A Real World Guide to Building Highly Available Fault Tolerant

SharePoint Farms

Miguel WoodEric Shupps

Agenda

IntroductionFundamentalsArchitectureImplementation

Introduction

Reminders

• Download the attendee packet at http://bit.ly/SPAloozaAttendee • Attend the “Rock Star” Sessions at the end of each day for fun, raffle

prizes, wrist bands for concert access, and your chance to win a Surface Pro 3

• Attend Nintex’s Brown Bag lunch Friday and Saturday (lunch provided for first 100 people)

• Tweet about the event using #SharePointalooza• Thank our sponsors• Have a great time!

Sponsors

Bands

What better way to unwind after a long day of working out your brain than with some great live music at the amazing outdoor stage at Branson Landing! The bands will be playing both Friday and Saturday night from 6:30 pm to 10 pm.

About Miguel Wood

The “Other” SharePoint Cowboy mwood@tekfocus.commwood@go-planet.com facebook.com/miguelwood @miguelwood

About Eric Shupps

CKS:DEV

TheSharePointCowboy

Patterns&

Practices

Eric Shupps

www.sharepointcowboy.com eshupps@binarywave.com facebook.com/sharepointcowboy @eshupps

Fundamentals

What is High Availability?

Elimination of single points of failureFully redundant systemsSeamless continuityAutomated failoverOperational Stability

Why Do We Need High Availability?

Risk mitigationComplianceCustomer SatisfactionRevenue ProtectionSafetyPerformanceSecurityPublic Relations

Requirements

Infrastructure• Devices• Servers• Bandwidth• Storage

Software• Windows Server 2012

• Failover Clustering• File Shares

• SQL Server 2012/2014• Always On Availability Groups

Considerations

ResourcesCostComplexityLicensingTroubleshootingPatching & Updates

Architecture

Basic SharePoint 2013 Farm Architecture

SharePoint Server 2013Front-end Server

SQL Server 2012 SP1 PowerPivot Add-In

SQL Server 2012 SP1 Reporting Services Service ApplicationSQL Server 2012 SP1 Reporting Services Add-In

SharePoint Server 2013Application Server

Excel Services Service Application

SQL Server 2012 SP1 PowerPivot Add-InSQL Server 2012 SP1 PowerPivot Service Application

SQL Server 2012 SP1 Reporting Services Add-In

Office Web Apps 2013 Server

SQL Server 2012 SP1+

Database EngineAll Databases and Roles

SQL Server PowerPivot for SharePoint

Workflow Manager Server

Basic SharePoint 2013 HA Farm

• JUST SharePoint• Is everything on this diagram

‘highly available’?• What about environment?

• AD DS, AD CS/CA, ISPs, etc.

Virtual Host A Virtual Host B

SQL Server installed and configured to support SQL AlwaysOn Availability Groups.

WFE01SharePoint 2013Front-end Server

APP01SharePoint 2013

Application Server

SQL01SQL Server 2012 SP1+

All Databases and Roles

WFE02SharePoint 2013Front-end Server

APP02SharePoint 2013

Application Server

SQL02SQL Server 2012 SP1+

All Databases and Roles

F5 BigIPNetwork Load Balancer

WFM01Workflow Manager

Server

WFM03Workflow Manager

Server

WFM02Workflow Manager

Server

wfm.<domain>.com

WSFC01SQLAGL01

WAC01Office Web Apps 2013

Server

WAC02Office Web Apps 2013

Server

wac.<domain>.com

Azure IaaS SharePoint 2013 HA Farm

• Azure features and functionality are changing rapidly

• Currently, items you must know well (purpose, configuration, and limitations):

• Storage• Cloud Services• Availability Sets• Virtual Networks, Regional Virtual Networks*

(Affinity Groups no longer relevant!)• Load Balancer, Internal Load Balancer*, Traffic

Manager• Site-to-Site VPNs, Multi-Site VPNs*• Resource Groups*• Azure PowerShell modules*• MUCH more

