6. Who Am I: John Calvert?
SharePoint / .NET solution and technical architect
Over 18 years experience developing business solutions for private
industry & government
Recent clients include StatCan, HoC, Justice Canada, NRC, NSERC,
DFAIT, CFPSA, MCC, OSFI
Specialize in Microsoft technologies
Speaker at user groups and conferences
7. Who Am I: Brian-Paul Carline?
Senior Infrastructure and SharePoint Administrator
8. CloudShare: What We Do
Specialized turnkey solutions for
specialized cloud-based IT lab applications:
Sales Enablement Dev & TestTraining
9. Ease of Use ExtensiveTemplate Library Licensing Included
Spin up a fully- configured and
customized environment in
minutes. A web browser is all you
need!
Individual SharePointVMs or pre-
configured, multi-server SharePoint
farms – we have what you need
Our SharePoint templates have
licensing built-in.One less expense.
One less thing to worry about.
Quick Environment Cloning Sharing & Collaboration Resource Management
Copy your whole environment with
a single click – even its current
memory state. Return to a clean
image in minutes.
Invite your colleagues to collaborate
on your environment – across the
office or across the world
Fully configurable policies –
including activity sensing and auto-
suspend – to save your resources
and money
CloudShare allows SharePoint professionals to build single server or multi-server SharePoint farms in minutes, at
a fraction of the time and expense of traditional setup.
o No need for expensive on premise infrastructure. No IT experience required.
CloudShare’sSharePointSolution
10. CloudShare: About Us
Over 500 customers in 100+ countries
Patented cloud computing technology developed with over 200
man-years of top R&D talent
Privately held with HQ in San Francisco and R&D in Tel Aviv
With CloudShare, we have scaled the business without having
to give another thought to the platform we’re running on.
– Kevin Streater, Director of Global Training –
11. Wait: Go Cloud or Hosted!
Office 365 / SharePoint Online:
◦ Optimized topology and config
◦ Highly available, geo-replicated, and scalable
◦ Always patched / always current & cloud-only features
◦ No need for separate Office Online Server (OOS) farm
◦ Highly secure, latest encryption and configuration, BYO encryption keys
◦ Expert behind-the-scenes support team
Requires 3rd party backup & restore / DR solution
◦Multiple Office 365 services will make this complicated
12. Initial Planning
Workloads: Intranet/Internet WCM, Collaboration, Search, BI, etc?
Third-party components: Office Store vs farm solutions
Small vs large farm
Load balancing
High availability
Disaster recovery
Security
Operations
17. Prepare
Pre-reqs: AutoSPSourceBuilder
Farm and service accounts:
◦ Catrinescu model
◦ SharePoint 2013 Service Account Creator
◦ Place in custom dedicated AD OU
Separate drives for indexing, logs, and data
◦ SharePoint
◦ SQL
SP16 requires a separate install of SQL Server
◦ Can be same on server for small farm or Dev/Test
DNS, Virtual IPs
20. Active Directory
Use a dedicated OU
Makes it easy to find
and manage SharePoint
users, groups and
machines
21. Windows Server
Separate drive(s) for
indexing, logs, and data
• Avoid inadvertently
filling the OS drive
• Both SharePoint and
SQL Server
RAID 10
• Better write
performance and
data integrity
22. Install
Use AutoSPInstaller and AutoSPInstaller Online!
SP16 Feature Pack 1
◦ MinRole for small farms: Shared roles; Requires only 2 servers nodes not 4!
◦ Auditing of changes made in Central Admin
◦ Simply the Nov/2016 Public Update; AutoSPInstaller handles it
SP16 Distributed Cache service is a memory hog; 40% of total RAM
Multiple servers in farm?
◦ Windows sysprep and/or two-phase AutoSPInstaller
23. AutoSPInstaller
Online
Prepares an XML config
file to define the
detailed config of
SharePoint farm
including topology, and
service / web apps
Supports host-named
site collection
Wizard-like hierarchy of
options with extensive
help comments and
guidance
28. Configure I
Host-named site collections
Claims authentication mode (default in CA; not in PowerShell)
Fully qualified domain names (FQDN)
Portal Reader / User service accounts
Health Analyzer rules
Set default quota templates on all web applications
31. Configure II
Disable Certificate Revocation List
Wake-up script first thing once per day
Use Alternate Access Mappings (AAM); work for HNSC too!
