1. HIT308
The Ultimate SharePoint Best
Practice Session
Lessons Learned from Years of
SharePoint Deployments
Michael Noel
Convergent Computing
Twitter: @michaelTnoel
2. Michael Noel
• Technology book author; Over 15 titles translated into 20
languages worldwide
• Partner at Convergent Computing (www.cco.com) – San
Francisco Bay Area based Consultants
• Specialties in SharePoint, Exchange, Security, and more…
3. Session Agenda
g
• Farm Architecture
• Virtualized Farm Architecture
• High Availability Design
Hi h A il bilit D i
• Logical Architecture
• Hardware and Software
• SharePoint Installation
• Kerberos Authentication
5. Farm Architecture
All-in-one Server
• All Roles and SQL on one
server
• Often seen in small farms
• SQL contention with
t ti ith
SharePoint
• Easy to deploy, but not best
practice
• No ability for test
environment
i t
• NOTE: Do not use SQL
Express in Production!
6. Farm Architecture
Dedicated SQL Database Server
• Dedicated SQL Server
• All SharePoint roles
on single box
• Less Disk IO
• Greater Performance
• Still no test
environment…
environment
7. Farm Architecture
Smallest Highly Available Farm
• 2 Web/Query/Application
/Central Admin/Inbound
Email Servers
• 1 Dedicated Index Server
(With Web role to allow it to
crawl content)
• 2 SQL Standard Edition
Cluster Nodes
(Active/Passive) – Mirror
also option
• Smallest highly available
farm
10. Virtualized Farm Architecture
Easy and Supported
• Microsoft Hyper-V (R2 current version) or
VMware ESX supported (KB 897615)
• Great Windows Licensing Options (Ent =
4 licenses, Datacenter = unlimited)
• Allows for multiple farms, more servers
• L
Less cost, more f il
t failover options (Li
ti (Live
Migration / Vmotion)
• Do not overcommit resources!
11. Virtualized Farm Architecture
Cost Effective Farm / No HA
Allows organizations th t wouldn’t normally b able t
All i ti that ld ’t ll be bl to
have a test environment to run one
Allows for separation of the database role onto a
p
dedicated server
Can be easily scaled out in the future
12. Virtualized Farm Architecture
Fully Redundant Farm with only Two Servers
High-
Availability
across H t
Hosts
All
components
virtualized
Uses only
two Windows
Ent Edition
Licenses
Li
13. Virtualized Farm Architecture
Best practice, Highly Available and Scalable Farm
Highest
transaction
servers are
physical
Multiple farm
M lti l f
support, with
DBs for all
farms on the
f h
SQL cluster
Only five
y
physical
servers total,
g
but high
performance
15. High A il bili
Hi h Availability
Architecture
Network Load Balancing
g
and SQL Database
Mirroring
16. High Availability Architecture
Network Load Balancing
• H d
Hardware B
Based L d B l
d Load Balancing i B t
i is Best
● F5
● Cisco Content Switch
● Citrix Netscaler
• Windows Network Load Balancing
Supported
● Unicast – Use two NICs
● Multicast – Requires Router Support
q pp
17. High Availability Architecture
Network Load Balancing - Sample
● Web Role Servers
• sp1.companyabc.com (10.0.0.101) – Web Role Server #1
• sp2.companyabc.com (10.0.0.102) – Web Role Server #2
● Clustered VIPs shared between SP1 and SP2 (Create A
records in DNS)
• spnlb.companyabc.com (10.0.0.103) - Cluster
• spca.companyabc.com (10 0 0 104) – SP C t l Ad i
b (10.0.0.104) Central Admin
• ssp1.companyabc.com (10.0.0.105) – SSP
• spsmtp.companyabc.com (10.0.0.106) – Inbound Email
p p p y ( )
• home.companyabc.com (10.0.0.107) – Main SP Web App
• mysite.companyabc.com (10.0.0.108) – My Sites
18. High Availability Architecture
SQL Database Mirroring
• A il bl i SQL S
Available in Server
2005/2008, both Standard and
Enterprise Mi
E t i Mirroring
i
• Keep a full copy of Database on
another server
• Asynchronous (good for WAN
scenarios, Enterprise edition only)
or Synchronous
19. High Availability Architecture
Database Mirroring – Single Site Option
• Single Site
• Synchronous
Replication
• Uses a SQL
Witness Server to
Failover
Automatically
A i ll
• Mirror all
SharePoint DBs in
the Farm
• Use a SQL Alias to
switch to Mirror
it h t Mi
Instance
20. High Availability Architecture
Database Mirroring – Cross Site HA Mirroring Option
• T
Two Sites
Sit
• 1 ms
Latencyy
• 1GB
Bandwidth
• Farm
Servers in
each
location
• Auto
Failover
F il
21. High Availability Architecture
Database Mirroring – Warm Farm Asynchronous Option
• Two Sites
• Two Farms
(one warm
farm)
• Mirror only
Content DBs
• Failover is
Manual
• M t Reattach
Must R tt h
DBs
• Must re index
re-index
23. Logical Architecture
Web Application Architecture
• Consider creating multiple Web Apps
• Example:
● spca.companyabc.com
● ssp1.companyabc.com
● mysite.companyabc.com
● home companyabc com
home.companyabc.com
• Flexible and scalable!
