What’s new in Infrastructure forSharePoint 2013
Software/Hardware RequirementsType                              Memory         ProcessorDev/Stage/Test server             ...
Changes in Service Applications and New Service Applications
New Service Applications
Distributed Cache Service
Request Management (RM)
User Profile Sync – Three Options for Deployment
Claims-based Authentication - Default
Shredded Storage
Team Mailboxes – Exchange 2013 Integration
Search – FAST Search now included
Mobile Device Improvements
Architecting the Farm
Three Layers of SharePoint Infrastructure                  Web        Service Apps                  Data
Small Farm Models‘All-in-One’ (Avoid)                           DB and SP Roles Separate
Smallest Highly Available Farm
Best Practice ‘Six Server Farm’
Ideal – Separate Service App Farm + Content Farm(s)
Large SharePoint Farms
SharePoint Virtualization
Sample 1: Single Server Environment   Allows organizations that wouldn’t normally be able to have a test    environment t...
Sample 2: Two Server Highly Available Farm   High-    Availability    across Hosts   All    components    Virtualized  ...
Sample 3: Mix of Physical and Virtual Servers   Highest    transaction    servers are    physical   Multiple    farm    ...
Scaling to Large Virtual Environments
Virtualization of SharePoint Servers         Virtualization Performance Monitoring                               • Network...
Data Management
Sample Distributed Content Database Design
Remote BLOB Storage (RBS)
SQL Database Optimization
Multiple Files for SharePoint Databases Volume #1             Volume #2         Volume #3         Volume #4DB-A     DB-B  ...
Multiple Files for SharePoint Databases• Break Content Databases and TempDB into multiple files (MDF, NDF), total  should ...
SQL Database Optimization                     SQL Maintenance Plans• Implement SQL Maintenance Plans!• Include DBCC (Check...
High Availability and Disaster Recovery
Comparison of High Availability and                                                            Disaster Recovery Options  ...
AlwaysOn Availability Groups in SQL 2012
Network Load Balancinghttp://tinyurl.com/vmwarenlbfix
Network Load Balancing
Security and Documentation
Five Layers of SharePoint Security• Infrastructure Security and Best practices• Data Security• Transport Security• Edge Se...
Sample List of Service AccountsService Account Name        Role of Service Account                            Special Perm...
Enable Kerberos  When creating any Web Applications, USE  KERBEROS. It is much more secure and also faster  with heavy loa...
Role Based Access Control (RBAC)   Role Groups defined within Active Directory (Universal   Groups) – i.e. ‘Marketing,’ ‘S...
SQL Transparent Data Encryption (TDE)  SQL Server 2008, 2008 R2, 2012 Enterprise  Edition Feature  Encrypts SQL Databases ...
Client to Server: Using Secure Sockets Layer (SSL) Encryption  External or Internal Certs highly  recommended  Protects Tr...
Server to Server: Using IPSec to encrypt traffic  By default, traffic between SharePoint  Servers (i.e. Web and SQL) is  u...
Forefront UAG (SSL/VPN) vs. Forefront TMGCapability                                                                      T...
Active Directory Rights Management Services (AD RMS) AD RMS is a form of Digital Rights Management (DRM) technology, used ...
SPDocKithttp://tinyurl.com/spdockit
(http://tinyurl.com/sp2013unleashed)            (http://tinyurl.com/virtualsp)(http://tinyurl.com/mirrorsp )(http://tinyur...
Session SummarySQL 2012 AlwaysOn Availability Groups for SharePoint 2010
Michael Noel     Twitter: @MichaelTNoel            www.cco.comSlides: slideshare.net/michaeltnoel
Ultimate SharePoint Infrastructure Best Practices Session - Live360 Orlando 2012
Ultimate SharePoint Infrastructure Best Practices Session - Live360 Orlando 2012
Upcoming SlideShare
Loading in …5
×

