Establishing Environmental Best Practices<br />Brendan Law<br />Blaw@td.com.au<br />@FlamerNZ<br />Flamer.co.nz/spag/<br />
Agenda<br />Active Directory<br />Service Accounts<br />Database Platform<br />Windows Platform<br />Data Storage Planning...
Introduction	<br />The trick is finding the right balance between:<br />There are often many solutions to the same problem...
Active Directory<br />
Active Directory<br />Corporate Intranet or Internal Only SharePoint<br />Create Service Accounts in existing corporate do...
Active Directory<br />Internet Publishing or External Collaboration<br />Consider setting up a separate DMZ Domain<br />Re...
Service Accounts<br />Administrator - Install Account<br />Can be a domain admin, or in local administrators group on the ...
Service Accounts<br />Search Service Account<br />Used to run the Search Services (not used to access content during crawl...
Database Platform<br />
Database Platform<br />Awesome!<br />New Dedicated SQL Server or Cluster<br />64 bit<br />Plenty of RAM (8GB +)<br />Physi...
Database Platform<br />Good<br />New SQL Instance, or underutilised shared SQL Server<br />Preferably 64 bit (a must if yo...
Database Platform<br />Bad<br />Old or over utilised shared SQL server<br />32 bit<br />Heavy page file utilisation due to...
Windows Platform<br />
Patches and Service Packs<br />Patch Windows!<br />Make sure windows updates are running<br />Test WSUS functionality<br /...
Partitioning<br />SharePoint Servers<br />System Partition<br />C:<br />Where the Windows, Program Files folders live<br /...
Partitioning<br />Database Servers<br />System Partition<br />C:<br />Where Windows, and SQL application files live<br />3...
Partitioning<br />Database Servers (continued)<br />Logs Partition<br />E:<br />Stores all the ldf files for SharePoint da...
Data Storage Planning<br />
Data Planning<br />What is the SharePoint site going to be used for?<br />Set initial database size for planned growth in ...
Content Databases<br />One<br />For both Intranet Content and My Sites<br />Easier to manage<br />My Site content can caus...
Content Databases<br />Split My Sites and Business Content<br />Business content can be backed up separately<br />My Site ...
Content Databases<br />Purpose based Content Databases<br /> <br />For large document migration projects<br />Or for diffe...
Maintenance Plans<br />Set up on the SQL Server<br />Easy automated database maintenance<br />Requirements vary based on e...
Sample Maintenance Plans<br />Backup User Databases Daily<br />With clean up task<br />.bak files should then be copied to...
Virtualisation<br />Decide what to Virtualise<br />Web Front Ends<br />Search Server<br />Application Server<br />Database...
Farm Topologies<br />
Topology – Basic Intranet<br />Best performance achieved on two servers:<br />1x Database Server<br />1x SharePoint Server...
Topology - Search Optimised Intranet<br />Enables better performance for search and indexing<br />1x Database Server<br />...
Topology – Extranet<br />Purpose: To collaborate with other organisations<br />Host SharePoint Farm in DMZ<br />Use forms ...
Topology – Extranet<br />Purpose: Publish Intranet to Remote Workers<br />Host one Web Front End in DMZ<br />Use ISA for e...
Topology - Internet Publishing<br />Two Farms:<br />Firewall needs to be configured to allow deployment jobs between farms...
Topology – Load Balancing<br />Multiple Web Front Ends/Query Servers to handle large volumes of traffic<br />Use System Ce...
Topology – Load Balancing Methods<br />DNS Round Robin<br />Simply switches the between servers in a IP address pool<br />...
Topology – High Availability<br />Stretched Farm<br />1x SharePoint + 1x SQL Server located off site<br />Needs to be conn...
Topology – Disaster Recovery<br />SQL Mirroring<br /> <br />Second SQL box has &apos;mirror&apos; of SharePoint data<br />...
Topology<br />Third Party Tools<br />Disaster Recovery – NeverFail<br />WAN Acceleration – Riverbed<br />Site Output Compr...
Conclusion<br />Many solutions to the same challenges<br />Best practice is not to cut corners<br />We want our users to h...
