Building SharePoint farms for development and testing is easy. But building highly available farms to meet enterprise service level agreements that are fault tolerant, scalable and connected to the cloud? Not quite so easy. In this workshop you will learn how to plan, design and implement a highly availability farm architecture based upon proven techniques and practical guidance. You will also discover how to connect on-premise deployments to the cloud, manage security and identity synchronization, correctly configure workflow farms, and prepare your environment for app integration.
4. Reminders
•
Download the attendee packet at http://bit.ly/SPAloozaAttendee
•
Attend the “Rock Star” Sessions at the end of each day for fun, raffle prizes, wrist bands for concert access, and your chance to win a Surface Pro 3
•
Attend Nintex’sBrown Bag lunch Friday and Saturday (lunch provided for first 100 people)
•
Tweet about the event using #SharePointalooza
•
Thank our sponsors
•
Have a great time!
6. Bands
What better way to unwind after a long day of working out your brain than with some great live music at the amazing outdoor stage at Branson Landing! The bands will be playing both Friday and Saturday night from 6:30 pm to 10 pm.
7. About Miguel Wood
The “Other” SharePoint Cowboy
mwood@tekfocus.commwood@go-planet.com
facebook.com/miguelwood
@miguelwood
8. About Eric Shupps
CKS:DEV
The
SharePoint
Cowboy
Patterns
&
Practices
Eric Shupps
www.sharepointcowboy.com
eshupps@binarywave.com
facebook.com/sharepointcowboy
@eshupps
10. What is High Availability?
Elimination of single points of failure
Fully redundant systems
Seamless continuity
Automated failover
Operational Stability
11. Why Do We Need High Availability?
Risk mitigation
Compliance
Customer Satisfaction
Revenue Protection
Safety
Performance
Security
Public Relations
12. Requirements
Infrastructure
•
Devices
•
Servers
•
Bandwidth
•
Storage
Software
•
Windows Server 2012
•
Failover Clustering
•
File Shares
•
SQL Server 2012/2014
•
Always On Availability Groups
15. Basic SharePoint 2013 Farm Architecture
SharePoint Server 2013Front-end ServerSQL Server 2012 SP1 PowerPivot Add-InSQL Server 2012 SP1 Reporting Services Service ApplicationSQL Server 2012 SP1 Reporting Services Add-InSharePoint Server 2013Application ServerExcel Services Service ApplicationSQL Server 2012 SP1 PowerPivot Add-InSQL Server 2012 SP1 PowerPivot Service ApplicationSQL Server 2012 SP1 Reporting Services Add-InOffice Web Apps 2013 ServerSQL Server 2012 SP1+ Database EngineAll Databases and RolesSQL Server PowerPivot for SharePointWorkflow Manager Server
16. Basic SharePoint 2013 HA Farm
•
JUST SharePoint
•
Is everything on this diagram ‘highly available’?
•
What about environment?
•
AD DS, AD CS/CA, ISPs, etc.
Virtual Host AVirtual Host BSQL Server installed and configured to support SQL AlwaysOn Availability Groups. WFE01SharePoint 2013Front-end ServerAPP01SharePoint 2013Application ServerSQL01SQL Server 2012 SP1+ All Databases and RolesWFE02SharePoint 2013Front-end ServerAPP02SharePoint 2013Application ServerSQL02SQL Server 2012 SP1+ All Databases and RolesF5 BigIPNetwork Load BalancerWFM01Workflow ManagerServerWFM03Workflow ManagerServerWFM02Workflow ManagerServerwfm.<domain>.comWSFC01SQLAGL01WAC01Office Web Apps 2013ServerWAC02Office Web Apps 2013Serverwac.<domain>.com
17. Azure IaaSSharePoint 2013 HA Farm
•
Azure features and functionality are changing rapidly
•
Currently, items you must know well (purpose, configuration, and limitations):
•
Storage
•
Cloud Services
•
Availability Sets
•
Virtual Networks, Regional Virtual Networks* (Affinity Groups no longer relevant!)
