spring 2007 sharepoint connections oleson advanced administration and planning by joel oleson
DESCRIPTION
Advanced Administration the 2nd part in a 2 part series on Administration topics for SharePoint Server by Joel Oleson. SharePoint Connections Spring 2007 in Orlando,TRANSCRIPT
HMS310: Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007: Planning
and Deployment - Advanced Topics
Joel Oleson
Microsoft Corp
http://blogs.msdn.com/joelo
Microsoft Confidential
Part 1 - Basic DeploymentPart 1 - Basic DeploymentCatch up – MOSS 2007 the New WorldCatch up – MOSS 2007 the New World
Farm Topologies and SSPFarm Topologies and SSP
Database ArchitectureDatabase Architecture
Administration ModelsAdministration Models
Part 2 - Advanced DeploymentPart 2 - Advanced DeploymentMulti Farm TopologiesMulti Farm Topologies
Content & Solution DeploymentContent & Solution Deployment
Extranets – Firewall RulesExtranets – Firewall Rules
CachingCaching
Microsoft Confidential
Hope you brought
Your hard hat!
Microsoft Confidential
Global DeploymentsGlobal DeploymentsCentralized: EnergizerCentralized: Energizer
Regional: MS ITRegional: MS IT
Distributed: GatesDistributed: Gates
Capacity PlanningCapacity PlanningHigh Availability/Disaster RecoveryHigh Availability/Disaster Recovery
Multi Farm TopologiesMulti Farm TopologiesContent & Solution DeploymentContent & Solution Deployment
Extranets – Firewall RulesExtranets – Firewall Rules
SharePoint Deployment Management Models
SharePoint Deployments
Central DeploymentPartner Solution: WAN Acceleration
REDMOND
WAN Accelerator Datacenter
All Services in one Central Farm
Central Search
Central Directory
WAN Accelerator remote office
BEIJING
10s-100s of Local WAN Accelerators
~5x - 1st Request
~43x - 2nd Request
Regional DeploymentOptimized Network Bandwidth/Latency
REDMOND
DUBLIN
SINGAPORE
Regional Scope Services
Local Office Server Farms (Intranet only)
Local SSP Farm
Centrally Managed from Redmond
Enterprise Scope Services
Local Office Server Farms (Intranet and Extranet)
Local SSP Farm
Centrally Managed from Redmond
Regional Scope Services
Local Office Server Farms (Intranet and Extranet)
Local SSP Farm
Centrally Managed from Redmond
MSIT Pre-Upgrade Redmond
SQL Cluster 1 A/P
WNLB – Web Front End Servers
Index Servers
Search Servers
Redmond Parent Portal FarmEnterprise Portal
WNLB – WFE Servers
Vanilla Child Farms
WNLB – WFE Servers
Custom Portal Child Farms
WNLB – WFE Servers
WSS Corporate hosting mode
Index Target Index Target
WSS scalability hosting mode
WNLB – WFE Servers
shared servcies
SQL Cluster 2 A/P SQL Cluster 3 A/P SQL Cluster 4 A/A/A/P/p
MSIT Post Upgrade
Internal Microsoft Web
Excel Services ...
Custom Portal Farms (Virtual Server?)
Excel Services
Vanilla/Corporate/Personal/HostH.
Frontend/Query
Frontend/Query
...
Excel Services ...
Shared Service Provider - Parent Farm
Frontend/Query
Frontend/Query
...
