I found a really good description of how to choose the SharePoint 2007 topology that is vizualized in block diagram. The full description is in this post "Inside SharePoint Securing External SharePoint Communications"
.gif)
Introduction
Depending on the environment you are configuring you might need not only open ports between client and your Web Front End(WFE) servers, but you might have internal topology where your SharePoint servers are separated by layers and are isolated by firewalls. In such situation you need to know the inner-process communication ports and direction, to open the ports on firewall.
The following table describes all ports SharePoint 2007 uses for the communications. Take into account that only 2 posts are used between client PC and WFE (the indenting line). All other ports are for internal and external communications between SharePoint servers.
The advantage of this document is that I summarized all ports together that are described in different documents, and included directions. Microsoft doesn’t provide you the summary info for ports and directions.
SharePoint 2007 Ports
| Inbound/Outbound | From | Port | Type | To |
| Inbound | Client IPs (as applicable) | TCP 80 or 443 (SSL) | HTTP | ISA Web Pub or WFE |
| Inbound | TS Jump point | RDP (TCP 3389) For Remote Admin | | APP (Central Admin /SSP Admin) |
| Inbound | All SharePoint Server (Depends on Central Admin configuration) | Office Server Web Services, TCP 56737, SSL 56738 | HTTP | App - Central Admin /SSP Admin (Web Service Control) |
| Inbound | Index | TCP 80 or 443 | | WFE |
| Outbound | ALL SharePoint Servers (Based on Authentication) | DS (TCP 445) RPC (TCP 135) DNS (TCP/UDP 53) Kerberos (UDP 88) LDAP/S (UDP 389/636) | | DC (AD) /DNS (LDAP) |
| Outbound | External Content | DNS (TCP/UDP 53) | | DNS |
| Outbound/(Inbound if applicable) | WFE (alerts or mail enabled list) | SMTP (TCP 25) | | SMTP/Exchange |
| Outbound | ALL SharePoint Servers | SQL (TCP 1433) or custom port for Named SQL Instance | SQL Server Tabular Data Stream (TDS) | SQL Server |
| Outbound | WFE (Search Request) | Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) | Server Message Block (SMB) | Query |
| Outbound | Index (Propagation) | Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) | | Query |
| Outbound | Index (File Shares) | Either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) | Server Message Block (SMB) | External Content |
| Outbound | Index (BDC) | SQL (TCP 1433) or custom port | | External Content |
| Outbound | WFE (SSO) | RPC for SSO – (TCP 135), plus random high ports (Dynamic RPC) or restricted high ports (Static RPC) | | APP Servers |
| Outbound | WFE | TPC 80, TCP 443, TCP (custom) | HTTP | Index Server (search crawling) |
| Outbound | Index (Search Crawling) | TPC 80, TCP 443, TCP (custom) | HTTP | WDE |
| Outbound | Index (Sites) | TPC 80, TCP 443, TCP (custom) | | External Content |
Inter-server communications of SharePoint 2007
Extra -server communications of SharePoint 2007
Firewalls
Depending on you farm design you might require firewall between your farm’s servers. In case of separate networks you should know that one-way trust relationship is required between WFE and Applications Servers, Application Servers and Database, if they are separated by network.
You need to configure firewall properly for domains and trusts http://support.microsoft.com/kb/179442/
Sources:
Introduction
In the current series I’d like to describe how to analyse the SharePoint Farm and prepare it for the SharePoint 2010 migration. We will review the following 3 sections:
- Farm Architecture and Configuration Analysis
- User and Group Analysis (current)
- Farm Migration
This section describes the user analysis and permission analysis. But first of all – why do we need to analyze users and permissions when we only migrating data?! Can’t our users be migrated automatically?!
The answer is yes and no - users will be migrated automatically, but migration is hardly planning for the sake of migration and usually you are building a new application and trying to fix existing issues. Users, Groups and Permissions are needed to be reorganized and to be fixed before moving content to new environment.
The areas we need to look at are the following:
- number of users and group
- how users are organized in groups
- permissions – users, groups, broken inheritance
- dead users
SharePoint OOTB functionality doesn’t cover all our needs, so we are going to use several 3rd partly tools to gather the necessary information.
