SharePoint 2013 Streamlined Architecture

Based on “Streamlined Topologies for SharePoint Server 2013” diagram from Microsoft (“Topology design guidance for maximizing system resources”), 

Simplified for 4-servers high-available 3-tier farms:

  Services

Front-End Servers

Service applications, services, and components that serve user requests directly are placed on front-end servers. These servers are optimized for fast performance.

Low and Very low latency.
  • Access
  • BDC
  • Cache
  • MMS
  • Secure Store
  • State 
  • Subscription Settings
  • UPSA
  • User Code
  • Visio
  • Excel Calculation
  • Performance Point
  • Project
  • Search Query
  • Web Application/CA

Batch-Processing Servers

Service applications, services, and components that process background tasks are placed on a middle-tier of servers referred to as batch processing servers. These servers are optimized to maximize system resources. These servers can tolerate greater loads because these tasks do not affect performance observed by user
  • UPSA Sync
  • Workflow Timer Service
  • Machine Translation
  • Word Automation
  • Work Management
  • Search Crawl Target (Web Application)
  • Search Crawl/Analytics
  • PowerPoint conversion 

 

step-by-step SharePoint Setup with AutoSPInstaller

(the article is under construction)

How to setup SharePoint 2013/2016/2019 using AutoSPinstaller

the quick and easy way which can be used in your lab environment, as well in test and even in production and later be scaled-out, as performance and/or availability requirements grows up

Assume 3-tier topology – Front-End Server, Batch-Processing Server and SQL Server. Accounts according to least privilege principle.

Treat all server names, account names and domain names in this article are “for example”, i.e. you should use your own names.

What you must already have/get:

  • AD (Active Directory)

Prepare (request) hardware (virtual machines):

  • SP16SQL1 for SQL Server 2016
  • SP16WFE1 for SharePoint 2016 Front-End Roles
  • SP16BPS1 for SharePoint 2016 Batch-Processing Roles

SP16SQL1 for SQL Server 2016

refer to Microsoft SharePoint 2016 requirements for hardware specifications, but as minimum:

  • any 64-bit 4-core server CPU
  • RAM 4 GB for lab/test and 16+ GB for prod
  • HDD min 80 GB for system drive, 80 GB drive for application/data

Install MS Windows Server 2016 with GUI.
Configure time zone and time, static IP, name, language, region.
Add to domain.
Add App Server role, install updates, check event logs, resolve errors if any.

SP16WFE1 and SP16BPS1 for MS SharePoint 

refer to Microsoft SharePoint 2016 requirements for hardware specifications, but as minimum:

  • any 64-bit 4-core server CPU
  • RAM 8-12GB for lab/test and 16-24GB for prod
  • HDD min 80GB for system drive, 80GB drive for application

Install MS Windows Server 2016 with GUI.
Configure time zone and time, static IP, name, language, region.
Add to domain.
Add App Server role, install updates, check event logs, resolve errors if any.

Create (request) AD accounts:

– SQL-Adm
– SQL-Svc

– SP-Adm
– SP-Farm
– SP-Svc
– SP-PortalAppPool
– SP-ProfilesAppPool
– SP-CacheSuperUser
– SP-CacheSuperReader
– SP-ProfileSync
– SP-SearchService
– SP-SearchContent
– SP-ExcelUser
– SP-VisioUser
– SP-PerfPointUser

and

– SP_farm_administrators security group

add SP-Adm (and personal admin accounts) to SP_farm_administrators group

provide “Replicate Directory Changes” AD permissions to SP-ProfileSync account (refer to this how to article)

 

SQL Server:
add SQL-Adm to local administrators

SP Server:
add SP_farm_administrators group to local administrators group

Setup

on SQL Server:
login as SQL-Adm to install  MS SQL Server 2016

  • start MS SQL Server 2016 setup
  • features: Database Engine Services, (optional) Reporting Services – SharePoint
  • Directories: change to non-system drive
  • (optional) name instance
  • Service Accounts: use SQL-Svc as service account for SQL Server Agent and SQL Server Database Engine 
  • Server Configuration: AddCurrentUser
  • Data directories: ensure non-system drive is used
  • Windows Firewall and Advanced Security->Inbound Rules->New Rule->
    • Port TCP 1433-1434 Allow
    • Port UDP 1434 Allow

since “SQL Server Management Studio” is not a part of SQL Server, but distributed separately, you need to

  • download “SQL Server Management Studio” (any version – 2016+) and
  • install it on any machine – SQL, SharePoint or your personal workstation, then
  • start SQL Server Management Studio->Security->Logins
    • add SP_farm_administrators with roles securityadmin, dbcreator, public
  • SQL SQL Management Studio->Right Click on instance name->select properties->Advanced->Change Max Degree of Parallelism to 1

on SharePoint Server:
login as SP-Adm

  • (optional) setup MS SQL Server 2016 feature Reporting Services – add-in for SharePoint
  • check connection to SQL server
    • create empty file with extention .udl (create text file and rename it to sql.udl)
    • double-click it
    • enter server name, choose Windows NT integrated security, select database, Test Connection
    • if failed – check on SQL Server if protocol TCP/IP activated for remote access (SQL Server Configuration Manager -> SQL Server Network Configuration -> Protocols… -> TCP/IP -> Enable)
      check firewall
  • download AutoSPInstaller, unzip it, explore content

Generally, the steps are

  • install/configure prerequisites (Windows roles, some additional software)
  • install SharePoint binaries (SharePoint itself, language packs, updates)
  • create/configure farm (create configuration database, service applications, web applications etc.)

