sharepoint saturday belgium sharepoint farm architecture bringing it all together
DESCRIPTION
TRANSCRIPT
SharePoint Farm ArchitectureBringing it all together
#SPSBE09Thomas VochtenApril 26th, 2014
Thanks to our sponsors!
Gold
Silver
About Me
@thomasvochten http://thomasvochten.com
Thomas Vochten
SharePoint Server MVPPlatform ArchitectInvoluntary DBATrainer
Agenda 1. What’s the Problem?
2. SharePoint & IIS
3. Consolidation
4. Host Named Site Collections
5. Advanced Topics
Platform HygieneWhat’s the Problem?
In the Wild Undocumented installations Scripts, tools and installation media lying around
How old is this farm exactly? No monitoring whatsoever Dubious configurations Admins just hacking around Miserable performance
But,… we’re doing DevOps!
Are you serious?
The G-Word
What we need Simplicity Predictability Scalability Portability Compatibility Supportability
Product Line Architecture Prescriptive guidance Relatively easy to implement Based on rulesets Tools, scripts & modules Office365 Alignment
Through Microsoft Services only :-/
Basic Building Blocks
SharePoint
Farm
Web Application
Site Collections
Service Application
sServers
IIS
Web Sites
Bindings
Application Pools
Identity
Living Apart TogetherSharePoint & IIS
SharePoint doesn’t care about IIS Initial web application configuration is set in stone
Extending & unextending may be your friendCertificat
esHost
Headers
Advanced Bindings
IP Addresse
s
Host Headers to the rescue?
Most wanted scenario not supported by SharePoint:
Multiple web applications using the same bindingsrequire the use of host headers
The problem with Host Headers They don’t scale They limit the URLs we can use Cannot be configured from within SharePoint
Problems when publishing
Web Applications vs Web Sites
Web Application
• SharePoint• Logical
Concept
Web Sites
• IIS• Physical Concept
One-to-Many
Zones
Support Limits How many web applications in a farm?
20
How many web sites per web application?
5
Web Sites
Out of the Box:
SharePoint Central Administration v4 SharePoint Web Services
Application Pools
Application Pool
• Worker Process (w3wp.exe)
• CPU/Memory• Identity
Web Sites
One-to-Many
Support Limits How many application pools in a farm?
10
Application Pools
Out of the Box:
SharePoint Central Administration v4 SharePoint Web Services Root SecurityTokenServiceApplicationPool [Insert random GUID here]
Application Discovery and Load Balancer Service Application
Application Pools
Custom Created:
Services Application Pool(s) Content Application Pool(s)
How many of these do you create?
Accounts Farm Services Content
• Setup• Search• Search crawl• Profile import
Good Practice: Cleaning Up Remove unused web sites Remove unused application pools
DemoExploring SharePoint & IIS
Less is moreConsolidation
Design Principles Single farm Single content application pool Single content web application Single apps web application
Application Pool Content Application Pool
Central Administration Content Apps
Application Pool Application Pool
App Disc & LB Svc
Services Application Pool
Service ApplicationsSecurity Token Svc
Content Web Application Only one Host Named Site Collections Scale by adding more web servers
• Often needed for routing app requests
• Separate domain
• Wildcard DNS record
• Wildcard SSL certificate
Apps Web Application
$webService =
[Microsoft.SharePoint.Administration.SPWebService]::ContentServi
ce
$pool = $webService.ApplicationPools["blah"]
$app = Get-SPWebApplication http://bleh
$app.ApplicationPool = $pool
$app.Update()
$app.ProvisionGlobally()
Consolidating Application Pools
Consolidating Web Applications Possible, but consider very carefully Migrate to Host Named Site Collections
Living without host headersHost Named Site Collections
“Host-named site collections are the preferred method to deploy sites in
SharePoint 2013”
From: TechNet
Confusion
Host Header + Host Named = Incompatible!