Ultimate SharePoint Infrastructure Best Practices Session - Live360 Orlando 2012

1,743 views
1,624 views

Published on

Ultimate SharePoint Infrastructure Best Practices Session - Live360 Orlando 2012

  1. 1. What’s new in Infrastructure forSharePoint 2013
  2. 2. Software/Hardware RequirementsType Memory ProcessorDev/Stage/Test server 8GB RAM 4 CPU‘All-in-one’ DB/Web/SA 24GB RAM 4 CPUWeb/SA Server 12GB RAM 4 CPUDB Server (medium environments) 16GB RAM 8 CPUDB Server (small environments) 8GB RAM 4 CPU
  3. 3. Changes in Service Applications and New Service Applications
  4. 4. New Service Applications
  5. 5. Distributed Cache Service
  6. 6. Request Management (RM)
  7. 7. User Profile Sync – Three Options for Deployment
  8. 8. Claims-based Authentication - Default
  9. 9. Shredded Storage
  10. 10. Team Mailboxes – Exchange 2013 Integration
  11. 11. Search – FAST Search now included
  12. 12. Mobile Device Improvements
  13. 13. Architecting the Farm
  14. 14. Three Layers of SharePoint Infrastructure Web Service Apps Data
  15. 15. Small Farm Models‘All-in-One’ (Avoid)  DB and SP Roles Separate
  16. 16. Smallest Highly Available Farm
  17. 17. Best Practice ‘Six Server Farm’
  18. 18. Ideal – Separate Service App Farm + Content Farm(s)
  19. 19. Large SharePoint Farms
  20. 20. SharePoint Virtualization
  21. 21. Sample 1: Single Server Environment Allows organizations that wouldn’t normally be able to have a test environment to run one Allows for separation of the database role onto a dedicated server Can be more easily scaled out in the future
  22. 22. Sample 2: Two Server Highly Available Farm High- Availability across Hosts All components Virtualized Uses only two Windows Ent Edition Licenses
  23. 23. Sample 3: Mix of Physical and Virtual Servers Highest transaction servers are physical Multiple farm support, with DBs for all farms on the SQL cluster
  24. 24. Scaling to Large Virtual Environments
  25. 25. Virtualization of SharePoint Servers Virtualization Performance Monitoring • Network Bandwidth – <60% Utilization = Good Bytes Total/sec 60%-90% = Caution >90% = Trouble – <40% Utilization = Good – 41%-64% = Caution 50% and above = Good – >65% = Trouble 10%-50% = OK • Network Latency - Output <10% = Trouble Queue Length – 0 = Good Up to 15ms = fine – 1-2= OK 15ms-25ms = Caution – >2 = Trouble >25ms = Trouble
  26. 26. Data Management
  27. 27. Sample Distributed Content Database Design
  28. 28. Remote BLOB Storage (RBS)
  29. 29. SQL Database Optimization
  30. 30. Multiple Files for SharePoint Databases Volume #1 Volume #2 Volume #3 Volume #4DB-A DB-B DB-A DB-B DB-A DB-B DB-A DB-BFile 1 File 1 File 2 File 2 File 3 File 3 File 4 File 4Tempdb File 1 Tempdb File 2 Tempdb File 3 Tempdb File 4
  31. 31. Multiple Files for SharePoint Databases• Break Content Databases and TempDB into multiple files (MDF, NDF), total should equal number of physical processors (not cores) on SQL server.• Pre-size Content DBs and TempDB to avoid fragmentation• Separate files onto different drive spindles for best IO perf.• Example: 50GB total Content DB on Two-way SQL Server would have two database files distributed across two sets of drive spindles = 25GB pre-sized for each file.
  32. 32. SQL Database Optimization SQL Maintenance Plans• Implement SQL Maintenance Plans!• Include DBCC (Check Consistency) and either Reorganize Indexes or Rebuild Indexes, but not both!• Add backups into the maintenance plan if they don’t exist already• Be sure to truncate transaction logs with a T- SQL Script (after full backups have run…)
  33. 33. High Availability and Disaster Recovery
  34. 34. Comparison of High Availability and Disaster Recovery Options Potential Potential High Availability and Disaster Recovery Automatic Additional Data Loss Recovery Time SQL Server Solution Failover Readable Copies (RPO) (RTO)AlwaysOn Availability Groups – Synchronous (Dual-phase None 5-7 Seconds Yes 0-2commit, no data loss, can’t operate across WAN)AlwaysOn Availability Groups – Asynchronous (Latency Seconds Minutes No 0-4tolerant, cross WAN option, potential for data loss)AlwaysOn Failover Cluster Instance (FCI) – Traditional NA 30 Seconds to Yes N/Ashared storage clustering several minutes (depending on disk failover)Database Mirroring - High-safety (Synchronous) Zero 5-10 seconds Yes N/ADatabase Mirroring - High-performance (Asynchronous) Seconds Manually No N/A initiated, can be a few minutes if automatedSQL Log Shipping Minutes Manually No Not during initated, can be a restore a few minutes if automated, by typically hoursTraditional Backup and Restore Hours to Typically No Not during Days multiple hours, a restore days, or weeks