24. Logical Architecture
Distribute by Default
• Distribute content across multiple Site
Collections
• Distribute Site Collections Across
Multiple DBs
• M lti l d t b
Multiple databases = more controlled
t ll d
DB growth
• Try to keep your Content DBs
manageable in size (
g (50-100GB) )
26. Hardware and
H d d
Software
Determining the right tools
for the job
27. Hardware and Software
Disk, Memory, and Processor
• SQL Databases Require large amounts of
space!
• Allocate Disk Space for Index and Q y
p Query
Servers as well
• Index corpus can g
p grow to 5%-20% of total size
of data indexed
• Database and Index Servers require most RAM
(4GB, 8GB, or more)
• Multi-core processors recommended
28. Hardware and Software
Windows Server Versions
• Windows Server 2008 R2 (or RTM) highly
recommended!
• Critical that new servers run x64, required for
, q
SharePoint 2010
• SharePoint servers are fine with Standard
edition of Windows, no extra gain for Enterprise
• SQL Servers may require Enterprise edition if
using SQL Enterprise
29. Hardware and Software
SQL Server Versions
• SQL Server 2008 Recommended
Q
• 64 bit also highly recommended (required for
SharePoint 2010)
• SQL Server 2005 still supported
• SQL 2000 supported for Sharepoint 2007, but
not for 2010, and not recommended
t f 2010 d t d d
• Separate SQL Reporting Services server may
be required for intensive reporting
• Standard edition of SQL generally fine, except
for very large environments
y g
30. SharePoint
Installation
Getting the steps right
31. SharePoint Installation
Service Accounts
• Never use a single service account!
• Create the Following Accounts
● SQL Admin A
Ad i Account t
● Installation Account
● SharePoint Farm Admin
S
● Search Admin
● Default Content Access Account
● Application Pool Identity Accounts
34. SharePoint Installation
Command-line Installation of SharePoint
• Learn to install from Command-line
• Only way to specify SPCA Database
Name
• SETUP, PSCONFIG and STSADM
• PSC fi i your f i d!
PSConfig is friend!
• Powershell is the future here…
35. SharePoint Installation
Running the Config Wizard to Install Servers
• Consider PSConfig
• Use Easy to remember port for
SPCA (i e 8888)
(i.e.
• Better still, change SPCA to
443 later
• Use Common Database
Naming Convention
• Account running wizard needs
DBCreator and Security Admin
y
rights on SQL Server
• Run the wizard on additional
servers as necessary
40. Kerberos Authentication
Step 2: Create SPNs for SQL
• Create SPNs for SQL
• Syntax similar to following:
● Setspn.exe
Setspn exe -A MSSQLSvc/spsql:1433
COMPANYABCSRV-SQL-DB
● Setspn.exe –A
MSSQLSvc/spsql.companyabc.com:1433
COMPANYABCSRV-SQL-DB
• MSSQLSvc = Default instance, if named
instance
instance, specify the name instead
• In this example SRV SQL DB is the SQL Admin
example, SRV-SQL-DB
account
41. Kerberos Authentication
Step 3: Allow App Pool accounts and SP Computers to
Delegate
• Use ADUC
• SharePoint
Web Server
Computer
p
Accounts
• App Pool
Identity
Accounts
A t
42. Kerberos Authentication
Step 4: Edit Applicationhost.config
• Windows Server 2008 only
• Modify the ApplicationHost.config file
<windowsAuthentication enabled="true" useKernelMode="true"
useAppPoolCredentials="true">
43. Kerberos Authentication
Step 5: Enable Kerberos on Web App
• Enable Kerberos on the Web App (if not
already turned on)
● Go t A li ti Management –
G to Application M t
Authentication Providers
● Choose the appropriate Web Application
● Click on the link for ‘Default’ under Zone
● Change t I t
Ch to Integrated Windows Authentication
t d Wi d A th ti ti
- Kerberos (Negotiate)
• R ii
Run iisreset / f
t /noforce from the command
f th d
prompt
44. Key Takeaways
y y
• Highly consider Virtualization for SharePoint
• Create a test farm!
• Consider Database Mirroring and/or NLB for
SharePoint HA
• Deploy the ‘five server farm’ for full High
p y g
Availability
• Plan today for SharePoint 2010 (more on this
in the next session!)
• Enable Kerberos Authentication
45. For More Information
• SharePoint Database Mirroring Whitepaper
(http://tinyurl.com/mirrorsp)
(htt //ti l / i )
• Database Mirroring Failover Case Study
(http://tinyurl.com/mirrorspcs)
• Microsoft ‘Virtualizing S
f ‘ SharePoint Infrastructure’
f ’
Whitepaper (http://tinyurl.com/virtualsp)
• SharePoint Log Shipping Whitepaper
(http://tinyurl.com/logshipsp)
(htt //ti l /l hi )
• Microsoft Kerberos Guidance for SP
(http://tinyurl.com/kerbsp)
46. Your Feedback is Important
Please fill out a session evaluation form and
either put them in the basket near the exit
or drop them off at the conference
registration desk.
Thank you!
Session Code: HIT308