Have you ever wondered how to install SharePoint 2013 properly using PowerShell so as to avoid those random numbers that show up in your service application databases that end up showing up when you use the Configuration Wizard? Would you prefer to not just be a Principal Button Clicker that clicks "Next, Next, Next, Next, Next" to install SharePoint? Do you want to learn how to do things "the right way?"
Attend this full-day workshop and let Dan and Scott walk through step by step setting up SharePoint 2013 using PowerShell in a multi-server farm environment. This session will include:
•Installing SharePoint Prerequisites using a configuration file and pre-downloaded components
•Configuring the SharePoint platform using PowerShell
•Creating and Configuring Service Applications with wholly named databases
•Configuring Integrated Windows Authentication using Kerberos
•Provision and Configure the User Profile Service
•Setting yourself up for auto provisioning Apps
•Configuring Resource Management and Distributed Caching Services through PowerShell
•And quite a bit more...
2. Who are we?
Scott Hoag
@ciphertxt
Applied Information
Sciences
Infrastructure Consultant
scott.hoag@appliedis.co
m
Dan Usher
@binarybrewery
Booz Allen Hamilton
Incorporated
Lead Associate
usher_daniel@bah.com
5. Installation Types
Stand Alone
Complete
No Domain Controllers
4GB Database size limitation
No User Profile Synchronization
More overhead, fewer restrictions
Grow in to it…
Increased complexity
7. Andrew Connelll: Why I don’t do SharePoint 2010 development on Windows
Facebook Quotes
A Conversation
8. Andrew Connelll: Why I don’t do SharePoint 2010 development on Windows
Facebook Quotes
A Conversation
9. Primary Service Accounts
Account
Purpose
Requirements
SQL Server
Runs SQL Server
• Domain user account
• No rights in SharePoint
Setup Account
Installs the bits and performs initial
configuration
• Domain user account
• Member of Local Admins on each server
in the farm
• securityadmin and dbcreator on SQL
instance
Farm Account
Used for configuring and managing
the farm and runs primary services
(e.g. SPTimerV4)
• Domain account
• Additional rights are automatically
granted as part of installation (both server
and SQL)
10. Other Service Accounts
Account
Purpose
Requirements
MySites Application Worker process identity for MySites
Pool
• Domain user account
• Managed account
Content Application Worker process identity for Content
Pool
web applications
• Domain user account
• Managed account
Services
Application Pool
Worker process identity for Service
Application Pools
• Domain account
• Managed account
Search Service
Process
Process identity for SharePoint
Foundation (Help) search service and
SharePoint Search service
• Domain account
• Managed account
Search Service
Default Content
Access
Used to crawl content specified in
content sources
• Domain account
User Profile Import
Account
Account used to import (and
optionally export) user data from an
identity store
• Domain account
• Replicate Directory Changes in AD
11. Still More Service Accounts
Account
Purpose
Requirements
Object Cache Super Processes items in the object cache of
User
a web application
• Domain user account
• Managed account
• Full Control User Policy on target web
application(s)
Object Cache Super Processes items in the object cache of
Reader
a web application
• Domain user account
• Managed account
• Full Read User Policy on target web
application(s)
12. Managed Service Accounts
Server 2008 R2/Windows 7
Manage accounts for a single server/application at the domain level
Provide automatic password management from the computer
Simplified SPN management
Managed via PowerShell
Server 2012/Windows 8
Group Managed Service Accounts
gMSAs can be deployed to multiple servers/server farms
Account passwords are managed by domain controllers
Managed via the Service Control Manager and PowerShell
13. Service Applications
Service Application
Foundation Standar
d
Access Services
Business Data Connectivity Services
Enterprise Cross-farm
✔
✔
✔
✔
Excel Services Application
✔
Managed Metadata Service
✔
✔
✔
Performance Point Service Application
✔
✔
Search Service
✔
✔
✔
Secure Store Service
✔
✔
✔
State Service
✔
✔
✔
✔
✔
✔
Usage and Health Data Collection Service
✔
User Profile Service
Visio Graphics Service
✔
Web Analytics Service
✔
✔
Word Automation Services
✔
✔
✔
✔
Microsoft SharePoint Foundation Subscription Settings Service
✔
✔
✔
14. Installation Concepts
Slipstreaming
Integration of patches and services packs into the installation files of the original software
Allows for the direct installation of updated software
Offline Installations
Prerequisite Installer
Service Packs and Cumulative Updates
Wikipedia: Slipstream (computing)
15. SharePoint Infrastructure Preparation
Component
Minimum Requirement
Processor
64-bit, 4 cores
RAM
• 8 GB for Development or Evaluation with
minimum services
• 10 GB for Development or Evaluation with
minimum services and Visual Studio
• 24 GB for Development or Evaluation with all
available services
• 12 GB for Pilot, UAT, or Production with batched
services
Hard Disk
80 GB for system drive, additional space based on
logging requirements
http://technet.microsoft.com/en-us/library/cc262485(v=office.15).aspx#hwforwebserver
17. SharePoint Server Preparation
Windows Server 2008/2008R2 x64
All applicable security patches and service packs applied
HOSTS file redirection
Loopback reflection attacks
DisableStrictNameChecking
DisableLoopbackCheck
BackConnectionHostNames
User Account Control
Certificate Revocation List
SQL Aliasing
18. Other Server Preparation
SQL Server
Disable Auto-create statistics (for 2007 databases…)
Set Max Degree of Parallelism to 1
Database Growth Settings
Internet Information Services (IIS)
Disable the Default Web Site
Or leave it on as a catch all
Considering altering default file locations
23. Primary Service Applications
“Mandatory”
State Service
Usage and Health Service
“Recommended”
Managed Metadata Service Application
User Profile Service Application
Search Service
“Apps”
App Management Service Application
Microsoft SharePoint Foundation 2013 Site and Subscription Settings service
Secure Store Service
27. Cache service
There is a new distributed cache service in SharePoint
2013 based on Windows Server AppFabric Distributed
Caching
It is used in features like authentication token caching
and My Site social feeds
SharePoint 2013 uses caching features that cloud-based
cache (Windows Azure Cache) does not support at this
time, so only local cache hosts can be used
SharePoint ONLY supports the version of caching that it
ships – you cannot independently upgrade it.
