Planning and deploying_share_point_farm_in_azure_gabsg_2016

Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/ 1

Planning and Deploying your SharePoint farm in Azure

Thuan Nguyen Office Servers & Services MVP

@nnthuan


Event Sponsors


Participate with us and stand a chance to win prizes!Survey:

http://j.mp/abcsg-2016 Tweet Tag: #GlobalAzure #GABSG

http://j.mp/abcsg-2016

http://j.mp/abcsg-2016


About me Office Servers & Services MVP Solution Architect at FPT Software

helping customers effectively build digital workplace solution with Microsoft products and technologies.

Email: [email protected] Blog: http://thuansoldier.net LinkedIn:

https://sg.linkedin.com/in/thuansoldier

http://thuansoldier.net/


Why Azure for SharePoint Farm Deployment


Cloud ModelOn Premises

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

You

man

age

Infrastructure(as a Service)

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

Managed by M

icrosoft

You

man

age

Platform(as a Service)

Managed by M

icrosoft

You

man

age

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data

Software(as a Service)

Managed by M

icrosoft

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data


SharePoint Cloud Continuum

(Credit: MCS)


Benefit of Azure for SharePoint Deployment Support for key server

applications and workloads Easy storage manageability High availability features Advanced networking Integration with compute PaaS Easy Application Migration


Deployment Scenarios Development and test/POC environments Disaster recovery of on-premises SharePoint farms to

Azure Internet-facing sites that use features and scale not

available in Office 365 App farms to support Office 365 or on-premises

environments SharePoint Intranet hosted in Azure (consider the cost)


Development and Test Environment Quickly create a SharePoint farm with a few

steps by Azure offerings. Turn off every time you are not using to save

cost.

(Azure Portal > New > Virtual Machine)


DR of SharePoint On-premises Cost saving with Azure hosted secondary datacenter

instead of on-premises datacenter. Maintain and pay for resources you use in Azure with

scaling demand.


SharePoint Internet facing site in Azure SharePoint Internet facing deployment in an on-

premises environment requires huge investment in infrastructure.

Microsoft deprecated Public Website features in Office 365/SharePoint Online in January 2015.

External collaboration with Azure AD.

(Three-zone design — separation of internal and customer accounts)


Support Office 365/SharePoint On-premises Connect with Azure-hosted app in

which data is stored in Azure Storage. Leverage Azure Media Services for

digital asset management in SharePoint On-premises.

Connect to other Azure services (Mobile services, Azure AD…etc.)

(One of the SharePoint App Model)


Planning for SharePoint Farm in Azure

Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/

Key areas to SharePoint Farm in Azure Farm Topology Identity Management Business Continuity Performance & Capacity Maintenance & Operation Pricing


Azure Concepts for Farm Topology Planning

Regional Virtual Network

Resource Group

Virtual Network

Avai

labi

lity

Set

Subn

et

Virtu

al

Mac

hine Site Connectivity

Azur

e Se

rvice

s

Stor

age


Resource Group Azure Cloud Service is replaced by

Resource Group in Azure IaaS v2. Resource Group must be created

before you can create virtual network or other resources (e.g. virtual machine…).

The big advantage of Resource Group is that it simplifies the declarative template deployment.

Not to be confused with Regional VNET (aka Affinity Groups), which is keeping virtual resources close proximity.


Virtual Network Determine if you are going to host your SharePoint farm fully in

Azure. If connecting to on-premises infrastructure (e.g. for Office Web App

deployment), site-to-site is required. Use reserved IP to maintain IP address in case your VM is restarted

(e.g. facing LB, ADDS & DNS…) Plan for security with different subnet.


Virtual Machine Azure organizes VM sizes into machine series—A-series, D-series,

DS-series, and G-series. (http://bit.ly/azurevmsize) Only a part of A-series is available to the Basic tier. All series are

available for the Standard tier. Each VM has maximum number of data disks and IOPS. Azure Premium Storage supports VM disks that can be attached to

DS, DSv2 or GS series Azure VMs. Scale out VM rather than scale up.