AutoSPInstaller is able to handle all steps, but personally I prefer to install prerequisites and SharePoint manually, and use AutoSPInstaller only to create/configure farm. If so, we will need only “Automation” folder from autospinstaller.zip

Prerequisites

I’d recommend copy all content from source SharePoint image to a folder. 

run prerequisiteinstaller.exe. It will take care of

  • Web Server (IIS) Role
  • Microsoft SQL Server 2012 Native Client
  • Microsoft ODBC Driver 11 for SQL Server
  • Microsoft Sync Framework Runtime v1.0 SP1 (x64)
  • Windows Server AppFabric
  • Microsoft Identity Extensions
  • Microsoft Information Protection and Control Client 2.1
  • Microsoft WCF Data Services 5.6
  • Microsoft .NET Framework 4.6
  • Cumulative Update Package 7 for Microsoft AppFabric 1.1 for Windows Server (KB3092423)
  • Visual C++ Redistributable Package for Visual Studio 2012
  • Visual C++ Redistributable Package for Visual Studio 2015
     

(optionally, you can run powershell:

Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Security,Web-Basic-Auth,Web-Windows-Auth,Web-Filtering,Web-Digest-Auth,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Tools,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Metabase, WAS,WAS-Process-Model,WAS-NET-Environment,WAS-Config-APIs,Web-Lgcy-Scripting,Windows-Identity-Foundation,Xps-Viewer

an then prerequisiteinstaller.exe )

It might require you to restart the server, then prerequisiteinstaller.exe will continue until you see “Installation Complete” message. Finally you must see “Installation Complete. All required prerequisites have been installed or enabled” message.

Now run setup.exe

Be ready to provide your SharePoint product key. You can use SharePoint trial key from here for test or evaluation environment. 

From Server Type choose “Complete” (for SharePoint 2013 only – option chosen by default).

NB! Choose File Location on “File Location” tab. I’d recommend install SharePoint on separate drive (e.g. E:).

Note that it says: “If you intend to use this computer as a search server, the search index files will be stored on the local drive. These files can be very large , so ensure that there is sufficient free space on the selected drive. To change where Microsoft SharePoint Server 2016 will store it’s index files…”

You might say that it is possible to configure index files location during provisioning Search Index component. 
Yes, I absolutely agree. But! There is also Analytics Processing Component, and during it’s work, it generates temporary files under “C:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\Analytics_GUID\AE\AnalyticsProcessingComponent1” which might be very big in size, and that location could not be “legally” changed. So if you miss this point, you might be required to reinstall SharePoint binaries later. See also this

After binaries installed, you should see “Run Configuration Wizard” “To complete configuration of your server, you must run the SharePoint Product Configuration Wizard”… 
Remove the checkmark “Run the SharePoint Product Configuration Wizard now” (untick this).
I.e. Do not run Product Configuration Wizard for now. Farm will be configured later via PowerShell AutoSPInstaller script.

If you need language packs – it’s time to install language packs. 

Now you are good to install Cumulative Update. Latest for test/lab environment, latest tested for production. Check updates against regressions (e.g. with Todd Klindt). 

Do not run Product Configuration Wizard.

Now let us have a closer look into AutoSPInstaller Automation folder.

у AutoSPInstallerInput.xml убираем атрибут “read only” файловой системы
AutoSPInstallerInput.xml правим так:
        <PIDKey></PIDKey> вбиваем ключ (можно триальный отсюда, потом вручную сменим на постоянный)
        <SKU>Enterprise</SKU> вбиваем Standard или Enterprise (ключ тогда должен быть соответствующий)
        <AutoAdminLogon Enable=”false” Password=”” /> вбиваем true и пароль, если хотим чтобы сервер каждый раз сам логинился (предполагается несколько перезагрузок)
        <Passphrase></Passphrase> вбиваем пароль/ключ (используется для присоединения дополнительных серверов к ферме)
        <Account…  везде, где встречаем DOMAIN\ или @domain, исправляем на наши реальные данные так:
            <Username>DOMAIN\SP_Farm</Username> , заменяем DOMAIN на настоящее имя нашего домена, оставляем название и имя учётки (SP_Farm) как есть
            <Password></Password> вбиваем пароль
            <Email>spfarm@domain.com</Email> вбиваем e-mail
        <CentralAdmin Provision=”true”>… ставим порт какой удобно, например <Port>2013</Port>
        <Database> первое упоминание делаем так
           <DBServer></DBServer>  вбиваем алиас для SQL Server (например <DBServer>SP3SQLAL</DBServer>)
                     DBInstance=”SERVER\INSTANCE” правим на только имя сервера (например, DBInstance=”SP3SQL1″)
            <DBPrefix>AutoSPInstaller</DBPrefix> меняем на удобный нам, например <DBPrefix>SP</DBPrefix>
        остальные упоминания <Database> не трогаем (оставляем пустыми как есть)
        <ManagedAccounts> домен и пароль  меняем на свой, всё остальное – названия акаунтов и сами акаунты – оставляем как есть
        <Logging><LogDiskSpaceUsageGB></LogDiskSpaceUsageGB> поставить приемлемое для своего дискового пр-ва значение, например 5
        <AppManagementService если вы в состоянии это сделать, то оставляем Provision=”true”
                и следуем инструкциям, например Setting up your App domain for SharePoint 2013
                иначе – ставим Provision=”false”

