HMS310: Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007: Planning and Deployment - Advanced Topics Joel Oleson Microsoft Corp [email_address] http://blogs.msdn.com/joelo

Part 1 - Basic Deployment Catch up – MOSS 2007 the New World Farm Topologies and SSP Database Architecture Administration Models Part 2 - Advanced Deployment Multi Farm Topologies Content & Solution Deployment Extranets – Firewall Rules Caching

Part 1 - Basic Deployment

Catch up – MOSS 2007 the New World

Farm Topologies and SSP

Database Architecture

Administration Models

Part 2 - Advanced Deployment

Multi Farm Topologies

Content & Solution Deployment

Extranets – Firewall Rules

Caching

Hope you brought Your hard hat!

Hope you brought

Your hard hat!

Global Deployments Centralized: Energizer Regional: MS IT Distributed: Gates Capacity Planning High Availability/Disaster Recovery Multi Farm Topologies Content & Solution Deployment Extranets – Firewall Rules

Global Deployments

Centralized: Energizer

Regional: MS IT

Distributed: Gates

Capacity Planning

High Availability/Disaster Recovery

Multi Farm Topologies

Content & Solution Deployment

Extranets – Firewall Rules

SharePoint Deployment Management Models

SharePoint Deployments

Central Deployment Partner Solution: WAN Acceleration REDMOND WAN Accelerator Datacenter All Services in one Central Farm Central Search Central Directory WAN Accelerator remote office BEIJING 10s-100s of Local WAN Accelerators ~5x - 1 st Request ~43x - 2 nd Request

Regional Deployment Optimized Network Bandwidth/Latency REDMOND DUBLIN SINGAPORE Regional Scope Services Local Office Server Farms (Intranet only) Local SSP Farm Centrally Managed from Redmond Enterprise Scope Services Local Office Server Farms (Intranet and Extranet) Local SSP Farm Centrally Managed from Redmond Regional Scope Services Local Office Server Farms (Intranet and Extranet) Local SSP Farm Centrally Managed from Redmond

Regional Scope Services

Local Office Server Farms (Intranet only)

Local SSP Farm

Centrally Managed from Redmond

Enterprise Scope Services

Local Office Server Farms (Intranet and Extranet)

Local SSP Farm

Centrally Managed from Redmond

Regional Scope Services

Local Office Server Farms (Intranet and Extranet)

Local SSP Farm

Centrally Managed from Redmond

MSIT Pre-Upgrade Redmond

MSIT Post Upgrade

Distributed Deployment Branch Office WSS/MOSS deployments Denver HQ Central Portal MOSS farm for Enterprise Search Branch Office WSS Deployments (single server) BANGALORE Disconnected or Bandwidth Constrained

Deployment & Capacity Planning

Setup Basic versus Advanced (farm = advanced) WFE versus “Complete” Scripting setup Setup.exe – put binaries on computer (requires config.xml) PSConfig.exe – enable SharePoint services STSAdm.exe – configure SharePoint services and create shared services and sites Role: Dedicated front-end Web server for indexing adds Host file entries Central Admin will push IIS config, Cert & Dedicated IP can be lost if WSS Web Admin Service is cycled (role changes)

Setup

Basic versus Advanced (farm = advanced)

WFE versus “Complete”

Scripting setup

Setup.exe – put binaries on computer

(requires config.xml)

PSConfig.exe – enable SharePoint services

STSAdm.exe – configure SharePoint services and create shared services and sites

Role: Dedicated front-end Web server for indexing adds Host file entries

Central Admin will push IIS config, Cert & Dedicated IP can be lost if WSS Web Admin Service is cycled (role changes)

Planning for Availability

Capacity Planning Framework – Suggested Limits Object Scope Guideline Site collections Database 50,000 Sites Site collection 250,000 (sub) Sites Web site 2,000 Lists Web site 2,000 Items List 5 M Documents Doc Library 5 M Documents Folder/Indexed View 2,000 Document size File 2 GB Indexed Documents (MOSS) SSP 50 M # Profiles (MOSS) SSP 5 M

