3. 2 Part Session Objectives Part 1 - Basic Deployment SharePoint 101: The New World - Fundamentals Logical Architecture Physical Architecture Administration Models Part 2 - Advanced Deployment Planning and Deploying… Intranet Solutions Extranet Solutions Internet Solutions
4. SharePoint 101 – The New World: 5 Administration Fundamentals Logical Architecture Re-architecting SharePoint Admin Security Map Physical Architecture Picking your topology Multi-farm topologies Hardware Requirements Putting it all Together Topics – Part 1
5. Topics - Part 2 Intranet Global Deployments Capacity Planning Disaster Recovery Extranet Extranets – Firewall Rules Forefront Security ISA Web Publishing Internet Multi Farm Topologies Content & Solution Deployment Caching
6.
7. WSS 3.0 and SharePoint Server 2007 Web Forms, Excel Services, BDC ECM, WCM, Search, & Portals Platform & Collaboration
8. Fundamental Principle #1 Physical Server Web Application(s) Top Level Site(s) Site Collections Site(s) Site Collection
9. Fundamental Principle #2 Consistency in Hierarchy WSS 3.0 Web Applications Site Collections Sites Templates & Features MOSS 2007 Web Applications Site Collections Sites Templates & Features
10. Fundamental Principle #3 What happened to “Portals”? Portal = Site Collection + Portal Template + Shared Services + Features SharePoint Server Web Application(s) Portal Template Central Admin SSP Admin Portal Template
11. Fundamental Principle #4 FLEXIBLE TOPOLOGIES Servers have Roles Web Front End (WFE) Application Server (Query, Calculation, Index) Database Server Farms can have relationships Authoring Publishing Dev, Test, Production SSP
12. Scaling for High Availability and Load Performance High availability Applications Data growth Offload Capabilities- Scale Out MOSS
13. POP QUIZ!!!! What is an IIS Virtual Server/Web Site? Web Application! What does the acronym SSP stand for? Shared Service Provider! Can I add servers Modularly? Yes! (Plan physical and logical architecture) Do I have to use AD for user authentication? Nope
14. Topics SharePoint 101 – The New World Logical Architecture Planning Logical Architecture 3 Tiered SharePoint Admin Physical Architecture Picking your topology Multi-farm topologies Hardware Requirements Putting it all Together
16. SharePoint Server Logical Model Permanent Central Portal Web Application Permanent Structured SharePoint Server Sites Central Portal Permanent Division Portals Web Applications or Site Collections Semi Structured Consolidation on 1 to 3 Web Applications Ad Hoc WSS Site Templates SharePoint Server Sites 1 Web App per Region
18. SharePoint Shared "Scale Hosted" Collab One or more Web Applications Hosting 1000s of Site collections http://team /sites http://my http://blogs /sites /sites /IT
19. Plan for Software Boundaries For all recommendations, visit “Plan for software boundaries (Office SharePoint Server)” at http://technet2.microsoft.com/Office/en-us/library/6a13cd9f-4b44-40d6-85aa-c70a8e5c34fe1033.mspx Recommendations & Guidelines (subset)
22. Plan Shared Services CorpWeb WinWeb OfficeWeb LegalWeb Shared Services Office Server Search Directory import User profile synch Audiences Targeting Business data catalog Excel calculation service Usage Reporting
23. Topics SharePoint 101 – The New World Logical Architecture Re-architecting SharePoint Admin Security Map Physical Architecture Software and Roles Picking your topology Hardware Requirements Putting it all Together
24. Deployment x86 or x64 or Mixed Prerequisites .NET Framework 3.0 ASP.NET 2.0 Windows Workflow Foundation (Part of .NET 3.0) Install Basic – WSS - Windows Internal Database Engine; MOSS - Installs SQL Express (Not recommended for more than a couple of GB) Advanced – Allows you to connect to SQL WFE only vs. Full install Language Packs (Downloads on the Web) WSS MOSS – Include WSS LPs Key concepts
25. Picking Your Topology Factors to consider # Users Authentication Type (Anonymous vs. AD) Caching Client & Server Performance Requirements SLAs (Uptime/High Availability Req.) WAN Considerations GBs/TBs of data Total # Files and Items
32. MOSS Modular Scale Out ALL in One (SQL or SQL Express (basic)) 1 WFE/Query/Calc/Index, 1 SQL 1 WFE/Query/Calc, 1 WFE/Calc/Index – 1 SQL * 2 WFE/Query/Calc, 1 Index, 1 SQL 2 WFE/Query/Calc, 1 Index, 2 SQL (HA) 2 WFE/Query, 1 Calc, 1 Index, 2 SQL Consider failover farm… (Db Mirroring or SQL Log Ship) 20. 10 WFE/Calc, 3 Query, 1 Index, 3 - 2 Node SQL (A/P) Never put Query and Index on same server if there is another Query server.
