3. What’s new in Infrastructure for
SharePoint 2013

4. Software/Hardware Requirements
Type Memory Processor
Dev/Stage/Test server 8GB RAM 4 CPU
‘All-in-one’ DB/Web/SA 24GB RAM 4 CPU
Web/SA Server 12GB RAM 4 CPU
DB Server (medium environments) 16GB RAM 8 CPU
DB Server (small environments) 8GB RAM 4 CPU

5. Changes in Service Applications and New Service Applications

6. New Service Applications

7. Distributed Cache Service

8. Request Management (RM)

9. User Profile Sync – Three Options for Deployment

10. Claims-based Authentication - Default

11. Shredded Storage

12. Team Mailboxes – Exchange 2013 Integration

13. Search – FAST Search now included

14. Mobile Device Improvements

15. Architecting the Farm

16. Three Layers of SharePoint Infrastructure
Web
Service Apps
Data

17. Small Farm Models
‘All-in-One’ (Avoid)
 DB and SP Roles Separate

18. Smallest Highly Available Farm

19. Best Practice ‘Six Server Farm’

20. Ideal – Separate Service App Farm + Content Farm(s)

21. Large SharePoint Farms

22. SharePoint Virtualization

23. Sample 1: Single Server Environment
 Allows organizations that wouldn’t normally be able to have a test
environment to run one
 Allows for separation of the database role onto a dedicated server
 Can be more easily scaled out in the future

24. Sample 2: Two Server Highly Available Farm
 High-
Availability
across Hosts
 All
components
Virtualized
 Uses only
two
Windows
Ent Edition
Licenses

25. Sample 3: Mix of Physical and Virtual Servers
 Highest
transaction
servers are
physical
 Multiple
farm
support,
with DBs for
all farms on
the SQL
cluster

26. Scaling to Large Virtual Environments

27. Virtualization of SharePoint Servers
Virtualization Performance Monitoring
• Network Bandwidth –
<60% Utilization = Good Bytes Total/sec
60%-90% = Caution
>90% = Trouble
– <40% Utilization = Good
– 41%-64% = Caution
50% and above = Good – >65% = Trouble
10%-50% = OK • Network Latency - Output
<10% = Trouble
Queue Length
– 0 = Good
Up to 15ms = fine – 1-2= OK
15ms-25ms = Caution – >2 = Trouble
>25ms = Trouble

28. Data Management

29. Sample Distributed Content Database Design

30. Remote BLOB Storage (RBS)

31. SQL Database Optimization

32. Multiple Files for SharePoint Databases
Volume #1 Volume #2 Volume #3 Volume #4
DB-A DB-B DB-A DB-B DB-A DB-B DB-A DB-B
File 1 File 1 File 2 File 2 File 3 File 3 File 4 File 4
Tempdb File 1 Tempdb File 2 Tempdb File 3 Tempdb File 4

33. Multiple Files for SharePoint Databases
• Break Content Databases and TempDB into multiple files (MDF, NDF), total
should equal number of physical processors (not cores) on SQL server.
• Pre-size Content DBs and TempDB to avoid fragmentation
• Separate files onto different drive spindles for best IO perf.
• Example: 50GB total Content DB on Two-way SQL Server would have two
database files distributed across two sets of drive spindles = 25GB pre-sized
for each file.

34. SQL Database Optimization
SQL Maintenance Plans
• Implement SQL Maintenance Plans!
• Include DBCC (Check Consistency) and either
Reorganize Indexes or Rebuild Indexes, but not both!
• Add backups into the
maintenance plan if they
don’t exist already
• Be sure to truncate
transaction logs with a T-
SQL Script (after full
backups have run…)

35. High Availability and Disaster Recovery

36. Comparison of High Availability and
Disaster Recovery Options
Potential Potential
High Availability and Disaster Recovery Automatic Additional
Data Loss Recovery Time
SQL Server Solution Failover Readable Copies
(RPO) (RTO)
AlwaysOn Availability Groups – Synchronous (Dual-phase None 5-7 Seconds Yes 0-2
commit, no data loss, can’t operate across WAN)
AlwaysOn Availability Groups – Asynchronous (Latency Seconds Minutes No 0-4
tolerant, cross WAN option, potential for data loss)
AlwaysOn Failover Cluster Instance (FCI) – Traditional NA 30 Seconds to Yes N/A
shared storage clustering several minutes
(depending on
disk failover)
Database Mirroring - High-safety (Synchronous) Zero 5-10 seconds Yes N/A
Database Mirroring - High-performance (Asynchronous) Seconds Manually No N/A
initiated, can be
a few minutes if
automated
SQL Log Shipping Minutes Manually No Not during
initated, can be a restore
a few minutes if
automated, by
typically hours
Traditional Backup and Restore Hours to Typically No Not during
Days multiple hours, a restore
days, or weeks