List Scalability

Highly available Users: 100,000s of users Host: 100,000+ Site Collections Store: 1,000,000s of documents Index: 1,000,000s of documents Server type RAM HDD CPU Front end servers 4 GB 200 GB 2 x 2.8 Ghz x64 Index server 4 GB 200 GB 2 x 2.8 Ghz x64 SQL Server computer 4 GB 1 TB 4 x 2.8 Ghz, dual core, x64 Web front end + Query + Excel Calc Index Clustered SQL server

Highly available

Users: 100,000s of users

Host: 100,000+ Site Collections

Store: 1,000,000s of documents

Index: 1,000,000s of documents

High Availability & Disaster Recovery

Backup & Disaster Recovery Options Summary 2 Stage Recycle Bin Versioning Web Delete Event Snapshots Third Party Tools Content Recovery Disaster Recovery STSADM backup/restore SQL backups 3 rd party tools Log-Shipping Remote Snapshots High Availability Log-Shipping SQL Clustering Database Mirroring (coming soon) Which combination of tools is right for you?

2 Stage Recycle Bin

Versioning

Web Delete Event

Snapshots

Third Party Tools

STSADM backup/restore

SQL backups

3 rd party tools

Log-Shipping

Remote Snapshots

Log-Shipping

SQL Clustering

Database Mirroring (coming soon)

Backup and Restore methods 2-Stage Recycle Bin for documents and lists Site-level backup/restore via STSADM Integrated backup/restore UI for web application and farm VSS writer for farm backup SQL Server backup/restore Mirror/failover farm Replicate primary farm on secondary system SQL log shipping transfers content DB data Must manually replicate configuration changes On disaster, router switches traffic in minutes More detail in Disaster Recovery presentation

Backup and Restore methods

2-Stage Recycle Bin for documents and lists

Site-level backup/restore via STSADM

Integrated backup/restore UI for web application and farm

VSS writer for farm backup

SQL Server backup/restore

Mirror/failover farm

Replicate primary farm on secondary system

SQL log shipping transfers content DB data

Must manually replicate configuration changes

On disaster, router switches traffic in minutes

More detail in Disaster Recovery presentation

Log-Shipping Mirror Farm

Security & Firewalls

Browser clients only Search crawler must use Windows Office client interaction degraded One authentication type per web application Forms over Windows accounts Forms user not same as Windows user

Browser clients only

Search crawler must use Windows

Office client interaction degraded

One authentication type per web application

Forms over Windows accounts

Forms user not same as Windows user

Central enforced permissions for all sites in the web application GRANT and DENY Bound to web application/zone Scenarios Full read – search crawling accounts, auditors, legal compliance Deny all – security control, regulatory compliance Deny write – extranet lockdown

Central enforced permissions for all sites in the web application

GRANT and DENY

Bound to web application/zone

Scenarios

Full read – search crawling accounts, auditors, legal compliance

Deny all – security control, regulatory compliance

Deny write – extranet lockdown

Security Considerations Configure Firewall Rules lock down to most restrictive w/ acceptable level of usability (i.e. outbound HTTP) Secure client communication with trusted SSL certificates (128bit HTTPS) IP Sec (Secure communication between servers and DCs) *Careful with NLB and clients (MAC/Unix) Enable Kerberos Authentication (Intranet) *Careful with NLB SQL SSL encrypted Traffic + Non Standard Port Configure Central Admin on App DMZ servers Restrict IP Traffic on Central Admin and SSP App Pools (IIS) Configure Deny Policies (Not Auth Users) on Content/Admin Web Apps for Applicable Groups/Domains Configure ISA Secure Publishing (or reverse hosting) better than Router ACLs (Rejects Invalid Requests and Verbs) Configure at least 1 DMZ aka 2+ Firewalls/Interfaces between corp and publicly addressable Intranet

Configure Firewall Rules lock down to most restrictive w/ acceptable level of usability (i.e. outbound HTTP)

Secure client communication with trusted SSL certificates (128bit HTTPS)

IP Sec (Secure communication between servers and DCs) *Careful with NLB and clients (MAC/Unix)

Enable Kerberos Authentication (Intranet) *Careful with NLB

SQL SSL encrypted Traffic + Non Standard Port

Configure Central Admin on App DMZ servers

Restrict IP Traffic on Central Admin and SSP App Pools (IIS)

Configure Deny Policies (Not Auth Users) on Content/Admin Web Apps for Applicable Groups/Domains