Indexer
I
Frontend/Query
Frontend/Query
... Frontend/Query
Frontend/Query
Distributed DeploymentBranch Office WSS/MOSS deployments
Denver
HQ Central Portal MOSS farm for Enterprise Search
Branch Office WSS Deployments (single server)
BANGALORE
Disconnected or Bandwidth Constrained
Deployment & Capacity Planning
Microsoft Confidential
SetupBasic versus Advanced (farm = advanced)
WFE versus “Complete”
Scripting setupSetup.exe – put binaries on computer
(requires config.xml)
PSConfig.exe – enable SharePoint services
STSAdm.exe – configure SharePoint services and create shared services and sites
Role: Dedicated front-end Web server for indexing adds Host file entries
Central Admin will push IIS config, Cert & Dedicated IP can be lost if WSS Web Admin Service is cycled (role changes)
Planning for Availability
Capacity Planning Framework – Suggested Limits
ObjectObject ScopeScope Guideline Guideline
Site collections Site collections DatabaseDatabase 50,00050,000
Sites Sites Site collectionSite collection 250,000250,000
(sub) Sites (sub) Sites Web siteWeb site 2,0002,000
ListsLists Web siteWeb site 2,0002,000
Items Items ListList 5 M5 M
Documents Documents Doc LibraryDoc Library 5 M5 M
Documents Documents Folder/Indexed Folder/Indexed
ViewView
2,0002,000
Document size Document size FileFile 2 GB2 GB
Indexed Documents Indexed Documents
(MOSS)(MOSS)SSPSSP 50 M50 M
# Profiles (MOSS)# Profiles (MOSS) SSPSSP 5 M5 M
List Scalability
Microsoft Confidential
Highly availableUsers: 100,000s of users
Host: 100,000+ Site Collections
Store: 1,000,000s of documents
Index: 1,000,000s of documents
Server type RAM HDD CPU
Front end servers 4 GB 200 GB 2 x 2.8 Ghz x64
Index server 4 GB 200 GB 2 x 2.8 Ghz x64
SQL Server computer 4 GB 1 TB 4 x 2.8 Ghz, dual core, x64
Web front end +Query + Excel Calc
Index Clustered SQLserver
Microsoft Confidential
High Availability & Disaster Recovery
Content Recovery Disaster Recovery
Backup & Disaster Recovery Options Summary
• 2 Stage Recycle Bin2 Stage Recycle Bin• VersioningVersioning• Web Delete EventWeb Delete Event• SnapshotsSnapshots• Third Party ToolsThird Party Tools
STSADM STSADM backup/restorebackup/restore
SQL backupsSQL backups
33rdrd party tools party tools
Log-ShippingLog-Shipping
Remote SnapshotsRemote Snapshots
High Availability
Log-ShippingLog-Shipping
SQL ClusteringSQL Clustering
Database Database Mirroring (coming Mirroring (coming soon)soon)
Which combination of tools is right for you?
Microsoft Confidential
Backup and Restore methods2-Stage Recycle Bin for documents and lists
Site-level backup/restore via STSADM
Integrated backup/restore UI for web application and farm
VSS writer for farm backup
SQL Server backup/restore
Mirror/failover farmReplicate primary farm on secondary system
SQL log shipping transfers content DB dataMust manually replicate configuration changes
On disaster, router switches traffic in minutes
More detail in Disaster Recovery presentation
Log-Shipping Mirror Farm
Big IP forhttp://www.microsoft.com
Tra
ns
acti
on
Lo
g S
hip
pin
g
ContentDatabase 1
ContentDatabase 2
Configuration Database
ContentDatabase 1
ContentDatabase 2
Configuration Database
IP 1
WSS SQL Log-shipping Environment
Passive read-only farm
Active read-write farm
.ldf
.ldf
.ldf
.ldf
Security & Firewalls
Microsoft Confidential
Central enforced permissions for all sites in the web application
GRANT and DENY
Bound to web application/zone
ScenariosFull read – search crawling accounts, auditors, legal compliance
Deny all – security control, regulatory compliance
Deny write – extranet lockdown
Security Considerations1. Configure Firewall Rules lock down to most restrictive w/
acceptable level of usability (i.e. outbound HTTP)
2. Secure client communication with trusted SSL certificates (128bit HTTPS)
3. IP Sec (Secure communication between servers and DCs) *Careful with NLB and clients (MAC/Unix)
4. Enable Kerberos Authentication (Intranet) *Careful with NLB
5. SQL SSL encrypted Traffic + Non Standard Port
6. Configure Central Admin on App DMZ servers
7. Restrict IP Traffic on Central Admin and SSP App Pools (IIS)
8. Configure Deny Policies (Not Auth Users) on Content/Admin Web Apps for Applicable Groups/Domains
9. Configure ISA Secure Publishing (or reverse hosting) better than Router ACLs (Rejects Invalid Requests and Verbs)
10. Configure at least 1 DMZ aka 2+ Firewalls/Interfaces between corp and publicly addressable Intranet
Intranet, Extranet, Internet2 Farms, 3 SSPs
TechNet: Plan Logical Architecture
Architecture Considerations• Why more than 1 Farm?
