Demystifying SharePoint Infrastructure – for NON-IT People
Download as PPTX, PDF0 likes590 views
The document discusses the SharePoint infrastructure presentation from the Project Conference Adriatics 2013, focusing on various networking protocols such as TCP/IP, DNS, and HTTP. It explains essential terms and concepts for non-IT individuals, including high availability and disaster recovery techniques, as well as the functionalities of Active Directory and Lightweight Directory Access Protocol. The material aims to demystify complex IT terminology for better understanding in a broader audience.
![How DNS Works
Preferred DNS Server: 10.1.1.1
10.1.1.1 Root Server
http://server1.microsoft.com
Recursive Query: server1.microsoft.com.
Is name in cache?
No
Am I authoritative?
No
Root Hints:
b.root-servers.net [128.9.0.107]
j.root-servers.net [198.41.0.10]
k.root-servers.net [193.0.14.129]
l.root-servers.net [198.32.64.12]
m.root-servers.net [202.12.27.33]
i.root-servers.net [192.36.148.17]
e.root-servers.net [192.203.230.10]
d.root-servers.net [128.8.10.90]
a.root-servers.net [198.41.0.4]
h.root-servers.net [128.63.2.53]
c.root-servers.net [192.33.4.12]
g.root-servers.net [192.112.36.4]
f.root-servers.net [192.5.5.241]
Iterative Query: server1.microsoft.com.
To: Root Servers
Is name in cache?
No
Am I authoritative?
Delegation:
.com. =
a.gtld-servers.net [192.5.6.30]
g-gtld-servers.net [192.42.93.30]
c.gtld-servers.net [192.26.92.30]
i.gtld-servers.net [192.36.144.133]
b.gtld-servers.net [203.181.106.5]
d.gtld-servers.net [192.31.80.30]
l.gtld-servers.net [192.41.162.30]
f.gtld-servers.net [192.35.51.30]
j.gtld-servers.net [210.132.100.101]
k.gtld-servers.net [213.177.194.5]
e.gtld-servers.net [192.12.94.30]
m.gtld-servers.net [202.153.114.101]
I don’t know. Ask:
a.gtld-servers.net [192.5.6.30]
g-gtld-servers.net [192.42.93.30]
c.gtld-servers.net [192.26.92.30]
i.gtld-servers.net [192.36.144.133]
b.gtld-servers.net [203.181.106.5]
d.gtld-servers.net [192.31.80.30]
l.gtld-servers.net [192.41.162.30]
f.gtld-servers.net [192.35.51.30]
j.gtld-servers.net [210.132.100.101]
k.gtld-servers.net [213.177.194.5]
e.gtld-servers.net [192.12.94.30]
m.gtld-servers.net [202.153.114.101]
Cache response
TLD Server
Is name in cache?
No
Am I authoritative?
Delegation:
microsoft.com. =
dns2.cp.msft.net [207.46.138.21]
dns1.cp.msft.net [207.46.138.20]
dns1.tk.msft.net [207.46.232.37]
dns2.tk.msft.net [207.46.232.38]
dns3.uk.msft.net [213.199.144.151]
dns4.uk.msft.net [213.199.144.152]
dns3.jp.msft.net [207.46.72.123]
dns4.jp.msft.net [207.46.72.124]
dns1.dc.msft.net [207.68.128.151]
dns2.dc.msft.net [207.68.128.152]
dns1.sj.msft.net [207.46.97.11]
I don’t know. Ask:
dns2.cp.msft.net [207.46.138.21]
dns1.cp.msft.net [207.46.138.20]
dns1.tk.msft.net [207.46.232.37]
dns2.tk.msft.net [207.46.232.38]
dns3.uk.msft.net [213.199.144.151]
dns4.uk.msft.net [213.199.144.152]
dns3.jp.msft.net [207.46.72.123]
dns4.jp.msft.net [207.46.72.124]
dns1.dc.msft.net [207.68.128.151]
dns2.dc.msft.net [207.68.128.152]
dns1.sj.msft.net [207.46.97.11]
microsoft.com
DNS Servers
Is name in cache?
No
Am I authoritative?