•
Load Balancer, Internal Load Balancer*, Traffic Manager
•
Site-to-Site VPNs, Multi-Site VPNs*
•
Resource Groups*
•
Azure PowerShell modules*
•
MUCHmore
* Added within last 60 days
20. Storage
Dedicated vs. Shared Storage
Quorum Types
•
Node Majority
•
Node and File Share Majority
•
Node and Disk Majority
•
Disk Only
Witnesses
•
Disk
•
File Share
21. Active Directory
Logins
•
Service Accounts
•
SQL Accounts
•
Computer Objects
•
File shares
Cluster permissions
•
Read all properties
•
Create computer objects
25. Clustering
Windows Server Failover Clustering
•
Required
•
Provides base cluster capabilities
•
Server level
SQL Failover Cluster Instance
•
Optional
•
Instance level
•
No automatic failover w/ Availability Groups
26. Availability Groups
Group of databases organized into PRIMARY (1) and SECONDARY (4 – 2012, 8 –2014)
Automatic data synchronization
Synchronous and Asynchronous modes
Optional read-only replicas
Database-only redundancy
Listeners (Virtual Network Names)
27. Aliases
Provide flexibility and abstraction
Best practice
HA aliases target AG Listeners NOTservers or instances
Use multiple listeners for scalability
28. Storage
Windows Server Failover Cluster
•
File Share quorum
•
Disk witness quorum
Failover Cluster Instances
•
Shared storage between cluster members
•
Storage “owned” by active member
Availability Groups
•
Discrete storage for each replica
29. Performance
SQL overhead ALWAYS impacts performance
Ensure adequate bandwidth for database replication
Secondary infrastructure does not have to match primary
•
Beware reduced performance
•
Plan for rapid scale-out
Asyncfaster than sync
•
Possible data loss
31. SharePoint Databases
Database Name
Sync
Async
User Profile Application
Yes
Yes
User Profile Sync
Yes
No
User Profile Social
Yes
Yes
Word Automation
Yes
Yes
Managed Metadata
Yes
Yes
Translation
Yes
Yes
BDC
Yes
Yes
Project Server
Yes
Yes
PowerPivot
N/A
N/A
PerformancePoint
Yes
Yes
Database Name
Sync
Async
Config
Yes
No
Central Admin
Yes
No
Content
Yes
Yes
App Management
Yes
Yes
Search Admin
Yes
No
Search Analytics
Yes
No
Search Crawl
Yes
No
State Service
Yes
No
Secure Store
Yes
Yes
Usage and Health
Yes
No
32. Search
Asyncreplication NOT supported
•
Risk of deltas between on-disk indexes and databases is HIGH
Sync Replication Challenges
•
Administration
•
Site-level configuration
•
Analytics
•
Database size
•
Crawl/Re-Indexing time
33. User Profiles
Full database replication possible but can be problematic
•
Synchronization is best done “live”
Options
•
Backup and restore
•
Reprovision
User Profile Service Application
Profile
DB
Sync
DB
User Profile Synchronization Service
Active
Directory
Profile
DB
SyncDB
Forefront Identity Manager
FIM
FIM Sync
34. Distributed Cache
Independent cache with no DB persistence
Configurable memory allocation
•
Max 16GB per server
•
Max 32GB per farm
Dedicated mode recommended for High Availability
•
HA possible in collocated mode with sufficient hardware resources
Cache Dependencies
Feeds
Content Search Web Part
Login Tokens
Access Cache
Security Trimming
App Tokens
View State
OneNote Throttling
36. Access Services
Leverages “Contained Databases” feature of SQL 2012
Requires changes to SQL Server protocols, settings and authentication mode
•
HA requires Contained Database Authentication
Access DB’s are NOTautomatically added to availability groups
