building the perfect sharepoint 2010 farm - sharing the point south america
DESCRIPTION
Condensed version of this deck, used at the STP South America tour, January 2012.TRANSCRIPT
http://www.sharingthepoint.org
Building the ‘Perfect’ SharePoint 2010 Farm
Michael NoelConvergent ComputingTwitter: @MichaelTNoel
http://www.sharingthepoint.org
Michael Noel Author of SAMS Publishing titles “SharePoint 2010 Unleashed,” “SharePoint
2007 Unleashed,” “SharePoint 2003 Unleashed”, “Teach Yourself SharePoint 2003 in 10 Minutes,” “Windows Server 2008 R2 Unleashed,” “Exchange Server 2010 Unleashed”, “ISA Server 2006 Unleashed”, and many other titles .
Partner at Convergent Computing (www.cco.com / +1(510)444-5700) – San Francisco Bay Area based Infrastructure/Security specialists for SharePoint, AD, Exchange, Security
http://www.sharingthepoint.org
Architecting the Farm
http://www.sharingthepoint.org
Web
Service Apps
Data
Architecting the FarmUnderstanding the Three Tiers of SharePoint Infrastructure
http://www.sharingthepoint.org
‘All-in-One’ (Avoid)
SharePoint 2010 ArchitectureSmall Farms
DB and SP Roles Separate
http://www.sharingthepoint.org
2 SharePoint Servers running Web and Service Apps
2 Database Servers (Clustered or Mirrored)
1 or 2 Index Partitions with equivalent query components
Smallest farm size that is fully highly available
SharePoint 2010 Architecture“Smallest Highly Available Farm”
http://www.sharingthepoint.org
2 Dedicated Web Servers (NLB)
2 Service Application Servers
2 Database Servers (Clustered or Mirrored)
1 or 2 Index Partitions with equivalent query components
SharePoint 2010 Architecture“The Six Server Farm”
http://www.sharingthepoint.org
SharePoint 2010 ArchitectureLarge Farm
Multiple Dedicated Web Servers
Multiple Dedicated Query Servers
Multiple Dedicated Crawl Servers, with multiple Crawl DBs to increase parallelization of the crawl process
Multiple distributed Index partitions (max of 10 million items per index partition)
Two query components for each Index partition, spread among servers
http://www.sharingthepoint.org
SharePoint 2010 Virtualization Architecture
http://www.sharingthepoint.org
vCPU
RAM (Bare Minimum)
RAM (Recommend)
RAM (Ideal)
Web Only* 2 6GB 8GB 12GB
Service Application Roles Only
2 6GB 8GB 12GB
Dedicated Search Service App
2 8GB 10GB 16GB
Combined Web/Search/Service Apps
4 10GB 12GB 18GB
Database* 4 10GB 16GB 24GB
Virtualization of SharePoint ServersVirtual Guest Processor and Memory Guidelines
http://www.sharingthepoint.org
Allows Organizations that wouldn’t normally be able to have a test environment to run one
Allows for separation of the database role onto a dedicated server Can be more easily scaled out in the future
Virtualized Farm ArchitectureCost-effective Virtual Environment / No HA
http://www.sharingthepoint.org
High-Availability across Hosts
All components Virtualized
Uses only two Windows Ent Edition Licenses
Virtualized Farm ArchitectureHighly Available Farm with only Two Servers
http://www.sharingthepoint.org
Highest transaction servers are physical
Multiple farm support, with DBs for all farms on the SQL cluster
Virtualized Farm ArchitectureBest Practice Virtual/Physical with HA/Perf
http://www.sharingthepoint.org
Virtualized Farm ArchitectureLarge Virtual Farms
http://www.sharingthepoint.org
Processor (Host Only) <60% Utilization = Good 60%-90% = Caution >90% = Trouble
Available Memory 50% and above = Good 10%-50% = OK <10% = Trouble
Disk – Avg. Disk sec/Read or Avg. Disk sec/Write Up to 15ms = fine 15ms-25ms = Caution >25ms = Trouble
• Network Bandwidth – Bytes Total/sec– <40% Utilization =
Good– 41%-64% = Caution– >65% = Trouble
• Network Latency - Output Queue Length– 0 = Good– 1-2= OK– >2 = Trouble
Virtualization of SharePoint ServersVirtualization Performance Monitoring
http://www.sharingthepoint.org
Quick Farm Provisioning with VMM 2008 R2 - Demo
http://www.sharingthepoint.org
Data Management
http://www.sharingthepoint.org
