This document summarizes a presentation by Michael Noel on SharePoint 2013 infrastructure best practices. It covers new features in SharePoint 2013 like the Distributed Cache service and Request Management. It provides recommendations for farm architecture including separating databases, web servers and service applications. It also discusses high availability options, security best practices, and tools for documenting the SharePoint environment.
2. Michael Noel
• Author of SAMS Publishing titles “SharePoint 2013 Unleashed,” “SharePoint 2010
Unleashed”, “Windows Server 2012 Unleashed,” “Exchange Server 2013
Unleashed”, “ISA Server 2006 Unleashed”, and a total of 19 titles that have sold
over 300,000 copies.
• Partner at Convergent Computing (www.cco.com) – San Francisco, U.S.A. based
Infrastructure/Security specialists for SharePoint, AD, Exchange, System Center,
Security, etc.
4. • Windows Server 2008 R2 SP1 or Windows Server
2012 (Preferred)
• SQL Server 2008 R2 w/SP1 or SQL Server 2012
(Preferred)
Type Memory Processor
Dev/Stage/Test server 8GB RAM 4 CPU
‘All-in-one’ DB/Web/SA 24GB RAM 4 CPU
Web/SA Server 12GB RAM 4 CPU
DB Server (medium environments) 16GB RAM 8 CPU
DB Server (small environments) 8GB RAM 4 CPU
What’s new in Infrastructure for SharePoint 2013
Software/Hardware Requirements
5. • Office Web Apps is no longer a service application
• Web Analytics is no longer service application, it’s part of
search
• New service applications available and improvements on
existing ones
– App Management Service – Used to manage the new SharePoint app
store from the Office Marketplace or the Application Catalog
– SharePoint Translation Services – provides for language translation of
Word, XLIFF, and PPT files to HTML
– Work Management Service – manages tasks across SharePoint, MS
Exchange and Project.
– Access Services App (2013) – Replaces 2010 version of Access Services
What’s new in Infrastructure for SharePoint 2013
Changes in Service Applications and New Service Applications
6. • A new Windows service – the Distributed Cache
Service – is installed on each server in the farm
when SharePoint is installed
• It is managed via the Services on Server page in
central admin as the Distributed Cache service
• The config DB keeps track of
which machines in the farm
are running the cache service
What’s new in Infrastructure for SharePoint 2013
Distributed Cache Service
7. • The purpose of the Request Management feature is to give
SharePoint knowledge of and more control over incoming
requests
• Having knowledge over the nature of incoming requests –
for example, the user agent, requested URL, or source IP –
allows SharePoint to customize the response to each request
• RM is applied per web app, just like throttling is done in
SharePoint 2010
What’s new in Infrastructure for SharePoint 2013
Request Management (RM)
8. • Option 1 (AD Import): Simple one-way Sync
(a la SharePoint 2007)
• Option 2: Two-way, possible write-back to AD
options using small FIM service on UPA
server (a la 2010)
• Option 3: Full Forefront Identity Manager
(FIM) Synchronization, allows for complex
scenarios – Larger clients will appreciate this
What’s new in Infrastructure for SharePoint 2013
User Profile Sync – Three Options for Deployment
9. • SharePoint 2013 continues to offer support for
both claims and classic authentication modes
• However claims authentication is THE default
authentication option now
– Classic authentication mode is still there, but can
only be managed in PowerShell – it’s gone from the
UI
– Support for classic mode is deprecated and will go
away in a future release
– There also a new process to migrate accounts
from Windows classic to Windows claims –
the Convert-SPWebApplication cmdlet
What’s new in Infrastructure for SharePoint 2013
Claims-based Authentication - Default
10. • Stores new versions of documents as ‘shredded
BLOBs that are deltas of the changes
• Promises to reduce storage size significantly
What’s new in Infrastructure for SharePoint 2013
Shredded Storage
11. • New Search
architecture (FAST
based) with one
unified search
• Personalized
search results
based on search
history
• Rich contextual
previews
What’s new in Infrastructure for SharePoint 2013
Search – FAST Search now included
15. • 2 SharePoint Servers running
Web and Service Apps
• 2 Database Servers
(AlwaysOn FCI or AlwaysOn
Availability Groups)
• 1 or 2 Index Partitions with
equivalent query components
• Smallest farm size that is fully
highly available
Architecting the Farm
Smallest Highly Available Farm
16. • 2 Dedicated Web
Servers (NLB)
• 2 Service Application
Servers
• 2 Database Servers
(Clustered or
Mirrored)
• 1 or 2 Index Partitions
with equivalent query
components
Architecting the Farm
