Your SlideShare is downloading. ×

Demystifying SharePoint Infrastructure – for NON-IT People

149
views

Published on

This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic …

This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic building blocks of SharePoint infrastructure – things like DNS, load balancing, AD, high availability and disaster recovery, backup options, database options, and some of the core components of Windows in an understandable way so you can speak the lingo and seem really smart!

Zvonimir Mavretić

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
149
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic building blocks of SharePoint infrastructure – things like DNS, load balancing, AD, high availability and disaster recovery, backup options, database options, and some of the core components of Windows in an understandable way so you can speak the lingo and seem really smart!
  • Identical (or nearly)hardware requiredMust be geographically next to each other right nowOnly one disk – so when data is deleted, it’s deleted instantlyPay attention to hardware compatibilityVirtual clusters may work, may notClustering + Mirroring = Hotness
  • Two separate servers, with two independent sets of disksTransactions are committed at both servers before the result is returned to the clientMachines must be very close to each other, like in the same stateFailovers are done at the individual database levelDoesn’t include anything that’s not inside the database, like logins and jobsBe wary of accidental failoversBe wary of single-db failoversBe wary of index maintenance jobsMonitor performance closely
  • Can use 2-way replication or p2p replication to get high availabilityCan be DR since you can have replication partners far apartLot more work and management involvedNot a set-it-and-forget it solutionBe wary of schema changesNot all 3rd party apps support itCan be bandwidth-intensiveCan fall behindNeed a good monitoring solution
  • Same as our synchronous mirroring slide, but the servers can be a long way from each other
  • Still need regular backup strategyRun one server “behind” for restoresCompressed backups reduce storage and bandwidth problemsMonitor what’s happening
  • It’s complicated.It’s expensive.It requires full time dedicated management staff.Learn it once, and it works for all of your applications AND all of your OS’s.
  • Picture is from NetApp, but the same concept applies across multiple vendorsOnly works for virtualized gear
  • Transcript

