building the perfect sharepoint 2010 farm - sharing the point south america

http://www.sharingthepoint.org

Building the ‘Perfect’ SharePoint 2010 Farm

Michael NoelConvergent ComputingTwitter: @MichaelTNoel


Michael Noel Author of SAMS Publishing titles “SharePoint 2010 Unleashed,” “SharePoint

2007 Unleashed,” “SharePoint 2003 Unleashed”, “Teach Yourself SharePoint 2003 in 10 Minutes,” “Windows Server 2008 R2 Unleashed,” “Exchange Server 2010 Unleashed”, “ISA Server 2006 Unleashed”, and many other titles .

Partner at Convergent Computing (www.cco.com / +1(510)444-5700) – San Francisco Bay Area based Infrastructure/Security specialists for SharePoint, AD, Exchange, Security


Architecting the Farm


Web

Service Apps

Data

Architecting the FarmUnderstanding the Three Tiers of SharePoint Infrastructure


‘All-in-One’ (Avoid)

SharePoint 2010 ArchitectureSmall Farms

DB and SP Roles Separate


2 SharePoint Servers running Web and Service Apps

2 Database Servers (Clustered or Mirrored)

1 or 2 Index Partitions with equivalent query components

Smallest farm size that is fully highly available

SharePoint 2010 Architecture“Smallest Highly Available Farm”


2 Dedicated Web Servers (NLB)

2 Service Application Servers

2 Database Servers (Clustered or Mirrored)

1 or 2 Index Partitions with equivalent query components

SharePoint 2010 Architecture“The Six Server Farm”


SharePoint 2010 ArchitectureLarge Farm

Multiple Dedicated Web Servers

Multiple Dedicated Query Servers

Multiple Dedicated Crawl Servers, with multiple Crawl DBs to increase parallelization of the crawl process

Multiple distributed Index partitions (max of 10 million items per index partition)

Two query components for each Index partition, spread among servers


SharePoint 2010 Virtualization Architecture


vCPU

RAM (Bare Minimum)

RAM (Recommend)

RAM (Ideal)

Web Only* 2 6GB 8GB 12GB

Service Application Roles Only

2 6GB 8GB 12GB

Dedicated Search Service App

2 8GB 10GB 16GB

Combined Web/Search/Service Apps

4 10GB 12GB 18GB

Database* 4 10GB 16GB 24GB

Virtualization of SharePoint ServersVirtual Guest Processor and Memory Guidelines


Allows Organizations that wouldn’t normally be able to have a test environment to run one

Allows for separation of the database role onto a dedicated server Can be more easily scaled out in the future

Virtualized Farm ArchitectureCost-effective Virtual Environment / No HA


High-Availability across Hosts

All components Virtualized

Uses only two Windows Ent Edition Licenses

Virtualized Farm ArchitectureHighly Available Farm with only Two Servers


Highest transaction servers are physical

Multiple farm support, with DBs for all farms on the SQL cluster

Virtualized Farm ArchitectureBest Practice Virtual/Physical with HA/Perf


Virtualized Farm ArchitectureLarge Virtual Farms


Processor (Host Only) <60% Utilization = Good 60%-90% = Caution >90% = Trouble

Available Memory 50% and above = Good 10%-50% = OK <10% = Trouble

Disk – Avg. Disk sec/Read or Avg. Disk sec/Write Up to 15ms = fine 15ms-25ms = Caution >25ms = Trouble

• Network Bandwidth – Bytes Total/sec– <40% Utilization =

Good– 41%-64% = Caution– >65% = Trouble

• Network Latency - Output Queue Length– 0 = Good– 1-2= OK– >2 = Trouble

Virtualization of SharePoint ServersVirtualization Performance Monitoring


Quick Farm Provisioning with VMM 2008 R2 - Demo


Data Management


Start with a distributed architecture of content databases from the beginning, within reason (more than 50 per SQL instance is not recommended)

Distribute content across Site Collections from the beginning as well, it is very difficult to extract content after the face

Allow your environment to scale and your users to ‘grow into’ their SharePoint site collections

Data ManagementDistribute Data Across Content DBs and Site Collections


BLOBs are unstructured content stored in SQL Includes all documents, pictures, and files

stored in SharePoint Excludes Metadata and Context, information

about the document, version #, etc. Until recently, could not be removed from

SharePoint Content Databases Classic problem of structured vs. unstructured

data – unstructured data doesn’t really belong in a SQL Server environment

Data ManagementBinary Large OBject (BLOB) Storage


Can reduce dramatically the size of Content DBs, as upwards of 80%-90% of space in content DBs is composed of BLOBs

Can move BLOB storage to more efficient/cheaper storage

Improve performance and scalability of your SharePoint deployment – But highly recommended to use third party

Data ManagementGetting your BLOBs out of the Content DBs


SQL Database OptimizationContent Databases Distributed Between Multiple Volumes

DB-AFile 1

DB-BFile 1

Volume #1

DB-AFile 2

DB-BFile 2

Volume #2

DB-AFile 3

DB-BFile 3

Volume #3

DB-AFile 4

DB-BFile 4

Volume #4

Tempdb File 1 Tempdb File 2 Tempdb File 3 Tempdb File 4


SQL Database OptimizationContent Databases Distributed Between Multiple Volumes

• Break Content Databases and TempDB into multiple files (MDF, NDF), total should equal number of physical processors (not cores) on SQL server.

• Pre-size Content DBs and TempDB to avoid fragmentation

• Separate files onto different drive spindles for best IO perf.

• Example: 100GB total Content DB on Four-way SQL Server would have four database files distributed across four sets of drive spindles = 25GB pre-sized for each file.


