Transcript
Page 1: Best Practice SharePoint Architecture

Best Practice SharePoint Farm Architecture

Michael NoelConvergent Computing

Twitter: @MichaelTNoel

Page 2: Best Practice SharePoint Architecture

• Farm Architecture• Virtualised Farm Architecture• High Availability Design• Logical Architecture• Hardware and Software• SharePoint Installation• Kerberos Authentication

Session Agenda

Page 3: Best Practice SharePoint Architecture

Farm Architecture

Best Practice SharePoint Designs

Page 4: Best Practice SharePoint Architecture

• All Roles and SQL on one server

• Often seen in small farms• SQL contention with

SharePoint• Easy to deploy, but not best

practice• No ability for test environment• NOTE: Do not use SQL Express

in Production!

Farm ArchitectureAll-in-one Server

Page 5: Best Practice SharePoint Architecture

• Dedicated SQL Server• All SharePoint roles on

single box• Less Disk IO• Greater Performance• Still no test

environment…

Farm ArchitectureDedicated SQL Database Server

Page 6: Best Practice SharePoint Architecture

• 2 Web/Query/Application /Central Admin/Inbound Email Servers

• 1 Dedicated Index Server (With Web role to allow it to crawl content)

• 2 SQL Standard Edition Cluster Nodes (Active/Passive) – Mirror also option

• Smallest highly available farm

Farm ArchitectureSmallest Highly Available Farm

Page 7: Best Practice SharePoint Architecture

Scale up and Scale out…

Farm ArchitectureScalability

Page 8: Best Practice SharePoint Architecture

Virtualised Farm Architecture

Less Hardware, less cost…

Page 9: Best Practice SharePoint Architecture

Virtualised Farm ArchitectureEasy and Supported

• Microsoft Hyper-V (R2 recommended) or Vmware ESX supported (KB 897615)

• Great Windows Licensing Options (Ent = 4 licenses, Datacenter = unlimited)

• Allows for multiple farms, more servers• Less cost, more failover options (Live

Migration / Vmotion)• Do not overcommit resources!

Page 10: Best Practice SharePoint Architecture

Allows organisations that wouldn’t normally be able to have a test environment to run one

Allows for separation of the database role onto a dedicated server

Can be easily scaled out in the future

Virtualised Farm ArchitectureCost Effective Farm / No HA

Page 11: Best Practice SharePoint Architecture

High-Availability across Hosts

All components virtualised

Uses only two Windows Ent Edition Licenses

Virtualised Farm ArchitectureFully Redundant Farm with only Two Servers

Page 12: Best Practice SharePoint Architecture

Highest transaction servers are physical

Multiple farm support, with DBs for all farms on the SQL cluster

Only five physical servers total, but high performance

Virtualised Farm ArchitectureBest Practise, Highly Available and Scalable Farm

Page 13: Best Practice SharePoint Architecture

Virtualised Farm ArchitectureVirtualisation Scalability

Page 14: Best Practice SharePoint Architecture

High Availability Architecture

Network Load Balancing and SQL Database Mirroring

Page 15: Best Practice SharePoint Architecture

High Availability ArchitectureNetwork Load Balancing

• Hardware Based Load Balancing is Best– F5– Cisco Content Switch– Citrix Netscaler

• Windows Network Load Balancing Supported– Unicast – Use two NICs–Multicast – Requires Router Support

Page 16: Best Practice SharePoint Architecture

High Availability Architecture Network Load Balancing - Sample

– Web Role Servers• sp1.companyabc.com (10.0.0.101) – Web Role Server #1• sp2.companyabc.com (10.0.0.102) – Web Role Server #2

– Clustered VIPs shared between SP1 and SP2 (Create A records in DNS)• spnlb.companyabc.com (10.0.0.103) - Cluster• spca.companyabc.com (10.0.0.104) – SP Central Admin • ssp1.companyabc.com (10.0.0.105) – SSP• spsmtp.companyabc.com (10.0.0.106) – Inbound Email • home.companyabc.com (10.0.0.107) – Main SP Web App • mysite.companyabc.com (10.0.0.108) – My Sites