    • 1. Demystifying SharePoint Infrastructure – for NON-IT People ZVONIMIR MAVRETIĆ, EVISION / K2 ADRIATICS SHAREPOINT AND PROJECT CONFERENCE ADRIATICS 2013 ZAGREB, NOVEMBER 27-28 2013
    • 2. sponsors
    • 3. SharePoint infrastructure • Lot of acronyms: • • • • • • • • • • • TCP/IP - Transmission Control Protocol/Internet Protocol DNS - Domain Name System HTTP - Hypertext Transfer Protocol TLS/SSL - Transport Layer Security/Secure Sockets Layer CA & PKI – Certificate Authority and Public Key Infrastructure SMTP – Simple Mail Transfer Protocols LDAP - Lightweight Directory Access Protocol AD – Active Directory HA & DR – High Availability and Disaster Recovery NLB – Network Load Balancing …
    • 4. TCP/IP - Transmission Control Protocol/Internet Protocol • The Internet protocol suite is the networking model and a set of communications protocols used for the Internet and similar networks. • It is commonly known as TCP/IP, because its most important protocols, the Transmission Control Protocol (TCP) and the Internet Protocol (IP), were the first networking protocols defined in this standard. • It is occasionally known as the DoD model, because the development of the networking model was funded by DARPA, an agency of the United States Department of Defense. Source: http://en.wikipedia.org/wiki/Internet_protocol_suite
    • 5. DNS – Simple explanation • Servers on the Internet have IP Addresses, like a telephone number. • A Domain Name (like evision.hr, twitter.com, or microsoft.com) is a name badge on the Internet. • DNS (domain name system) service is the Internet’s Telephone Book. • If you have someone’s name, you can look up their phone number. • DNS maps domain names to IP addresses and other pieces of network data to get you to the right place.
    • 6. DNS - Domain Naming System • Provides resolution of names to IP addresses and resolution of IP addresses to names • Forward lookup - Requests name-to-address resolution • Reverse lookup - Requests address-to-name resolution • Client/Server system • Name Servers - contain information about some segments of the database • Resolvers - create queries and send them across the network to a name server • FQDN • Fully Qualified Domain Name • Identifies a host’s name within the DNS namespace hierarchy • Host name plus DNS domain name = FQDN
    • 7. DNS Namespace • Defines a hierarchical namespace where each level of the namespace is separated by a “.” . Root .com Top-Level Domain TLD Second-Level Domain Domain Subdomain microsoft.com www.microsoft.co m … .org k2.com … www.k2.com help.k2.com .hr evision.hr www.evision.hr
    • 8. How DNS Works Am Root in Query: Is Iterative cache? name Hints: I authoritative? b.root-servers.net server1.microsoft.com. No [128.9.0.107] 10.1.1.1 j.root-servers.net [198.41.0.10] 10.1.1.1 To: Root [193.0.14.129] Am I authoritative? Is name k.root-servers.net Servers know. Ask: in cache? I don’t l.root-servers.net [198.32.64.12] Delegation: No a.gtld-servers.net m.root-servers.net [202.12.27.33] [192.5.6.30] g-gtld-servers.net [192.42.93.30] = .com. Cache response i.root-servers.net [192.36.148.17] c.gtld-servers.net [192.26.92.30] e.root-servers.net [192.203.230.10] a.gtld-servers.net [192.5.6.30] i.gtld-servers.net d.root-servers.net [128.8.10.90] g-gtld-servers.net [192.42.93.30] [192.36.144.133 a.root-servers.net [198.41.0.4] Is Am I authoritative? c.gtld-servers.net [192.26.92.30] I don’t know. Ask: name in cache? ] h.root-servers.net [128.63.2.53] i.gtld-servers.net [192.36.144.133] Delegation: b.gtld-servers.net c.root-servers.net [192.33.4.12] [203.181.106.5] dns2.cp.msft.net [207.46.138.21] No [203.181.106.5] b.gtld-servers.net d.gtld-servers.net g.root-servers.net [192.112.36.4] [192.31.80.30] server1.microsoft.com=192.168.7.99 dns1.cp.msft.net [207.46.138.20] microsoft.com. = d.gtld-servers.net [192.31.80.30] l.gtld-servers.net server1.microsoft.com=192.168.7.99 f.root-servers.net [192.5.5.241] [192.41.162.30] dns1.tk.msft.net [207.46.232.37] l.gtld-servers.net f.gtld-servers.net [192.35.51.30] [192.41.162.30] dns2.tk.msft.net [207.46.232.38] f.gtld-servers.net [192.35.51.30] dns2.cp.msft.net Recursive Query: server1.microsoft.com. [207.46.138.21] j.gtld-servers.net dns3.uk.msft.net j.gtld-servers.net [210.132.100.101] dns1.cp.msft.net [207.46.138.20] [210.132.100.10 [213.199.144.15 I authoritative? k.gtld-servers.net [213.177.194.5] dns1.tk.msft.net [207.46.232.37] Am Is name in cache? Recursive Query: server1.microsoft.com. 1] 1] e.gtld-servers.net [207.46.232.38] dns2.tk.msft.net k.gtld-servers.net [213.177.194.5] [192.12.94.30] dns4.uk.msft.net Yes No m.gtld-servers.net [213.199.144.151] [202.153.114.101] dns3.uk.msft.net Cache e.gtld-servers.net [192.12.94.30] [213.199.144.152] response [213.199.144.15 dns4.uk.msft.net m.gtld-servers.net 2] dns3.jp.msft.net [207.46.72.123] [202.153.114.10 dns3.jp.msft.net [207.46.72.123] dns4.jp.msft.net Preferred DNS Server: 10.1.1.1 [207.46.72.124] 1] dns4.jp.msft.net [207.46.72.124] dns1.dc.msft.net [207.68.128.151] dns1.dc.msft.net dns2.dc.msft.net [207.68.128.152] [207.68.128.151 http/tcp session- 192.168.7.99 dns1.sj.msft.net [207.46.97.11] ] dns2.dc.msft.net http://server1.microsoft.com [207.68.128.152 ] dns1.sj.msft.net [207.46.97.11] Root Server TLD Server microsoft.com DNS Servers 192.168.7.99
    • 9. DNS - Popular Record Types • Address Records / Host (A or AAAA) • points names to IPv4 (A) or IPv6 (AAAA) addresses • ex. www.evision.hr is at 141.138.14.171 • Canonical Name / Alias (CNAME) • points one name to another • intranet.evision.hr is an alias for www.evision.hr • Mail Exchanger Records (MX) • points email to an inbound email server • mail.evision.hr handles mail for evision.hr • Pointer Records (PTR) • points address to name • 141.138.14.171 is the address for www.evision.hr