Best Practice ‘Six Server Farm’
17. • Separate farm for
Service Applications
• One or more farms
dedicated to content
• Service Apps are
consumed cross-
farm
• Isolates ‘cranky’
service apps like
User Profile Sync and
allows for patching in
isolation
Architecting the Farm
Ideal – Separate Service App Farm + Content Farm(s)
18. • Multiple Dedicated
Web Servers
• Multiple Dedicated
Service App Servers
• Multiple Dedicated
Query Servers
• Multiple Dedicated
Crawl Servers, with
multiple Crawl DBs to
increase parallelization
of the crawl process
• Multiple distributed
Index partitions (max of
10 million items per
index partition)
• Two query components
for each Index partition,
spread among servers
Architecting the Farm
Large SharePoint Farms
20. Allows organizations that wouldn’t normally be able to have a test
environment to run one
Allows for separation of the database role onto a dedicated server
Can be more easily scaled out in the future
Sample 1: Single Server Environment
SP Server Virtualization
22. Highest
transaction
servers are
physical
Multiple farm
support, with
DBs for all
farms on the
SQL AOAG
Sample 3: Mix of Physical and Virtual Servers
SP Server Virtualization
27. • Can reduce dramatically the size of Content DBs, as upwards
of 80%-90% of space in content DBs is composed of BLOBs
• Can move BLOB storage to more efficient/cheaper storage
• Improve performance and scalability of your SharePoint
deployment – But highly recommended to use third party
Remote BLOB Storage (RBS)
Data Management
30. • Break Content Databases and TempDB into multiple files (MDF, NDF), total
should equal number of physical processors (not cores) on SQL server.
• Pre-size Content DBs and TempDB to avoid fragmentation
• Separate files onto different drive spindles for best IO perf.
• Example: 50GB total Content DB on Two-way SQL Server would have two
database files distributed across two sets of drive spindles = 25GB pre-sized
for each file.
Multiple Files for SharePoint Databases
SQL Server Optimization
31. • Implement SQL Maintenance Plans!
• Include DBCC (Check Consistency) and either Reorganize
Indexes or Rebuild Indexes, but not both!
SQL Database Optimization
SQL Maintenance Plans
• Add backups into the
maintenance plan if they
don’t exist already
• Be sure to truncate
transaction logs with a T-
SQL Script (after full
backups have run…)
33. High Availability and Disaster Recovery
SQL Server Solution
Potential Data
Loss (RPO)
Potential
Recovery Time
(RTO)
Automatic
Failover
Additional
Readable Copies
AlwaysOn Availability Groups – Synchronous (Dual-phase
commit, no data loss, can’t operate across WAN)
None 5-7 Seconds Yes 0 - 2
AlwaysOn Availability Groups – Asynchronous (Latency tolerant,
cross WAN option, potential for data loss)
Seconds Minutes No 0 - 4
AlwaysOn Failover Cluster Instance (FCI) – Traditional shared
storage clustering
NA 30 Seconds to
several minutes
(depending on
disk failover)
Yes N/A
Database Mirroring- High-safety (Synchronous) Zero 5-10 seconds Yes N/A
Database Mirroring - High-performance (Asynchronous) Seconds Manually
initiated, can be a
few minutes if
automated
No N/A
SQL Log Shipping Minutes Manually
initated, can be a
few minutes if
automated, by
typically hours
No Not during
a restore
Traditional Backup and Restore Hours to Days Typically multiple
hours, days, or
weeks
No Not during
a restore
Comparison of High Availability and
Disaster Recovery Options
HA and DR
36. • Hardware Based Load Balancing (F5,
Cisco, Citrix NetScaler – Best
performance and scalability
• Software Windows Network Load
Balancing fully supported by MS, but
requires Layer 2 VLAN (all packets must
reach all hosts.) Layer 3 Switches must
be configured to allow Layer 2 to the
specific VLAN.
• If using Unicast, use two NICs on the
server, one for communications between
nodes.
• If using Multicast, be sure to configure
routers appropriately
• Set Affinity to Single (Sticky Sessions)
• If using VMware, note fix to NLB RARP
issue (http://tinyurl.com/vmwarenlbfix)
Network Load Balancing
HA and DR
38. • Infrastructure Security and Best practices
– Physical Security
– Best Practice Service Account Setup
– Kerberos Authentication
• Data Security
– Role Based Access Control (RBAC)
– Transparent Data Encryption (TDE) of SQL Databases
• Transport Security
– Secure Sockets Layer (SSL) from Server to Client
– IPSec from Server to Server
• Edge Security
– Inbound Internet Security (Forefront UAG/TMG)
• Rights Management
Five Layers of SharePoint Security
Security
39. • Document all key settings in IIS, SharePoint, after
installation
• Consider monitoring for changes after installation for
Config Mgmt.
• Fantastic tool for this is the SPDocKit - can be found at
http://tinyurl.com/spdockit
SPDocKit
Document SharePoint