Start with a distributed architecture of content databases from the beginning, within reason (more than 50 per SQL instance is not recommended)
Distribute content across Site Collections from the beginning as well, it is very difficult to extract content after the face
Allow your environment to scale and your users to ‘grow into’ their SharePoint site collections
Data ManagementDistribute Data Across Content DBs and Site Collections
http://www.sharingthepoint.org
http://www.sharingthepoint.org
BLOBs are unstructured content stored in SQL Includes all documents, pictures, and files
stored in SharePoint Excludes Metadata and Context, information
about the document, version #, etc. Until recently, could not be removed from
SharePoint Content Databases Classic problem of structured vs. unstructured
data – unstructured data doesn’t really belong in a SQL Server environment
Data ManagementBinary Large OBject (BLOB) Storage
http://www.sharingthepoint.org
Can reduce dramatically the size of Content DBs, as upwards of 80%-90% of space in content DBs is composed of BLOBs
Can move BLOB storage to more efficient/cheaper storage
Improve performance and scalability of your SharePoint deployment – But highly recommended to use third party
Data ManagementGetting your BLOBs out of the Content DBs
http://www.sharingthepoint.org
SQL Database OptimizationContent Databases Distributed Between Multiple Volumes
DB-AFile 1
DB-BFile 1
Volume #1
DB-AFile 2
DB-BFile 2
Volume #2
DB-AFile 3
DB-BFile 3
Volume #3
DB-AFile 4
DB-BFile 4
Volume #4
Tempdb File 1 Tempdb File 2 Tempdb File 3 Tempdb File 4
http://www.sharingthepoint.org
SQL Database OptimizationContent Databases Distributed Between Multiple Volumes
• Break Content Databases and TempDB into multiple files (MDF, NDF), total should equal number of physical processors (not cores) on SQL server.
• Pre-size Content DBs and TempDB to avoid fragmentation
• Separate files onto different drive spindles for best IO perf.
• Example: 100GB total Content DB on Four-way SQL Server would have four database files distributed across four sets of drive spindles = 25GB pre-sized for each file.
http://www.sharingthepoint.org
• TempDB is critical for performance• Pre-size to 20% of the size of the largest
content database.• Break into multiple files across spindles as
noted• Note there is a separate TempDB for each
physical instance• Note that if using SQL Transparent Data
Encryption (TDE) for any databases in an instance, the tempDB is encrypted.
SQL Database OptimizationTempDB Best practices
http://www.sharingthepoint.org
SQL Database Mirroring
http://www.sharingthepoint.org
Single Site HA Mirrored Farm
Single Site Synchronous
Replication Uses a SQL
Witness Server to Failover Automatically
Mirror all SharePoint DBs in the Farm
Use a SQL Alias to switch to Mirror Instance
http://www.sharingthepoint.org
Cross-Site Mirrored HA Farm
Two Sites 1 ms
Latency 1GB
Bandwidth
Farm Servers in each location
Auto Failover
http://www.sharingthepoint.org
Two Farm / Mirrored Content DBs
Two Sites Two
Farms Mirror
only Content DBs
Failover is Manual
Must Re-index
More details…
http://www.sharingthepoint.org
Configuring the Farm
http://www.sharingthepoint.org
SharePoint InstallationInstallation Process
For most flexibility, choose ‘Complete’ Installation, even if not installing all of the roles on the server. This will allow for the addition of roles in the future as needed.
Be sure not to select ‘Stand-Alone’, unless you plan on having a very small farm with a limited database (SQL Server Express)
http://www.sharingthepoint.org
Service Account Name
Role of Service Account Special Permissions
COMPANYABC\SRV-SP-Setup
SharePoint Installation Account Local Admin on all SharePoint servers (for install of SP).
COMPANYABC\SRV-SP-SQL
SQL Service Account(s) – Should be separate admin accounts from SP accounts.
Local Admin on Database Server(s) (Generally, some exceptions apply)
COMPANYABC\SRV-SP-Farm
SharePoint Farm Account(s) – Can also be standard admin accounts. RBAC principles apply ideally.