● Application/Customization SLAs, Licensing (Internet vs. Intranet CAL), Isolation (No Scale)
• Why more than 1 SSP?● Isolation and Service Needs
• Why more than 1 App Pool?● Security Isolation, Memory and CPU isolation, Auth
requirements
• Why more than 1 Site Collection?● Separation/delegation of ownership, quotas, ability to
split across databases
• Why keep them together?● Global Navigation, Inheritance of style/Master page, Security
inheritance, Query web parts, Site Collection policy and content types enforcements
Database Considerations• Config
● contains list of all site collections, web apps, web parts, solutions (Most critical db in farm from availability view)
• Content database● contains all blobs, sites webs, etc… (Most
content (consider RAID 5)
• Search & SSP Dbs● Optimize… High Disk I/O contains
configuration & search property store (index/query contain index on disk)
31
Secure Web Publishing with ISA
Exchange
Intranet Web Server
SharePoint
Active Directory
External Web Server
Administrator
User ISA 2006 DMZ
Internal Network
Internet
HEAD QUARTERS
Integrated SecurityIntegrated Security Efficient ManagementEfficient Management
NE
W Smartcards & one-time password support
NE
W Customized logon forms for most devices & apps
NE
W LDAP authentication for Active Directory
NE
W Web publishing load balancing
Fast, Secure AccessFast, Secure Access
NE
W Authentication delegation (NTLM, Kerberos)
NE
W Improved idle-based time-outs for session mgmt
NE
W Exchange & SharePoint publishing tools
NE
W Enhanced certificate administration
NE
W Single sign-on for multiple resource access
NE
W Automatic translation of embedded internal links
Extranet Architecture Example
Content Deployment
Authoring -> Production
Solution Deployment
• Deploy the Solution package to the farm
• Retract the Solutions package
• When a new web server is added, automatically deploy the solution to it
• Deploy new versions of the Solution
• Solution - A CAB file containing ● Manifest.xml file ● All the files for the Features, Web Parts, Site or
list def changes, etc... that make up your solution
Solution Deployment
Demo
Chris Johnson on Solution Deployment
Protocols
• All protocols are HTTP-based● HTTP/S: Browser sessions● SOAP: Editing from Office Applications, Web
Services & Indexing● RSS: All lists can be viewed this way● FP-RPC: SharePoint Designer, Usage● Web-DAV: Explorer View, Web Client Access● XMLHTTP - Forms
Firewall Ports
Microsoft Confidential
Alternate Access Mappings - “Zones” Namespaces used to access a single set of content, e.g.
http://office
https://office.microsoft.com
Default Zone for Alerts URLs and Search results
Authorization == what can you do
Authentication == confirm who you areASP.Net model for pluggable Authentication
Understand - “Enable Client Integration” Matches Office client’s behavior for someFBA providers
What Do SharePoint Server and Donald Trump Have in Common?
Courtesy Si.com
Cache!
TechNet: (Cache Settings) Additional performance and capacity factors
Cache
Cache Config Levels
• Web App – Disk based caching in web.config• Site collection – Configure Output cache and
Blob Cache settings• Site – output and blob cache settings• Page layout – Output cache• Web Part – settings in dwp code • Query – i.e. RSS Feed cache page is 5 min by
default, cross list query
Cache Recommendations
• Cache is but….● Setting memory based caching can waste
valuable memory (ASP.NET may flush cache to make room!)
● Never cache search results – disable search results layout page cache
● Never cache personalized web parts
Demo
Cache Settings
Microsoft Confidential
DeploymentFlexible Streamlined deployment and admin sense of place
Capacity Planning
Solution and Content Deployment
Cache
Call to Action!Keep up to date with TechNet and MSDN and READ/Subscribe to our blogs: http://blogs.msdn.com/joelo
• For ITPros: (RTM Exam)● 70-631 - Windows SharePoint Services 3.0 -
Configuring● 70-630 - Office SharePoint Server 2007 - Configuring
• For Developers: (Beta Exam)● 70-541 - Microsoft Windows SharePoint Services 3.0 -
Application Development● 70-542 - Microsoft Office SharePoint Server 2007 -
Application Development
DON'T DELAY – TAKE 'EM TODAY!!!Be one of the first to pass the NEW MCTS Exams!!!
ResourcesTechnical Chats and Webcastshttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx
MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/technet
Virtual Labshttp://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroupshttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx
Technical Community Siteshttp://www.microsoft.com/communities/default.mspx
User Groupshttp://www.microsoft.com/communities/usergroups/default.mspx
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the
date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Your Feedback is Important
Please fill out a session evaluation form and either put them in the basket near the exit
or drop them off at the conference registration desk.
Thank you!
Slide Title
• Please use this template for your slides● Please DO NOT change the format of this template● Please DO NOT use special formatting such as
shadowing for code, or shadows behind boxes, etc.
● Your slides are due February 26, 2007
● Please send completed slides to [email protected]
● Filename for slides should be: lastname_conference_sessionnum_sessiontitle.ppt Please zip all files before sending them. Include sample code for the attendee disk in a subfolder.