• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SharePoint Insanity Demystified
 

SharePoint Insanity Demystified

on

  • 467 views

After years of helping organizations around the world to deploy and implement SharePoint, Dan Holme has found that there are certain pain points that almost everyone encounters. Some are confusing ...

After years of helping organizations around the world to deploy and implement SharePoint, Dan Holme has found that there are certain pain points that almost everyone encounters. Some are confusing concepts. Some are unfortunate decisions made based on misunderstanding Microsoft’s UI or documentation. Some are due to unnecessarily complex terminology. And some because there are things we might think that SharePoint should do, but can’t. In this session, Dan will share the most common and problematic scenarios, and their solutions, with the goal of saving you pain, time, and money. Think of this session as “Lessons Learned,” “Best Practices,” or “From the Field” on steroids. Whether you’re new to SharePoint or a seasoned veteran, in this grab-bag session there will be treasures for you!

This session is effectively a “grab bag” of small, hot topics that are underdocumented, over-hyped, or misunderstood by the community. I will vary the content of this session based on the other sessions that are being presented at the event, and based on the current “hot topics” in the SharePoint community.

Statistics

Views

Total Views
467
Views on SlideShare
467
Embed Views
0

Actions

Likes
0
Downloads
15
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Secure store accounts
  • Confirm perms assigned in 2013During farm setup: dbcreator and securityadmin fixed server rolesCreating databses: db_owner fixed db role for all SharePoint databasesAdding servers to farm: Given permissions a new server automatically
  • http://get-sharepoint.com/2013/05/the-super-reader-account-utilized-by-the-cache-does-not-have-sufficient-permissions-to-sharepoint-database/http://absolute-sharepoint.com/2012/12/sharepoint-2013-service-accounts-best-practices-is-there-a-golden-solution-for-all-farms.htmlhttp://blogs.technet.com/b/rhartskeerl/archive/2011/08/22/sql-server-code-name-denali-adds-support-for-managed-service-accounts.aspx
  • TCP/IP v Named Pipes
  • Discuss the challenges of RTM guidance: what was “guidance” and what was “support”?CONDITIONS APPLYContent databases of up to 4 TB are supported when the following requirements are met:Disk sub-system performance:0.25 IOPs per GB minimum2.00 IOPs per GB recommended for optimal performanceTTFB of 20msArchitecture and tools must support performance expectations, future capacity, backup, restore, high availability, disaster recoveryDiscussion: Does anyone have more than a terabyte of data in their farm? Does anyone have a database larger than 200GB? Are there any negative performance impacts? Does anyone have 2GB / 1GB / 500MB files stored in SharePoint? How do they perform? How fast is your SharePoint farm growing? If you haven’t deployed SharePoint, how do you know how much storage you’ll need?

SharePoint Insanity Demystified SharePoint Insanity Demystified Presentation Transcript