Storage There are two types of Azure storage accounts: Standard and

Premium. A standard storage account has a maximum total request rate of

20,000 IOPS. Each disk is supported up to 500 IOPS. Only use Premium Storage if you need to high performance and

low latency. Each disk is supported up to 500 IOPS. You can stripe disk to

achieve higher IOPS. E.g. Farm with many content databases. A content

database is recommended to have 0.5 IOPS/GB. Storage account and virtual machines are supposed to be in the

same region. Do not use the temporary disk (D:\) (including for TempDB) Use SQL file groups across multiple disks instead of disk striping


Virtual Machine PlanningTier Size CPU

CoresMemory Max.

DiskMax. IOPS

Web A5 2 14 GB 4 4 x 500App A6 4 28 GB 8 8 x 500

A5 2 14 GB 4 4 x 500Search A6 4 28 GB 8 8 x 500

A4 (*) 8 14 GB 16 16 x 500Distributed Cache

A5 2 14 GB 4 4 x 500

Database A4 (*) 8 14 GB 16 16 x 500DS4 (**) 8 28 GB 16 25,600

(*) For Index with large repository(**) Farm with 20-40 TB requires high IOPS.


Identity Management What is the primary identity provider of your SharePoint farm?

On-premises Active Directory (most common) Azure-hosted Active Directory Azure Active Directory Domain Services

Is there a requirement of federation trust? SharePoint users from On-premises Active Directory having

access to fully Azure-hosted SharePoint farm. Office 365 users Partner authentication in extranet collaboration scenario.


Azure AD vs On-premises AD

Azure AD On-premises ADDesigned to protect cloud-based resources. It is a multitenant system that works over the Internet.

Built to secure on-premises resources and works within local networks of a single enterprise

Uses Internet-oriented protocols, such as SAML 2.0, ws-Federation, OpenID Connect, and RESTful Graph API

Uses protocols such as Kerberos and Lightweight Directory Access Protocol (LDAP)

Provides features such as Azure Access Panel and RESTful interfaces.

Supports constructs such as forests, domains, and organization units

Provide authentication & authorization services. Simplify management of directory objects (e.g. user & group) Provide Single sign on experience


On-premises Active Directory Connect On-premises Active Directory to SharePoint Farm in Azure. Site-to-site VPN is required. ExpressRoute provides private connections between your on-

premises datacenters and Azure datacenters


Azure-hosted Active Directory Everything is hosted in Azure including Active Directory Domain

Controller server. This is commonly for public-facing SharePoint deployment.

The installation and setup is fairly similar to the on-premises one. Azure-hosted Active Directory is like the virtualization of Active

DirectoryTo configure On-premises Azure Virtual NetworkIP address for the domain controller

Assign static IP address on the network adapter properties

Run the Set-AzureStaticVNetIP cmdlet to assign a static IP address

DNS client resolver

Set Preferred and Alternate DNS server address on the network adapter properties of domain members

Set DNS server address on the virtual network properties

Active Directory database storage

Optionally change the default storage location from C:

You need to change default storage location from C:


Federation Scenario Azure AD Sync (without SSO) AD Federation Service Azure Access Control Service

(Credit: Kirk Evans, MSFT Architect - Azure CoE)


Recommendation of AD VM in Azure Small virtual machine (Standard_A2 or Standard_A3). Windows Server 2012 R2 is recommended. Install and configure DNS server with reserved IP addresses. Place the Active Directory database, logs, and SYSVOL on additional

Azure data disks. Do not place these on the operating system disk (C drive) or the temporary disks (D drive) provided by Azure.


Business Continuity

ScalabilityAvailabilityFault Tolerance

Availability, Scalability, and fault tolerance are key requirements of any business continuity and disaster recovery plan.

To have availability, you need scalability to handle the workload as the needs of the workload increase.

You need fault tolerance to overcome any issues that might arise.