  35. 35. AlwaysOn Availability Groups in SQL 2012
  36. 36. Network Load Balancinghttp://tinyurl.com/vmwarenlbfix
  37. 37. Network Load Balancing
  38. 38. Security and Documentation
  39. 39. Five Layers of SharePoint Security• Infrastructure Security and Best practices• Data Security• Transport Security• Edge Security• Rights Management
  40. 40. Sample List of Service AccountsService Account Name Role of Service Account Special PermissionsCOMPANYABCSRV-SP-Setup SharePoint Installation Account Local Admin on all SP Servers (for installs)COMPANYABCSRV-SP-SQL SQL Service Account(s) – Should be separate Local Admin on Database Server(s) admin accounts from SP accounts. (Generally, some exceptions apply)COMPANYABCSRV-SP-Farm SharePoint Farm Account(s) – Can also be N/A standard admin accounts. RBAC principles apply ideally.COMPANYABCSRV-SP-Search Search Account N/ACOMPANYABCSRV-SP-Content Default Content Access Account Read rights to any external data sources to be crawledCOMPANYABCSRV-SP-Prof Default Profiles Access Account Member of Domain Users (to be able to read attributes from users in domain) and ‘Replicate Directory Changes’ rights in AD.COMPANYABCSRV-SP-AP-SPCA Application Pool Identity account for SharePoint DBCreator and Security Admin on SQL. Create Central Admin. and Modify contacts rights in OU used for mail.COMPANYABCSRV-SP-AP-Data Application Pool Identity account for the N/A Content related App Pool (Portal, MySites, etc.) Additional as needed for security.
  41. 41. Enable Kerberos When creating any Web Applications, USE KERBEROS. It is much more secure and also faster with heavy loads as the SP server doesn’t have to keep asking for auth requests from AD. Kerberos auth does require extra steps, which makes people shy away from it, but once configured, it improves security considerably and can improve performance on high-load sites. Should also be configured on SPCA Site! (Best Practice = Configure SPCA for NLB, SSL, and Kerberos (i.e. https://spca.companyabc.com)
  42. 42. Role Based Access Control (RBAC) Role Groups defined within Active Directory (Universal Groups) – i.e. ‘Marketing,’ ‘Sales,’ ‘IT,’ etc. Role Groups added directly into SharePoint ‘Access Groups’ such as ‘Contributors,’ ‘Authors,’ etc. Simply by adding a user account into the associated Role Group, they gain access to whatever rights their role requires. User1 Role SharePoint Group Group User2
  43. 43. SQL Transparent Data Encryption (TDE) SQL Server 2008, 2008 R2, 2012 Enterprise Edition Feature Encrypts SQL Databases Transparently, SharePoint is unaware of the encryption and does not need a key Encrypts the backups of the database as well
  44. 44. Client to Server: Using Secure Sockets Layer (SSL) Encryption External or Internal Certs highly recommended Protects Transport of content 20% overhead on Web Servers Can be offloaded via SSL offloaders if needed Don’t forget for SPCA as well!
  45. 45. Server to Server: Using IPSec to encrypt traffic By default, traffic between SharePoint Servers (i.e. Web and SQL) is unencrypted IPSec encrypts all packets sent between servers in a farm For very high security scenarios when all possible data breaches must be addressed
  46. 46. Forefront UAG (SSL/VPN) vs. Forefront TMGCapability TMG 2010 UAG 2010Publish Web applications using HTTPS X XPublish internal mobile applications to roaming mobile devices X XLayer 3 firewall X X*Outbound scenarios support X X*Array support X XGlobalization and administration console localization X XWizards and predefined settings to publish SharePoint sites and Exchange X XWizards and predefined settings to publish various applications XActive Directory Federation Services (ADFS) support XRich authentication (for example, one-time password, forms-based, smart card) X XApplication protection (Web application firewall) Basic FullEndpoint health detection XInformation leakage prevention XGranular access policy XUnified Portal X
  47. 47. Active Directory Rights Management Services (AD RMS) AD RMS is a form of Digital Rights Management (DRM) technology, used in various forms to protect content Used to restrict activities on files AFTER they have been accessed: Cut/Paste Print Save As… Directly integrates with SharePoint DocLibs
  48. 48. SPDocKithttp://tinyurl.com/spdockit
  49. 49. (http://tinyurl.com/sp2013unleashed) (http://tinyurl.com/virtualsp)(http://tinyurl.com/mirrorsp )(http://tinyurl.com/kerbsp)(http://tinyurl.com/SPFarm-Config)(http://tinyurl.com/SPDocKit)
  50. 50. Session SummarySQL 2012 AlwaysOn Availability Groups for SharePoint 2010
  51. 51. Michael Noel Twitter: @MichaelTNoel www.cco.comSlides: slideshare.net/michaeltnoel

×