Tools
Additionally, you need to use the following STSADM commands
There are two approaches to collect required information – using commercial “ARK for SharePoint 2007” reporting tool that covers almost all our needs or using several free tools to get the same information. We can achieve almost the same via “enumuser/enumgroups/enumroles” command of STSADM, but we need to count the items manually.
The limitation of the majority of free tools is that they don’t provide web-application level information across all site collections. The advantage of “ARK for SharePoint” is that it generates reports for all web applications in our farm.
In this post I’d like to describe the steps of how to get all information without using commercial tools.
Number of Users & Groups
- Users & Groups number – “Bamboo SharePoint Analyser" –> Farm->Servers->Web Applications->Site Collections –> Web sites and the values are in parentheses for “Users”, “Groups” and “Administrators”
- Site Administrators – use “Bamboo SharePoint Analyzer” of Central Administration
- Groups across site collections - use “Xavor SharePoint Admin tool” –> Show Group Security
Users & Groups Association
- Farm Administrators – Use Central Administration –>Operations-> Update Farm Administrators Group or “Bamboo SharePoint Analyzer”
- Users by Group – ARK for SharePoint provides full info across all web applications. Alternative free solution is to use “Permission Report” tool functionality (Site Settings -> “Broken Inheritance Reports Jobs”) that generates Excel spreadsheet for the Site with the user’s and its groups.
Permissions
- Broken inheritance can be found via “Access Checked” tool that shows SharePoint items where permission is broken, but tool doesn’t show what exactly is broken and list of changes. Reports are supported.
- Broken inheritance Diff can be viewed with “SharePoint Administration Toolkit” and its “Compare Permissions Sets” report that shows the permissions difference between the current and root items, and also the details about permission changes . Reports are supported.
- User rights – “Check User Access” report of “Access Checker” show the rights for the users across SharePoint elements, including the items where user don’t have access
- Group rights - “Check Effective Permissions” of “SharePoint Administration Toolkit” shows the items accessible by this group
Unfortunately, all previous tools don’t provide web-applications scope reports and item-level reports. It means that you can’t iterate through all site collections and find the List items or specific pages where user has no access. To get such information use “Xavor SharePoint Admit Tool” that provides reports across web application (but no functionality to save them)
(red – user has no permissions)
Dead Users
When you install and configure the new farm you probably create several test users and groups that should be deleted in the end. Sometimes administrators create such users and then forget to delete them. So, “dead” accounts is a quite common scenario. When you start a new migration you don’t want such users/groups in your new farm and you need to find all of them and delete.
I don’t know any free tools that provide such functionality. And there are only a couple of the commercial tools that allow to do this: DeliverPoint and ControlPoint
Creating the report
The logical outcome of the Security Analysis is the Word document that highlights the security issues, but unfortunately this is not always feasible. Consider the medium farm with 5000 users 300 groups and 400 sites with 30% of broken inheritance. You can physically create the word document but how are you going to analyse the 200 pages document?!
The real Analysis is usually a “multithreaded” task, when you check users’ rights, discuss the grouping with DC admins, fix the broken permissions and etc.
Depending on the content size documenting the following quantative information is recommended:
- Farm Administrators
- Number of users
- Number of groups across web application and per site collection
- Broken inheritance report per site collections and items (depends how much broken items you have)
- Users/AD per Groups (definitely for AD, but depends on number of users)
Unfortunately, it’s hard to define the template for this step, because security analysis is very individual for the farm, and usually you end up with several files – documents describing quantative info, excel spreadsheets with users, groups and permissions, html files describing the broken permission inheritance.
Resume
Security analysis might be a daunting task depending on the level of your permissions customization and user’s assignment to groups. The recommendation is to perform the draft analysis on backup instance where you can experiment with different tools and find all security breaches, and after that fix issues on production.
I finally published my SharePoint 2010 content I discovered for the last 5 months.
Welcome to www.sharepoint-sandbox.com to share and to contribute! New articles and tips are coming
On one of the recent projects we built the monthly based reporting system. We provided users the freedom of choice of the reporting indicators, from the predefined list, and allowed them changing values of selected indicators.