Avoid extending your web apps, except for different authentication protocols
33. Large Farm Config
Multiple HNSC web app containers on port 80
◦ HNSC Group TEST
◦ HNSC Group QA
◦ Separate app pools for security
Simple
◦ One IP per web app
Less simple
◦ Single IP for all web apps
◦ Manual IIS bindings for each HNSC
34. Operate I
Use named personal AD accounts and groups
Avoid built-in Administrator account and generic / shared AD
accounts
Use web app User Policy to grant global permissions eg for admin /
bulk operations
35. Operate II
Don’t RDP to server / Use remote tools from workstation
◦ Central Admin via browser
◦ Remote PowerShell
◦ Remote IIS Manager (requires specific features enabled on remote server and
local install)
Learn and use PowerShell
Add-SPShellAdmin + AD groups = ?
36. Operate III
Patching has changed in SP16 – Everything is a “Public Update”
Auditing of changes in Central Admin (Feature Pack 1)
Use SharePoint-specific SQL database roles when appropriate
Customizations
◦ Encourage Apps / Add-Ins and client-side API integration
◦ SharePoint Framework (SPFx) is new pure web-dev approach, but not yet RTM
◦ Discourage farm solutions and code-based sandbox solutions
38. SQL I
SharePoint (SQL) DBA is not the same as regular SQL DBA!
Read Edwin Sarmiento’s blog… All of it!
NTFS allocation unit size 64K, same for RAID stripe size
Default collation order: Latin1_General_CI_AS_KS_WS (KB2008668)
Use client alias not instance name
39. SQL Server
NTFS Allocation unit
size: 64KB
Default collation order:
Latin1_General_CI_AS_
KS_WS
Client Alias
43. Windows Server
Performance Options > Adjust for best performance
Power Options: High performance
Page file: 1.5 times RAM
Minimal / No desktop
Turn off deprecated protocols and cipher suites
45. Tools, part I
Notepad++
ULS Viewer
Sysinternals Suite
PowerShell ISE / PowerGUI / Visual Studio PowerShell Extension
Remote Desktop Connection Manager v2.7 or BP’s favourite tool
SharePoint Manager 2013
46. Tools, part II
Farm solutions:
◦ Lapointe SharePoint PowerShell cmdlets
◦ Catrinescu Host-Named Site Collection Creator
◦ Havivi SharePoint Property Bag Settings
Specialized:
◦ Claims to Windows NT Token Tester (C2WTS)
50. Claims to
Windows NT
Token Tester
Verify that the Claims to
Windows Token Service
(C2WTS) is working
correctly
51. Summary
Core config and common work loads
Did not discuss advanced workloads, eg BI, eDiscovery
Automate, simplify, and standardize your farm config and operations with
community tools
52. Other Links
Vlad Catrinescu Pluralsight courses on SharePoint 2016 architecture and deployment
Gokan Ozcifci presentations on SharePoint architecture and performance tuning
Edwin Sarmiento blogging on SQL architecture and high availability for SharePoint
Serge Luca presentation on SharePoint high availability and disaster recovery
Stefan Goßner blog on patching and operations
53. Contact Us
John Calvert, Chief Architect, Software Craft, Inc.
john at softwarecraft dot ca
softwarecraft dot ca
at softwarecraft99
Brian-Paul Carline
bpcarline at outlook dot com
54. CloudShare: Our Technology
• Virtual environments that capture everything in the modern IT
workspace:
• Software, servers, memory, and storage state
• Networking, appliances, and on-premise tools
• Complex networking support that allows networks to work on-cloud
exactly as they do on-prem
• Environment access technologies designed to eliminate IT complexity:
• Full environment clones with no performance degradation
• Live sensing at user and network level
• Firewall-friendly access in-browser/using all protocols
• Robust RESTful API covering all application capabilities
• Hypervisor and hardware agnostic
Editor's Notes
Don’t attempt on-premises if you have no / too few dedicated SharePoint IT Pro(s) for operations and support
O365 & SPO are more robust and secure than any on-premises farm and IT Pros you can afford!