Thanks!<br />Brendan Law<br />Blaw@td.com.au<br />@FlamerNZ<br />Flamer.co.nz/spag/<br />
Upcoming SlideShare
Loading in …5
×

Establishing Environment Best Practices T12 Brendan Law

898 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
898
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • I have been working for Thomas Duryea in Melbourne for a year now and am keen to share the experience I have gained from my Australian projectsHave been working with SharePoint for 4 yearsStarted off as a developer on the 2003 versionNow I specialise in solution design and implementations
  • AD – use existing or create new domain?Service Accounts – how many are needed?DB Platform – The good, the bad and the unworkableWindows Platform – Patches and partitionsData planning – How much space will we need, and where should our data go?Virtualisation – Which roles are best to virtualise?Topologies – and which ones fit best with various situations
  • A fully secured Internet Publishing site is going to require a bit more work than a small IntranetThere is no one right way to deploy any SharePoint farm, with so many options and factors to take into account, it is probable that you will get different answers from different peopleThis is based on my experience, and I’m still learning things about SharePoint everyday!So let me know if you’ve got it working in a different way, or tried it my way and not had as much success as I have
  • A healthy domain makes a worthwhile SharePoint investment, as AD is the foundation on which a good SharePoint platform is builtMake sure you know what group policies are going to be applied to your SharePoint server
  • This is the typical scenario, where all SharePoint users are located on the local domainUsing local domain accounts also allows the people picker and profile imports to work with minimum hassleYou may need to also apply special group policy to these accounts, such as allowing ‘run as service’ which will be easier if they are all in the same OU
  • Yes, it can be a bit of a pain having to manage another AD domain, but you really don’t want your corporate domain to be compromisedOnce configured properly, users won’t be able to tell the differenceAlternatively, you could use stand alone servers and Forms Based Authentication for external users
  • At a minimum:Once the install and configuration has been completed, the account can be demoted to a user on the machineThe main SharePoint service accountFarm Services include things like the Timer Service, Administration ServiceThe crawl account needs to be separate, if not it will index draft and unpublished documents
  • For increased securityThese accounts are generally optionalIn my installs, I use a separate Search Service account, to isolate SharePoint’s functional areasExtra web application pool accounts provide increased security isolation, meaning that if one of your accounts is compromised by an attacker, there is less chance of them being able to access sensitive data on other sitesFor Internet facing SharePoint sites, architects should lean towards higher security best practicesUsing a separate SSP account allows for the further isolation of functional areasFinally, the SQL service account will be used to run the database services
  • SharePoint performance and stability is dictated primarily by the performance and stability of your database platformIf you are thrust into being a DBA as well as a SharePoint administrator, study up on SQL, lots of great info on the net and training courses available ** Previous Session?
  • Perfect world scenario, great for large corporate Intranets, but only really feasible for Internet publishing sitesAll 64 bit means that you will be ready for upgrade to 2010 too!Best in performance and manageability
  • The usual scenario, good for most SharePoint deploymentsDefine maximum page load time as an SLA, and then performance test SQL to make sure the platform will meet standardsAsk questions about who is maintaining it, and include in your governance plan
  • Sometimes the case if SharePoint deployment is not properly plannedOnce again, performance testing will tell you whether we need to look at an alternative solutionAvoid this at all costs, recently had to deal with this at a client site, and we deployed a new SQL instance on the SharePoint ServerCan even be better installing a local copy of SQL Server
  • Using a standard configuration and maintaining your windows servers should already be part of your organisational practicesThese are a few recommendations that will benefit your SharePoint environment
  • Keeping your Windows Server updated should be a standard practise anywayWho knows what WSUS is?Pays to monitor WSUS to ensure updates are being applied successfullyUsing a dedicated SQL server makes it easier to test and schedule outages for service pack upgradesRun the SharePoint service pack with the /extract switch to create a slip stream install