* Added within last 60 days

Environment

Network

FirewallsRoutersLoad BalancersSwitchesVirtual HostsNetwork InterfacesStorage

Storage

Dedicated vs. Shared StorageQuorum Types

• Node Majority• Node and File Share Majority• Node and Disk Majority• Disk Only

Witnesses• Disk• File Share

Active Directory

Logins• Service Accounts• SQL Accounts• Computer Objects• File shares

Cluster permissions• Read all properties• Create computer objects

DNS

• Configuration• Location• Availability• Replication

• Entries• Machines• Cluster• Listeners

• Permissions

SSL

Encryption• Communication (SSL)• Data (TDE)

Certificate Types• SAN• Wildcard

Challenges• Cost• Complexity• Configuration

SQL Server

Clustering

Windows Server Failover Clustering

• Required• Provides base cluster capabilities• Server level

SQL Failover Cluster Instance• Optional• Instance level• No automatic failover w/

Availability Groups

Availability Groups

Group of databases organized into PRIMARY (1) and SECONDARY (4 –2012, 8 – 2014)Automatic data synchronizationSynchronous and Asynchronous modesOptional read-only replicasDatabase-only redundancyListeners (Virtual Network Names)

Aliases

Provide flexibility and abstractionBest practiceHA aliases target AG Listeners NOT servers or instancesUse multiple listeners for scalability

Storage

Windows Server Failover Cluster• File Share quorum • Disk witness quorum

Failover Cluster Instances• Shared storage between cluster

members• Storage “owned” by active

member

Availability Groups• Discrete storage for each replica

Performance

SQL overhead ALWAYS impacts performanceEnsure adequate bandwidth for database replicationSecondary infrastructure does not have to match primary

• Beware reduced performance• Plan for rapid scale-out

Async faster than sync• Possible data loss

Service Applications

SharePoint Databases

Database Name Sync Async

User Profile Application Yes Yes

User Profile Sync Yes No

User Profile Social Yes Yes

Word Automation Yes Yes

Managed Metadata Yes Yes

Translation Yes Yes

BDC Yes Yes

Project Server Yes Yes

PowerPivot N/A N/A

PerformancePoint Yes Yes

Database Name Sync Async

Config Yes No

Central Admin Yes No

Content Yes Yes

App Management Yes Yes

Search Admin Yes No

Search Analytics Yes No

Search Crawl Yes No

State Service Yes No

Secure Store Yes Yes

Usage and Health Yes No

Search

Async replication NOT supported• Risk of deltas between on-disk

indexes and databases is HIGH

Sync Replication Challenges• Administration

• Site-level configuration• Analytics• Database size• Crawl/Re-Indexing time

User Profiles

Full database replication possible but can be problematic

• Synchronization is best done “live”

Options• Backup and restore• Reprovision

User Profile Service Application

ProfileDB

SyncDB

User Profile Synchronization Service

ActiveDirectory

ProfileDB

SyncDB

Forefront Identity Manager

FIM FIM Sync

Distributed Cache

Independent cache with no DB persistenceConfigurable memory allocation

• Max 16GB per server• Max 32GB per farm

Dedicated mode recommended for High Availability

• HA possible in collocated mode with sufficient hardware resources

Cache Dependencies

Feeds

Content Search

Web Part

Login Tokens

Access Cache

Security Trimming

App Tokens

View State

OneNote Throttling

Request Management

Access Services

Leverages “Contained Databases” feature of SQL 2012Requires changes to SQL Server protocols, settings and authentication mode

• HA requires Contained Database Authentication

Access DB’s are NOT automatically added to availability groups

Business Intelligence

SSAS• Can be configured for read-only

replicas

SSRS• Requires hotfix KB2654347• No automatic failover

PowerPivot • Not yet tested for Sync or Async

commit operations

Hybrid

What is Hybrid?