• TempDB is critical for performance• Pre-size to 20% of the size of the largest

content database.• Break into multiple files across spindles as

noted• Note there is a separate TempDB for each

physical instance• Note that if using SQL Transparent Data

Encryption (TDE) for any databases in an instance, the tempDB is encrypted.

SQL Database OptimizationTempDB Best practices


SQL Database Mirroring


Single Site HA Mirrored Farm

Single Site Synchronous

Replication Uses a SQL

Witness Server to Failover Automatically

Mirror all SharePoint DBs in the Farm

Use a SQL Alias to switch to Mirror Instance


Cross-Site Mirrored HA Farm

Two Sites 1 ms

Latency 1GB

Bandwidth

Farm Servers in each location

Auto Failover


Two Farm / Mirrored Content DBs

Two Sites Two

Farms Mirror

only Content DBs

Failover is Manual

Must Re-index

More details…


Configuring the Farm


SharePoint InstallationInstallation Process

For most flexibility, choose ‘Complete’ Installation, even if not installing all of the roles on the server. This will allow for the addition of roles in the future as needed.

Be sure not to select ‘Stand-Alone’, unless you plan on having a very small farm with a limited database (SQL Server Express)


Service Account Name

Role of Service Account Special Permissions

COMPANYABC\SRV-SP-Setup

SharePoint Installation Account Local Admin on all SharePoint servers (for install of SP).

COMPANYABC\SRV-SP-SQL

SQL Service Account(s) – Should be separate admin accounts from SP accounts.

Local Admin on Database Server(s) (Generally, some exceptions apply)

COMPANYABC\SRV-SP-Farm

SharePoint Farm Account(s) – Can also be standard admin accounts. RBAC principles apply ideally.

N/A

COMPANYABC\SRV-SP-Search

Search Account N/A

COMPANYABC\SRV-SP-Content

Default Content Access Account Read rights to any external data sources to be crawled

COMPANYABC\SRV-SP-Prof

Default Profiles Access Account Member of Domain Users (to be able to read attributes from users in domain) and ‘Replicate Directory Changes’ rights in AD.

COMPANYABC\SRV-SP-AP-SPCA Application Pool Identity account for SharePoint Central Admin.

DBCreator and Security Admin on SQL. Create and Modify contacts rights in AD OU used for email.

COMPANYABC\SRV-SP-AP-Data

Application Pool Identity account for the Content related App Pool (Portal, MySites, etc.) Additional as needed for security.

N/A

SharePoint SecurityInfrastructure – Sample List of Service Accounts


Script: http://tinyurl.com/SPFarm-Config

Function Configure-SPSearch {PARAM($AppPool, $FarmName, $SearchServiceAccount)

$searchServiceInstance = Get-SPEnterpriseSearchServiceInstance -localStart-SPEnterpriseSearchServiceInstance -Identity $searchServiceInstance

$dbName = $FarmName + "_SearchServiceApplication"

$searchApplication = New-SPEnterpriseSearchServiceApplication -Name "$FarmName Search Service Application" -ApplicationPool $AppPool -DatabaseName $dbName$searchApplicationProxy = New-SPEnterpriseSearchServiceApplicationProxy -name "$FarmName Search Service Application Proxy" -SearchApplication $searchApplication

Set-SPEnterpriseSearchAdministrationComponent -SearchApplication $searchApplication -SearchServiceInstance $searchServiceInstance

$crawlTopology = New-SPEnterpriseSearchCrawlTopology -SearchApplication $searchApplication$crawlDatabase = Get-SPEnterpriseSearchCrawlDatabase -SearchApplication $searchApplication

New-SPEnterpriseSearchCrawlComponent -CrawlTopology $crawlTopology -CrawlDatabase $crawlDatabase -SearchServiceInstance $searchServiceInstance

while($crawlTopology.State -ne "Active"){$crawlTopology | Set-SPEnterpriseSearchCrawlTopology -Active -ErrorAction SilentlyContinueif ($crawlTopology.State -ne "Active"){Start-Sleep -Seconds 10}}

$queryTopology = New-SPenterpriseSEarchQueryTopology -SearchApplication $searchApplication -partitions 1$searchIndexPartition = Get-SPEnterpriseSearchIndexPartition -QueryTopology $queryTopologyNew-SPEnterpriseSearchQueryComponent -indexpartition $searchIndexPartition -QueryTopology $queryTopology -SearchServiceInstance $searchServiceInstance

$propertyDB = Get-SPEnterpriseSearchPropertyDatabase -SearchApplication $searchApplication

Set-SPEnterpriseSearchIndexPartition $searchIndexPartition -PropertyDatabase $propertyDB

while ($queryTopology.State -ne "Active"){$queryTopology | Set-SPEnterpriseSearchQueryTopology -Active -ErrorAction SilentlyContinue

if ($queryTopology.State -ne "Active"){Start-Sleep -Seconds 10}}}


Configuring the FarmSecurity Considerations

Infrastructure Security and Best Practices Best Practice Service Account Setup Kerberos Authentication

Data Security SharePoint Security ACLs and Role Based Access

Control (RBAC) Transparent Data Encryption (TDE) of SQL Databases

Transport Security Secure Sockets Layer (SSL) from Server to Client IPSec from Client to Server Inbound Internet Security (Forefront UAG/TMG) /

Certs Rights Management


Session Takeaways

Use multiple service accounts, definitely don’t mix Application Pool identity accounts with the farm admin accounts

Consider DB Mirroring as a DR option Consider Server virtualization for

design flexibility One last best practice – Don’t forget

Antivirus and Backup


Thanks for attending!

Michael NoelTwitter: @MichaelTNoel

www.cco.com

@sharingtheglobeSharingtheglobe.com (Travel blog)

building the perfect sharepoint 2010 farm - sharing the point south america

Technology