N/A
COMPANYABC\SRV-SP-Search
Search Account N/A
COMPANYABC\SRV-SP-Content
Default Content Access Account Read rights to any external data sources to be crawled
COMPANYABC\SRV-SP-Prof
Default Profiles Access Account Member of Domain Users (to be able to read attributes from users in domain) and ‘Replicate Directory Changes’ rights in AD.
COMPANYABC\SRV-SP-AP-SPCA Application Pool Identity account for SharePoint Central Admin.
DBCreator and Security Admin on SQL. Create and Modify contacts rights in AD OU used for email.
COMPANYABC\SRV-SP-AP-Data
Application Pool Identity account for the Content related App Pool (Portal, MySites, etc.) Additional as needed for security.
N/A
SharePoint SecurityInfrastructure – Sample List of Service Accounts
http://www.sharingthepoint.org
Script: http://tinyurl.com/SPFarm-Config
Function Configure-SPSearch {PARAM($AppPool, $FarmName, $SearchServiceAccount)
$searchServiceInstance = Get-SPEnterpriseSearchServiceInstance -localStart-SPEnterpriseSearchServiceInstance -Identity $searchServiceInstance
$dbName = $FarmName + "_SearchServiceApplication"
$searchApplication = New-SPEnterpriseSearchServiceApplication -Name "$FarmName Search Service Application" -ApplicationPool $AppPool -DatabaseName $dbName$searchApplicationProxy = New-SPEnterpriseSearchServiceApplicationProxy -name "$FarmName Search Service Application Proxy" -SearchApplication $searchApplication
Set-SPEnterpriseSearchAdministrationComponent -SearchApplication $searchApplication -SearchServiceInstance $searchServiceInstance
$crawlTopology = New-SPEnterpriseSearchCrawlTopology -SearchApplication $searchApplication$crawlDatabase = Get-SPEnterpriseSearchCrawlDatabase -SearchApplication $searchApplication
New-SPEnterpriseSearchCrawlComponent -CrawlTopology $crawlTopology -CrawlDatabase $crawlDatabase -SearchServiceInstance $searchServiceInstance
while($crawlTopology.State -ne "Active"){$crawlTopology | Set-SPEnterpriseSearchCrawlTopology -Active -ErrorAction SilentlyContinueif ($crawlTopology.State -ne "Active"){Start-Sleep -Seconds 10}}
$queryTopology = New-SPenterpriseSEarchQueryTopology -SearchApplication $searchApplication -partitions 1$searchIndexPartition = Get-SPEnterpriseSearchIndexPartition -QueryTopology $queryTopologyNew-SPEnterpriseSearchQueryComponent -indexpartition $searchIndexPartition -QueryTopology $queryTopology -SearchServiceInstance $searchServiceInstance
$propertyDB = Get-SPEnterpriseSearchPropertyDatabase -SearchApplication $searchApplication
Set-SPEnterpriseSearchIndexPartition $searchIndexPartition -PropertyDatabase $propertyDB
while ($queryTopology.State -ne "Active"){$queryTopology | Set-SPEnterpriseSearchQueryTopology -Active -ErrorAction SilentlyContinue
if ($queryTopology.State -ne "Active"){Start-Sleep -Seconds 10}}}
http://www.sharingthepoint.org
Configuring the FarmSecurity Considerations
Infrastructure Security and Best Practices Best Practice Service Account Setup Kerberos Authentication
Data Security SharePoint Security ACLs and Role Based Access
Control (RBAC) Transparent Data Encryption (TDE) of SQL Databases
Transport Security Secure Sockets Layer (SSL) from Server to Client IPSec from Client to Server Inbound Internet Security (Forefront UAG/TMG) /
Certs Rights Management
http://www.sharingthepoint.org
Session Takeaways
Use multiple service accounts, definitely don’t mix Application Pool identity accounts with the farm admin accounts
Consider DB Mirroring as a DR option Consider Server virtualization for
design flexibility One last best practice – Don’t forget
Antivirus and Backup
http://www.sharingthepoint.org
Thanks for attending!
Michael NoelTwitter: @MichaelTNoel
www.cco.com
@sharingtheglobeSharingtheglobe.com (Travel blog)