2. Michael Noel
Author of SAMS Publishing titles “SharePoint 2010 Unleashed,” “SharePoint 2007
Unleashed,” “SharePoint 2003 Unleashed”, “Teach Yourself SharePoint 2003 in 10
Minutes,” “Windows Server 2008 R2 Unleashed,” “Exchange Server 2010
Unleashed”, “ISA Server 2006 Unleashed”, and many other titles .
Partner at Convergent Computing (www.cco.com / +1(510)444-5700) – San
Francisco Bay Area based Infrastructure/Security specialists for
SharePoint, AD, Exchange, Security
3. What we will cover
• Examine various SharePoint 2010 farm architecture best
practices that have developed over the past year
• Examine SharePoint Best Practice Farm Architecture
• Understand SharePoint Virtualization Options
• Explore SharePoint DR and HA strategies using SQL 2012
AlwaysOn High Availability Technologies
• Explore other common best practices (RBS, SSL, NLB)
• Examine best practice security for SharePoint
• A large amount of best practices covered (i.e. Drinking
through a fire hose,) goal is for you to be able to take
away at least 2-3 useful pieces of information that can be
used in your environment
5. Architecting the Farm
Three Layers of SharePoint Infrastructure
Web
Service Apps
Data
6. Architecting the Farm
Small Farm Models
„All-in-One‟ (Avoid)
DB and SP Roles Separate
7. Architecting the Farm
Smallest Highly Available Farm
• 2 SharePoint Servers running
Web and Service Apps
• 2 Database Servers (AlwaysOn
FCI or AlwaysOn Availability
Groups)
• 1 or 2 Index Partitions with
equivalent query components
• Smallest farm size that is fully
highly available
8. Architecting the Farm
Best Practice ‘Six Server Farm’
• 2 Dedicated Web Servers
(NLB)
• 2 Service Application
Servers
• 2 Database Servers
(Clustered or Mirrored)
• 1 or 2 Index Partitions
with equivalent query
components
9. Architecting the Farm
Ideal – Separate Service App Farm + Content Farm(s)
• Separate farm for
Service Applications
• One or more farms
dedicated to content
• Service Apps are
consumed cross-farm
• Isolates „cranky‟
service apps like User
Profile Sync and
allows for patching in
isolation
10. Architecting the Farm
Large Virtualized SharePoint Farms
• Multiple Dedicated
Web Servers
• Multiple Dedicated
Service App Servers
• Multiple Dedicated
Query Servers
• Multiple Dedicated
Crawl Servers, with
multiple Crawl DBs to
increase parallelization
of the crawl process
• Multiple distributed
Index partitions (max
of 10 million items per
index partition)
• Two query components
for each Index
partition, spread
among servers
13. SP Server Virtualization
Virtualization CPU and Memory Requirements
vCPU RAM (Bare RAM RAM (Ideal)
Minimum) (Recommend)
Web Only* 2 6GB 8GB 12GB
Service Application 2 6GB 8GB 12GB
Roles Only
Dedicated Search 2 8GB 10GB 16GB
Service App
Combined 4 10GB 12GB 18GB
Web/Search/Service
Apps
Database* 4 10GB 16GB 24GB
14. SP Server Virtualization
Sample 1: Single Server Environment
Allows organizations that wouldn’t normally be able to have a test
environment to run one
Allows for separation of the database role onto a dedicated server
Can be more easily scaled out in the future
15. SP Server Virtualization
Sample 2: Two Server Highly Available Farm
High-
Availability
across
Hosts
All
componen
ts
Virtualized
Uses only
two
Windows
Ent Edition
Licenses
16. SP Server Virtualization
Sample 3: Mix of Physical and Virtual Servers
Highest
transactio
n servers
are
physical
Multiple
farm
support, w
ith DBs for
all farms
on the
SQL
cluster
18. SP Server Virtualization
Virtualization Performance Monitoring
Processor (Host Only) • Network Bandwidth –
– <60% Utilization = Good Bytes Total/sec
– 60%-90% = Caution – <40% Utilization =
– >90% = Trouble Good
Available Memory – 41%-64% = Caution
– 50% and above = Good – >65% = Trouble
– 10%-50% = OK • Network Latency -
– <10% = Trouble Output Queue Length
Disk – Avg. Disk sec/Read or Avg. – 0 = Good
Disk sec/Write – 1-2= OK
– Up to 15ms = fine
– >2 = Trouble
– 15ms-25ms = Caution
– >25ms = Trouble
19. SP Server Virtualization
Quick Farm Provisioning using SCVMM
1. Create new Virtual Guest (Windows Server 2008 R2)
2. Install SP2010 Binaries. Stop before running Config
Wizard
3. Turn Virtual Guest into Template, modify template
to allow it to be added into domain
4. Add PowerShell script to run on first login, allowing
SP to be added into farm or to create new farm
End Result - 15 minute entire farm provisioning…quickly
add servers into existing farms or create new farms
(Test, Dev, Prod) on demand
21. Data Management
Distribute by Default
• Start with a distributed architecture of content
databases from the beginning, within reason
(more than 50 per SQL instance is not
recommended)
• Distribute content across Site Collections from the
beginning as well, it is very difficult to extract
content after the face
• Allow your environment to scale and your users to
„grow into‟ their SharePoint site collections
23. Data Management
Remote BLOB Storage (RBS)
• BLOBs are unstructured content stored in SQL
• Includes all documents, pictures, and files stored in
SharePoint
• Excludes Metadata and Context, information about the
document, version #, etc.