From the very beginning we couldn’t decide which template to use as a baseline for our project and considered using “Meeting Workspaces” (MW). The advantages of them were that you can create number of calendar-driven Workspace sites with custom recurrence. It fitted our conceptual model ideally – you create the content ones and it’s available across all months + you can add custom content for the specific month.
But the reality of Meeting Workspaces is too far from grace, limiting its usage.
First of all, you can’t save Meeting Workspace as template including the content. As I understand it’s “behaviour-by-design”, because the MW is based on the single huge list, where content is splitted by “InstanceID”. You can’t just save the template for the specific month - SharePoint can’t save only part of your list. Secondly, you can’t set different permissions for the lists per month, due to the same behaviour – it’s the same list not different once. Third, calendar URLs are not “InstanceID” driven and Meeting workspaces don’t provide collaboration behaviour, because when you open the new month the list content is based on active month selection (see this post)
Such limitation changed our decision towards using the Blank site and customized list, saving the site as template to be used for the new period.
I really wonder to know the usage of Meeting Workspace when you can ignore such limitations.
Introduction
In the current series I’d like to describe how to analyse the SharePoint Farm and prepare it for the SharePoint 2010 migration. We will review the following 3 sections:
- Farm Architecture and Configuration Analysis (current)
- User and Group Analysis
- Farm Migration
The first and the most important step in SharePoint 2007 –>SharePoint 2010 migration is the understanding of existing SharePoint environment to get enough information to design the new Farm.
Let’s review in details the following template that I’m using to document the farm settings and tools that allow to gather all necessary information (we don't describe search, excel and other services settings here)
- Farm Information
- Farm Servers and Services
- Web Applications
- Content Database and Site Collections
- Alternative Access Mapping
- Farm Solutions
- Enabled Farm Features
- Search Settings
- Site Information
- Web Parts
- Web.config changes
- Site Definitions
- Customized & Checked-out Items
- Sites Topology
- Sites
- Sites Structure Diagram
- Site Collections with Diagrams
- Issues
1. Farm Information
Content: This section enlists farm servers, components from the farm and general information about farm configuration (email settings)
Tools: STSADM –o “preupgradecheck” (Upgrade Planning Information section for servers and components) & Central Administration to get the mail settings
a) Farm Servers and Services
Content: table with the farm servers and assigned roles
Tool: Use the Central Administration & SharePoint Manager 2007 to get this information
b) Web Applications
Content: List of web applications and its URS
Tool: Central Administration
c) Content Database and Site Collections
Content: Table with the following info – content database name, number of sites, size, list of site collections
Tool: SharePoint Diagnostic tool for the Content DB size; Central Administration and SharePoint Administration Toolkit (Batch Site Manager Solution)
d) Alternative Access Mapping
Content: Table with AAM Internal/External URLs and Zones
Tool: “preupgradecheck” log & SharePoint Diagnostic
e) Farm Solutions
Content: Table with the installed solutions and sites where they are active
Tool: SharePoint Manager 2007 / Bamboo SharePoint Analyser
1.f) Enabled Farm Features
Content: List of enabled features on the farm level
Tool: Central Administration
1.f) Search settings
Content: SSP settings (servers, databases name, crawling settings)
Tool: Central Administration & SharePoint Diagnostic
2. Site Information
a) Web Parts
Content: list of installed web parts
Tool: Bamboo SharePoint Analyzer
b) Web.config changes
Content: list what was changed in web.config for SharePoint sites
Tool: SharePoint Diagnostic shows web.config for each web application, but developer/admins own the knowledge about the changes
c) Customized & Checked-out Items
Content: list of customized & checked-out items
Tool: SharePoint Designer, choose Sites menu –> Reports –> Shared Content –> Customized Pages / Checked-out items
3. Sites Topology
a) Sites
Content: list of sites
Tool: Site Settings of the root site –> “Site hierarchy” item
a) Site Structure Diagram
Content: diagram of the root site
Tool: SWAT tool –> right mouse click on the site name and Show Site Diagram
4. Sites Topology
- Use “preupgradecheck” log to document all found issues
- use SharePoint Designer Diagnostic tab, to discover the potential issues
Tools
To get the necessary information I recommend to use the following tools:
Resources: http://www.sharepointjoel.com/Lists/Posts/Post.aspx?ID=245
SharePoint 2010 Timer Jobs undergo changes are in the management and in configuration.
