Spring 2007 SharePoint Connections Oleson Advanced Administration and Planning by Joel Oleson

HMS310: Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007: Planning and Deployment - Advanced Topics Joel Oleson Microsoft Corp [email_address] http://blogs.msdn.com/joelo

Part 1 - Basic Deployment Catch up – MOSS 2007 the New World Farm Topologies and SSP Database Architecture Administration Models Part 2 - Advanced Deployment Multi Farm Topologies Content & Solution Deployment Extranets – Firewall Rules Caching

Hope you brought Your hard hat!

Global Deployments Centralized: Energizer Regional: MS IT Distributed: Gates Capacity Planning High Availability/Disaster Recovery Multi Farm Topologies Content & Solution Deployment Extranets – Firewall Rules

SharePoint Deployment Management Models

Central Deployment Partner Solution: WAN Acceleration REDMOND WAN Accelerator Datacenter All Services in one Central Farm Central Search Central Directory WAN Accelerator remote office BEIJING 10s-100s of Local WAN Accelerators ~5x - 1 st Request ~43x - 2 nd Request

Regional Deployment Optimized Network Bandwidth/Latency REDMOND DUBLIN SINGAPORE Regional Scope Services Local Office Server Farms (Intranet only) Local SSP Farm Centrally Managed from Redmond Enterprise Scope Services Local Office Server Farms (Intranet and Extranet) Local SSP Farm Centrally Managed from Redmond Regional Scope Services Local Office Server Farms (Intranet and Extranet) Local SSP Farm Centrally Managed from Redmond

Distributed Deployment Branch Office WSS/MOSS deployments Denver HQ Central Portal MOSS farm for Enterprise Search Branch Office WSS Deployments (single server) BANGALORE Disconnected or Bandwidth Constrained

Deployment & Capacity Planning

Setup Basic versus Advanced (farm = advanced) WFE versus “Complete” Scripting setup Setup.exe – put binaries on computer (requires config.xml) PSConfig.exe – enable SharePoint services STSAdm.exe – configure SharePoint services and create shared services and sites Role: Dedicated front-end Web server for indexing adds Host file entries Central Admin will push IIS config, Cert & Dedicated IP can be lost if WSS Web Admin Service is cycled (role changes)

Capacity Planning Framework – Suggested Limits Object Scope Guideline Site collections Database 50,000 Sites Site collection 250,000 (sub) Sites Web site 2,000 Lists Web site 2,000 Items List 5 M Documents Doc Library 5 M Documents Folder/Indexed View 2,000 Document size File 2 GB Indexed Documents (MOSS) SSP 50 M # Profiles (MOSS) SSP 5 M

Highly available Users: 100,000s of users Host: 100,000+ Site Collections Store: 1,000,000s of documents Index: 1,000,000s of documents Server type RAM HDD CPU Front end servers 4 GB 200 GB 2 x 2.8 Ghz x64 Index server 4 GB 200 GB 2 x 2.8 Ghz x64 SQL Server computer 4 GB 1 TB 4 x 2.8 Ghz, dual core, x64 Web front end + Query + Excel Calc Index Clustered SQL server

High Availability & Disaster Recovery

Backup & Disaster Recovery Options Summary 2 Stage Recycle Bin Versioning Web Delete Event Snapshots Third Party Tools Content Recovery Disaster Recovery STSADM backup/restore SQL backups 3 rd party tools Log-Shipping Remote Snapshots High Availability Log-Shipping SQL Clustering Database Mirroring (coming soon) Which combination of tools is right for you?

Backup and Restore methods 2-Stage Recycle Bin for documents and lists Site-level backup/restore via STSADM Integrated backup/restore UI for web application and farm VSS writer for farm backup SQL Server backup/restore Mirror/failover farm Replicate primary farm on secondary system SQL log shipping transfers content DB data Must manually replicate configuration changes On disaster, router switches traffic in minutes More detail in Disaster Recovery presentation

Browser clients only Search crawler must use Windows Office client interaction degraded One authentication type per web application Forms over Windows accounts Forms user not same as Windows user

Central enforced permissions for all sites in the web application GRANT and DENY Bound to web application/zone Scenarios Full read – search crawling accounts, auditors, legal compliance Deny all – security control, regulatory compliance Deny write – extranet lockdown

Security Considerations Configure Firewall Rules lock down to most restrictive w/ acceptable level of usability (i.e. outbound HTTP) Secure client communication with trusted SSL certificates (128bit HTTPS) IP Sec (Secure communication between servers and DCs) *Careful with NLB and clients (MAC/Unix) Enable Kerberos Authentication (Intranet) *Careful with NLB SQL SSL encrypted Traffic + Non Standard Port Configure Central Admin on App DMZ servers Restrict IP Traffic on Central Admin and SSP App Pools (IIS) Configure Deny Policies (Not Auth Users) on Content/Admin Web Apps for Applicable Groups/Domains Configure ISA Secure Publishing (or reverse hosting) better than Router ACLs (Rejects Invalid Requests and Verbs) Configure at least 1 DMZ aka 2+ Firewalls/Interfaces between corp and publicly addressable Intranet

