Building a highly available Internet facing SharePoint 2010 farm
-
Upload
robin-van-den-broeck -
Category
Technology
-
view
2.310 -
download
0
Transcript of Building a highly available Internet facing SharePoint 2010 farm
![Page 1: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/1.jpg)
Robin Van den broeck
Building a highly available Internet
facing SharePoint 2010 farm
![Page 2: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/2.jpg)
Sponsors
Venue Sponsor
Platinum Sponsors
Gold Premium Sponsors
Gold Sponsors
![Page 3: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/3.jpg)
About me
• IT Consultant since 1994
• Freelance consultant since 2010
• Been doing .NET development since 2001
• Focus on SharePoint technology since 2008
• Currently employed as a SharePoint Infrastructure Architect at a large financial institution
• Part-time trainer in .NET and SharePoint technologies
• Twitter: @vandero
• Email: [email protected]
![Page 4: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/4.jpg)
Agenda
• Introduction
• Advantages
• Disadvantages
• Specifics of a SharePoint Internet Site
• Content Deployment
• High Availability
• Disaster Recovery
• Patching
• Security
• Performance
![Page 5: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/5.jpg)
USING SHAREPOINT TO CREATE INTERNET
SITES
• SharePoint is one of the “cash cows” of Microsoft
• Mostly used for collaboration but…
more and more internet sites are being created in SharePoint
• Internet sites in general present specific challenges:
• High availability
• Disaster Recovery
• Security
• Performance
• Branding
![Page 6: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/6.jpg)
![Page 7: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/7.jpg)
![Page 8: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/8.jpg)
![Page 9: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/9.jpg)
![Page 10: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/10.jpg)
ADVANTAGES OF USING SHAREPOINT
• You have a full-fledged web content management “authoring” environment with:
• Collaboration options (lists, surveys, my sites, etc)
• Workflows (Approval, Three-State)
• Branding Engine (CSS, Master Pages, Page Layouts, Web Parts)
• SharePoint provides OOTB security (authentication & authorization)
• It’s based on .NET 3.5 and ASP.NET
• It creates its own databases and applies security on them
• It allows you to easily create web farms
• Built-in functionality: Content Deployment, Variations
![Page 11: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/11.jpg)
DISADVANTAGES OF USING SHAREPOINT
• It can be quite challenging to set up a properly working infrastructure
• And even more to keep it running and healthy
• Specialized personnel is required to support it
• Development is not always that easy and becomes challenging when in production
• Price can turn out to be an issue
• It’s very cumbersome to create/brand a site (unless you can do with the OOTB branding –
but not recommended)
![Page 12: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/12.jpg)
SPECIFICS OF A SHAREPOINT INTERNET SITE
• Often a separation between an “authoring” and a “publishing” environment
• Authoring is accessed by internal users
• Publishing is accessed by internal (administrators) and external users
• External users are most often anonymous (but can be authenticated too)
• Content deployment used to migrate content from authoring to publishing
• Must be high available (avoid downtime at all cost)
• Is often available in multiple languages (SharePoint Variations)
• Uses custom branding
![Page 13: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/13.jpg)
SAMPLE PHYSICAL TOPOLOGY
b7b69e
![Page 14: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/14.jpg)
CONTENT DEPLOYMENT
• Specify an export server in the source farm (authoring)
• Specify an import server in the target farm (publishing)
• The import and export servers are typically application servers
• In case an application server fails then the import/export server needs to be manually
reconfigured
![Page 15: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/15.jpg)
Publishing 1
WFE 1 WFE 2
APP 1 APP 2
Publishing 2
WFE 1 WFE 2
APP 1 APP 2
Authoring
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2 DB 1 DB 2
DB 1 DB 2
Data Center A Data Center B
Content
Deployment
Path A
Content
Deployment
Path B
![Page 16: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/16.jpg)
BEST PRACTICES: CONTENT DEPLOYMENT
• Always make sure that the installed solutions are identical on authoring and publishing
farms
• Never change content on the publishing farms
• Use snapshots (avoids putting locks on the source db while deploying content)
• When having multiple publishing farms make sure to leave a small interval between the
schedules of the two deployment jobs (for snapshot creation)
• Make sure the default zone of the target farm is the FQDN URL
• Make sure to require encryption
• No need to copy user names to publishing (however do copy Roles)
• Do one full content deployment to a database with an empty site collection (no template)
• Then only do incremental deployments
![Page 17: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/17.jpg)
HIGH AVAILABILITY
• Within the farm:
• Make Web Front-Ends redundant (external load-balancing)
• Make Application servers redundant (internal load-balancing)
• Install Central Administration on multiple application servers
• Deploy a SQL Server cluster with active/passive nodes
or
Use Database mirroring and the SharePoint failover server settings
• Between farms:
• Deploy separate farms onto multiple locations (e.g. data centers)
• Deploy a load-balancer that includes WFE nodes from different locations
![Page 18: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/18.jpg)
WEB FRONT-END HIGH AVAILABILITY
• Deploy multiple Web Front-Ends in a load-balancing scheme
• Load-balancing options: DNS round-robin, Windows NLB, hardware load-balancer (e.g.