    • 10. HTTP - Hypertext Transfer Protocol • Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. Client request Server response Source: http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
    • 11. TLS/SSL - Transport Layer Security/Secure Sockets Layer • Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which are designed to provide communication security over the Internet. • X.509 certificates and asymmetric cryptography are used verify counterparty to exchange a symmetric key. • Symmetric session key is used to encrypt data between the parties. • Certificate authorities and a public key infrastructure are needed to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates Source: http://en.wikipedia.org/wiki/Transport_Layer_Security
    • 12. CA & PKI - Certificate Authority and Public Key Infrastructure • Certificate authority or certification authority (CA), is an entity that issues digital certificates. • Digital certificate certifies the ownership of a public key by the named subject of the certificate. • CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. • Commercial CA issues certificates automatically trusted by most web browsers – VeriSign, GeoTrust, Thawte Digital Certificates, Entrust.net,… • Internal CA issues certificates trusted only on managed devices - manually or through policy deployed root CA certificates as trusted • A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates Source: http://en.wikipedia.org/wiki/Certificate_authority and http://en.wikipedia.org/wiki/Public_key_infrastructure
    • 13. SMTP – Simple Mail Transfer Protocols • Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks • SMTP uses TCP port 25. SMTP connections secured by SSL are known by SMTPS on TCP port 465 • Electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages • User-level client mail applications to access their mail box accounts on a mail server usually use some of this: • SMTP for sending, Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP) for retrieving • Exchange ActiveSync or Exchange Messaging Application Programming Interface (MAPI) Source: http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
    • 14. LDAP - Lightweight Directory Access Protocol • The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. • Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. • A common usage of LDAP is to provide a "single sign-on" where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet). Source: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
    • 15. AD – Active Directory • Microsoft implementation of directory services • Provides a centralized location to store information in a distributed environment about networked devices and services and the people who use them. • Implements the services that make this information available to users, computers, and applications. • Acts both as a database storage system (directory store) and a set of services that provide the means to securely add, modify, delete, and locate data in the directory store • Lightweight Access Directory Protocol (LDAP) is the primary access protocol for Active Directory.
    • 16. Some Active Directory Terminology • Forest – A collection of one or more trees of domains, organized as peers and connected by two-way transitive trusts. The forest holds one or more trees. • Trees - A tree holds one or more Domain and domain trees, linked in a hierarchy. • Domains – A directory-based container object containing a hierarchical structure of other containers and objects. Domains can be joined into trees of domains • Domain Controllers – Stores a physical Copy of the Active Directory Database and runs logon services • Kerberos - authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
    • 17. HA & DR – High Availability and Disaster Recovery High Availability is for: Photo licensed with Creative Commons, used from: http://www.flickr.com/photos/melancon/280076809/ Disaster Recovery is for: Photo licensed with Creative Commons, used from: http://www.flickr.com/photos/meltedplastic/2854777253/
    • 18. HA & DR – High Availability and Disaster Recovery High Availability is for: • • • • Clustering Synchronous Mirroring Replication AlwaysOn Availability Groups in SQL 2012 Photo licensed with Creative Commons, used from: http://www.flickr.com/photos/melancon/280076809/ Disaster Recovery is for: • • • • • • Replication Asynchronous Mirroring Log Shipping SAN Replication Virtualization Replication Geo-distributed clustering in SQL 2012 • AlwaysOn Availability Groups in SQL 2012 Photo licensed with Creative Commons, used from: http://www.flickr.com/photos/meltedplastic/2854777253/
    • 19. HA: Clustering
    • 20. HA: Synchronous Mirroring
    • 21. HA & DR: Replication
    • 22. DR: Asynchronous Mirroring
    • 23. DR: Log Shipping
    • 24. DR: SAN Replication
    • 25. DR: Virtualization Replication
    • 26. HA & DR: AlwaysOn Availability Groups
    • 27. NLB – Network Load Balancing • Load balancing is a technique to spread work between many computers, processes, disks or other resources in order to get optimal resource utilization and decrease computing time. • A load balancer can be used to increase the capacity of a server farm beyond that of a single server. • It can also allow the service to continue even in the face of server down time due to server failure or server maintenance. • A load balancer consists of a virtual server which, in turn, consists of an IP address and port. • Virtual server is bound to a number of physical services running on the physical servers in a server farm. • A client sends a request to the virtual server, which in turn selects a physical server in the server farm and directs this request to the selected physical server.
    • 28. questions? ZVONIMIR.MAVRETIC@EVISION.HR @ZVONIMIRM
    • 29. thank you. SHAREPOINT AND PROJECT CONFERENCE ADRIATICS 2013 ZAGREB, NOVEMBER 27-28 2013