2. Author of SAMS Publishing titles “SharePoint 2010 Unleashed,” “SharePoint 2007
Unleashed,” “SharePoint 2003 Unleashed”, “Teach Yourself SharePoint 2003 in 10
Minutes,” “Windows Server 2008 R2 Unleashed,” “Exchange Server 2010 Unleashed”,
“ISA Server 2006 Unleashed”, and many other titles .
Partner at Convergent Computing (www.cco.com / +1(510)444-5700) – San Francisco
Bay Area based Infrastructure/Security specialists for SharePoint, AD, Exchange,
Security
http://www.sharingthepoint.org
5. ‘All-in-One’ (Avoid)
DB and SP Roles Separate
http://www.sharingthepoint.org
6. 2 SharePoint Servers
running Web and Service
Apps
2 Database Servers
(Clustered or Mirrored)
1 or 2 Index Partitions with
equivalent query
components
Smallest farm size that is
fully highly available
http://www.sharingthepoint.org
7. 2 Dedicated Web Servers
(NLB)
2 Service Application
Servers
2 Database Servers
(Clustered or Mirrored)
1 or 2 Index Partitions with
equivalent query
components
http://www.sharingthepoint.org
8. Multiple Dedicated
Web Servers
Multiple Dedicated
Query Servers
Multiple Dedicated
Crawl Servers, with
multiple Crawl DBs to
increase
parallelization of the
crawl process
Multiple distributed
Index partitions (max
of 10 million items per
index partition)
Two query
components for each
Index partition,
spread among servers
http://www.sharingthepoint.org
10. Virtualization of SharePoint Servers
Virtual Guest Processor and Memory Guidelines
vCPU RAM (Bare RAM RAM
Minimum) (Recommend) (Ideal)
Web Only* 2 6GB 8GB 12GB
Service Application 2 6GB 8GB 12GB
Roles Only
Dedicated Search 2 8GB 10GB 16GB
Service App
Combined 4 10GB 12GB 18GB
Web/Search/Service
Apps
Database* 4 10GB 16GB 24GB
http://www.sharingthepoint.org
11. Allows Organizations that wouldn’t normally be able to have a test
environment to run one
Allows for separation of the database role onto a dedicated server
Can be more easily scaled out in the future
http://www.sharingthepoint.org
12. High-
Availability
across Hosts
All
components
Virtualized
Uses only
two
Windows
Ent Edition
Licenses
http://www.sharingthepoint.org
13. Highest
transaction
servers are
physical
Multiple
farm
support,
with DBs for
all farms on
the SQL
cluster
http://www.sharingthepoint.org
18. Data Management
Distribute Data Across Content DBs and Site Collections
Start with a distributed architecture of content
databases from the beginning, within reason (more
than 50 per SQL instance is not recommended)
Distribute content across Site Collections from the
beginning as well, it is very difficult to extract
content after the face
Allow your environment to scale and your users to
‘grow into’ their SharePoint site collections
http://www.sharingthepoint.org
20. Data Management
Binary Large OBject (BLOB) Storage
BLOBs are unstructured content stored in SQL
Includes all documents, pictures, and files stored
in SharePoint
Excludes Metadata and Context, information
about the document, version #, etc.
Until recently, could not be removed from
SharePoint Content Databases
Classic problem of structured vs. unstructured
data – unstructured data doesn’t really belong in
a SQL Server environment
http://www.sharingthepoint.org
21. Data Management
Getting your BLOBs out of the Content DBs
Can reduce dramatically the size of Content DBs, as upwards
of 80%-90% of space in content DBs is composed of BLOBs
Can move BLOB storage to more efficient/cheaper storage
Improve performance and scalability of your SharePoint
deployment – But highly recommended to use third party
http://www.sharingthepoint.org
23. SQL Database Optimization
Content Databases Distributed Between Multiple Volumes
• Break Content Databases and TempDB into multiple
files (MDF, NDF), total should equal number of
physical processors (not cores) on SQL server.
• Pre-size Content DBs and TempDB to avoid
fragmentation
• Separate files onto different drive spindles for best IO
perf.
• Example: 100GB total Content DB on Four-way SQL
Server would have four database files distributed
across four sets of drive spindles = 25GB pre-sized for
each file.
http://www.sharingthepoint.org
24. SQL Database Optimization
TempDB Best practices
• TempDB is critical for performance
• Pre-size to 20% of the size of the largest content
database.
• Break into multiple files across spindles as noted
• Note there is a separate TempDB for each physical
instance
• Note that if using SQL Transparent Data Encryption
(TDE) for any databases in an instance, the tempDB is
encrypted.
http://www.sharingthepoint.org
26. Single Site
Synchronous
Replication
Uses a SQL
Witness Server
to Failover
Automatically
Mirror all
SharePoint
DBs in the
Farm
Use a SQL
Alias to switch
to Mirror
Instance
http://www.sharingthepoint.org
27. Two Sites
1 ms
Latency
1GB
Bandwidth
Farm
Servers in
each
location
Auto
Failover
http://www.sharingthepoint.org
28. Two Sites
Two Farms
Mirror only
Content
DBs
Failover is
Manual
Must Re-
index
More
details…
http://www.sharingthepoint.org
30. For most flexibility, choose
‘Complete’ Installation, even
if not installing all of the
roles on the server. This will
allow for the addition of
roles in the future as
needed.
Be sure not to select ‘Stand-
Alone’, unless you plan on
having a very small farm
with a limited database
(SQL Server Express)
http://www.sharingthepoint.org
31. Service Account Name Role of Service Account Special Permissions
COMPANYABCSRV-SP-Setup SharePoint Installation Account Local Admin on all SharePoint servers (for
install of SP).
COMPANYABCSRV-SP-SQL SQL Service Account(s) – Should be separate Local Admin on Database Server(s)
admin accounts from SP accounts. (Generally, some exceptions apply)
COMPANYABCSRV-SP-Farm SharePoint Farm Account(s) – Can also be N/A
standard admin accounts. RBAC principles
apply ideally.
COMPANYABCSRV-SP-Search Search Account N/A
COMPANYABCSRV-SP- Default Content Access Account Read rights to any external data sources
Content to be crawled
COMPANYABCSRV-SP-Prof Default Profiles Access Account Member of Domain Users (to be able to
read attributes from users in domain) and
‘Replicate Directory Changes’ rights in
AD.
COMPANYABCSRV-SP-AP-SPCA Application Pool Identity account for DBCreator and Security Admin on SQL.
SharePoint Central Admin. Create and Modify contacts rights in AD
OU used for email.
COMPANYABCSRV-SP-AP- Application Pool Identity account for the N/A
Data Content related App Pool (Portal, MySites,
http://www.sharingthepoint.org
33. Infrastructure Security and Best Practices
Best Practice Service Account Setup
Kerberos Authentication
Data Security
SharePoint Security ACLs and Role Based Access
Control (RBAC)
Transparent Data Encryption (TDE) of SQL Databases
Transport Security
Secure Sockets Layer (SSL) from Server to Client
IPSec from Client to Server
Inbound Internet Security (Forefront UAG/TMG) / Certs
Rights Management
http://www.sharingthepoint.org
34. Use multiple service accounts, definitely don’t
mix Application Pool identity accounts with the
farm admin accounts
Consider DB Mirroring as a DR option
Consider Server virtualization for design
flexibility
One last best practice – Don’t forget Antivirus
and Backup
http://www.sharingthepoint.org