  • Собственно установка
    • Запускаем от имени администратора (Run As Administrator) батничек AutoSPInstallerLaunch.bat
    • Но не идём курить, как некоторые советуют, а пьем чай и наблюдаем, т.к. иногда срабатывает UAC и надо тыкнуть “OK”
    • Если скрипт почему-то “слетает”, то смотрим “почему”, поправляем и запускаем снова, ничего не меняя в других настройках.

Последействия:
        <AutoAdminLogon Enable=”false” Password=”” /> стираем пароль
        <Passphrase></Passphrase> стираем

поправить параметры логирования под себя

если есть exchange, можно настроить OutgoingEmail и сам Exchange

 

Notes:

if you plan federated SharePoint environment, i.e. having Publishing (Service) Farm and Consuming (Content) Farm – plan for SQL aliases carefully.

 

Sources:

Brian Lalancette: AutoSPInstaller 

Technet: Account permissions and security settings in SharePoint 2013
Technet: Install SharePoint 2013
Technet: Hardware and software requirements for SharePoint 2013
CodePlex: Automated SharePoint 2010/2013 PowerShell-based installation script
Technet: virtual environment for SharePoint 2013
Setting up your App domain for SharePoint 2013

F5 Load Balancing for SharePoint 2016

 

Management Tools Basic+Complete;

SharePoint Updates Qiuck Guide

(this article is under development)

It is important to test the update process in a test environment. Test environment must be as much as possible similar to production.

 

Applying SharePoint updates to a server farm

Safest update method

The safest method to update a SharePoint farm is to take the entire farm offline, update all servers, and then bring the farm back online. This method requires a maintenance window that might not be practical for all organizations.

High availability updating

High availability updating involves more planning, testing, and coordination. The general outline for the process includes the following steps.

Continue reading

SharePoint BC, HA and DR

(the article is under development)…

In short, keeping SharePoint online means designing a fault-tolerant architecture, coding customisations & apps in a well designed and tested manner, and implementing good SharePoint governance. First though, the architecture…

 

(SharePoint PLA – Product Line Architecture)

 

References:

Continue reading

SharePoint Distributed Cache

Distributed Cache should be patched separately from SharePoint (DC updatess will not come with SharePoint CUs…).

Do not use SharePoint Distributed Cache with your custom code.

 

Useful commands

Connect-AFCacheClusterConfiguration
Get-CacheHost
Get-AFCacheClusterHealth
Get-SPServiceInstance | ? {($_.service.tostring()) -eq "SPDistributedCacheService Name=AppFabricCachingService"} |fl
Get-AFCacheHostConfiguration -ComputerName XXX -CachePort "22233"
$svc=$f.Services | ? {$_.Name -eq "AppFabricCachingService"}
$svc.ProcessIdentity
Get-AFCacheAllowedClientAccount
#Stop-SPDistributedCacheServiceInstance –Graceful
#Update-SPDistributedCacheSize -CacheSizeInMB 1024
#Add-SPDistributedCacheServiceInstance
#Grant-AFCacheAllowedClientAccount -Account "domain\upsa_runas_account"
get-command -module DistributedCacheAdministration

 

=======================

Continue reading

SharePoint Workflow Manager setup

(see also Part1: SharePoint Workflow Manager Review)

Installation (offline) step-by-step

Ensure hardware/software requirements. Ensure/configure your server (time, time zone, IP, hostname, domain, language, region, ESC, updates, event log).

Accounts you need (for example):

  • Svc-WFM-FarmAdm – domain users + local admin on WFM Servers, DBCreator and SecurityAdmin on SQL
  • Svc-WFM-SBAcc – domain users
  • Svc-WFM-WFAcc – domain users

DNS: wfm.contoso.kz points to Workflow Manager Server (or load-balancer)

On an Internet connected machine:

Continue reading

SharePoint 2013 and Certificates. Quick Guide.

 

SharePoint Apps

wildcard SSL cert (*.contosoapps.com) is needed

$trustCert = Get-PfxCertificate "c:\wfm.cer"
New-SPTrustedRootAuthority -Name "Workflow Manager Farm" -Certificate $trustCert

Continue reading