yet…New-SPSite … -HostHeaderWebApplication …New-SPManagedPath … -HostHeader …
Path Based Site Collections Traditional way of addressing in SharePoint DNS name determined by the Web Application
https://intranet.contoso.com
Every site collection has a unique path
https://intranet.contoso.comhttps://intranet.contoso.com/sites/teamAhttps://intranet.contoso.com/dep/departmentA
Path Based Site Collections Default option in SharePoint Single root site collection Managed Paths to scale Multiple URLs via zones
Host Named Site Collections The better way Unique DNS name per site collection
https://intranet.contoso.com https://mysites.contoso.com https://community.contoso.com
You can still have managed paths
https://intranet.contoso.com/sites/benefits https://teams.contoso.com/sites/it
Marchitecture
Why Host Named Site Collections? Office365 uses them Best tested Some features expect them Scalability
Request Management, Multi-Tenancy, SharePoint Apps, more to come…
Create Host Named Site Collections
New-SPSite -Url https://intranet.contoso.com -owneralias domain\username -HostHeaderWebApplication https://content.contoso.com -Template STS#0
Living without host headers
• Host headers don’t work with HNSC• Host headers just don’t scale• Requires a bit of a mind shift at first• Think multiple IP addresses
The good, the bad, the uglyPath Based Host Named
Site Creation Central Admin or PowerShell PowerShell
Out of the box self service site creation
Custom self service site creation needed
URLs & Structure Inherits Web Application URL Unique URL per site collection
Multiple URLs with AAM Multiple URLs without AAM
Managed Paths at web application level
Managed Paths at farm level
Database Mgmt Managed out of the box at the web application level
Custom site creation provider recommended
Multiple URLs
Path Based Site Collections
Up to 5 zones with different URLs For use with all site collections
Host Named Site Collections
Up to 5 URLs per site collection
PowerShell Support for Multiple URLs Set-SPSiteUrl Remove-SPSiteUrl Get-SPSiteUrl
$site = Get-SPSite https://intranet.contoso.comSet-SPSiteURL -Identity $site -Url https://extranet.contoso.com -Zone Default
Zones Still available for implementing different authentication, protocols or policies
Alternate Access Mappings are not used
Multiple URLs work even without multiple web application zones!
Managed Paths Still available to create a structure or hierarchy
Set at the farm level (PowerShell) No unique managed paths for every site collectionhttps://intranet.contoso.com/projects/projectA
https://teams.contoso.com/projects/projectB
Certificates
Typically you need:
• Wildcard certificate for content webapp• Wildcard certificate for apps webapp
If you need multiple TLD support, you need a SAN certificate!
Mixing Path & Host
Just because you can, doesn’t mean you should
Migrating to Host Named Site Collections
$webApp = Get-SPWebapplication 'https://portal.contoso.com' foreach($spSite in $webApp.Sites) {
if ($spSite.HostHeaderIsSiteName) { Write-Host $spSite.Url 'is host-named' }
else { Write-Host $spSite.Url 'is path based' }
}
Migrating to Host Named Site Collections
Backup-SPSite -Identity 'https://portalOld.contoso.com' -Path 'c:\Backup\portalContoso.bak'
Restore-SPSite -Identity 'https://portal.contoso.com' -Path 'c:\Backup\portalContoso.bak' -DatabaseName 'portal_content' -HostHeaderWebApplication 'https://content.contoso.com'
Good Practices Create (empty) root site collection Create mysite host site collection Develop a custom site creation provider
Considerations DNS record for each HNSC Be aware of webapp-scoped features
DemoHost Named Site Collections
Going BeyondAdvanced Topics
SSL Offloading
Reverse Proxy server
• Terminates the SSL request• Forwards an HTTP request to SharePoint• SharePoint renders with HTTPS in the response
Requirement:Support for custom HTTP Header “Front-End-Https:On”
SSL Offloading You don’t need AAM and zones for HNSC At least one IIS site should have a binding on port 80
The SSL terminator or reverse proxy must preserve the original HTTP host header from the client
The protocol used for a host-named site collection depends on the URL set by Set-SPSiteURL
Using multiple webapps with HNSC• Not recommended• Manual steps: IP addresses in IIS to have
multiple sites listening on same port without host header
• DNS records point to different IP addresses
Summary Maintain strict platform hygiene Understand the relationship between IIS & SP
Keep it simple - consolidate! Consider Host Named Site Collections Be aware of limitations & confusing terminology
Ideal for green field projects Use SSL - Everywhere!
Thank you!@thomasvochten#SPSBE09