Page 17: Best Practice SharePoint Architecture

High Availability ArchitectureSQL Database Mirroring

• Available in SQL Server 2005/2008, both Standard and Enterprise Mirroring

• Keep a full copy of Database on another server

• Asynchronous (good for WAN scenarios, Enterprise edition only) or Synchronous

Page 18: Best Practice SharePoint Architecture

• Single Site• Synchronous

Replication• Uses a SQL Witness

Server to Failover Automatically

• Mirror all SharePoint DBs in the Farm

• Use a SQL Alias to switch to Mirror Instance

High Availability Architecture Database Mirroring – Single Site Option

Page 19: Best Practice SharePoint Architecture

• Two Sites• 1 ms Latency• 1GB

Bandwidth• Farm Servers

in each location

• Auto Failover

High Availability Architecture Database Mirroring – Cross Site HA Mirroring Option

Page 20: Best Practice SharePoint Architecture

• Two Sites• Two Farms

(one warm farm)

• Mirror only Content DBs

• Failover is Manual

• Must Reattach DBs

• Must re-index

High Availability Architecture Database Mirroring – Warm Farm Asynchronous Option

Page 21: Best Practice SharePoint Architecture

Logical Architecture

Do it right the first time…

Page 22: Best Practice SharePoint Architecture

Logical ArchitectureWeb Application Architecture

• Consider creating multiple Web Apps• Example:– spca.companyabc.com– ssp1.companyabc.com–mysite.companyabc.com–home.companyabc.com

• Flexible and scalable!

Page 23: Best Practice SharePoint Architecture

Logical ArchitectureDistribute by Default

• Distribute content across multiple Site Collections

• Distribute Site Collections Across Multiple DBs

• Multiple databases = more controlled DB growth

• Try to keep your Content DBs manageable in size (50-100GB)

Page 24: Best Practice SharePoint Architecture

Logical ArchitectureSample Logical Architecture

Page 25: Best Practice SharePoint Architecture

Hardware and Software

Determining the right tools for the job

Page 26: Best Practice SharePoint Architecture

Hardware and SoftwareDisk, Memory, and Processor

• SQL Databases Require large amounts of space!• Allocate Disk Space for Index and Query Servers as

well• Index corpus can grow to 5%-20% of total size of data

indexed• Database and Index Servers require most RAM (4GB,

8GB, or more)• Multi-core processors recommended

Page 27: Best Practice SharePoint Architecture

Hardware and SoftwareWindows Server Versions

• Windows Server 2008 R2 (or RTM) highly recommended!

• Critical that new servers run x64, required for SharePoint 2010

• SharePoint servers are fine with Standard edition of Windows, no extra gain for Enterprise

• SQL Servers may require Enterprise edition if using SQL Enterprise

Page 28: Best Practice SharePoint Architecture

Hardware and SoftwareSQL Server Versions

• SQL Server 2008 Recommended• 64 bit also highly recommended (required for

SharePoint 2010)• SQL Server 2005 still supported• SQL 2000 supported for Sharepoint 2007, but not for

2010, and not recommended• Separate SQL Reporting Services server may be

required for intensive reporting• Standard edition of SQL generally fine, except for

very large environments

Page 29: Best Practice SharePoint Architecture

SharePoint Installation

Getting the steps right

Page 30: Best Practice SharePoint Architecture

SharePoint InstallationService Accounts

• Never use a single service account!• Create the Following Accounts– SQL Admin Account– Installation Account– SharePoint Farm Admin– Search Admin– Default Content Access Account– Application Pool Identity Accounts

Page 31: Best Practice SharePoint Architecture

SharePoint InstallationInstallation Process

• Choose ‘Complete’ Installation

• Do not select ‘Stand-alone’ for a Production environment!