Configure ISA Secure Publishing (or reverse hosting) better than Router ACLs (Rejects Invalid Requests and Verbs)

Configure at least 1 DMZ aka 2+ Firewalls/Interfaces between corp and publicly addressable Intranet

Intranet, Extranet, Internet 2 Farms, 3 SSPs TechNet: Plan Logical Architecture

Architecture Considerations Why more than 1 Farm? Application/Customization SLAs, Licensing (Internet vs. Intranet CAL), Isolation (No Scale) Why more than 1 SSP? Isolation and Service Needs Why more than 1 App Pool? Security Isolation, Memory and CPU isolation, Auth requirements Why more than 1 Site Collection? Separation/delegation of ownership, quotas, ability to split across databases Why keep them together? Global Navigation, Inheritance of style/Master page, Security inheritance, Query web parts, Site Collection policy and content types enforcements

Why more than 1 Farm?

Application/Customization SLAs, Licensing (Internet vs. Intranet CAL), Isolation (No Scale)

Why more than 1 SSP?

Isolation and Service Needs

Why more than 1 App Pool?

Security Isolation, Memory and CPU isolation, Auth requirements

Why more than 1 Site Collection?

Separation/delegation of ownership, quotas, ability to split across databases

Why keep them together?

Global Navigation, Inheritance of style/Master page, Security inheritance, Query web parts, Site Collection policy and content types enforcements

Database Considerations Config contains list of all site collections, web apps, web parts, solutions (Most critical db in farm from availability view) Content database contains all blobs, sites webs, etc… (Most content (consider RAID 5) Search & SSP Dbs Optimize… High Disk I/O contains configuration & search property store (index/query contain index on disk)

Config

contains list of all site collections, web apps, web parts, solutions (Most critical db in farm from availability view)

Content database

contains all blobs, sites webs, etc… (Most content (consider RAID 5)

Search & SSP Dbs

Optimize… High Disk I/O contains configuration & search property store (index/query contain index on disk)

Secure Web Publishing with ISA Integrated Security Efficient Management Fast, Secure Access Exchange Intranet Web Server SharePoint Active Directory External Web Server Administrator User ISA 2006 DMZ Internal Network Internet HEAD QUARTERS NEW Smartcards & one-time password support NEW Customized logon forms for most devices & apps NEW LDAP authentication for Active Directory NEW Web publishing load balancing NEW Authentication delegation (NTLM, Kerberos) NEW Improved idle-based time-outs for session mgmt NEW Exchange & SharePoint publishing tools NEW Enhanced certificate administration NEW Single sign-on for multiple resource access NEW Automatic translation of embedded internal links

Extranet Architecture Example

Content Deployment

Authoring -> Production

Solution Deployment Deploy the Solution package to the farm Retract the Solutions package When a new web server is added, automatically deploy the solution to it Deploy new versions of the Solution Solution - A CAB file containing Manifest.xml file All the files for the Features, Web Parts, Site or list def changes, etc... that make up your solution

Deploy the Solution package to the farm

Retract the Solutions package

When a new web server is added, automatically deploy the solution to it

Deploy new versions of the Solution

Solution - A CAB file containing

Manifest.xml file

All the files for the Features, Web Parts, Site or list def changes, etc... that make up your solution

Solution Deployment Demo Chris Johnson on Solution Deployment

Protocols All protocols are HTTP-based HTTP/S: Browser sessions SOAP: Editing from Office Applications, Web Services & Indexing RSS: All lists can be viewed this way FP-RPC: SharePoint Designer, Usage Web-DAV: Explorer View, Web Client Access XMLHTTP - Forms

All protocols are HTTP-based

HTTP/S: Browser sessions

SOAP: Editing from Office Applications, Web Services & Indexing

RSS: All lists can be viewed this way

FP-RPC: SharePoint Designer, Usage

Web-DAV: Explorer View, Web Client Access

XMLHTTP - Forms

Firewall Ports

Alternate Access Mappings - “Zones” Namespaces used to access a single set of content, e.g. http://office https://office.microsoft.com Default Zone for Alerts URLs and Search results Authorization == what can you do Authentication == confirm who you are ASP.Net model for pluggable Authentication Understand - “Enable Client Integration” Matches Office client’s behavior for some FBA providers

