Designing Your SharePoint Server 2013 Enterprise Deployment

Download Report

Transcript Designing Your SharePoint Server 2013 Enterprise Deployment 

[email protected]
Through our learnings operating our service at scale, we are optimizing for this
configuration
•
• We have the highest level of confidence with this
configuration
•
It receives the most real world usage and validation
• We are building features moving forward that align
with this configuration (our new app model as a
good example)
•
•
•
•
Physical Topology
Logical Topology
Authentication
Licensing
Web tier
Application tier
Database tier
Hyper–V host A
Hyper–V host B
Web tier
Application tier
Database tier
Hyper–V host A
Hyper–V host B
On Critical Path For Most Requests
Interactive / Serving End-user
Requests
Doing Background Processing
Request Management
Distributed Cache
User Profile Application
Metadata Services
Business Data Connectivity
Secure Store
State
Session State
Access
User Code
Search Query
PerformancePoint
Visio
Excel Services
PowerPivot
Project
User Profile Sync
Crawl Target
Content DB Jobs
Workflow
WMA
Machine Translation
Search Crawl
Document Conversion
SPC192
11/13 1:45 PM
Request
Management
User Profile
Application
Distributed
Cache
Metadata Services
Business Data Connectivity
Secure Store
State
Session State
Access
User Code
Search Query
PerformancePoint
User Profile Sync
Visio
Crawl Target
Excel Services
Content DB Jobs
PowerPivot
Workflow
Project
WMA
Machine Translation
Search Crawl
Document Conversion
Routing and Caching
Very low latency
Front End
Low latency
Back End
More tolerant latency
Database tier
For all but the
smallest enterprise
deployments, you
will want to split
Search Query
functionality to a
separate tier
Routing and Caching
Very low latency
Front End
Low latency
Search (Query, Index, Admin)
Low latency
Back End
More tolerant latency
Database tier
SPC007
11/13 9:00 AM
Office Web Applications
Primary Farm (Services and Content)
IIS Web Site— SharePoint Web Services
Application Pool
Search
Managed
Metadata
Business Data
Connectivity
Machine
Translation
User Profile
Secure Store
Service
Excel
Services
Access
Services
Word
Automation
Work
Visio
Graphics
Default group
Primary Content Sites
Farm D - Content
Farm C - Content
Farm B - Content
http://content/sites/foo
IIS Web Site—
SharePoint Web Services
IIS Web Site—
SharePoint Web Services
IIS Web Site—
SharePoint Web Services
Application Pool
Application Pool
Application Pool
Management
App
Management
My Site Host & Personal Sites
http://my
Excel
Services
Access
Services
Word
Automation
Work
Management
Visio
Graphics
App
Management
Default group
Application Pool
Excel
Services
Access
Services
Word
Automation
Work
Management
Visio
Graphics
App
Management
Default group
Application Pool
Excel
Services
Access
Services
Word
Automation
Work
Management
Visio
Graphics
App
Management
Default group
Application Pool
http://my/personal/<user>
Web Application—Team Sites and
community sites
Web Application—Team Sites and
community sites
Web Application—Team Sites and
community sites
• Physical Isolation – Sometimes there’s no other
way to achieve
• Legacy Applications– Example: Need to allow full
trust solutions for a specific business unit. Better
to isolate those from your pristine, beautiful
primary farm.
• Geo – Need regional content farms for regulatory
reasons or low bandwidth satellite deployments.
Load Balancer
Web servers
Application Pool 1
Web application:
Central Administration Site
Application servers
Database servers with SQL
Server installed and configured to
support SQL clustering, mirroring,
or AlwaysOn (AlwaysOn applies
to SQL Server 2012 only)
IIS Web Site— SharePoint Web Services
Application Pool 2
Partitioned
services
Unpartitioned services
Search
Managed
Metadata
User Profile
Excel
Services
Secure Store
Service
Business Data
Connectivity
Word
Automation
Services
Access
Services
Visio
Graphics
Service
Work
Management
Machine
Translation
App
Management
Subscription
Settings
Managed
Metadata
Partitioned by
project in the
Partner Web
site collection
Search
Default group
Custom group
Application Pool 3
Facilities
Purchasing
Database settings:
 Target size per database = 200 gigabytes (GB)
Web application: My Sites
Web application: Team Sites
https://intranet.fabrikam.com
HR
Application Pool 5
Application Pool 4
Web application: Published Intranet Content
Team1
Team2
Team3
Database settings:
 Target size per database = 200 gigabytes (GB)
 Site size limits per site = 30 GB
 Reserved for second-stage recycle bin = 10%
 Maximum number of sites = 6
 Site level warning = 5
Web application: Partner Web
https://partnerweb.fabrikam.com
https://my.fabrikam.com
https://teams.fabrikam.com
