ultimate sharepoint infrastructure best practises session - isle of man sharepoint user group -...
TRANSCRIPT
The Ultimate SharePoint Infrastructure Best Practices Session
Michael Noel
Convergent Computing (CCO)
www.cco.com
925-933-4800
Michael Noel• Author of SAMS Publishing titles “SharePoint 2013 Unleashed,” “SharePoint 2010 Unleashed”, “Windows Server
2012 Unleashed,” “Exchange Server 2013 Unleashed”, “ISA Server 2006 Unleashed”, and a total of 19 titles that have sold over 300,000 copies.
• Partner at Convergent Computing (www.cco.com) – San Francisco, U.S.A. based Infrastructure/Security specialists for SharePoint, AD, Exchange, System Center, Security, etc.
Architecting the Farm
Web
Service Apps
Data
Architecting the Farm
Three Layers of SharePoint Infrastructure
• ‘All-in-One’ (Avoid)
DB and SP Roles Separate
Architecting the Farm
Small Farm Models
• 2 SharePoint Servers running Web and Service Apps
• 2 Database Servers (AlwaysOn FCI or AlwaysOn Availability Groups)
• 1 or 2 Index Partitions with equivalent query components
• Smallest farm size that is fully highly available
Architecting the Farm
Smallest Highly Available Farm
• 2 Dedicated Web Servers (NLB)
• 2 Service Application Servers
• 2 Database Servers (Clustered or Mirrored)
• 1 or 2 Index Partitions with equivalent query components
Architecting the Farm
Best Practice ‘Six Server Farm’
• Separate farm for Service Applications
• One or more farms dedicated to content
• Service Apps are consumed cross-farm
• Isolates ‘cranky’ service apps like User Profile Sync and allows for patching in isolation
Architecting the Farm
Ideal – Separate Service App Farm + Content Farm(s)
• Multiple Dedicated Web Servers
• Multiple Dedicated Service App Servers
• Multiple Dedicated Query Servers
• Multiple Dedicated Crawl Servers, with multiple Crawl DBs to increase parallelisation of the crawl process
• Multiple distributed Index partitions (max of 10 million items per index partition)
• Two query components for each Index partition, spread among servers
Architecting the Farm
Large SharePoint Farms
Cloud and Hybrid Scenarios
www.cco.com
Cloud and Hybrid Scenarios
One-way Outbound Topology
www.cco.com
Cloud and Hybrid Scenarios
One-way Inbound Topology
www.cco.com
Cloud and Hybrid Scenarios
Two-way Inbound/Outbound Topology
Identity Management in Hybrid Mode
• Single Sign On possible between environments using Azure Active Directory Synchronisation Tool
• Azure Active Directory Connection Required, regardless of SSO or non SSO (non-SSO just synchs passwords)
• Consider the use of the OnRamp for Office 365 toolkit (https://onramp.office365.com/OnRamp/)
• Server to Server Authentication also required (Certs)
www.cco.com
SharePoint Virtualisation
Allows organisations that wouldn’t normally be able to have a test environment to run oneAllows for separation of the database role onto a dedicated serverCan be more easily scaled out in the future
Sample 1: Single Server Environment
SP Server Virtualisation
High-Availability across Hosts
All components Virtualised
Sample 2: Two Server Highly Available Farm
SP Server Virtualisation
Highest transaction servers are physical
Multiple farm support, with DBs for all farms on the SQL AOAG
Sample 3: Mix of Physical and Virtual Servers
SP Server Virtualisation
Scaling to Large Virtual Environments
SP Server Virtualisation
• Processor (Host Only)• <60% Utilisation = Good
• 60%-90% = Caution
• >90% = Trouble
• Available Memory • 50% and above = Good
• 10%-50% = OK
• <10% = Trouble
• Disk – Avg. Disk sec/Read or Avg. Disk sec/Write
• Up to 15ms = fine
• 15ms-25ms = Caution
• >25ms = Trouble
• Network Bandwidth – Bytes Total/sec– <40% Utilisation = Good
– 41%-64% = Caution
– >65% = Trouble
• Network Latency - Output Queue Length– 0 = Good
– 1-2= OK
– >2 = Trouble
Virtualisation of SharePoint ServersVirtualisation Performance Monitoring
SharePoint Infrastructure as a Service (IaaS)
• Basic Farm Configuration on Microsoft Azure
SharePoint Infrastructure as a Service (IaaS)
• Highly Available Farm Configuration on Microsoft Azure
Data Management
Sample Distributed Content Database Design
Data Management
• Can reduce the size of Content DBs, as upwards of 98% of space in content DBs is composed of BLOBs
• Can move BLOB storage to more efficient/cheaper storage
• Improve performance and scalability of your SharePoint deployment – But highly recommended to use third party as it increases scalability
Remote BLOB Storage (RBS)
Data Management
SQL Database Optimisation
DB-AFile 1
DB-BFile 1
Volume #1
DB-AFile 2
DB-BFile 2
Volume #2
DB-AFile 3
DB-BFile 3
Volume #3
DB-AFile 4
DB-BFile 4
Volume #4
Tempdb File 1 Tempdb File 2 Tempdb File 3 Tempdb File 4
Multiple Files for SharePoint Databases
SQL Server Optimisation
• Break Content Databases and TempDB into multiple files (MDF, NDF), total should equal number of physical processors (not cores) on SQL server.