  • Having dedicated System and Data partitions ensures that Windows patches can always be appliedAlso, there can be performance gains from creating the partitions on separate disks, especially on the Index and Query rolesI like to make directories where all solutions and install binaries are placed before they are installed, in case they need to be reinstalled
  • Database servers can be set up similarly, with a system partition for Windows and Program FilesA data partition, where the actual SharePoint data will be stored, should be redundantKeep in mind that updates to the mdf file are made asynchronously
  • Your logs partition should be as fast as possible as this is where all the action happensYou can also improve performance by putting the tempdb on a fast disk as wellYou will probably only need a specific backup partition if you do not have a 3rd party backup solutionIf your backups are going to be archived off to another server, this partition will be used for temporary storage of your .bak files, and should be about 3 times the size of your data partitionCan be on less performant disks, as long as there is enough space
  • How many documents/how much content is your SharePoint installation going to hold?We need to predict uptake of SharePoint as a document storage location, and plan for future growth
  • Obviously, SharePoint’s various purposes are going to result in different storage needsKeeping unlimited numbers of old versions of documents can have a significant impact on content database size, so ensure that you limit the number of major and minor document versionsSetting initial database size reduces file system fragmentation of databasesYou can set this size in SQL management studio by pre-creating your databases, and then simply using your pre-created databases during web application configurationYou will need to use psconfig if you want to pre-create your admin content database, but this shouldn’t be necessary
  • This is not a best practice, but is the default, so is a common occurrenceNot as much of an issue if My Sites are hosted in their own web application
  • Create new content database from Central AdministrationSetting a content database to offline simply means that no new site collections can be created in it, existing site collections will still be accessibleIf new site collections are required within your business content database, they will need to be created by an administrator
  • Creating content databases for different types of content is a more advanced choice when you need different backup strategies for varying types of contentIf your document migration is going to result in content databases over 100GB in size, these should be split for performance reasonsI recently came across the need for this at a client where data storage gets charged back to the departmentUse this when your governance plan stipulates the need for a dedicated SharePoint Administrator
  • Who has created a SQL maintenance plan?SQL maintenance plans are a simple way to ensure that your databases are being backed up and maintained, especially if you don’t have a DBA looking after your database serversPlans are set up via a drag and drop design surface, built into SQL management console
  • The first plan will back up all your SharePoint content, configuration and search databasesThe system databases include model, master, and msdbOptionally, Transaction logs can be backed up to give point in time restores on databases with full recoveryAnd finally, a plan should be set up to run optimisations including re-indexingNote that shrinking your databases to claim space will only result in the files becoming fragmented when SQL server needs to allocate more space to the database
  • Establishing Environment Best Practices T12 Brendan Law

    1. 1. Establishing Environmental Best Practices<br />Brendan Law<br />Blaw@td.com.au<br />@FlamerNZ<br />Flamer.co.nz/spag/<br />
    2. 2. Agenda<br />Active Directory<br />Service Accounts<br />Database Platform<br />Windows Platform<br />Data Storage Planning<br />Virtualisation<br />Farm Topologies<br />
    3. 3. Introduction <br />The trick is finding the right balance between:<br />There are often many solutions to the same problem<br />Not meant as prescriptive guidance, but these are examples of how I have got it to work<br />Keen to hear about others’ experiences<br />
    4. 4. Active Directory<br />
    5. 5. Active Directory<br />Corporate Intranet or Internal Only SharePoint<br />Create Service Accounts in existing corporate domain<br />Use a naming convention for easy identification<br />Place accounts in Service Accounts OU<br />Use strong passwords/password generator tool<br />