37. AlwaysOn Availability Groups in SQL 2012

38. Network Load Balancing
http://tinyurl.com/vmwarenlbfix

39. Network Load Balancing

40. Security and Documentation

41. Five Layers of SharePoint Security
• Infrastructure Security and Best practices
• Data Security
• Transport Security
• Edge Security
• Rights Management

42. Sample List of Service Accounts
Service Account Name Role of Service Account Special Permissions
COMPANYABCSRV-SP-Setup SharePoint Installation Account Local Admin on all SP Servers (for installs)
COMPANYABCSRV-SP-SQL SQL Service Account(s) – Should be separate Local Admin on Database Server(s)
admin accounts from SP accounts. (Generally, some exceptions apply)
COMPANYABCSRV-SP-Farm SharePoint Farm Account(s) – Can also be N/A
standard admin accounts. RBAC principles
apply ideally.
COMPANYABCSRV-SP-Search Search Account N/A
COMPANYABCSRV-SP-Content Default Content Access Account Read rights to any external data sources to
be crawled
COMPANYABCSRV-SP-Prof Default Profiles Access Account Member of Domain Users (to be able to
read attributes from users in domain) and
‘Replicate Directory Changes’ rights in AD.
COMPANYABCSRV-SP-AP-SPCA Application Pool Identity account for SharePoint DBCreator and Security Admin on SQL. Create
Central Admin. and Modify contacts rights in OU used for mail.
COMPANYABCSRV-SP-AP-Data Application Pool Identity account for the N/A
Content related App Pool (Portal, MySites, etc.)
Additional as needed for security.

43. Enable Kerberos
When creating any Web Applications, USE
KERBEROS. It is much more secure and also faster
with heavy loads as the SP server doesn’t have to
keep asking for auth requests from AD.
Kerberos auth does require extra steps, which makes
people shy away from it, but once configured, it
improves security considerably and can improve
performance on high-load sites.
Should also be configured on SPCA Site! (Best
Practice = Configure SPCA for NLB, SSL, and
Kerberos (i.e. https://spca.companyabc.com)

44. Role Based Access Control (RBAC)
Role Groups defined within Active Directory (Universal
Groups) – i.e. ‘Marketing,’ ‘Sales,’ ‘IT,’ etc.
Role Groups added directly into SharePoint ‘Access
Groups’ such as ‘Contributors,’ ‘Authors,’ etc.
Simply by adding a user account into the associated
Role Group, they gain access to whatever rights their
role requires.
User1
Role SharePoint
Group Group
User2

45. SQL Transparent Data Encryption (TDE)
SQL Server 2008, 2008 R2, 2012 Enterprise
Edition Feature
Encrypts SQL Databases Transparently,
SharePoint is unaware of the encryption
and does not need a key
Encrypts the backups of the database as
well

46. Client to Server: Using Secure Sockets Layer (SSL) Encryption
External or Internal Certs highly
recommended
Protects Transport of content
20% overhead on Web Servers
Can be offloaded via SSL offloaders if
needed
Don’t forget for SPCA as well!

47. Server to Server: Using IPSec to encrypt traffic
By default, traffic between SharePoint
Servers (i.e. Web and SQL) is
unencrypted
IPSec encrypts all packets sent between
servers in a farm
For very high security scenarios when all
possible data breaches must be
addressed

48. Forefront UAG (SSL/VPN) vs. Forefront TMG
Capability TMG 2010 UAG
2010
Publish Web applications using HTTPS X X
Publish internal mobile applications to roaming mobile devices X X
Layer 3 firewall X X*
Outbound scenarios support X X*
Array support X X
Globalization and administration console localization X X
Wizards and predefined settings to publish SharePoint sites and Exchange X X
Wizards and predefined settings to publish various applications X
Active Directory Federation Services (ADFS) support X
Rich authentication (for example, one-time password, forms-based, smart card) X X
Application protection (Web application firewall) Basic Full
Endpoint health detection X
Information leakage prevention X
Granular access policy X
Unified Portal X

49. Active Directory Rights Management Services (AD RMS)
AD RMS is a form of Digital Rights Management
(DRM) technology, used in various forms to
protect content
Used to restrict activities on files AFTER they have
been accessed:
Cut/Paste
Print
Save As…
Directly integrates with SharePoint DocLibs

50. SPDocKit
http://tinyurl.com/spdockit

51. (http://tinyurl.com/sp2013unleashed)
(http://tinyurl.com/virtualsp)
(http://tinyurl.com/mirrorsp )
(http://tinyurl.com/kerbsp)
(http://tinyurl.com/SPFarm-Config)
(http://tinyurl.com/SPDocKit)

52. Session Summary
SQL 2012 AlwaysOn Availability Groups for SharePoint 2010

53. Michael Noel
Twitter: @MichaelTNoel
www.cco.com
Slides: slideshare.net/michaeltnoel