Firstly, the most significant change you will see is that the number of Timer Jobs – new 21 jobs been added. If for an ordinary SharePoint 2007 application we had 39 Timer’s Job, then we have 60 Jobs for SharePoint 2010
Secondly, you are able to edit job properties - setting when the jobs starts via interface (not STSADM) and start job immediately.
Thirdly, UI interaction of Timer Jobs management are improved – jobs are sorted by status, able to modify the definitions from any screen.
You can read detailed overview of Timer Job changes on our www.SharePoint-SandBox.com portal.
In these days SharePoint 2010 is announcing at SharePoint Conference 2009. There are a lot of materials being prepared by MVPs and others,who had access to the Tech Preview of the SharePoint 2010 last 5 months and we will start releasing new info after conference finishes. But for now, I’d like to summarize the info officially published by MS
- SP2010 TechNet Center http://technet.microsoft.com/en-au/sharepoint/ee263917.aspx
- SP2010 MSDN Center http://msdn.microsoft.com/en-au/sharepoint/ee514561.aspx
- Posters http://bink.nu/news/sharepoint-2010-documentation.aspx
- SharePoint 2010 Forum http://social.technet.microsoft.com/Forums/en-US/category/sharepoint2010
And follow us in tweeter via #spc09 hashtag (I’m using http://twitterfall.com/ to monitor twitter events)
When you consider using Windows Server 2008 R2 for your SharePoint 2007 platform you need to put additional effort to configure and install SharePoint properly.
There are a few actions you need to undertake for the successful deployment of SharePoint on R2.
1) You can only install SharePoint 2007 SP2 on R2 version. Unfortunately, MS doesn’t provide SharePoint 2007 SP2 slipstream package, so you need to create one by yourself (Take into account, that you need to delete everything from the “\Updates” folder in case of using SP1 slipstream)
2) After you complete installation you will find that whenever you are trying to open the Central Administration the login and password are requested, regardless of your efforts to add Central Administration to the Trust Zone and set the option to logon automatically with the user’s name/password. This is a new change in security of Vista and Windows 7. To remove the login prompt you need to add a key “AuthForwardServerList” to the windows registry. Read the following guidelines.
3) When you create a new site and try to open it you can find the situation when login dialog box is prompted, but you end up with the white screen after you entering credentials three times. Usually, you navigate to c:\Windows\System32\drivers\etc\ folder, open the “hosts” file and add an alias for your site to solve this problem. But, under some circumstances this wont help you in R2, and moreover, your can’t open the site via “localhost” name. The solution is to add the alias not only to host file, but in “lmhosts.sam” as well
As you know, Microsoft will release SharePoint 2010 public version soon, and there is no space for 32bit versions anymore. All server stuff come in 64bits only – Windows Server 2008 R2, SharePoint 2010 and etc, so, we need to be ready for this.
I recommend to watch New Zealand TechEd session “Upgrade Planning and Guidance OFC306” that describes how to plan you 32bit –> 63 bit migration for SharePoint Farm
Found a nice description of top Content Management Sites http://aiim.typepad.com/aiim_blog/2009/03/just-the-facts-please-top-content-management-sites.html
All are really good, except … where I can’t find the way to subscribe on RSS updates. It’s a bit awkward – the site is about Information Management and e-Discovery, but no way to find the connections to the information.
Some sites publish information in the aspects of SharePoint.
Some interesting facts about ECM systems:
- only 18% percent of ECM projects ever make it into full production
- for every “current” document in an Exchange Server or on a file share, there are 14 other older, legacy documents in PST files, laptop hard drives, local archives, etc
- The average user creates or receives between 100 to 300 electronic documents per day
- if classification process requires five seconds or longer (including referring to the schedule) end-users will ignore request to classify
Source
Thanks to Dario Mratovich, Microsoft Consultant, for his awesome recommendations of preparing the testing data. Citing the section from his “Capacity Planning Testing for SharePoint 2007”
Make sure you have adequate sample data. This tends to be a very common stumbling block – sites are built with only a tiny percentage of content that production will have. Not enough sites, not enough content, not exercising a broad enough sampling of your dataset, not enough users – these can all fatally influence your test results.