    6. 6. Active Directory<br />Internet Publishing or External Collaboration<br />Consider setting up a separate DMZ Domain<br />Results in increased security<br />Adds to administrative overhead (slightly)<br />Set up one way trust so that internal users can authenticate with their existing credentials<br />DMZ domain trusts Internal domain<br />
    7. 7. Service Accounts<br />Administrator - Install Account<br />Can be a domain admin, or in local administrators group on the box<br />Setup can be run from your domain account<br />Only used for the install and configuration of SharePoint<br />SharePoint Service Account<br />Requires DBCreator and SecurityAdmin roles on the SQL Server<br />Should be a standard domain user, not an administrator<br />This is the account you put into the Configuration Wizard<br />Runs the Central Admin App Pool, and Farm Services<br />Search Crawl Account<br />This is the low privilege account used to crawl content on your web apps<br />Needs no specific permissions, SharePoint will assign them for you<br />Used for WSS Crawl and MOSS Crawl<br />
    8. 8. Service Accounts<br />Search Service Account<br />Used to run the Search Services (not used to access content during crawls)<br />Web Application Pool Accounts<br />A separate account should be used for each SharePoint Web Application<br />At a minimum, the main content application pool credential should be different to the one running the Central Admin application pool<br />Shared Service Provider Service Account<br />Used for the SSP specific services<br />SQL Service Account<br />Used to run the MSSQLSERVER Service on your Database Server<br />
    9. 9. Database Platform<br />
    10. 10. Database Platform<br />Awesome!<br />New Dedicated SQL Server or Cluster<br />64 bit<br />Plenty of RAM (8GB +)<br />Physical Server<br />Either 2005 or 2008<br />Fast RAID 5/10 disks or<br />SAN attached DB Storage<br />Maintenance Plans<br />Well maintained<br />Backups<br />
    11. 11. Database Platform<br />Good<br />New SQL Instance, or underutilised shared SQL Server<br />Preferably 64 bit (a must if you are planning to deploy 2010)<br />Adequate RAM (4GB +) or more if Shared<br />Physical or Virtual<br />2005 or 2008<br />Fast mirrored local disks<br />Or, if virtual, SAN attached DB Storage<br />Maintenance Plans<br />Backups<br />
    12. 12. Database Platform<br />Bad<br />Old or over utilised shared SQL server<br />32 bit<br />Heavy page file utilisation due to inadequate RAM<br />Old Physical server, or under resourced Virtual<br />SQL 2000 or MSDE/SSEE<br />Slow local disks, no redundancy<br />No maintenance plans/not maintained<br />No backups<br />HUGE log files, drives running out of space<br />No one takes responsibility for maintenance<br />
    13. 13. Windows Platform<br />
    14. 14. Patches and Service Packs<br />Patch Windows!<br />Make sure windows updates are running<br />Test WSUS functionality<br />Patch SQL Server<br />SQL 2000 SP4 required for install<br />Another good reason to have a dedicated SQL install<br />Slipstream latest MOSS Service Pack<br />SP2 patch has now been released<br />Delete WSSSetup.dll from Updates directory<br />
    15. 15. Partitioning<br />SharePoint Servers<br />System Partition<br />C:<br />Where the Windows, Program Files folders live<br />30GB+<br />Disk space usage can blow out during Service Pack installation<br />Can be on a locally attached disk<br />Data Partition<br />D:<br />Where everything else is, Logs, Indexes, Web Site Files<br />Source/Install for storage of installed binaries<br />Deployment folder for solution packages<br />Should be on a SAN/RAID disk for performance<br />
    16. 16. Partitioning<br />Database Servers<br />System Partition<br />C:<br />Where Windows, and SQL application files live<br />30GB+<br />Disk space usage can blow out during Service Pack installation<br />Can be on a locally attached disk<br />Data Partition<br />D:<br />Stores all the mdf files for SharePoint databases<br />Ensure it is large enough to accommodate future growth<br />Should be on SAN/RAID disk for redundancy<br />
    17. 17. Partitioning<br />Database Servers (continued)<br />Logs Partition<br />E:<br />Stores all the ldf files for SharePoint databases<br />Needs to be fast, put on SAN/RAID disk or dedicated spindle<br />Backup Partition<br />F:<br />Stores backups from your SQL maintenance plans<br />Optional, if you have a separate backup server/storage method<br />Needs to be redundant, put on RAID or Mirrored Partition<br />
    18. 18. Data Storage Planning<br />
    19. 19. Data Planning<br />What is the SharePoint site going to be used for?<br />Set initial database size for planned growth in the next year<br />
    20. 20. Content Databases<br />One<br />For both Intranet Content and My Sites<br />Easier to manage<br />My Site content can cause database to expand<br />If hosted in the same content DB<br />Use quotas to manage site collection size<br />