37. Business Intelligence
SSAS
•
Can be configured for read-only replicas
SSRS
•
Requires hotfix KB2654347
•
No automatic failover
PowerPivot
•
Not yet tested for Sync or Asynccommit operations
42. Reverse Proxy
Only required for ‘Inbound’ or ‘Two-Way (Bidirectional)’ Hybrid topology
•
(e.g. Users issuing queries from a Search Centerin SharePoint Online attempting to retrieve search results from an on-premises farm)
Reverse Proxy Device Requirements
•
Support client certificate authentication with a wildcard or SAN SSL certificate
•
Support pass-through authentication for OAuth2.0
•
Accept unsolicited inbound traffic on TCP port 443 (HTTPS)
•
Bind a SAN SSL certificate to a published endpoint
•
Relay traffic to an on-premises SharePoint 2013 farm without rewriting any packet headers
(Currently) Supported Reverse Proxy Devices
•
Windows Server 2012 R2 with Web Application Proxy (WAP)
•
F5 BIG-IP
•
Forefront Threat management Gateway (TMG) 2010 (*Deprecated*)
43. Active Directory Federation Services (AD FS)
Prepare Active Directory
•
Windows Server 2003 R2 functional level at a minimum
•
UPNs are correctly set (if public domain differs to corporate domain name)
Deploy AD FS 2.0+
•
AD FS 2.x is based on IIS
•
AD FS 3.0 is not based on IIS (PowerShell only)
Install Microsoft Online Services Sign in Assistant and Windows Azure AD PowerShell Modules
Set up a trust between ADFS and Windows Azure AD
•
Connect-MSOLService
•
Set-MSOLADFSContext
•
Convert-MsolDomainToFederated–DomainName<domain>
44. Directory Synchronization (DirSync)
Synchronization of objects for on-premises AD to Azure AD
•
Limited to 50,000 objects, can be increased by engaging Microsoft
•
Synchronization occurs every 3 hours by default, can be initiated manually
•
Can filter based on OU, Domain or User Attribute
This is a requirement for SharePoint Hybrid scenarios, including Search
•
When a user issues a query from on-premises to SP Online, SP Online must rehydrate the user’s identity
•
The rehydration process looks up attributes in the SP Online profile store
•
If no or multiple profiles exist the query will fail rather than security trimmed results being returned
45. Sample (non-HA) Hybrid Deployment
VPNVPN Site-to-Site VPN Tunnel AD DS[AZLAB-DC2] Azure AD Sync[AZLAB-DIRSYNC1] AD FS (3.0) [AZLAB-ADFS1] AD FS Proxy[AZLAB-WAP1] Windows Server 2012 R2Web Application Proxy (WAP) (Reverse Proxy) SharePoint Server 2013 PublishedSQL Server 2012 SP1+ [SQL1] AD DSAD CS[DC1] Web Application Companion (WAC) [WAC1] SP2013Web Front End(WFE) [WFE1] SP2013Application Server(APP) [APP1] Windows 8.1 Enterprise Client[CLIENT1] Windows Azure Workflow Manager[WFM1] Remote Access(VPN and NAT) [EDGE1] External Internet User
46. Pop Quiz(Are you still awake?)
•
What are the considerations to make this environment HA?
VPNVPN Site-to-Site VPN Tunnel AD DS[AZLAB-DC2] Azure AD Sync[AZLAB-DIRSYNC1] AD FS (3.0) [AZLAB-ADFS1] AD FS Proxy[AZLAB-WAP1] Windows Server 2012 R2Web Application Proxy (WAP) (Reverse Proxy) SharePoint Server 2013 PublishedSQL Server 2012 SP1+ [SQL1] AD DSAD CS[DC1] Web Application Companion (WAC) [WAC1] SP2013Web Front End(WFE) [WFE1] SP2013Application Server(APP) [APP1] Windows 8.1 Enterprise Client[CLIENT1] Windows Azure Workflow Manager[WFM1] Remote Access(VPN and NAT) [EDGE1] External Internet User