HMS310: Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007: Planning

and Deployment - Advanced Topics

Joel Oleson

Microsoft Corp

joelo@microsoft.com

http://blogs.msdn.com/joelo

Microsoft Confidential

Part 1 - Basic DeploymentPart 1 - Basic DeploymentCatch up – MOSS 2007 the New WorldCatch up – MOSS 2007 the New World

Farm Topologies and SSPFarm Topologies and SSP

Database ArchitectureDatabase Architecture

Administration ModelsAdministration Models

Part 2 - Advanced DeploymentPart 2 - Advanced DeploymentMulti Farm TopologiesMulti Farm Topologies

Content & Solution DeploymentContent & Solution Deployment

Extranets – Firewall RulesExtranets – Firewall Rules

CachingCaching

Microsoft Confidential

Hope you brought

Your hard hat!

Microsoft Confidential

Global DeploymentsGlobal DeploymentsCentralized: EnergizerCentralized: Energizer

Regional: MS ITRegional: MS IT

Distributed: GatesDistributed: Gates

Capacity PlanningCapacity PlanningHigh Availability/Disaster RecoveryHigh Availability/Disaster Recovery

Multi Farm TopologiesMulti Farm TopologiesContent & Solution DeploymentContent & Solution Deployment

Extranets – Firewall RulesExtranets – Firewall Rules

SharePoint Deployment Management Models

SharePoint Deployments

Central DeploymentPartner Solution: WAN Acceleration

REDMOND

WAN Accelerator Datacenter

All Services in one Central Farm

Central Search

Central Directory

WAN Accelerator remote office

BEIJING

10s-100s of Local WAN Accelerators

~5x - 1st Request

~43x - 2nd Request

Regional DeploymentOptimized Network Bandwidth/Latency

REDMOND

DUBLIN

SINGAPORE

Regional Scope Services

Local Office Server Farms (Intranet only)

Local SSP Farm

Centrally Managed from Redmond

Enterprise Scope Services

Local Office Server Farms (Intranet and Extranet)

Local SSP Farm

Centrally Managed from Redmond

Regional Scope Services

Local Office Server Farms (Intranet and Extranet)

Local SSP Farm

Centrally Managed from Redmond

MSIT Pre-Upgrade Redmond

SQL Cluster 1 A/P

WNLB – Web Front End Servers

Index Servers

Search Servers

Redmond Parent Portal FarmEnterprise Portal

WNLB – WFE Servers

Vanilla Child Farms

WNLB – WFE Servers

Custom Portal Child Farms

WNLB – WFE Servers

WSS Corporate hosting mode

Index Target Index Target

WSS scalability hosting mode

WNLB – WFE Servers

shared servcies

SQL Cluster 2 A/P SQL Cluster 3 A/P SQL Cluster 4 A/A/A/P/p

MSIT Post Upgrade

Internal Microsoft Web

Excel Services ...

Custom Portal Farms (Virtual Server?)

Excel Services

Vanilla/Corporate/Personal/HostH.

Frontend/Query

Frontend/Query

...

Excel Services ...

Shared Service Provider - Parent Farm

Frontend/Query

Frontend/Query

...

Indexer

I

Frontend/Query

Frontend/Query

... Frontend/Query

Frontend/Query

Distributed DeploymentBranch Office WSS/MOSS deployments

Denver

HQ Central Portal MOSS farm for Enterprise Search

Branch Office WSS Deployments (single server)

BANGALORE

Disconnected or Bandwidth Constrained

Deployment & Capacity Planning

Microsoft Confidential

SetupBasic versus Advanced (farm = advanced)

WFE versus “Complete”

Scripting setupSetup.exe – put binaries on computer

(requires config.xml)

PSConfig.exe – enable SharePoint services

STSAdm.exe – configure SharePoint services and create shared services and sites

Role: Dedicated front-end Web server for indexing adds Host file entries

Central Admin will push IIS config, Cert & Dedicated IP can be lost if WSS Web Admin Service is cycled (role changes)