Hybrid has certain complexities, especially with single sign-on and hybrid search, not a lower cost / effort option
If Cloud / Hosted pricing appears too expensive, either you have the wrong supplier or you massively underestimate the effort for on-premises
On-premises is not an install & forget about it business service; SharePoint farm and related systems eg SQL need constant care and attention
It is very likely you will want at least these workloads: SharePoint is the top WCM platform for corporate Intranets, per Neilson group (9 or 10 top sites in their survey)
Small vs large:
Number of SharePoint capabilities deployed, eg BI-related and search are both heavy weight
Collaboration sites corpus (how many, how big)
Search corpus (how many documents)
Security isolation means multiple site collections (preferred) or breaking inheritance (OK but has other limitations)
SharePoint is a platform / framework not a turnkey solution, you will want / need third party components to fill out the capabilities; Office Store is one way to achieve this
Feature Pack 1 is required for MinRole with shared roles
Office Web Apps Farm is required for (i) document previews in search results hover panel, (ii) co-authoring of Excel
Technical diagrams for SharePoint 2016, https://technet.microsoft.com/en-us/library/cc263199(v=office.16).aspx
Announcing Feature Pack 1 for SharePoint Server 2016—cloud-born and future-proof, https://blogs.office.com/2016/09/26/announcing-feature-pack-1-for-sharepoint-server-2016-cloud-born-and-future-proof/
Feature Pack 1 is required for MinRole with shared roles
Office Web Apps Farm is required for (i) document previews in search results hover panel, (ii) co-authoring of Excel
Technical diagrams for SharePoint 2016, https://technet.microsoft.com/en-us/library/cc263199(v=office.16).aspx
Announcing Feature Pack 1 for SharePoint Server 2016—cloud-born and future-proof, https://blogs.office.com/2016/09/26/announcing-feature-pack-1-for-sharepoint-server-2016-cloud-born-and-future-proof/
Technical diagrams for SharePoint 2016, https://technet.microsoft.com/en-us/library/cc263199(v=office.16).aspx
Workloads include:
Collaboration
Intranet / Internet WCM
Search
Business Intelligence
Etc
Technical diagrams for SharePoint 2016, https://technet.microsoft.com/en-us/library/cc263199(v=office.16).aspx
AutoSPSourceBuilder, https://github.com/brianlala/AutoSPSourceBuilder
SharePoint 2013 Service Accounts Best Practices Explained, https://absolute-sharepoint.com/2013/01/sharepoint-2013-service-accounts-best-practices-explained.html
Catrinescu model: SP_Admin is a user account not a service account; is responsible to “Configure and manage the server farm”
Lapointe service account guidance, http://blog.falchionconsulting.com/index.php/2010/10/service-accounts-and-managed-service-accounts-in-sharepoint-2010/
Lapointe: Do not use the AD group _Managed Service Accounts
Don’t use SP_Farm account as service / web app application pool identity, except in low security option
SharePoint 2013 Service Account Creator, https://sp2013serviceaccount.codeplex.com/
Demo: Show Computer Explorer Drives
Off-line installes, eg VM / server is behind a firewall or proxy and cannot reach the Internet for direct download
Standardized installs, eg ensure every VM / server gets the exact same binaries
SharePoint 2013 Service Accounts Best Practices Explained, https://absolute-sharepoint.com/2013/01/sharepoint-2013-service-accounts-best-practices-explained.html
Note: There is an error on the Catrinescu website, “Configure and manage the server farm” is listed under SP_Farm but it should be under SP_Admin; configured verbally with Vlad Nov/2016
AutoSPInstaller handles RTM binaries, PU/CU updates, and language packs
Use AutoSPInstaller Online to prep / validate the XML config input file
DEMO: AutoSPInstaller config online tool
Pause After Install under Installation Options in AutoSPInstaller Online
Don’t create a host header web application for each division / business unit; either put them all in one with path-based site structure, or use host named site collections
If you have an Intranet / Internet site collection for web content management, be sure to configure a web application user policy for the portal reader and full accounts