Microsoft Azure


HA for SharePoint Farm in Azure Availability Set SQL Server

AlwaysOn Availability Group AlwaysOn Failover Cluster Instances

Azure Load Balancer


Availability Set An availability set helps

keep your virtual machines available during downtime, such as during maintenance. Fault Domain Update Domain

Create availability set for tier and role (Web, App, Db, Search…)


SQL Server HA in Azure AlwaysOn Availability Groups is fully supported in Azure. AlwaysOn Failover Cluster Instances (FCI) with Azure File store is not

supported currently. An FCI on a two-node WSFC running in Azure VMs with storage

supported by SIOS DataKeeper. An FCI on a two-node WSFC running in Azure VMs with remote iSCSI

Target shared block storage via ExpressRoute. For example, NetApp Private Storage (NPS) exposes an iSCSI target via ExpressRoute with Equinix to Azure VMs.

Leverage WS 2012 SMB could work. Microsoft does not provide warranty of 3rd party with FCI.


Azure Load Balancer Azure Load Balancer distributes

incoming traffic among healthy service instances in cloud services or virtual machines defined in a load-balancer set.

There are several LB virtual machines in Azure Market Place (Kemp, Shaka…etc)

Internal LB can be used to set up in cross-network environment


DR for SharePoint Farm in AzureSQL Server

AlwaysOn Availability Group Database Mirroring Backup and Restore with Azure Blob Storage Service

Azure Backup When you create a recovery vault for Backup, use a different

region than that of the servers and services you will be backing up.

StorSimple is more like a SAN solution that offers seemingly endless capacity by scaling-out to Azure for data that is not regularly accessed.


Performance & Capacity For network performance with site-to-site, look at

ExpressRoute. With storage, plan for capacity with your designated

VM. Don’t just use Premium Storage for high performance,

calculate IOPS required first. If you need more throughput you can stripe data disk. With SQL Server VM specifically in Azure IaaS, refer to

this article http://bit.ly/sqlsazureperf


Maintenance & Operation VM Monitoring

Diagnostic Alert Rule

PowerShell Azure Status

(https://azure.microsoft.com/en-us/status)


Pricing Virtual Machine Storage Bandwidth IP Address VPN Gateway ExpressRoute AzureDNS Backup Site Recovery Azure AD StorSimple


Sample


Deploying SharePoint Farm in Azure


Quick Deployment of SharePoint Farm The fastest way to deploy a SharePoint farm for pilot

testing/evaluation.


Azure Resource Manager Template Create a template with declarative

representation of the solution to create a resource group that contains all of the resources you need for SharePoint Farm.

The template consists of JSON and expressions which you can use to construct values for your deployment.

Use Azure Visualize to design your template http://armviz.io/

Search template in https://azure.microsoft.com/en-us/documentation/templates/

http://armviz.io/

https://azure.microsoft.com/en-us/documentation/templates/

https://azure.microsoft.com/en-us/documentation/templates/


Manual Deployment Create Resource Group Create Virtual Network Create Storage Account Create Availability Set Create Virtual Machine Install and Configure Active Directory Install and Configure SQL Server Install and Configure SharePoint Server Advanced Configuration for HA, LB or so on


Deployment Consideration


Unsupported Windows Azure Virtual Machines load balancing mechanism does

not support Sticky Sessions currently. Problem with FBA/SAML Auth in SharePoint 2010. SharePoint

2013 is fine. AlwaysOn Failover Cluster Instances are not supported in Azure

IaaS itself. Wide Area Network (WAN) deployment is still not supported in

Azure across regions. Metalogix Replicator could be an alternative.

Office Web App Server is not supported in Azure IaaS due to licensing model.

SharePoint and Azure SQL is still not possible.


Q & A


References High availability and disaster recovery for SQL Server in Azure

Virtual Machines http://bit.ly/hadrsqlsazure Planning for SharePoint 2013 on Azure Infrastructure Services

http://bit.ly/sponazure Internet Sites in Microsoft Azure using SharePoint Server 2013

http://bit.ly/spinternetazure Understanding Windows Azure Storage Billing – Bandwidth,

Transactions, and Capacity http://bit.ly/azurestoragepricing Azure subscription and service limits, quotas, and constraints

http://bit.ly/azurelimit Microsoft Azure Cost Estimator Tool

http://bit.ly/azurecostestimator

http://bit.ly/hadrsqlsazure

http://bit.ly/sponazure

http://bit.ly/spinternetazure

http://bit.ly/azurestoragepricing

http://bit.ly/azurelimit

http://bit.ly/azurecostestimator


Thank You