Planning for Availability

Capacity Planning Framework – Suggested Limits

ObjectObject ScopeScope Guideline Guideline

Site collections Site collections DatabaseDatabase 50,00050,000

Sites Sites Site collectionSite collection 250,000250,000

(sub) Sites (sub) Sites Web siteWeb site 2,0002,000

ListsLists Web siteWeb site 2,0002,000

Items Items ListList 5 M5 M

Documents Documents Doc LibraryDoc Library 5 M5 M

Documents Documents Folder/Indexed Folder/Indexed

ViewView

2,0002,000

Document size Document size FileFile 2 GB2 GB

Indexed Documents Indexed Documents

(MOSS)(MOSS)SSPSSP 50 M50 M

# Profiles (MOSS)# Profiles (MOSS) SSPSSP 5 M5 M

List Scalability

Microsoft Confidential

Highly availableUsers: 100,000s of users

Host: 100,000+ Site Collections

Store: 1,000,000s of documents

Index: 1,000,000s of documents

Server type RAM HDD CPU

Front end servers 4 GB 200 GB 2 x 2.8 Ghz x64

Index server 4 GB 200 GB 2 x 2.8 Ghz x64

SQL Server computer 4 GB 1 TB 4 x 2.8 Ghz, dual core, x64

Web front end +Query + Excel Calc

Index Clustered SQLserver

Microsoft Confidential

High Availability & Disaster Recovery

Content Recovery Disaster Recovery

Backup & Disaster Recovery Options Summary

• 2 Stage Recycle Bin2 Stage Recycle Bin• VersioningVersioning• Web Delete EventWeb Delete Event• SnapshotsSnapshots• Third Party ToolsThird Party Tools

STSADM STSADM backup/restorebackup/restore

SQL backupsSQL backups

33rdrd party tools party tools

Log-ShippingLog-Shipping

Remote SnapshotsRemote Snapshots

High Availability

Log-ShippingLog-Shipping

SQL ClusteringSQL Clustering

Database Database Mirroring (coming Mirroring (coming soon)soon)

Which combination of tools is right for you?

Microsoft Confidential

Backup and Restore methods2-Stage Recycle Bin for documents and lists

Site-level backup/restore via STSADM

Integrated backup/restore UI for web application and farm

VSS writer for farm backup

SQL Server backup/restore

Mirror/failover farmReplicate primary farm on secondary system

SQL log shipping transfers content DB dataMust manually replicate configuration changes

On disaster, router switches traffic in minutes

More detail in Disaster Recovery presentation

Log-Shipping Mirror Farm

Big IP forhttp://www.microsoft.com

Tra

ns

acti

on

Lo

g S

hip

pin

g

ContentDatabase 1

ContentDatabase 2

Configuration Database

ContentDatabase 1

ContentDatabase 2

Configuration Database

IP 1

WSS SQL Log-shipping Environment

Passive read-only farm

Active read-write farm

.ldf

.ldf

.ldf

.ldf

Security & Firewalls

Microsoft Confidential

Central enforced permissions for all sites in the web application

GRANT and DENY

Bound to web application/zone

ScenariosFull read – search crawling accounts, auditors, legal compliance

Deny all – security control, regulatory compliance

Deny write – extranet lockdown

Security Considerations1. Configure Firewall Rules lock down to most restrictive w/

acceptable level of usability (i.e. outbound HTTP)

2. Secure client communication with trusted SSL certificates (128bit HTTPS)

3. IP Sec (Secure communication between servers and DCs) *Careful with NLB and clients (MAC/Unix)

4. Enable Kerberos Authentication (Intranet) *Careful with NLB

5. SQL SSL encrypted Traffic + Non Standard Port

6. Configure Central Admin on App DMZ servers

7. Restrict IP Traffic on Central Admin and SSP App Pools (IIS)

8. Configure Deny Policies (Not Auth Users) on Content/Admin Web Apps for Applicable Groups/Domains

9. Configure ISA Secure Publishing (or reverse hosting) better than Router ACLs (Rejects Invalid Requests and Verbs)

10. Configure at least 1 DMZ aka 2+ Firewalls/Interfaces between corp and publicly addressable Intranet

Intranet, Extranet, Internet2 Farms, 3 SSPs

TechNet: Plan Logical Architecture

Architecture Considerations• Why more than 1 Farm?

● Application/Customization SLAs, Licensing (Internet vs. Intranet CAL), Isolation (No Scale)

• Why more than 1 SSP?● Isolation and Service Needs

• Why more than 1 App Pool?● Security Isolation, Memory and CPU isolation, Auth

requirements

• Why more than 1 Site Collection?● Separation/delegation of ownership, quotas, ability to

split across databases

• Why keep them together?● Global Navigation, Inheritance of style/Master page, Security

inheritance, Query web parts, Site Collection policy and content types enforcements

Database Considerations• Config

● contains list of all site collections, web apps, web parts, solutions (Most critical db in farm from availability view)

• Content database● contains all blobs, sites webs, etc… (Most

content (consider RAID 5)