• Pre-size Content DBs and TempDB to avoid fragmentation
• Separate files onto different drive spindles for best IO perf.
• Example: 50GB total Content DB on Two-way SQL Server would have two database files distributed across two sets of drive spindles = 25GB pre-sized for each file.
Multiple Files for SharePoint Databases
SQL Server Optimisation
• Implement SQL Maintenance Plans!
• Include DBCC (Check Consistency) and either Reorganize Indexes or Rebuild Indexes, but not both!
SQL Database OptimisationSQL Maintenance Plans
• Add backups into the maintenance plan if they don’t exist already
• Be sure to truncate transaction logs with a T-SQL Script (after full backups have run…)
High Availability and Disaster Recovery
High Availability and Disaster Recovery
SQL Server Solution
Potential Data Loss
(RPO)
Potential Recovery
Time (RTO)Automatic Failover
Additional Readable
Copies
AlwaysOn Availability Groups – Synchronous (Dual-phase commit, no data loss, can’t
operate across WAN)
None 5-7 Seconds Yes 0 - 2
AlwaysOn Availability Groups – Asynchronous (Latency tolerant, cross WAN option,
potential for data loss)
Seconds Minutes No 0 - 4
AlwaysOn Failover Cluster Instance (FCI) – Traditional shared storage clustering NA 30 Seconds to several
minutes (depending on
disk failover)
Yes N/A
Database Mirroring - High-safety (Synchronous) Zero 5-10 seconds Yes N/A
Database Mirroring - High-performance (Asynchronous) Seconds Manually initiated, can
be a few minutes if
automated
No N/A
SQL Log Shipping Minutes Manually initated, can
be a few minutes if
automated, by typically
hours
No Not during
a restore
Traditional Backup and Restore Hours to Days Typically multiple hours,
days, or weeks
No Not during
a restore
Comparison of High Availability and Disaster Recovery OptionsHA and DR
AlwaysOn Availability Groups in SQL 2012/2014
HA and DR
Demo
SQL 2014 AOAGs for SharePoint Database Failover
• Hardware Based Load Balancing (F5, Cisco, Citrix NetScaler – Best performance and scalability
• Software Windows Network Load Balancing fully supported by MS, but requires Layer 2 VLAN (all packets must reach all hosts.) Layer 3 Switches must be configured to allow Layer 2 to the specific VLAN.
• If using Unicast, use two NICs on the server, one for communications between nodes.
• If using Multicast, be sure to configure routers appropriately
• Set Affinity to Single (Sticky Sessions)
• If using VMware, note fix to NLB RARP issue (http://tinyurl.com/vmwarenlbfix)
Network Load Balancing
HA and DR
Security and Documentation
• Infrastructure Security and Best practices
• Physical Security
• Best Practice Service Account Setup
• Kerberos Authentication
• Data Security
• Role Based Access Control (RBAC)
• Transparent Data Encryption (TDE) of SQL Databases
• Transport Security
• Secure Sockets Layer (SSL) from Server to Client
• IPSec from Server to Server
• Edge Security
• Inbound Internet Security
• Rights Management
Five Layers of SharePoint Security
Security
• Document all key settings in IIS, SharePoint, after installation
• Consider monitoring for changes after installation for Config Mgmt.
• Fantastic tool for this is the SPDocKit - can be found at http://tinyurl.com/spdockit
SPDocKit
Document SharePoint
Michael Noel
Twitter: @MichaelTNoel
www.cco.com
Slides: slideshare.net/michaeltnoel
Travel blog: sharingtheglobe.com
SharePoint 2013 Unleashed:
tinyurl.com/sp2013unleashed