• Until recently, could not be removed from SharePoint
Content Databases
• Classic problem of structured vs. unstructured data –
unstructured data doesn‟t really belong in a SQL Server
environment
24. Data Management
Remote BLOB Storage (RBS)
Can reduce dramatically the size of Content DBs, as upwards of
80%-90% of space in content DBs is composed of BLOBs
Can move BLOB storage to more efficient/cheaper storage
Improve performance and scalability of your SharePoint
deployment – But highly recommended to use third party
27. SQL Server Optimization
Multiple Files for SharePoint Databases
• Break Content Databases and TempDB into multiple files
(MDF, NDF), total should equal number of physical
processors (not cores) on SQL server.
• Pre-size Content DBs and TempDB to avoid fragmentation
• Separate files onto different drive spindles for best IO perf.
• Example: 50GB total Content DB on Two-way SQL Server
would have two database files distributed across two sets of
drive spindles = 25GB pre-sized for each file.
28. SQL Server Optimization
Tempdb Best Practices
• TempDB is critical for performance
• Pre-size to 20% of the size of the largest content
database.
• Break into multiple files across spindles as noted
• Note there is a separate TempDB for each physical
instance
• Note that if using SQL Transparent Data
Encryption (TDE) for any databases in an
instance, the tempDB is encrypted.
29. Data Management
SQL Maintenance Plans
• Implement SQL Maintenance Plans!
• Include DBCC (Check Consistency) and either
Reorganize Indexes or Rebuild Indexes, but
not both!
• Add backups into the
maintenance plan if
they don’t exist
already
• Be sure to truncate
transaction logs with
a T-SQL Script (after
full backups have
run…)
30. Data Management
Truncate Transaction Logs Statement
USE CompanyABC_SP2010_ContentDB01;
GO
ALTER DATABASE CompanyABC_SP2010_ContentDB01
SET RECOVERY SIMPLE;
GO
DBCC SHRINKFILE
(CompanyABC_SP2010_ContentDB01_log, 100);
GO
ALTER DATABASE CompanyABC_SP2010_ContentDB01
SET RECOVERY FULL;
GO
32. HA and DR
Comparison of High Availability and Disaster Recovery Options
Potential Potential
High Availability and Disaster Recovery Automatic Readable
Data Loss Recovery
SQL Server Solution (RPO) Time (RTO)
Failover Secondaries
AlwaysOn Availability Group - Zero Seconds Yes 0-2
synchronous-commit
AlwaysOn Availability Group - Seconds Minutes No 0-4
asynchronous-commit
AlwaysOn Failover Cluster Instance NA Seconds Yes NA
-to-minutes
Database Mirroring - High-safety (sync + Zero Seconds Yes NA
witness)
Database Mirroring - High-performance Seconds Minutes No NA
(async)
Log Shipping Minutes Minutes No Not during
-to-hours a restore
Backup, Copy, Restore Hours Hours No Not during
-to-days a restore
33. HA and DR
AlwaysOn Availability Groups in SQL 2012
34. HA and DR
Creating AlwaysOn Availability Groups in SQL 2012
Install Windows Server 2008 R2
w/SP1 on multiple nodes
Enable the Failover Cluster
Feature on each node
Use the Failover Cluster Manager
Wizard to create a cluster.