Yes
server1.microsoft.com=192.168.7.99
Cache response
http/tcp session- 192.168.7.99
192.168.7.99
10.1.1.1 Root Server
TLD Server
microsoft.com
DNS Servers
192.168.7.99
http://server1.microsoft.com
server1.microsoft.com=192.168.7.99
http/tcp session- 192.168.7.99
Recursive Query: server1.microsoft.com.](https://image.slidesharecdn.com/demystifyingsharepointinfrastructurefornon-itpeople-131127042536-phpapp02/85/Demystifying-SharePoint-Infrastructure-for-NON-IT-People-8-320.jpg)
Demystifying SharePoint Infrastructure – for NON-IT People
- 1. SHAREPOINT AND PROJECT CONFERENCE ADRIATICS 2013 ZAGREB, NOVEMBER 27-28 2013 Demystifying SharePoint Infrastructure – for NON-IT People ZVONIMIR MAVRETIĆ, EVISION / K2 ADRIATICS
- 2. sponsors
- 3. SharePoint infrastructure • Lot of acronyms: • TCP/IP - Transmission Control Protocol/Internet Protocol • DNS - Domain Name System • HTTP - Hypertext Transfer Protocol • TLS/SSL - Transport Layer Security/Secure Sockets Layer • CA & PKI – Certificate Authority and Public Key Infrastructure • SMTP – Simple Mail Transfer Protocols • LDAP - Lightweight Directory Access Protocol • AD – Active Directory • HA & DR – High Availability and Disaster Recovery • NLB – Network Load Balancing • …
- 4. TCP/IP - Transmission Control Protocol/Internet Protocol • The Internet protocol suite is the networking model and a set of communications protocols used for the Internet and similar networks. • It is commonly known as TCP/IP, because its most important protocols, the Transmission Control Protocol (TCP) and the Internet Protocol (IP), were the first networking protocols defined in this standard. • It is occasionally known as the DoD model, because the development of the networking model was funded by DARPA, an agency of the United States Department of Defense. Source: http://en.wikipedia.org/wiki/Internet_protocol_suite
- 5. DNS – Simple explanation • Servers on the Internet have IP Addresses, like a telephone number. • A Domain Name (like evision.hr, twitter.com, or microsoft.com) is a name badge on the Internet. • DNS (domain name system) service is the Internet’s Telephone Book. • If you have someone’s name, you can look up their phone number. • DNS maps domain names to IP addresses and other pieces of network data to get you to the right place.
- 6. DNS - Domain Naming System • Provides resolution of names to IP addresses and resolution of IP addresses to names • Forward lookup - Requests name-to-address resolution • Reverse lookup - Requests address-to-name resolution • Client/Server system • Name Servers - contain information about some segments of the database • Resolvers - create queries and send them across the network to a name server • FQDN • Fully Qualified Domain Name • Identifies a host’s name within the DNS namespace hierarchy • Host name plus DNS domain name = FQDN
- 7. Subdomain Second-Level Domain - Domain Top-Level Domain TLD Root . .com microsoft.com www.microsoft.com … k2.com www.k2.com help.k2.com .org … .hr evision.hr www.evision.hr DNS Namespace • Defines a hierarchical namespace where each level of the namespace is separated by a “.”
- 8. How DNS Works Preferred DNS Server: 10.1.1.1 10.1.1.1 Root Server http://server1.microsoft.com Recursive Query: server1.microsoft.com. Is name in cache? No Am I authoritative? No Root Hints: b.root-servers.net [128.9.0.107] j.root-servers.net [198.41.0.10] k.root-servers.net [193.0.14.129] l.root-servers.net [198.32.64.12] m.root-servers.net [202.12.27.33] i.root-servers.net [192.36.148.17] e.root-servers.net [192.203.230.10] d.root-servers.net [128.8.10.90] a.root-servers.net [198.41.0.4] h.root-servers.net [128.63.2.53] c.root-servers.net [192.33.4.12] g.root-servers.net [192.112.36.4] f.root-servers.net [192.5.5.241] Iterative Query: server1.microsoft.com. To: Root Servers Is name in cache? No Am I authoritative? Delegation: .com. = a.gtld-servers.net [192.5.6.30] g-gtld-servers.net [192.42.93.30] c.gtld-servers.net [192.26.92.30] i.gtld-servers.net [192.36.144.133] b.gtld-servers.net [203.181.106.5] d.gtld-servers.net [192.31.80.30] l.gtld-servers.net [192.41.162.30] f.gtld-servers.net [192.35.51.30] j.gtld-servers.net [210.132.100.101] k.gtld-servers.net [213.177.194.5] e.gtld-servers.net [192.12.94.30] m.gtld-servers.net [202.153.114.101] I don’t know. Ask: a.gtld-servers.net [192.5.6.30] g-gtld-servers.net [192.42.93.30] c.gtld-servers.net [192.26.92.30] i.gtld-servers.net [192.36.144.133] b.gtld-servers.net [203.181.106.5] d.gtld-servers.net [192.31.80.30] l.gtld-servers.net [192.41.162.30] f.gtld-servers.net [192.35.51.30] j.gtld-servers.net [210.132.100.101] k.gtld-servers.net [213.177.194.5] e.gtld-servers.net [192.12.94.30] m.gtld-servers.net [202.153.114.101] Cache response TLD Server Is name in cache? No Am