28. Cache service
The config DB keeps track of which machines in the farm are
running the cache service
It is all provisioned by SharePoint setup
A new Windows service – the Distributed Cache service – is
installed on each server in the farm when SharePoint is
installed
29. Cache service
SharePoint installs and starts the Distributed Cache service
on each server in the farm
It is enabled by default on all servers in
the farm except for SQL
You can disable it on a server by using
the Services on Server admin page in
central admin, BUT – you should use
the PowerShell cmdlets
31. Request Management (RM)
The purpose of the Request Management feature is to give
SharePoint knowledge of and more control over incoming
requests
Having knowledge over the nature of incoming requests – for
example, the user agent, requested URL, or source IP –
allows SharePoint to customize the response to each request
RM is applied per web app, just like throttling is done in
SharePoint 2010
RM is turned off by default
Mainly for host-named site collection scenarios
32. RM – Goals
RM can route to WFEs with better health, keeping low-health
WFEs alive
RM can identify harmful requests and deny them immediately
RM can prioritize requests by throttling lower-priority ones (bots)
to serve higher-priority ones (end-users)
RM can send all requests of specific type, like search for
example, to specific machines
Isolated traffic can help troubleshoot errors on one machine
RM can send heavy requests to more powerful WFEs
34. RM routing and pools
Routing rules route requests and are associated with MachinePools
MachinePools contain servers
Servers use weights for routing – static weights and health weights
Static weights are constant for WFEs; health weights change dynamically
based on health scores
Static Weight = 1
Health Weight = 4
Static Weight = 1
Health Weight = 4
Routing Rule #1
Routing Rule #2
…
Routing Rule #n
35. Routing rules and execution groups
Routing Rule #4
Routing Rule #1
Routing Rule #2
Routing Rule #5
Execution Group 1
Match!
X
Routing Rule #6
Routing Rule #3
Execution Group 0
No Match
Routing Rule #7
Execution Group 2
Not Evaluated
36. RM Routing Rules (cont.)
There are some important caveats to remember
about routing rules
If no rules are matched, then the request will get routed to any available routing target
If you want to route everything to a subset of machines, make a rule with no criteria
and specify the subset of machines you want to routed to
37. RM – Why Not Throttling?
SharePoint 2010 has throttling but there is room for
improvement
Uses a health score system in which WFEs attach
their health info to all responses
The drawbacks from this approach were:
It was the clients’ responsibility to honor the health scores
It did not preclude WFE failure
Clients could be shown server busy messages from a poor-health WFE when other
better-health WFEs were available
38. RM throttling rules
Routing rules process requests; throttling rules stop requests
It’s much like throttling in SharePoint 2010, only more
sophisticated
You create criteria for the throttling rule, and if the criteria is
met the request is throttled
The process and PowerShell for creating throttling rules is
very similar to routing rules
39. Criteria you can use for routing and throttling
Rules can match on these
properties:
You can evaluate values
using these methods:
Url
UrlReferrer
UserAgent
Host
IP
HttpMethod
SoapAction
CustomHeader
StartsWith
EndsWith
Equals
RegEx
40. RM Scenario – Heavy Client
You have a heavy load on the system with many browser
Application
requests. Notebook sync requests start coming in from
OneNote. The OneNote requests start adversely affecting the
browser requests so a throttling rule is added to deny OneNote
requests:
Rule: Deny requests with UserAgent of regex = “.*Microsoft Office OneNote 2010*”
Based on this rule RM denies OneNote requests. When system
load dies down, the admin can remove the throttling rule
Other Options:
Rule could use an expiration to automatically deactivate the rule at a certain time
Rule could use a health score threshold to activate
41. RM Scenario – Health Based Routing
A series of requests come in; one WFE is in poor health, while
two others are in good health. RM evaluates the following:
Health information: { [WFE1, sick], [WFE2, healthy], [WFE3, healthy] }
Based on this RM routes most of the requests among WFE2
and WFE3
It is still random routing, but greater weight is given to healthier machines
Alternatively the admin could remove WFE1 from the routing
pool, allow it to complete its requests then return it back to the
pool
43. Who are we again?
Scott Hoag
@ciphertxt
Applied Information
Sciences
Infrastructure Consultant
scott.hoag@appliedis.co
m
Dan Usher
@binarybrewery
Booz Allen Hamilton
Lead Associate
usher_daniel@bah.com