Cisco ACE)
• Even load-distribution is most often sufficient for WFEs
• Sticky-ness can be configured if necessary (recommended when using session state and
caching)
• Hardware load-balancers can do HTTP probing (instead of PING probing)
![Page 19: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/19.jpg)
APPLICATION SERVER HIGH AVAILABILITY
• Most services can be made redundant and load-balanced
• SharePoint services use the internal SharePoint load-balancer
• Services that cannot be made redundant:
• User Profile Synchronization Service
• Enterprise Search Administration Service
• Very easy to configure: simply start the service on multiple application servers
![Page 20: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/20.jpg)
Publishing 1
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2
Publishing 2
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2
Authoring
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2
Data Center A Data Center B
LB
LB
Reconfigure Search
Admin on APP 2
Reconfigure User Profile
Synch on APP 2
![Page 21: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/21.jpg)
ENTERPRISE SEARCH HIGH AVAILABILITY
• Only one administration component (and
search administration database)
• Multiple crawl components (on
application servers or separate index
servers)
• Possible to dedicate crawl components
and databases to specific content
• Multiple query components
• Index partitions (groups of query
components)
• Index partitions is associated with a
property database (crawl metadata)
• Make index partition redundant by adding
mirror query components
![Page 22: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/22.jpg)
DISASTER RECOVERY
• Imagine what to do when your complete SharePoint infrastructure is destroyed
• Not the same as High Availability
• If time permits rebuild the SharePoint farm (worst case) or restore from backups
• Make sure you have a backup SharePoint farm (e.g. in a different data center) if
necessary to recover in a very short time (typical for internet sites)
• Make a Disaster Recover Test Plan and execute it at regular times
• Make a Disaster Recovery Plan (DRP) and
![Page 23: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/23.jpg)
Publishing 1
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2
Publishing 2
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2
Authoring
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2
Data Center A Data Center B
LB
LB
![Page 24: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/24.jpg)
PATCHING
• Keep in mind High Availability when patching publishing
• Authoring can be patched outside of office hours
• Can use the Disaster Recovery Plan to implement a new patch
• Patching sequence on publishing:
1. Patch publishing 2 farm (passive)
2. On the load-balancer make publishing 2 farm active and publishing 1 passive
3. Patch publishing 1 farm
4. On the load-balancer make publishing 1 farm active and publishing 2 passive
![Page 25: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/25.jpg)
Publishing 1
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2
Publishing 2
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2
Authoring
WFE 1 WFE 2
APP 1 APP 2
DB 1 DB 2
Data Center A Data Center B
LB
LB
![Page 26: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/26.jpg)
USER PROFILE SERVICE APPLICATION
• In a separated authoring/publishing architecture, this is only necessary on authoring
• Augment the profiles of “authors” and “administrators” with information from AD or any
other “people” source
• User Profile Synchronization can only be running on one application server at a time
• Make sure that default zone of Central Administration is load-balanced to easy the manual
fail-over
![Page 27: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/27.jpg)
SECURITY
• Make sure that every web app zone that requires authentication is secured with SSL
• Reasons to stay away from wildcard certificates:
• If one server or sub-domain is compromised, all sub-domains may be compromised
• If the wildcard certificate needs to be revoked, all sub-domains will need a new
certificate
• May not work seamlessly with older server-client configurations
• When integrating SharePoint with other components use mutual SSL (e.g. between
SharePoint and WebSphere)
• Apply “Least Privilege principle”: only give necessary permissions to technical accounts
and not more (also apply separation of duties)
![Page 28: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/28.jpg)
TYPICAL TECHNICAL ACCOUNTS
• Setup account
• Farm account
• Enterprise Search Service account
• Enterprise Search Default Content Access account
• User Profile Synchronization account (requires replication directory changes permission in
AD)
• SharePoint Foundation Search Service account
• SharePoint Foundation Search Crawl account
• Web Application AppPool account
• Service AppPool account
![Page 29: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/29.jpg)
AUTHENTICATION
• Implement user authentication using FBA (requires Claims Web App)
• FBA requires membership and role providers (and optionally custom sign in page)
• For optimal security use FBA in combination with ISA, UAG, WebSeal, etc
• Configure FBA on a separate web application or as an extend on the original web app
• Security concern when using extend -> uses same application pool!
• Alternative is use web app extend but segregate anonymous and secure access using
separate VIPs in the load-balancer
![Page 30: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/30.jpg)
WFE 1
ANON
WFE 2
ANON
WFE 3
SEC
WFE 4
SEC
APP 1 APP 2
LB LB
Anonymous users Authenticated Users
DB 1 DB 2
Scenario to segregate anonymous and authenticated users in one farm
![Page 31: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/31.jpg)
LIFE CYCLE MANAGEMENT
• Different environments:
• Development (developer machines – virtualized)
• Test (integration testing)
• Acceptance (User Acceptance Tests / Performance Tests)
• Production
• Developers should locally test deployments including content deployment
• Test should resemble the production topology but with less servers and minor hardware
• Acceptance should be a copy of production (passive farm could be downsized if needed
since DR tests can be done and active farm is used for performance tests)
• Acceptance should ideally be accessible from the internet
Development
TestUser
Acceptance
Production
![Page 32: Building a highly available Internet facing SharePoint 2010 farm](https://reader034.fdocuments.in/reader034/viewer/2022052623/559f745f1a28abe1718b46e9/html5/thumbnails/32.jpg)
PERFORMANCE
• Internet sites can have potentially a lot of users
• Caching is very important! 5 types of caching:
• Output Page Caching (set in web.config of Web App or in Site Collection Settings)
• Blob caching (enable in web.config)
• Object caching (set object cache super user and super reader accounts as properties
of Web App)
• Code caching (developer’s responsibility)
• Browser caching (determined by IIS response header settings and blob caching
settings)
• Determine proper sizing (do performance tests as soon as possible on acceptance)