Alternate Access Mappings - “Zones”

Namespaces used to access a single set of content, e.g.

http://office

https://office.microsoft.com

Default Zone for Alerts URLs and Search results

Authorization == what can you do

Authentication == confirm who you are

ASP.Net model for pluggable Authentication

Understand - “Enable Client Integration”

Matches Office client’s behavior for some FBA providers

What Do SharePoint Server and Donald Trump Have in Common? Courtesy Si.com

Cache! TechNet: (Cache Settings) Additional performance and capacity factors

Cache

Cache Config Levels Web App – Disk based caching in web.config Site collection – Configure Output cache and Blob Cache settings Site – output and blob cache settings Page layout – Output cache Web Part – settings in dwp code Query – i.e. RSS Feed cache page is 5 min by default, cross list query

Web App – Disk based caching in web.config

Site collection – Configure Output cache and Blob Cache settings

Site – output and blob cache settings

Page layout – Output cache

Web Part – settings in dwp code

Query – i.e. RSS Feed cache page is 5 min by default, cross list query

Cache Recommendations Cache is but…. Setting memory based caching can waste valuable memory (ASP.NET may flush cache to make room!) Never cache search results – disable search results layout page cache Never cache personalized web parts

Cache is but….

Setting memory based caching can waste valuable memory (ASP.NET may flush cache to make room!)

Never cache search results – disable search results layout page cache

Never cache personalized web parts

Demo Cache Settings

Deployment Flexible Streamlined deployment and admin sense of place Capacity Planning Solution and Content Deployment Cache Call to Action! Keep up to date with TechNet and MSDN and READ/Subscribe to our blogs: http://blogs.msdn.com/joelo

Deployment

Flexible Streamlined deployment and admin sense of place

Capacity Planning

Solution and Content Deployment

Cache

Call to Action!

Keep up to date with TechNet and MSDN and READ/Subscribe to our blogs: http://blogs.msdn.com/joelo

For ITPros: (RTM Exam) 70-631 - Windows SharePoint Services 3.0 - Configuring 70-630 - Office SharePoint Server 2007 - Configuring For Developers: (Beta Exam) 70-541 - Microsoft Windows SharePoint Services 3.0 - Application Development 70-542 - Microsoft Office SharePoint Server 2007 - Application Development DON'T DELAY – TAKE 'EM TODAY!!! Be one of the first to pass the NEW MCTS Exams!!!

For ITPros: (RTM Exam)

70-631 - Windows SharePoint Services 3.0 - Configuring

70-630 - Office SharePoint Server 2007 - Configuring

For Developers: (Beta Exam)

70-541 - Microsoft Windows SharePoint Services 3.0 - Application Development

70-542 - Microsoft Office SharePoint Server 2007 - Application Development

Resources Technical Chats and Webcasts http://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx MSDN & TechNet http://microsoft.com/msdn http://microsoft.com/technet Virtual Labs http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx Newsgroups http://communities2.microsoft.com/ communities/newsgroups/en-us/default.aspx Technical Community Sites http://www.microsoft.com/communities/default.mspx User Groups http://www.microsoft.com/communities/usergroups/default.mspx

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Your Feedback is Important Please fill out a session evaluation form and either put them in the basket near the exit or drop them off at the conference registration desk. Thank you!

Please fill out a session evaluation form and either put them in the basket near the exit or drop them off at the conference registration desk.

Thank you!

Slide Title Please use this template for your slides Please DO NOT change the format of this template Please DO NOT use special formatting such as shadowing for code, or shadows behind boxes, etc. Your slides are due February 26, 2007 Please send completed slides to materials@devconnections.com Filename for slides should be: lastname_conference_sessionnum_sessiontitle.ppt Please zip all files before sending them. Include sample code for the attendee disk in a subfolder.

Please use this template for your slides

Please DO NOT change the format of this template

Please DO NOT use special formatting such as shadowing for code, or shadows behind boxes, etc.

Your slides are due February 26, 2007

Please send completed slides to materials@devconnections.com

Filename for slides should be: lastname_conference_sessionnum_sessiontitle.ppt Please zip all files before sending them. Include sample code for the attendee disk in a subfolder.