Another common problem is having enough content for a reasonable search corpus. What many people try doing is uploading the same document many times – sometimes hundreds or thousands of times – and think that if it has a different file name then it will be okay. Unfortunately in that scenario the search duplicate process can start taking significantly longer than it otherwise normally would, so this too can unfairly reduce your query throughput.
A document that is uploaded multiple times will affect the way that SharePoint performs duplicate detection: where SharePoint’s search calculates a hash based on the contents of a document – it doesn’t look at the filename! So uploading a document 30,000, even with a different filename, will cause the search retrieval to become slower and slower as SharePoint tries to resolve duplicate documents.
You will need tools in all likelihood to populate sample data. Some tools you can start with are on CodePlex at http://www.codeplex.com/sptdatapop. You will probably end up writing additional tools for other data population tasks, or possibly to work in combination with these tools.
Using PowerShell for scripting the creating of objects and data for testing is also very useful.
Michael Porter and Alan Weintraub published really good article regarding four pillars of collaboration project.
When looking to implement a collaboration project, it is critical to understand that there are four pillars and that a single pillar alone will not address the requirements of your project. These four pillars are - Messaging, Real Time Collaboration, Team Collaboration, and Social Networking. In you projectss you often take capabilities from multiple pillars to address all of your needs.
- Messaging: enables teams and individuals to communicate in a formal, auditable manner.
- Real Time Collaboration: focused on ad-hoc communications providing capability to initiat a real-time conversation between one or more individuals
- Team Collaboration: provides the content management services that collect, store, and manage the documents that are pertinent to the team’s activity.
- Social Networking: provides a way for teams and individuals to share knowledge not only within the team, but to be able to reach out to an extended group for their input and feedback
Will be presenting on Moscow SharePoint UG in Russia this September 14th, about "SharePoint Farm Deployment and Configuration - Recommendations"
This is the third version of my whitepaper I was working on this year. In this session I will put attention on farm optimization and provide guidelines how to indentify the right values for the SQL Server settings and Farm Size settings in terms of RPS (requiest per seconds).
Registration is necessary. More details are there http://sharepoint.su/Lists/Posts/Post.aspx?ID=22 (on russian). The place is the same - Microsoft office in Krylatskoe.
Traditional Enterprise Content Management (ECM) solutions are characterized by number of factors, such as cross-team collaborations and document management. Most of them are aligned with the SharePoint functionality, but unfortunately, in most cases, SharePoint does not prove to be a solution that can meet all of the organization’s ECM requirements.
In this post I'd like to start collecting the scenarios that hits the SharePoint architecture design limits and lack of functionality on the way to meet ECM requirements. If you know more scenarios, please share via comments.
Requirement 1: Large ECM scenarios can require to store millions documents in the single folder or document repository, including deep, nested folding structure to accommodate all of the organization’s documents.
Issue: SharePoint 2007 has limitation of sub-folders support, number of documents stored in list libraries, crawling limitations and etc.
Solution:
- SharePoint 2010 solves such issues, and you can store millions items in folders and subfolders without impact on quering data, rendering and search
- "ECM systems" product, because there is no OOTB support in SharePoint. We can emulate sub-folders using meta-data and customizing views, but nothing helps us to have millions items per library, because performance will degrade drastically on showing thousands documents, not millions.
Requirement 2: Certified state of record management system. Government and military organizations requires the standard and classified record management compliance with U.S. government's DOD 5015.2 certification.
Issue: SharePoint 2007 doesn't support classified records compliance (for DOD 5015.2 Chapter 4).
Solution: "ECM systems" product, because there is only general records support. Chapter 2 via The DOD 5015.2 Resource Kit in SharePoint.
Requirement 3: Sites and document repository need to be classified, encrypted and archived
Issue: List item limitations hinders the capabilities of Record Center feature of MOSS, and no support for reviewing archived content and restoring sites from archive.
Solution: n/a, albeit "OpenText ECM Suite" tool provides some features enhancing search and archiving functionality of Record Center.
