound/Outbound From Port To
Inbound ALL (as applicable) TCP 80 or 443 ISA Web Pub orWFE
Inbound TS Jump point RDP (TCP 3389)For Remote Admin
APP (Central Admin /SSP Admin)
Inbound All SharePoint Server (Depends on Central Admin config)
Office Server Web Services, TCP 56737, SSL 56738
App (Central Admin /SSP Admin)
Inbound Index TCP 80 or 443 WFE
Outbound ALL SharePoint Svrs(Based on Auth)
DS (TCP 445)RPC (TCP 135)DNS (UDP 53)Kerberos (UDP 88)LDAP/S (UDP 389/636)
DC/DNS (LDAP)
Outbound/(Inbound if applicable)
WFE (alerts or mail enabled list)
SMTP (TCP 25) SMTP/Exchange
Outbound ALL SharePoint Svrs SQL (TCP 1433) or SSL custom port SQL
Outbound WFE (Search Request) Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445)
Query
Outbound Index (Propagation) Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445)
Query
Outbound WFE (SSO) RPC for SSO – (TCP 135), plus random high ports (Dynamic RPC) or restricted high ports (Static RPC)
APP Servers
Microsoft Confidential
Extranet TermsAlternate Access Mappings - “Zones”
Namespaces used to access a single set of content, e.g.http://office
https://office.microsoft.com
Default Zone for Alerts URLs and Search results
Authorization == what can you doAuthentication == confirm who you are
ASP.Net model for pluggable Authentication
Understand - “Enable Client Integration” Matches Office client’s behavior for someFBA providers
Internet
Content Deployment
Authoring -> Production
Solution Deployment
Deploy the Solution package to the farm Retract the Solutions package When a new web server is added, automatically deploy the solution to it Deploy new versions of the SolutionSolution - A CAB file containing
Manifest.xml file All the files for the Features, Web Parts, Site or list def changes, etc... that make up your solution
What Do SharePoint Server and Donald Trump Have in Common?
Courtesy Si.com
Cache!
TechNet: (Cache Settings) Additional performance and capacity factors
Cache
Cache Type Level What for?
Output caching and cache profiles
Individual page level Pages - Ideal for heavily accessed Web sites that do not need to present new content frequently.
Object caching Individual Web Part control, field control, and content level
Heavy Queries and Navigation - Including cross-list query caching
Disk-based caching for Binary Large Objects (BLOBs)
Individual BLOB level and caches images, sound, movies, and code
Page Elements - Supports .gif, .jpg, .js, .css, and other images, sound, and objects that are stored as binary large objects
Cache Config Levels
Web App – Disk based caching in web.configSite collection – configure output cache and object cache settingsSite – output cache settingsPage layout – output cacheWeb Part – settings in dwp code Query – i.e. RSS Feed cache is 5 min by default, cross list query
Cache Recommendations
Cache is but….Setting memory based caching can waste valuable memory (ASP.NET may flush cache to make room!)Never cache search results – disable search results layout page cacheNever cache personalized web parts
cool
Microsoft Confidential
SummaryDeployment
Flexible Streamlined deployment and admin sense of place
Capacity PlanningSolution and Content DeploymentCacheCall to Action!
Keep up to date with TechNet and MSDN and READ/Subscribe to our blogs: http://www.chandima.net/Blog/http://blogs.msdn.com/joelo
For ITPros: 70-631 - Windows SharePoint Services 3.0 - Configuring70-630 - Office SharePoint Server 2007 - Configuring
For Developers:70-541 - Microsoft Windows SharePoint Services 3.0 - Application Development70-542 - Microsoft Office SharePoint Server 2007 - Application Development
DON'T DELAY – TAKE 'EM TODAY!!!Be one of the first to pass the NEW MCTS Exams!!!
ResourcesTechnical Chats and Webcastshttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx
MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/technet
Virtual Labshttp://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroupshttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx
Technical Community Siteshttp://www.microsoft.com/communities/default.mspx
User Groupshttp://www.microsoft.com/communities/usergroups/default.mspx
Q&AQuestions?
Resources
Technical Communities, Webcasts, Blogs, Chats & User Groupshttp://www.microsoft.com/communities/default.mspx
Microsoft Developer Network (MSDN) & TechNet http://microsoft.com/msdn http://microsoft.com/technet
Trial Software and Virtual Labshttp://www.microsoft.com/technet/downloads/trials/default.mspx
Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx
Complete an evaluation form!
Microsoft Confidential
Disaster Recovery Operational TasksDisaster recoveryBackup and Restore methods
2-Stage Recycle Bin for documents and listsSite-level backup/restore via STSADMIntegrated backup/restore UI for web application and farmVSS writer for farm backupSQL Server backup/restore
Mirror/failover farmReplicate primary farm on secondary systemSQL log shipping transfers content DB data
Must manually replicate configuration changes
On disaster, router switches traffic in minutes
Microsoft Confidential
Example
Example
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.