Intranet, Extranet, Internet 2 Farms, 3 SSPs TechNet: Plan Logical Architecture

Architecture Considerations Why more than 1 Farm? Application/Customization SLAs, Licensing (Internet vs. Intranet CAL), Isolation (No Scale) Why more than 1 SSP? Isolation and Service Needs Why more than 1 App Pool? Security Isolation, Memory and CPU isolation, Auth requirements Why more than 1 Site Collection? Separation/delegation of ownership, quotas, ability to split across databases Why keep them together? Global Navigation, Inheritance of style/Master page, Security inheritance, Query web parts, Site Collection policy and content types enforcements

Database Considerations Config contains list of all site collections, web apps, web parts, solutions (Most critical db in farm from availability view) Content database contains all blobs, sites webs, etc… (Most content (consider RAID 5) Search & SSP Dbs Optimize… High Disk I/O contains configuration & search property store (index/query contain index on disk)

Secure Web Publishing with ISA Integrated Security Efficient Management Fast, Secure Access Exchange Intranet Web Server SharePoint Active Directory External Web Server Administrator User ISA 2006 DMZ Internal Network Internet HEAD QUARTERS NEW Smartcards & one-time password support NEW Customized logon forms for most devices & apps NEW LDAP authentication for Active Directory NEW Web publishing load balancing NEW Authentication delegation (NTLM, Kerberos) NEW Improved idle-based time-outs for session mgmt NEW Exchange & SharePoint publishing tools NEW Enhanced certificate administration NEW Single sign-on for multiple resource access NEW Automatic translation of embedded internal links

Solution Deployment Deploy the Solution package to the farm Retract the Solutions package When a new web server is added, automatically deploy the solution to it Deploy new versions of the Solution Solution - A CAB file containing Manifest.xml file All the files for the Features, Web Parts, Site or list def changes, etc... that make up your solution

Solution Deployment Demo Chris Johnson on Solution Deployment

Protocols All protocols are HTTP-based HTTP/S: Browser sessions SOAP: Editing from Office Applications, Web Services & Indexing RSS: All lists can be viewed this way FP-RPC: SharePoint Designer, Usage Web-DAV: Explorer View, Web Client Access XMLHTTP - Forms

Alternate Access Mappings - “Zones” Namespaces used to access a single set of content, e.g. http://office https://office.microsoft.com Default Zone for Alerts URLs and Search results Authorization == what can you do Authentication == confirm who you are ASP.Net model for pluggable Authentication Understand - “Enable Client Integration” Matches Office client’s behavior for some FBA providers

What Do SharePoint Server and Donald Trump Have in Common? Courtesy Si.com

Cache! TechNet: (Cache Settings) Additional performance and capacity factors

Cache Config Levels Web App – Disk based caching in web.config Site collection – Configure Output cache and Blob Cache settings Site – output and blob cache settings Page layout – Output cache Web Part – settings in dwp code Query – i.e. RSS Feed cache page is 5 min by default, cross list query

Cache Recommendations Cache is but…. Setting memory based caching can waste valuable memory (ASP.NET may flush cache to make room!) Never cache search results – disable search results layout page cache Never cache personalized web parts

Deployment Flexible Streamlined deployment and admin sense of place Capacity Planning Solution and Content Deployment Cache Call to Action! Keep up to date with TechNet and MSDN and READ/Subscribe to our blogs: http://blogs.msdn.com/joelo

For ITPros: (RTM Exam) 70-631 - Windows SharePoint Services 3.0 - Configuring 70-630 - Office SharePoint Server 2007 - Configuring For Developers: (Beta Exam) 70-541 - Microsoft Windows SharePoint Services 3.0 - Application Development 70-542 - Microsoft Office SharePoint Server 2007 - Application Development DON'T DELAY – TAKE 'EM TODAY!!! Be one of the first to pass the NEW MCTS Exams!!!

Resources Technical Chats and Webcasts http://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx MSDN & TechNet http://microsoft.com/msdn http://microsoft.com/technet Virtual Labs http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx Newsgroups http://communities2.microsoft.com/ communities/newsgroups/en-us/default.aspx Technical Community Sites http://www.microsoft.com/communities/default.mspx User Groups http://www.microsoft.com/communities/usergroups/default.mspx

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Your Feedback is Important Please fill out a session evaluation form and either put them in the basket near the exit or drop them off at the conference registration desk. Thank you!

Slide Title Please use this template for your slides Please DO NOT change the format of this template Please DO NOT use special formatting such as shadowing for code, or shadows behind boxes, etc. Your slides are due February 26, 2007 Please send completed slides to materials@devconnections.com Filename for slides should be: lastname_conference_sessionnum_sessiontitle.ppt Please zip all files before sending them. Include sample code for the attendee disk in a subfolder.

Spring 2007 SharePoint Connections Oleson Advanced Administration and Planning by Joel Oleson

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Spring 2007 SharePoint Connections Oleson Advanced Administration and Planning by Joel Oleson (20)

More from Joel Oleson (20)

Recently uploaded (20)

Spring 2007 SharePoint Connections Oleson Advanced Administration and Planning by Joel Oleson

Editor's Notes