Requirement 4: Ability to render, search and manipulate print streams such as AFP, Xerox Metacode formats, PCL
Issue: SharePoint supports rendering the mainstream formants only, such as as PDF, Office documents and etc.
Solution: n/a. Custom solution, based on the print stream converters (Crawford and others)
Requirement 5: Ability to collaborate without bounds
Issue: SharePoint 2007 and SharePoint 2010 collaboration is limited to site collections. Albeit SharePoint 2010 provides additional features to Collaboration scenarios, it still can't solve cross-collections collaboration issue.
Solution: n/a due to architectural design, albeit you can use 3rd part components to achive some collaborations [1], [2]
Update: According to Forrester Research, only 18% percent of ECM projects ever make it into full production (a moment to point out the obvious: 82% do NOT reach full production). Mark Diamond published 5 reasons when ECM may never be deployed
They pointed 3 critical aspects when developing document management for SharePoint:
- Create taxonomy, first describing the high-level content type and associated attributes that the other content types can inherit from
- Define the Information Architecture; this is the layouts for the sites, document libraries, and document folders. This is critical as SharePoint has some performance limitations that need to be considered during the design phase
- Develop a governance plan that addresses content ownership, process, and security rights
These steps should be a part of your SharePoint project documentation
http://www.aiim.org/infonomics/sharepoint-ask-expert.aspx
The following references may prove useful in planning and developing your Web site taxonomy:
When you start new SharePoint project it's very important to understand the size of a farm you are planning to end up, because it impacts on :
- SharePoint farm topology
- SQL Server hardware
- Staff needs
- Capacity planning
SharePoint Farm Topology size
There are 3 farms topologies, you choose between - Small, Medium and Large. Your farm topology choice is usually dictated by the number of users and content your plan to use inside SharePoint.
They recommend the following values. (I would delete them on 10, actually)
- Small farm: Typically < 50,000 users
- Medium f : Typically < 100,000 users
- Large farm: Typically < 500,000 users
The number of users varies depending on usage profiles, type of data being saved, and the type of hardware and network the system is deployed on.
SQL Server hardware
Determine your deployment size by using the following table:
- If your deployment parameters are generally < than the listed values, your deployment can be considered small - 4 GB is the minimum required memory (SQL 2005)
- If your deployment parameters are approximately = to the listed values, your deployment can be considered medium - 8 GB is recommended for medium size deployments
- If your deployment parameters are generally > than the upper limits of most of the listed values, your deployment can be considered large - 16 GB and greater above is recommended for large deployments
| Metric | Value |
|
Content database size
|
100 GB
|
|
Number of content databases
|
20
|
|
Number of concurrent requests to SQL Server 2005
|
200
|
|
Users
|
1000
|
|
Number of items in regularly accessed list
|
2000
|
|
Number of columns in regularly accessed list
|
20
|
Staff needs
One commonly overlooked component of a successful implementation is staffing. Architects and administrators usually do a good job creating a bill of goods for hardware and software, but they often forget to secure funding for personnel to adequately develop and maintain a new system. SharePoint Server 2007 can consume a large amount of human resources if used to its full potential. Understand what types of dedicated personnel are required in the beginning, and start getting stakeholders' support immediately.
(Note: F = One full time person and P = One part time person.)
|
Staff position
|
Small farm
|
Medium farm
|
Large farm
|
Multiple farms
|
|
System administrator
|
F
|
F
|
F F
|
F F
|
|
Search administrator
|
P
|
F
|
F P
|
F F F
|
|
Site designer
|
P
|
F
|
F F
|
F F F
|
|
Software developer
|
N/A
|
P F
|
F F
|
F F F
|
|
Software tester
|
N/A
|
P
|
F
|
F F
|
|
SQL DBA
|
P
|
F
|
F
|
F F
|
Capacity Planning
The general rule is to plan for 1 RPS (requests per second) per 1000 users (on the minimum recommended hardware)
- Small Farm (single WFE) can serve about 100 RPS
- Medium Farm (2 WFE) can serve about 200 RPS
Sources: 1, 2
Mirror: http://sharepoint.devs-sandbox.com/index.php?/Practices/Recommendations/how-sharepoint-farm-size-impacts-on-planning-and-support.html?directory=14
More Posts
Next page »