    21. 21. Content Databases<br />Split My Sites and Business Content<br />Business content can be backed up separately<br />My Site content database size is less of a concern<br />How:<br />Create a new content database for my sites<br />Set original content database to offline<br />
    22. 22. Content Databases<br />Purpose based Content Databases<br /> <br />For large document migration projects<br />Or for differing backup/restore needs<br />Increases database flexibility/scalability<br />New site collections need to be created by an administrator<br />
    23. 23. Maintenance Plans<br />Set up on the SQL Server<br />Easy automated database maintenance<br />Requirements vary based on environment<br />Backup plans are optional if 3rd party backup software used<br />
    24. 24. Sample Maintenance Plans<br />Backup User Databases Daily<br />With clean up task<br />.bak files should then be copied to secondary storage<br />Backup System Databases Weekly<br />As these don&apos;t change as often as user databases<br />Backup Transaction Logs hourly<br />If up to the hour restores are required<br />Only for databases with full recovery model<br />Reindex Databases Weekly<br />Helps with performance<br />Shrinking databases causes file system fragmentation<br />
    25. 25. Virtualisation<br />Decide what to Virtualise<br />Web Front Ends<br />Search Server<br />Application Server<br />Database Server<br />Physical Infrastructure for Production<br />Virtual for Test/Dev/Staging <br />Backups are simplified, backup entire VHD/VMDK<br />Restore as a group, at same point in time<br />
    26. 26. Farm Topologies<br />
    27. 27. Topology – Basic Intranet<br />Best performance achieved on two servers:<br />1x Database Server<br />1x SharePoint Server<br />Majority of my SharePoint installs have been in this configuration<br />If database server is not well maintained, consider all in one server<br />But not a &apos;stand-alone&apos; install<br />
    28. 28. Topology - Search Optimised Intranet<br />Enables better performance for search and indexing<br />1x Database Server<br />1x Web Front End<br />1x Search Server<br />Search Server hosts SSP, Central Admin and a Web Front End<br />- Indexer can then be configured to crawl local web front end<br />
    29. 29. Topology – Extranet<br />Purpose: To collaborate with other organisations<br />Host SharePoint Farm in DMZ<br />Use forms based authentication<br />Stand alone (windows service accounts)<br />Or joined to DMZ Active Directory domain<br />Publish through firewall with SSL<br />
    30. 30. Topology – Extranet<br />Purpose: Publish Intranet to Remote Workers<br />Host one Web Front End in DMZ<br />Use ISA for external user authentication<br />Terminate SSL on ISA too<br />Need to allow traffic through the firewall<br />SQL<br />Active Directory<br />
    31. 31. Topology - Internet Publishing<br />Two Farms:<br />Firewall needs to be configured to allow deployment jobs between farms<br />
    32. 32. Topology – Load Balancing<br />Multiple Web Front Ends/Query Servers to handle large volumes of traffic<br />Use System Centre Capacity Planner to work out how many you’ll need<br />Web Front Ends can be easily built and added to the farm to handle extra load as needed<br />
    33. 33. Topology – Load Balancing Methods<br />DNS Round Robin<br />Simply switches the between servers in a IP address pool<br />Can cause problems with user’s sessions and authentication<br />Windows Load Balancing<br />Good method for less sophisticated deployments<br />Hardware Load Balancing<br />Need specialised hardware<br />Can determine load on each server and route requests appropriately<br />Best in high load/mission critical Internet applications<br />
    34. 34. Topology – High Availability<br />Stretched Farm<br />1x SharePoint + 1x SQL Server located off site<br />Needs to be connected via 1GB link<br />Using standard tools, failover is manual<br />Need to switch the SQL Alias<br />DR Farm can also be used for load balancing<br />
    35. 35. Topology – Disaster Recovery<br />SQL Mirroring<br /> <br />Second SQL box has &apos;mirror&apos; of SharePoint data<br />Should production SQL fail, mirror takes over<br />Failover can be automatic with a witness SQL server<br />Doubles SQL Hardware requirements<br />
    36. 36. Topology<br />Third Party Tools<br />Disaster Recovery – NeverFail<br />WAN Acceleration – Riverbed<br />Site Output Compression - Aptimize<br />
    37. 37. Conclusion<br />Many solutions to the same challenges<br />Best practice is not to cut corners<br />We want our users to have the best possible experience<br />Lots of information available<br />Twitter: @JoelOleson, @FlamerNZ, and many more<br />Email Groups: OzMoss<br />Blogs, Forums, Search<br />Questions?<br />
    38. 38. Thanks!<br />Brendan Law<br />Blaw@td.com.au<br />@FlamerNZ<br />Flamer.co.nz/spag/<br />

    ×