I authoritative? Delegation: microsoft.com. = dns2.cp.msft.net [207.46.138.21] dns1.cp.msft.net [207.46.138.20] dns1.tk.msft.net [207.46.232.37] dns2.tk.msft.net [207.46.232.38] dns3.uk.msft.net [213.199.144.151] dns4.uk.msft.net [213.199.144.152] dns3.jp.msft.net [207.46.72.123] dns4.jp.msft.net [207.46.72.124] dns1.dc.msft.net [207.68.128.151] dns2.dc.msft.net [207.68.128.152] dns1.sj.msft.net [207.46.97.11] I don’t know. Ask: dns2.cp.msft.net [207.46.138.21] dns1.cp.msft.net [207.46.138.20] dns1.tk.msft.net [207.46.232.37] dns2.tk.msft.net [207.46.232.38] dns3.uk.msft.net [213.199.144.151] dns4.uk.msft.net [213.199.144.152] dns3.jp.msft.net [207.46.72.123] dns4.jp.msft.net [207.46.72.124] dns1.dc.msft.net [207.68.128.151] dns2.dc.msft.net [207.68.128.152] dns1.sj.msft.net [207.46.97.11] microsoft.com DNS Servers Is name in cache? No Am I authoritative? Yes server1.microsoft.com=192.168.7.99 Cache response http/tcp session- 192.168.7.99 192.168.7.99 10.1.1.1 Root Server TLD Server microsoft.com DNS Servers 192.168.7.99 http://server1.microsoft.com server1.microsoft.com=192.168.7.99 http/tcp session- 192.168.7.99 Recursive Query: server1.microsoft.com.
- 9. DNS - Popular Record Types • Address Records / Host (A or AAAA) • points names to IPv4 (A) or IPv6 (AAAA) addresses • ex. www.evision.hr is at 141.138.14.171 • Canonical Name / Alias (CNAME) • points one name to another • intranet.evision.hr is an alias for www.evision.hr • Mail Exchanger Records (MX) • points email to an inbound email server • mail.evision.hr handles mail for evision.hr • Pointer Records (PTR) • points address to name • 141.138.14.171 is the address for www.evision.hr
- 10. HTTP - Hypertext Transfer Protocol • Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. Source: http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol Client request Server response
- 11. TLS/SSL - Transport Layer Security/Secure Sockets Layer • Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which are designed to provide communication security over the Internet. • X.509 certificates and asymmetric cryptography are used verify counterparty to exchange a symmetric key. • Symmetric session key is used to encrypt data between the parties. • Certificate authorities and a public key infrastructure are needed to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates Source: http://en.wikipedia.org/wiki/Transport_Layer_Security
- 12. CA & PKI - Certificate Authority and Public Key Infrastructure • Certificate authority or certification authority (CA), is an entity that issues digital certificates. • Digital certificate certifies the ownership of a public key by the named subject of the certificate. • CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. • Commercial CA issues certificates automatically trusted by most web browsers – VeriSign, GeoTrust, Thawte Digital Certificates, Entrust.net,… • Internal CA issues certificates trusted only on managed devices - manually or through policy deployed root CA certificates as trusted • A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates Source: http://en.wikipedia.org/wiki/Certificate_authority and http://en.wikipedia.org/wiki/Public_key_infrastructure
- 13. SMTP – Simple Mail Transfer Protocols • Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks • SMTP uses TCP port 25. SMTP connections secured by SSL are known by SMTPS on TCP port 465 • Electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages • User-level client mail applications to access their mail box accounts on a mail server usually use some of this: • SMTP for sending, Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP) for retrieving • Exchange ActiveSync or Exchange Messaging Application Programming Interface (MAPI) Source: http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
- 14. LDAP - Lightweight Directory Access Protocol • The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. • Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. • A common usage of LDAP is to provide a "single sign-on" where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet). Source: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
- 15. AD – Active Directory • Microsoft implementation of directory services • Provides a centralized location to store information in a distributed environment about networked devices and services and the people who use them. • Implements the services that make this information available to users, computers, and applications. • Acts both as a database storage system (directory store) and a set of services that provide the means to securely add, modify, delete, and locate data in the directory store • Lightweight Access Directory Protocol (LDAP) is the primary access protocol for Active Directory.