  • Resources http://technet.microsoft.com/en-us/library/ee662513.aspx http://technet.microsoft.com/en-us/library/cc678863.aspx
  • SQL Server service: SQL_Service, * SQL administrator: SQL_Admin SharePoint Administrator and Setup User: SP_Admin SharePoint Farm Service: SP_Farm Application pool accounts SP_WebApps SP_MySiteApp * SP_ServiceApps * Default content access (crawl) account: SP_Crawl, * User Profile Synchronization account: SP_UserSync Object cache accounts: SP_CacheSR, SP_CacheSU
  • SQL Database Engine service account: SQL_Service SQL service ownership account: SQL_Admin Resources http://technet.microsoft.com/en-us/library/ms144228.aspx http://download.microsoft.com/download/8/F/A/8FABACD7-803E-40FC-ADF8355E7D218F4C/SQL_Server_2012_Security_Best_Practice_Whitepaper_Apr2012.docx SQL Agent service account: SQL_Agent
  • SharePoint Administrator and Setup User Used by a service admin to perform bit-level changes Unique, “generic” SharePoint administrative account Not your “normal” user or admin account
  • Domain user account Administrator SQL privileges PowerShell privileges
  • SharePoint Farm Service Used for highly privileged SharePoint services Domain user account SharePoint assigns permissions automatically
  • Extra privileges: UPS Before provisioning User Profile Synchronization Service 1. Add SP_Farm to local Administrators
  • Collab Intranet WSS_CONTENT_APPLICATION_POOLS role Extranet
  • Web and service application pool accounts Domain user accounts Register as managed accounts in the SharePoint farm Assigned as the application pool identity Permissions required depend on the web app or service application
  • My Site web application SP_MySiteApp Account for each application pool to isolate access
  • SharePoint Search default content access account Domain user account Requires read permission to indexed content sources Configure SP_Crawl before creating web apps Assign Read permission to all other indexed content sources Create additional content access accounts
  • SharePoint User Profile Synchronization Domain user account Requires Replicating Directory Changes permission on domain
  • Object cache accounts See http://technet.microsoft.com/en-us/library/ff758656.aspx Note: this is not the same as BLOB cache or remote BLOB store. This has to do with versions & drafts
  • Office Web Apps (2013) Secure Store
  • SharePoint Automation: SP_Automation Rights required to perform automated tasks
  • SharePoint Enterprise Administrator: SP_EnterpriseAdmin Least privilege not always possible SQL Administrator Local Administrators Farm Administrators Disabled until needed
  • Each farm… … needs its own “set” of accounts naming convention SP_Farm SP_Farm_Dev SP_Farm_Test Why?
  • Account permissions and security settings in SharePoint 2013 http://technet.microsoft.com/en-us/library/cc678863.aspx Configure object cache user accounts in SharePoint Server 2013 http://technet.microsoft.com/en-us/library/ff758656.aspx
  • Import-CSV $filename | New-ADUser -Path $ou –PassThru | Set-ADAccountPassword -Reset –NewPassword (ConvertToSecureString –AsPlaintext $password –Force) -PassThru | Enable-ADAccount Write-Host "Complete"
  • What is a service account? The #1 problem with service accounts is…. PASSWORD CHANGES Service account password is changed Painful! Result… Admins set Password never expires
  • In a nutshell Register a managed account Use a managed account
  • Manual Password Change for a managed account Benefits Does not require any delegation in Active Directory CHANGE PASSWORD
  • Automatic Password Change for an individual managed account Benefits
  • Use them Configure automatic password management Know the limitations
  • SQL alias SQL Alias SQLSERVER01.contoso.com = NYSQL05.contoso.com today = NYSQLCLUSTER.contoso.com tomorrow = NYSQLCLUSTER.newcompany.com next year Configure a SQL alias CLICONFG.exe on each SharePoint server in the farm Do not “Fake it out” with a DNS record Kerberos Consider “tiers” of aliases to support SQL scaling Content Databases: SQLSPCONTENT Search Databases: SQLSPSEARCH Service Application Databases: SQLSPSERVICES
  • workflows security SQL Content Database metadata “Document” BLOB Binary Large Object (BLOB)
  • Content Databases TempDB Model – Monitor – Measure – Modify
  • Content Database Site Collection Items per CDB *Conditions apply: Performance, DR, HA
  • Report Invite Manage
  • Scope Share Shared With Advanced Site or Site Settings List or Library Folder Document or Site Permissions
  • Scopes Assign permissions Review permissions Manage permissions Reinstate inheritance and remove unique permissions Requires Change Permission permission
  • Share sites or documents with external users Requires full control permission Share a site Share a document Guest links http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/share-sitesor-documents-with-people-outside-your-organization-HA102894713.aspx
  • Enable or disable external sharing Read the documentation! 2013 E: http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manageexternal-sharing-for-your-sharepoint-online-environment-HA102849864.aspx 2013 P: http://office.microsoft.com/en-us/office365-sharepoint-online-small-businesshelp/manage-sharing-with-external-users-HA102849862.aspx 2010: http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/share-a-sitewith-external-users-HA102476183.aspx?CTT=5&origin=HA102849864
  • Site Site Library W W W
  • http://tiny.cc/danholmepresentations http://tiny.cc/danholmearticles http://tiny.cc/danholmebooks dan.holme@intelliem.com @danholme