• Search & SSP Dbs● Optimize… High Disk I/O contains

configuration & search property store (index/query contain index on disk)

31

Secure Web Publishing with ISA

Exchange

Intranet Web Server

SharePoint

Active Directory

External Web Server

Administrator

User ISA 2006 DMZ

Internal Network

Internet

HEAD QUARTERS

Integrated SecurityIntegrated Security Efficient ManagementEfficient Management

NE

W Smartcards & one-time password support

NE

W Customized logon forms for most devices & apps

NE

W LDAP authentication for Active Directory

NE

W Web publishing load balancing

Fast, Secure AccessFast, Secure Access

NE

W Authentication delegation (NTLM, Kerberos)

NE

W Improved idle-based time-outs for session mgmt

NE

W Exchange & SharePoint publishing tools

NE

W Enhanced certificate administration

NE

W Single sign-on for multiple resource access

NE

W Automatic translation of embedded internal links

Extranet Architecture Example

Content Deployment

Authoring -> Production

Solution Deployment

• Deploy the Solution package to the farm

• Retract the Solutions package

• When a new web server is added, automatically deploy the solution to it

• Deploy new versions of the Solution

• Solution - A CAB file containing ● Manifest.xml file ● All the files for the Features, Web Parts, Site or

list def changes, etc... that make up your solution

Solution Deployment

Demo

Chris Johnson on Solution Deployment

Protocols

• All protocols are HTTP-based● HTTP/S: Browser sessions● SOAP: Editing from Office Applications, Web

Services & Indexing● RSS: All lists can be viewed this way● FP-RPC: SharePoint Designer, Usage● Web-DAV: Explorer View, Web Client Access● XMLHTTP - Forms

Firewall Ports

Microsoft Confidential

Alternate Access Mappings - “Zones” Namespaces used to access a single set of content, e.g.

http://office

https://office.microsoft.com

Default Zone for Alerts URLs and Search results

Authorization == what can you do

Authentication == confirm who you areASP.Net model for pluggable Authentication

Understand - “Enable Client Integration” Matches Office client’s behavior for someFBA providers

What Do SharePoint Server and Donald Trump Have in Common?

Courtesy Si.com

Cache!

TechNet: (Cache Settings) Additional performance and capacity factors

Cache

Cache Config Levels

• Web App – Disk based caching in web.config• Site collection – Configure Output cache and

Blob Cache settings• Site – output and blob cache settings• Page layout – Output cache• Web Part – settings in dwp code • Query – i.e. RSS Feed cache page is 5 min by

default, cross list query

Cache Recommendations

• Cache is but….● Setting memory based caching can waste

valuable memory (ASP.NET may flush cache to make room!)

● Never cache search results – disable search results layout page cache

● Never cache personalized web parts

Demo

Cache Settings

Microsoft Confidential

DeploymentFlexible Streamlined deployment and admin sense of place

Capacity Planning

Solution and Content Deployment

Cache

Call to Action!Keep up to date with TechNet and MSDN and READ/Subscribe to our blogs: http://blogs.msdn.com/joelo

• For ITPros: (RTM Exam)● 70-631 - Windows SharePoint Services 3.0 -

Configuring● 70-630 - Office SharePoint Server 2007 - Configuring

• For Developers: (Beta Exam)● 70-541 - Microsoft Windows SharePoint Services 3.0 -

Application Development● 70-542 - Microsoft Office SharePoint Server 2007 -

Application Development

DON'T DELAY – TAKE 'EM TODAY!!!Be one of the first to pass the NEW MCTS Exams!!!

ResourcesTechnical Chats and Webcastshttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp

Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx

MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/technet

Virtual Labshttp://www.microsoft.com/technet/traincert/virtuallab/rms.mspx

Newsgroupshttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx

Technical Community Siteshttp://www.microsoft.com/communities/default.mspx

User Groupshttp://www.microsoft.com/communities/usergroups/default.mspx

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the

date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Your Feedback is Important

Please fill out a session evaluation form and either put them in the basket near the exit

or drop them off at the conference registration desk.

Thank you!

Slide Title

• Please use this template for your slides● Please DO NOT change the format of this template● Please DO NOT use special formatting such as

shadowing for code, or shadows behind boxes, etc.

● Your slides are due February 26, 2007

● Please send completed slides to materials@devconnections.com

● Filename for slides should be: lastname_conference_sessionnum_sessiontitle.ppt Please zip all files before sending them. Include sample code for the attendee disk in a subfolder.