- 16. Some Active Directory Terminology • Forest – A collection of one or more trees of domains, organized as peers and connected by two-way transitive trusts. The forest holds one or more trees. • Trees - A tree holds one or more Domain and domain trees, linked in a hierarchy. • Domains – A directory-based container object containing a hierarchical structure of other containers and objects. Domains can be joined into trees of domains • Domain Controllers – Stores a physical Copy of the Active Directory Database and runs logon services • Kerberos - authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
- 17. HA & DR – High Availability and Disaster Recovery High Availability is for: Disaster Recovery is for: Photo licensed with Creative Commons, used from: http://www.flickr.com/photos/melancon/280076809/ Photo licensed with Creative Commons, used from: http://www.flickr.com/photos/meltedplastic/2854777253/
- 18. HA & DR – High Availability and Disaster Recovery High Availability is for: • Clustering • Synchronous Mirroring • Replication • AlwaysOn Availability Groups in SQL 2012 Disaster Recovery is for: • Replication • Asynchronous Mirroring • Log Shipping • SAN Replication • Virtualization Replication • Geo-distributed clustering in SQL 2012 • AlwaysOn Availability Groups in SQL 2012 Photo licensed with Creative Commons, used from: http://www.flickr.com/photos/melancon/280076809/ Photo licensed with Creative Commons, used from: http://www.flickr.com/photos/meltedplastic/2854777253/
- 19. HA: Clustering
- 21. HA & DR: Replication
- 23. DR: Log Shipping
- 26. HA & DR: AlwaysOn Availability Groups
- 27. NLB – Network Load Balancing • Load balancing is a technique to spread work between many computers, processes, disks or other resources in order to get optimal resource utilization and decrease computing time. • A load balancer can be used to increase the capacity of a server farm beyond that of a single server. • It can also allow the service to continue even in the face of server down time due to server failure or server maintenance. • A load balancer consists of a virtual server which, in turn, consists of an IP address and port. • Virtual server is bound to a number of physical services running on the physical servers in a server farm. • A client sends a request to the virtual server, which in turn selects a physical server in the server farm and directs this request to the selected physical server.
- 29. thank you. SHAREPOINT AND PROJECT CONFERENCE ADRIATICS 2013 ZAGREB, NOVEMBER 27-28 2013
Editor's Notes
- #2: This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic building blocks of SharePoint infrastructure – things like DNS, load balancing, AD, high availability and disaster recovery, backup options, database options, and some of the core components of Windows in an understandable way so you can speak the lingo and seem really smart!
- #20: Identical (or nearly)hardware requiredMust be geographically next to each other right nowOnly one disk – so when data is deleted, it’s deleted instantlyPay attention to hardware compatibilityVirtual clusters may work, may notClustering + Mirroring = Hotness
- #21: Two separate servers, with two independent sets of disksTransactions are committed at both servers before the result is returned to the clientMachines must be very close to each other, like in the same stateFailovers are done at the individual database levelDoesn’t include anything that’s not inside the database, like logins and jobsBe wary of accidental failoversBe wary of single-db failoversBe wary of index maintenance jobsMonitor performance closely
- #22: Can use 2-way replication or p2p replication to get high availabilityCan be DR since you can have replication partners far apartLot more work and management involvedNot a set-it-and-forget it solutionBe wary of schema changesNot all 3rd party apps support itCan be bandwidth-intensiveCan fall behindNeed a good monitoring solution
- #23: Same as our synchronous mirroring slide, but the servers can be a long way from each other
- #24: Still need regular backup strategyRun one server “behind” for restoresCompressed backups reduce storage and bandwidth problemsMonitor what’s happening
- #25: It’s complicated.It’s expensive.It requires full time dedicated management staff.Learn it once, and it works for all of your applications AND all of your OS’s.
- #26: Picture is from NetApp, but the same concept applies across multiple vendorsOnly works for virtualized gear