33. New Server Topology Roles Query = Search Calculation = Excel Services Calculation Server Special Servers: WFE Only (for security/internet) Dedicated WFE for Indexing (optimizing perf) Dedicated WFE/Index * (verify the host file) WSS Search Server (special) Non SharePoint Servers in the Topology Mail (SMTP) (Outbound and/or Inbound) Project, Analysis, Reporting
34. Supporting Infrastructure SMTP/Exchange DNS/DCs (recommend 1 DC per 3 WFEs on Windows Auth) or LDAP servers Load balancing devices and Network Infra Firewall – ISA: Secure Web Publishing/Cache and Firewall Whale Security/Delegated Auth Devices Antivirus Infra – Forefront Management SAN or other Shared Storage Related Farms Failover/ DR Farm (Log Shipping/Db Mirroring) Dev/Test Support for Virtualization with Virtual Server Staging/UAT & Authoring environments
35. Summary Be sure to PLAN your logical infrastructure & Governance Topologies are Flexible Scalable Business Solutions are Limitless Awesome/Powerful Intranet, Extranet, and Internet Platform! Where do you get your information? TechNet, MSDN http://blogs.msdn.com/sharepoint http://blogs.msdn.com/joelo http://msmvps.com/shane
36. Part 2 Session Objectives Part 2 - Advanced Deployment Planning and Deploying… Intranet Solutions Extranet Solutions Internet Solutions
37. Solutions Intranet Portal/Publishing/Enterprise Search Collaboration Records Repository BI / BPM Extranet Partner Collaboration Publishing Portal Internet Publishing Community: Discussions & Blogs
39. Setup & Deployments Hints and Watch-outs Setup Basic versus Advanced (farm = advanced) WFE versus “Complete” Scripting setup Setup.exe – put binaries on computer (requires config.xml) PSConfig.exe – enable SharePoint services STSAdm.exe – configure SharePoint services and create shared services and sites Role: Dedicated front-end Web server for indexing adds Host file entries Central Admin will push IIS config, Cert & Dedicated IP can be lost if WSS Web Admin Service is cycled (role changes)
40. Central DeploymentPartner Solution: WAN Acceleration All Services in one Central Farm Central Search Central Directory REDMOND BEIJING WAN Accelerator Datacenter 10s-100s of Local WAN Accelerators ~5x - 1st Request ~43x - 2nd Request WAN Accelerator remote office
41. Regional DeploymentOptimized Network Bandwidth/Latency Regional Scope Services Local Office Server Farms (Intranet and Extranet) Local SSP Farm Centrally Managed from Redmond DUBLIN REDMOND Enterprise Scope Services Local Office Server Farms (Intranet and Extranet) Local SSP Farm Centrally Managed from Redmond SINGAPORE Regional Scope Services Local Office Server Farms (Intranet only) Local SSP Farm Centrally Managed from Redmond
42. Distributed-Branch Office WSS (Collab) with Central SharePoint Server Search Denver HQ Central Portal MOSS farm for Enterprise Search BANGALORE Branch Office WSS Deployments (single server) Disconnected or Bandwidth Constrained
46. Web front end +Query + Calc Index Clustered SQLserver Capacity Planning HA Example – 3x1x2 farm Example of High Available Solution Users: 100,000 (light to typical usage) Host: 100,000+ Site Collections Store: 1,000,000s of documents Index: 1,000,000s of documents
48. Backup & Disaster Recovery Options Summary Disaster Recovery Content Recovery High Availability STSADM backup/restore SQL backups 3rd party tools Log-Shipping Remote Snapshots 2 Stage Recycle Bin Versioning Web Delete Event Snapshots Third Party Tools Log-Shipping SQL Clustering Database Mirroring Which combination of tools is right for you?