+ =HybridOnline On-premises or

Azure IaaS

Two-way (Bidirectional) Topology

Infrastructure pre-requisites

Reverse Proxy

Only required for ‘Inbound’ or ‘Two-Way (Bidirectional)’ Hybrid topology• (e.g. Users issuing queries from a Search Center in SharePoint Online attempting to

retrieve search results from an on-premises farm)Reverse Proxy Device Requirements

• Support client certificate authentication with a wildcard or SAN SSL certificate• Support pass-through authentication for OAuth 2.0• Accept unsolicited inbound traffic on TCP port 443 (HTTPS)• Bind a SAN SSL certificate to a published endpoint• Relay traffic to an on-premises SharePoint 2013 farm without rewriting any packet headers

(Currently) Supported Reverse Proxy Devices• Windows Server 2012 R2 with Web Application Proxy (WAP)• F5 BIG-IP• Forefront Threat management Gateway (TMG) 2010 (*Deprecated*)

Active Directory Federation Services (AD FS)

Prepare Active Directory• Windows Server 2003 R2 functional level at a minimum• UPNs are correctly set (if public domain differs to corporate domain name)

Deploy AD FS 2.0+• AD FS 2.x is based on IIS• AD FS 3.0 is not based on IIS (PowerShell only)

Install Microsoft Online Services Sign in Assistant and Windows Azure AD PowerShell ModulesSet up a trust between ADFS and Windows Azure AD• Connect-MSOLService• Set-MSOLADFSContext• Convert-MsolDomainToFederated –DomainName <domain>

Directory Synchronization (DirSync)

Synchronization of objects for on-premises AD to Azure AD• Limited to 50,000 objects, can be increased by engaging Microsoft• Synchronization occurs every 3 hours by default, can be initiated manually• Can filter based on OU, Domain or User Attribute

This is a requirement for SharePoint Hybrid scenarios, including Search• When a user issues a query from on-premises to SP Online, SP Online must

rehydrate the user’s identity• The rehydration process looks up attributes in the SP Online profile store• If no or multiple profiles exist the query will fail rather than security trimmed

results being returned

Sample (non-HA) Hybrid Deployment

VPN

VPN

Site

-to-S

ite V

PN T

unne

l

AD DS[AZLAB-DC2]

Azure AD Sync[AZLAB-DIRSYNC1]

AD FS (3.0)[AZLAB-ADFS1]

AD FS Proxy[AZLAB-WAP1]

Windows Server 2012 R2Web Application Proxy

(WAP)(Reverse Proxy)

SharePoint Server 2013 Published

SQL Server 2012 SP1+[SQL1]

AD DSAD CS[DC1]

Web Application Companion (WAC)

[WAC1]

SP2013Web Front End

(WFE)[WFE1]

SP2013Application Server

(APP)[APP1]

Windows 8.1 Enterprise Client

[CLIENT1]

Windows Azure Workflow Manager

[WFM1]

Remote Access(VPN and NAT)

[EDGE1]

External Internet

User

Pop Quiz(Are you still awake?)

• What are the considerations to make this environment HA?

VPN

VPN

Site

-to-S

ite V

PN T

unne

l

AD DS[AZLAB-DC2]

Azure AD Sync[AZLAB-DIRSYNC1]

AD FS (3.0)[AZLAB-ADFS1]

AD FS Proxy[AZLAB-WAP1]

Windows Server 2012 R2Web Application Proxy

(WAP)(Reverse Proxy)

SharePoint Server 2013 Published

SQL Server 2012 SP1+[SQL1]

AD DSAD CS[DC1]

Web Application Companion (WAC)

[WAC1]

SP2013Web Front End

(WFE)[WFE1]

SP2013Application Server

(APP)[APP1]

Windows 8.1 Enterprise Client

[CLIENT1]

Windows Azure Workflow Manager

[WFM1]

Remote Access(VPN and NAT)

[EDGE1]

External Internet

User

Implementation

Failover

SQL Server

Environment

Service Applications

Review

IntroductionFundamentalsArchitectureImplementation

Discussion

Miguel Woodmwood@tekfocus.commwood@go-planet.com

Eric Shuppseshupps@binarywave.com