Page 32: Best Practice SharePoint Architecture

SharePoint InstallationInstallation Process

• Choose Index Location during Install

• Index location can be changed later, but more difficult

Page 33: Best Practice SharePoint Architecture

SharePoint InstallationCommand-line Installation of SharePoint

• Learn to install from Command-line• Only way to specify SPCA Database

Name• SETUP, PSCONFIG and STSADM• PSConfig is your friend!• Powershell is the future here…

Page 34: Best Practice SharePoint Architecture

SharePoint InstallationRunning the Config Wizard to Install Servers

• Consider PSConfig• Use Easy to remember port for

SPCA (i.e. 8888)• Better still, change SPCA to 443

later• Use Common Database Naming

Convention• Account running wizard needs

DBCreator and Security Admin rights on SQL Server

• Run the wizard on additional servers as necessary

Page 35: Best Practice SharePoint Architecture

SharePoint InstallationCreate a SQL and/or DNS Alias!

• Most flexible approach!• spsql.abc.com = sql1

Page 36: Best Practice SharePoint Architecture

Kerberos Authentication

Security, Security, Security

Page 37: Best Practice SharePoint Architecture

• Use Kerberos when creating Web Apps• Extra steps required, but worth it…

Kerberos AuthenticationEnable for Best Practise Security!

Page 38: Best Practice SharePoint Architecture

• Create Service Principle Names (SPNs)• Used for impersonation

Kerberos AuthenticationStep 1: Create SPNs for Web Apps

Page 39: Best Practice SharePoint Architecture

• Create SPNs for SQL• Syntax similar to following:– Setspn.exe -A MSSQLSvc/spsql:1433 COMPANYABC\SRV-

SQL-DB– Setspn.exe –A MSSQLSvc/spsql.companyabc.com:1433

COMPANYABC\SRV-SQL-DB

• MSSQLSvc = Default instance, if named instance, specify the name instead

• In this example, SRV-SQL-DB is the SQL Admin account

Kerberos AuthenticationStep 2: Create SPNs for SQL

Page 40: Best Practice SharePoint Architecture

• Use ADUC• SharePoint

Web Server Computer Accounts• App Pool

Identity Accounts

Kerberos AuthenticationStep 3: Allow App Pool accounts and SP Computers to Delegate

Page 41: Best Practice SharePoint Architecture

• Windows Server 2008 only• Modify the ApplicationHost.config file

<windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true">

Kerberos AuthenticationStep 4: Edit Applicationhost.config

Page 42: Best Practice SharePoint Architecture

• Enable Kerberos on the Web App (if not already turned on)– Go to Application Management – Authentication

Providers– Choose the appropriate Web Application– Click on the link for ‘Default’ under Zone– Change to Integrated Windows Authentication -

Kerberos (Negotiate)• Run iisreset /noforce from the command

prompt

Kerberos AuthenticationStep 5: Enable Kerberos on Web App

Page 43: Best Practice SharePoint Architecture

Key Takeaways

• Highly consider Virtualization for SharePoint• Create a test farm!• Consider Database Mirroring and/or NLB for

SharePoint HA• Deploy the ‘five server farm’ for full High

Availability• Plan today for SharePoint 2010 (more on this in

the next session!)• Enable Kerberos Authentication

Page 44: Best Practice SharePoint Architecture

• Speaker Books• (http://www.samspublishing.com)• SharePoint Database Mirroring Whitepaper• (http://tinyurl.com/mirrorsp)• Database Mirroring Failover Case Study• (http://tinyurl.com/mirrorspcs) • Microsoft ‘Virtualizing SharePoint Infrastructure’ Whitepaper (

http://tinyurl.com/virtualsp) • SharePoint Log Shipping Whitepaper• (http://tinyurl.com/logshipsp)

For More Information

Page 45: Best Practice SharePoint Architecture

Thanks for having me in Pune!

Questions?

Michael NoelTwitter: @MichaelTNoel

www.cco.com