51. Flexible Authentication Windows Auth (NTLM) is Default (Kerberos is recommended) Flexible .NET Pluggable Providers for Authenticationhttp://www.codeplex.com/MOSSFormsFeature Forms based Authentication LDAP provider included in MOSS AD provider included SQL provider included
52. SharePoint Web App Security Policies Centrally enforced and overwrites permissions for all sites in the web application GRANT and DENY Bound to web application/zone Scenarios Full read – search crawling accounts, auditors, legal compliance Deny all – security control, regulatory compliance Deny write – extranet lockdown
53. 10 Ways to Harden your SharePoint Environment Configure Firewall Rules lock down to most restrictive w/ acceptable level of usability (consider blocking HTTP out) Secure client communication with trusted SSL certificates (128bit HTTPS) IP Sec (Secure communication between servers) Enable Kerberos Authentication (Intranet) SQL SSL encrypted Traffic + Non Standard Port Configure Central Admin on App DMZ servers Restrict IP Traffic on Central Admin and SSP Admin (IIS) Configure Deny Web App Policies for Content & Admin Configure ISA Secure Publishing Configure Forefront Antivirus and Content scanning
55. Architecture Considerations Why more than 1 Farm? Application/Customization SLAs, Licensing (Internet vs. Intranet CAL), Isolation (No Scale) Why more than 1 SSP? Isolation and Service Needs Why more than 1 App Pool? Security Isolation, Memory and CPU isolation, Auth requirements Why more than 1 Site Collection? Separation/delegation of ownership, quotas, ability to split across databases Why one site collection? Global Navigation, Inheritance of style/Master page, Security inheritance, Query web parts, Site Collection policy and content types enforcements
56. Database Considerations Config contains list of all site collections, web apps, web parts, solutions (Most critical db in farm from availability view) Content database contains all blobs, sites webs, etc… Most content (consider RAID 5) Search & SSP Dbs Optimize… High Disk I/O contains configuration & search property store (index/query contain index on disk) Don’t forget Database Maintenance!!! DBCC Check Database, Shrink Database, Reorganize Index, Clean up History, Defrag… Disk IO
57. Intranet Web Server Exchange External Web Server ISA 2006 User DMZ Internal Network Internet SharePoint HEAD QUARTERS Active Directory Administrator Secure Web Publishing with ISA Fast, Secure Access Integrated Security Efficient Management 54
58. Forefront Security for SharePoint Protects MOSS 2007 and WSS 3.0 Virus Protection for Document Libraries Integrates scan engines from eight industry leading vendors Real-time scanning of documents uploadedand downloaded from document library Manual and scheduled scanning of document library SQL Document Library Document SharePoint Server Users Document Content Policy Enforcement File filtering to block documents frombeing posted based on name match, file type or file extension Content filtering by keywords withindocuments for inappropriate words and phrases
60. Protocols All protocols are HTTP-based HTTP/S: Browser sessions SOAP: Editing from Office Applications, Web Services & Indexing RSS: All lists can be viewed this way (Kerberos!) FP-RPC: SharePoint Designer, Usage Web-DAV: Explorer View, Web Client Access XMLHTTP - Forms
62. Extranet Terms Alternate Access Mappings - “Zones” Namespaces used to access a single set of content, e.g. http://office https://office.microsoft.com Default Zone for Alerts URLs and Search results Authorization == what can you do Authentication == confirm who you are ASP.Net model for pluggable Authentication Understand - “Enable Client Integration” Matches Office client’s behavior for someFBA providers
66. Solution Deployment Deploy the Solution package to the farm Retract the Solutions package When a new web server is added, automatically deploy the solution to it Deploy new versions of the Solution Solution - A CAB file containing Manifest.xml file All the files for the Features, Web Parts, Site or list def changes, etc... that make up your solution
67. What Do SharePoint Server and Donald Trump Have in Common? Courtesy Si.com
70. Cache Config Levels Web App – Diskbasedcaching in web.config Site collection – configure output cache and object cache settings Site – output cache settings Page layout – output cache Web Part – settings in dwp code Query – i.e. RSS Feed cache is 5 min by default, cross list query
71. Cache Recommendations cool Cache is but…. Setting memory based caching can waste valuable memory (ASP.NET may flush cache to make room!) Never cache search results – disable search results layout page cache Never cache personalized web parts
72. Summary Deployment Flexible Streamlined deployment and admin sense of place Capacity Planning Solution and Content Deployment Cache Call to Action! Keep up to date with TechNet and MSDN and READ/Subscribe to our blogs: http://www.chandima.net/Blog/http://blogs.msdn.com/joelo
73. DON'T DELAY – TAKE 'EM TODAY!!!Be one of the first to pass the NEW MCTS Exams!!! For ITPros: 70-631 - Windows SharePoint Services 3.0 - Configuring 70-630 - Office SharePoint Server 2007 - Configuring For Developers: 70-541 - Microsoft Windows SharePoint Services 3.0 - Application Development 70-542 - Microsoft Office SharePoint Server 2007 - Application Development
78. Disaster Recovery Operational TasksDisaster recovery Backup and Restore methods 2-Stage Recycle Bin for documents and lists Site-level backup/restore via STSADM Integrated backup/restore UI for web application and farm VSS writer for farm backup SQL Server backup/restore Mirror/failover farm Replicate primary farm on secondary system SQL log shipping transfers content DB data Must manually replicate configuration changes On disaster, router switches traffic in minutes