https://my.fabrikam.com/personal/<site_name>
Database settings:
 Target size per database = 175 gigabytes (GB)
 Site size limits per site = 1 GB
 Reserved for second-stage recycle bin = 15%
 Maximum number of sites = 180
 Site level warning = 150
Zone
Load-Balanced URL
Zone
Load-Balanced URL
Zone
Load-Balanced URL
Default
https://intranet.fabrikam.com
Default
https://teams.fabrikam.com
Default
https://my.fabrikam.com
Zone
Published Intranet Sites
Zone
Team Sites
Zone
Self-Service Sites
Default
https://intranet.fabrikam.com
https://intranet.fabrikam.com/hr
https://intranet.fabrikam.com/facilities
https://intranet.fabrikam.com/purchasing
Default
https://teams.fabrikam.com/sites/Team1
https://teams.fabrikam.com/sites/Team2
https://teams.fabrikam.com/sites/Team3
Default
https://my.fabrikam.com/personal/User1
https://my.fabrikam.com/personal/User2
https://my.fabrikam.com/personal/User3
Project1
Project2
Project3
Database settings:
 Target size per database = 200 GB
 Storage quota per site = 5 GB
 Maximum number of sites = 40
Zone
Load-Balanced URL
Default
https://partnerweb.fabrikam.com
Zone
Partner Web Sites
Default
https://partnerweb.fabrikam.com/sites/Project1
https://partnerweb.fabrikam.com/sites/Project2
https://partnerweb.fabrikam.com/sites/Project3
IIS Web Site – ”SharePoint”
Application Pool ”SharePoint”
Logical functionality ”Intranet”
Logical functionality ”My Sites”
Logical functionality ”Communities”
Logical functionality ”Teams”
Logical functionality ”Projects”
• One Web application, one zone
•
Have a good business reason why you deviate from this
•
•
Scales Better
Reduced Resource Consumption (Memory for App Pools,
Cache, etc)
Mitigates x-site scripting risks the same as multiple web apps
SSA (Secure Site Access) - You can still have multiple host
names !
• Use Host Named Site Collections
•
•
Use a single web application with a single zone configured for
the various auth methods that you require
• Use Claims based auth (Win or FBA)
• For SAML Claims IP STS needs to support wildcard domain
WSFedEndpoint
• We are working with ADFS Team to enable this scenario
• Anonymous on the same web app?
• Extend the web app to another zone and configure that for
Anonymous
•
SPC209
11/13 5:00 PM
•
Be Ready for oAuth
• In oAuth Farm 2 Farm conversation only a subset of attributes
are provided
•
User Token is rehydrated on the destination farm
•
•
•
•
•
SharePoint S2S depends on mapping to a user account through the user profile
application
UPA stores user attributes (claims) used for rehydratation
Be sure all claims are in the UPA
Otherwise, new custom claims provider might be needed
Be ready for the Cloud and Hybrid
• Be sure attributes are all in your Directory Service (e.g. AD)
SPC243
• Be sure your Directory Service can fully sync to MSODS11/13 9:00 AM
• What we had in SharePoint 2010:
•
Licensing control was per farm. If you had to differentiate
licensing model:
•
•
•
•
You needed 1 farm for Standard
You needed 1 farm for Enterprise
Ah, and we only had 2 different licenses
Different mix & matches were not possible
• 2013: Increased ability to manage licensing vs previous
versions.
•
•
Licenses and licenses check are per user
Requires Claims auth: licenses are “assigned” by mapping
claims to users
•
•
•
E.g. assigning an enterprise license to an Active Directory Group
Works for SharePoint (Enterprise & Standard), OWA and
Project Server
4 licenses provided OOB
Configured and controlled by PowerShell
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•Get-SPUserLicensing
•Enable-SPUserLicensing
•Disable-SPUserLicensing
•Get-SPUserLicense
•Get-SPUserLicenseMapping
•New-SPUserLicenseMapping
•Add-SPUserLicenseMapping
•Remove-SPUserLicenseMapping
Licensing enforcement:
Web Parts
Web Part Gallery
Web Templates
Document Libraries
MySPC
http://myspc.sharepointconference.com
•
Is stretched farm supported ?
•
•
Do we need to enable MT ?
•
•
One
How Many Web Applications do I need ?
•
•
Yes – But only a single tenant
How many farms do I need ?
•
•
No – Officially unsupported – Do not ask us to re-visist this decision. We are firm.
One – With one Zone
What about Anonymous access ?
•
•
This is the “Exception Case” for a single zone. Anonymous will require extending to a second
zone.
Cloud App Model only works on the default zone !!
• Multi tenant feature: yes
• Subscription Settings Service required for new cloud
App Model
• This should be the extent of your utilization of MT
Multiple tenants on the same farm: better not
• MT is the “Deep End of the Pool” – There is a high
level of investment in both development as well as
maintenance
• MT Only becomes cost effective when tenant
numbers scale into the multiple thousand range.
©2012 Microsoft Corporation. All rights reserved.