SharePoint on-premises – Best Practice Installation and Configuration @DHobmaier, MCSE SharePoint Accessible content is available upon request. dennis.hobmaier @avepoint.com Klagenfurt am Wörthersee, AT http://www.hobmaier.net @DHobmaier Sr. Technical Solutions Professional ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • • • • Service Accounts SQL SharePoint Patching ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. SERVICE ACCOUNTS ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. SQL Server Dienst: SQL_Service SQL Server Admin: SQL_Admin SharePoint Admin und Setup: SP_Admin SharePoint Farm Service: SP_Farm Application Pool Konten • • • • • • • • Webanwendungen (z.B. Intranet): SP_WebApps MySite: SP_MySite Dienstanwendungen: SP_ServiceApps • Standard Crawl Account: SP_Crawl • UPS: SP_UserSync ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. SQL ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Data: RAID 10 oder 5 • Log: RAID 10 • Temp DB: RAID 10 • Auf eigenen Disk Pool / LUN • Programmdateien: RAID 1, 5 oder 10 ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Cluster oder Always-On Availability Group? • Benannte Instance • SQL Collation: Latin1_General_CI_AS_KS_WS • Kann später nicht geändert werden • Wichtig für Temp-DB und Standard für neue Datenbanken • Wirkt sich auf Sortierung / Views in SharePoint aus ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • RAM: Min / Max • Datenbankeinstellungen • Default index fill factor: 80 • Erweitert • Max Degree of parallism = 1 • GPO: Lock Pages in memory • GPO: Perform volume maintenance tasks ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Intial size • Sinnvolle Anfangsgröße für jede Datenbank • Anhand von erwartendem Inhalt, Beispiel Content Datenbank 50 GB • Autogrow • Performancekiller für SQL (bei Standard 10%) • Sinnvolle Größe z.B. 128 MB • Nicht von model vererbt • Recovery Model Simple/Full • Abhängig von der Backup Strategie • Jeweils für Model und tempdb • Model ist die Vorlage für jede neue Datenbank ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Per Script vorher anlegen • • • Small Medium Large • Anzahl Datenbankdateien • Je nach CPU • Max. 8 ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. SHAREPOINT ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Alias verwenden • • • • System32\Cliconfg.exe Syswow64\cliconfg.exe DNS Name für SQL verwenden Mehrere Tiers verwenden, wie CONTENT, SEARCH, SERVICES (Skalierbarkeit) • Sprache Englisch • Bitte immer englisches Betriebssystem, engl. SharePoint = weniger Bugs, leichteres Troubleshooting ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Voraussetzungen installieren • • PrerequisiteInstaller.exe Unbeaufsichtigte Installation über PrerequisiteInstaller.Arguments.txt • SharePoint Binaries • • Setup.exe Config.xml • SharePoint Konfiguration • • SharePoint Products and Configuration Wizard: psconfig.exe PowerShell • Farm Konfiguration • • Farm Configuration Wizard PowerShell ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Windows Server 2012 R2 - PowerShell Import-Module ServerManager Add-WindowsFeature Net-Framework-Features,Web-Server,Web-WebServer,Web-CommonHttp,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-AppDev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Health,Web-HttpLogging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Security,Web-BasicAuth,Web-Windows-Auth,Web-Filtering,Web-Digest-Auth,Web-Performance,Web-StatCompression,Web-Dyn-Compression,Web-Mgmt-Tools,Web-Mgmt-Console,Web-MgmtCompat,Web-Metabase,Application-Server,AS-Web-Support,AS-TCP-Port-Sharing,AS-WASSupport, AS-HTTP-Activation,AS-TCP-Activation,AS-Named-Pipes,AS-Net-Framework,WAS,WASProcess-Model,WAS-NET-Environment,WAS-Config-APIs,Web-Lgcy-Scripting,Windows-IdentityFoundation,Server-Media-Foundation,Xps-Viewer –Source D:\sources\sxs ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Online per PrerequisiteInstaller.exe • Offline per Skript $SharePoint2013Path = "c:\sharepoint2013bits" Start-Process "$SharePoint2013Path\PrerequisiteInstaller.exe" –ArgumentList "/SQLNCli:$SharePoint2013Path\PrerequisiteInstallerFiles\sqlncli.msi /IDFX:$SharePoint2013Path\PrerequisiteInstallerFiles\Windows6.1-KB974405-x64.msu /IDFX11:$SharePoint2013Path\PrerequisiteInstallerFiles\MicrosoftIdentityExtensions-64.msi /Sync:$SharePoint2013Path\PrerequisiteInstallerFiles\Synchronization.msi /AppFabric:$SharePoint2013Path\PrerequisiteInstallerFiles\WindowsServerAppFabricSetup_x64.ex e /KB2671763:$SharePoint2013Path\PrerequisiteInstallerFiles\AppFabric1.1-RTM-KB2671763-x64ENU.exe /MSIPCClient:$SharePoint2013Path\PrerequisiteInstallerFiles\setup_msipc_x64.msi • http://social.technet.microsoft.com/wiki/contents/articles/14582.sharepoint-2013-installprerequisites-offline-or-manually-on-windows-server-2012-a-comprehensiveguide.aspx#Solutions_Offline_and_Manual_Prerequisite_Procedures ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Setup.exe • AutoSPInstaller • https://autospinstaller.codeplex.com/ • UI für AutoSPInstaller • • http://autospinstaller.com/ Ehemals AutoSPInstallerGUI • Farm Konfigurationsdatenbank – sauberen Namen vergeben, z.B. P_SP_Config • • • P = Produktion SP = SharePoint Config = Konfigurationsdatenbank ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Nicht als Single Role installieren • Mit SP2016 MinRoles • Nicht den Farm Configuration Wizard verwenden (Central Admin) • Nur benötigte Dienste provisionieren • Konfiguration per PowerShell • Auf saubere Datenbanknamen achten ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Disable Loopback • New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -Value "1" -PropertyType DWORD • Warmup Skript (bis 2008 R2) • https://spbestwarmup.codeplex.com/ • Auto Warmup IIS ab 2012 R2 ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • PowerShell / Datenbanknamen und Topologie $spappPool = Get-SPServiceApplicationPool -ident "Service Applications" $search = New-SPEnterpriseSearchServiceApplication -Partitioned -Name "Search Service" -ApplicationPool $spappPool Databasename "P_SP_Search_Admin" New-SPEnterpriseSearchServiceApplicationProxy -Partitioned -Name "Search Service Proxy" -SearchApplication $search $clone = $ServiceApplication.ActiveTopology.Clone() $SSI = Get-SPEnterpriseSearchServiceInstance -local New-SPEnterpriseSearchAdminComponent –SearchTopology $clone -SearchServiceInstance $SSI New-SPEnterpriseSearchContentProcessingComponent –SearchTopology $clone -SearchServiceInstance $SSI New-SPEnterpriseSearchAnalyticsProcessingComponent –SearchTopology $clone -SearchServiceInstance $SSI New-SPEnterpriseSearchCrawlComponent –SearchTopology $clone -SearchServiceInstance $SSI New-SPEnterpriseSearchIndexComponent –SearchTopology $clone -SearchServiceInstance $SSI -RootDirectory $IndexLocation New-SPEnterpriseSearchQueryProcessingComponent –SearchTopology $clone -SearchServiceInstance $SSI $clone.Activate() • http://blogs.technet.com/b/praveenh/archive/2013/02/07/create-a-new-search-service-application-in-sharepoint2013-using-powershell.aspx ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • User Profile Service • MySite • Managed Metadata • Zentrale Metadaten • Work Management Service • E-Mail Benachrichtigung ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Falls SharePoint per Setup.exe installiert • Datenbanknamen ohne ID New-SPContentDatabase P__SP_AdminContent http://lab-sp2013-prod:8000 Get-SPWebApplication -ident http://lab-sp2013-prod:8000 | Get-SPContentDatabase Get-SPSite -ContentDatabase <GUID> | Move-SPSite -DestinationDatabase <New GUID> iisreset ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • Zugriff per DNS / FQDN • Auf AAM achten, veröffentlichung • Authentifizierung • • • NTLM (Standard) Kerberos ADFS … • Alles in eine Webanwendung • • • Inkl. MySite Weniger Trusted Zone Host-Header Websitesammlungen • Pro Website / Managed Path anlegen • • Abteilungen Projekte ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • • • • Root Site Collection anlegen „/“ Search Center My Site Host Governance • Quota Templates • Berechtigungen ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. PATCHING ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. • CU bei Bedarf installieren • Abhängig von der Qualität des CU‘s • Binaries auf allen Servern installieren • Products and Configuration Wizard auf allen Servern ausführen • WSUS: SharePoint ausnehmen • Per Skript • Sharepointupdates.com / Trevor Seward ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. FRAGEN? ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.