Health Analyzer rules for disk free space will likely need tweaking to avoid false positives for too little space
Disable CRL an unnecessary time delay for servers with no outbound access to Internet
Extending increases resource demands on servers; may require a new application pool which negatively impacts server performance
Same reasons we use HNSC and avoid multiple host header web apps
Mark Arend, https://blogs.msdn.microsoft.com/markarend/2012/05/30/host-named-site-collections-hnsc-for-sharepoint-2010-architects/
AD group eg SP_Admins
Assign site collection primary administrator to SP_Admin account; No need to assign primary / secondary administrator permissions to personal AD user unless you are a very large business with dedicated site collection administrators and specific training
DEMO: Remote PowerShell and IIS Manager
DEMO: Auditing of changes in Central Admin
TODO: Link to Stefan Gossner blog posts (Sept & Oct 2016)
DEMO: Remote PowerShell and IIS Manager
DEMO: Auditing of changes in Central Admin
Add-SPShellAdmin may not work properly with AD groups, but you can manually configure missing SQL permissions; use custom PowerShell cmdlet
Test-SPSite for farm admin health check of site collections or web app user policy and /_layouts/sitehealthcheck.aspx ; no need to assign site collection primary / secondary administrator permissions
Server Updates / Uber Updates, https://blogs.technet.microsoft.com/stefan_gossner/2016/09/13/september-2016-cu-for-sharepoint-server-2016-is-available-for-download/
Security Updates / Public Updates / Cumulative Updates, https://blogs.technet.microsoft.com/stefan_gossner/2016/10/11/october-2016-cu-for-sharepoint-server-2016-is-available-for-download/
SharePoint-specific SQL database roles: Don’t create your own or try to replicate them if they don’t exist; figure out why they are missing and use PowerShell cmdlets that cause them to be created, eg Add-SPShellAdmin for SP_DataAccess etc
Web-dev skills are portable (good for dev) and standard (good for business), HTML5 and popular tools such as Yeoman for scaffolding and Gulp for packaging
Certain standard SQL config are no-no for SharePoint SQL Server; eg disable auto-create/update statistics
http://www.edwinmsarmiento.com/database-configuration-for-maximum-sharepoint-performance-video-powershell-script/
NTFS allocation unit size cannot be changed after disk is formatted, only option is to re-format; Relatively easy to move files to another disk and then back after re-format
Default collation order cannot be changed after SQL Server is installed, only option is to rebuilt SQL Server; Major effort, avoid
Supportability regarding SQL collation for SharePoint Databases and TempDB, https://support.microsoft.com/en-ca/kb/2008668
Client alias makes it much easier to repoint SharePoint to another SQL Server, eg for disaster recovery or maintenance
MDF is random-access read/write; LDF is sequential-access write-only
Put them on separate drives / spindles
Shrinking databases causes extra processing, index fragmentation, and then just grows again
Use IIS HTTP Rewrite module for redirects; note that SharePoint does not support rewrite module for clean URLs, use Managed Navigation termset for that
Windows leaves deprecated protocols and ciphers enabled by default
Credit: Gokan Ozcifci presentation @ ESPC16
https://notepad-plus-plus.org/
https://blogs.technet.microsoft.com/wbaer/2014/08/22/uls-viewing-like-a-boss-uls-viewer-is-now-available/
Windows Sysinternals, https://technet.microsoft.com/en-ca/bb545021
PowerShell ISE is a Windows native tool
https://marketplace.visualstudio.com/items?itemName=AdamRDriscoll.PowerShellToolsforVisualStudio2015
https://blogs.technet.microsoft.com/rmilne/2014/11/19/remote-desktop-connection-manager-download-rdcman-2-7/
SharePoint Manager 2013 https://spm.codeplex.com/
Lapointe’s SharePoint PowerShell cmdlets, http://www.falchionconsulting.com/PowerShellViewer/Default.aspx
Catrinescu’s SharePoint Host Named Site Collection Creator, https://hnsc.codeplex.com/
Haviv’s SharePoint Property Bag Settings 2013, https://pbs2013.codeplex.com/
https://blogs.msdn.microsoft.com/rodneyviana/2011/07/19/troubleshooting-claims-to-windows-nt-token-service-c2wts-in-sharepoint-2010-may-be-difficult-if-you-dont-know-where-to-start/