Name the cluster a unique name
that will be separate from the
instance name that will be used
for SharePoint
35. HA and DR
Creating AlwaysOn Availability Groups in SQL 2012
• Install .NET Services 3.5 Feature on each SQL node
• Install SQL 2012 Enterprise Edition Database Services (Also recommend
adding SQL Management Tools – Complete)
• Ensure proper Windows Firewall ports are open
• Service Account for SQL
– Use the same service account for all nodes
– Don‟t use Network Service
– If using Kerberos, make sure all SQL names have SPNs associated with the
service account
• Make sure databases are set to FULL recovery mode
• Ensure that the file paths and drive letters are consistent throughout all
instances (ideally, or config will have to be manual)
• Copy or Create SharePoint databases on Primary node only (use SQL Alias to
change name later)
• Perform a full backup of your SharePoint databases
• Create a file share location that is accessible by all nodes that will be used
for the shared backups (i.e. SQL1Backups)
36. HA and DR
Creating AlwaysOn Availability Groups in SQL 2012
Enable AlwaysOn High
Availability in SQL Server
Configuration Manager
Repeat on Each Node
Restart SQL Services
37. HA and DR
Creating AlwaysOn Availability Groups in SQL 2012
Ideally use the New Availability Group Wizard, it
automates the process
38. HA and DR
Creating AlwaysOn Availability Groups in SQL 2012
• Be sure to have a
shared network
location for the
backup files
(Created in earlier
step)
• Depending on
size of databases,
this could take a
while
• Backups can also
be pre-staged
(Join Only)
39. HA and DR
Creating AlwaysOn Availability Groups in SQL 2012
• Validation
should show all
green, except
warning for
Listener
• The listener
(„SQL‟ in this
example) will be
created
later, and is
required for
SharePoint to
connect to
40. HA and DR
Creating AlwaysOn Availability Groups in SQL 2012
• After the wizard
completes, manually
create the Availability
Group Listener
• This is the shared
name that SharePoint
will connect to and
will provide failover
(Also called the „Client
Access Point‟)
• Modify the DNS
record for this listener
to have a low TTL (60
seconds or less) for
cross-subnet failover
scenarios
41. HA and DR
Creating AlwaysOn Availability Groups in SQL 2012
42. HA and DR
Windows Network Load Balancing
• Hardware Based Load Balancing
(F5, Cisco, Citrix NetScaler – Best
performance and scalability
• Software Windows Network Load
Balancing fully supported by MS, but
requires Layer 2 VLAN (all packets must
reach all hosts.) Layer 3 Switches must
be configured to allow Layer 2 to the
specific VLAN.
• If using Unicast, use two NICs on the
server, one for communications between
nodes.
• If using Multicast, be sure to configure
routers appropriately
• Set Affinity to Single (Sticky Sessions)
• If using VMware, note fix to NLB RARP
issue (http://tinyurl.com/vmwarenlbfix)
43. HA and DR
Windows Network Load Balancing - Sample
Best Practice – Create Multiple Web Apps with
Load-balanced VIPs (Sample below)
–Web Role Servers
– sp1.companyabc.com (10.0.0.101) – Web Role Server #1
– sp2.companyabc.com (10.0.0.102) – Web Role Server #2
–Clustered VIPs shared between SP1 and SP2 (Create A
records in DNS)
– spnlb.companyabc.com (10.0.0.103) - Cluster
– spca.companyabc.com (10.0.0.104) – SP Central Admin
– spsmtp.companyabc.com (10.0.0.105) – Inbound Email VIP
– home.companyabc.com (10.0.0.106) – Main SP Web App (can
be multiple)
– mysite.companyabc.com (10.0.0.107) – Main MySites Web
App
45. Document SharePoint
SPDocKit
• Document all key settings in IIS, SharePoint, after installation
• Consider monitoring for changes after installation for Config
Mgmt.
• Fantastic tool for this is the SPDocKit - can be found at
http://tinyurl.com/spdockit
46. Security
Five Layers of SharePoint Security
• Infrastructure Security and Best practices
– Physical Security
– Best Practice Service Account Setup
– Kerberos Authentication
• Data Security
– Role Based Access Control (RBAC)
– Transparent Data Encryption (TDE) of SQL Databases
– Antivirus
• Transport Security
– Secure Sockets Layer (SSL) from Server to Client
– IPSec from Server to Server
• Edge Security
– Inbound Internet Security (Forefront UAG/TMG)
• Rights Management
47. For More Information
SharePoint 2010 Unleashed from SAMS Publishing
(http://www.samspublishing.com)
Microsoft „Virtualizing SharePoint Infrastructure‟ Whitepaper
(http://tinyurl.com/virtualsp)
Microsoft SQL Mirroring Case Study
(http://tinyurl.com/mirrorsp )
Failover Mirror PowerShell Script
(http://tinyurl.com/failovermirrorsp )
SharePoint Kerberos Guidance
(http://tinyurl.com/kerbsp)
SharePoint Installation Scripts
(http://tinyurl.com/SPFarm-Config)
SharePoint Documentation Toolkit
(http://tinyurl.com/SPDocKit)
Contact us at CCO.com