Bringing it all togetherwith host named site collections

#SPSOSLOThomas VochtenMay 31th, 2014

Platinum

SharePint

Raffle

Platinum

Gold

Thanks to our Sponsors!

About Me

Thomas Vochten SharePoint MVP. Platform architect. Speaker. Trainer. Involuntary DBA. Consultant at Xylos. V-TSP at Microsoft.

@thomasvochtenhttp://thomasvochten.commail@thomasvochten.com

Agenda 1. What’s the Problem?

2. SharePoint & IIS

3. Consolidation

4. Host Named Site Collections

5. Advanced Topics

Platform HygieneWhat’s the Problem?

In the Wild Undocumented installations Scripts, tools and installation media lying around

How old is this farm exactly? No monitoring whatsoever Dubious configurations Admins just hacking around Miserable performance

But,… we’re doing DevOps!

Are you serious?

The G-Word

What we need Simplicity Predictability Scalability Portability Compatibility Supportability

Product Line Architecture Prescriptive guidance Relatively easy to implement Based on rulesets Tools, scripts & modules Office365 Alignment

Through Microsoft Services only :-/

Basic Building Blocks

SharePoint

Farm

Web Application

Site Collections

Service Application

sServers

IIS

Web Sites

Bindings

Application Pools

Identity

Living Apart TogetherSharePoint & IIS

SharePoint doesn’t care about IIS Initial web application configuration is set in stone

Extending & unextending may be your friendCertificat

esHost

Headers

Advanced Bindings

IP Addresse

s

Host Headers to the rescue?

Most wanted scenario not supported by SharePoint:

Multiple web applications using the same bindingsrequire the use of host headers

The problem with Host Headers They don’t scale They limit the URLs we can use Cannot be configured from within SharePoint

Problems when publishing

Web Applications vs Web Sites

Web Application

• SharePoint• Logical

Concept

Web Sites

• IIS• Physical Concept

One-to-Many

Zones

Support Limits How many web applications in a farm?

20

How many web sites per web application?

5

Web Sites

Out of the Box:

SharePoint Central Administration v4 SharePoint Web Services

Application Pools

Application Pool

• Worker Process (w3wp.exe)

• CPU/Memory• Identity

Web Sites

One-to-Many

Support Limits How many application pools in a farm?

10

Application Pools

Out of the Box:

SharePoint Central Administration v4 SharePoint Web Services Root SecurityTokenServiceApplicationPool [Insert random GUID here]

Application Discovery and Load Balancer Service Application

Application Pools

Custom Created:

Services Application Pool(s) Content Application Pool(s)

How many of these do you create?

Accounts Farm Services Content

• Setup• Search• Search crawl• Profile import

Good Practice: Cleaning Up Remove unused web sites Remove unused application pools

DemoExploring SharePoint & IIS

Less is moreConsolidation

Design Principles Single farm Single content application pool Single content web application Single apps web application

Application Pool Content Application Pool

Central Administration Content Apps

Application Pool Application Pool

App Disc & LB Svc

Services Application Pool

Service ApplicationsSecurity Token Svc

Content Web Application Only one Host Named Site Collections Scale by adding more web servers

• Often needed for routing app requests

• Separate domain

• Wildcard DNS record

• Wildcard SSL certificate

Apps Web Application

$webService =

[Microsoft.SharePoint.Administration.SPWebService]::ContentServi

ce

$pool = $webService.ApplicationPools["blah"]

$app = Get-SPWebApplication http://bleh

$app.ApplicationPool = $pool

$app.Update()

$app.ProvisionGlobally()

Consolidating Application Pools

Consolidating Web Applications Possible, but consider very carefully Migrate to Host Named Site Collections

Living without host headersHost Named Site Collections

“Host-named site collections are the preferred method to deploy sites in

SharePoint 2013”

From: TechNet

Confusion

Host Header + Host Named = Incompatible!

yet…New-SPSite … -HostHeaderWebApplication …New-SPManagedPath … -HostHeader …

Path Based Site Collections Traditional way of addressing in SharePoint DNS name determined by the Web Application

https://intranet.contoso.com

Every site collection has a unique path

https://intranet.contoso.comhttps://intranet.contoso.com/sites/teamAhttps://intranet.contoso.com/dep/departmentA

Path Based Site Collections Default option in SharePoint Single root site collection Managed Paths to scale Multiple URLs via zones

Host Named Site Collections The better way Unique DNS name per site collection

https://intranet.contoso.com https://mysites.contoso.com https://community.contoso.com

You can still have managed paths

https://intranet.contoso.com/sites/benefits https://teams.contoso.com/sites/it

Marchitecture

Why Host Named Site Collections? Office365 uses them Best tested Some features expect them Scalability

Request Management, Multi-Tenancy, SharePoint Apps, more to come…

Create Host Named Site Collections

New-SPSite -Url https://intranet.contoso.com -owneralias domain\username -HostHeaderWebApplication https://content.contoso.com -Template STS#0

Living without host headers

• Host headers don’t work with HNSC• Host headers just don’t scale• Requires a bit of a mind shift at first• Think multiple IP addresses

The good, the bad, the uglyPath Based Host Named

Site Creation Central Admin or PowerShell PowerShell

Out of the box self service site creation

Custom self service site creation needed

URLs & Structure Inherits Web Application URL Unique URL per site collection

Multiple URLs with AAM Multiple URLs without AAM

Managed Paths at web application level

Managed Paths at farm level

Database Mgmt Managed out of the box at the web application level

Custom site creation provider recommended

Multiple URLs

Path Based Site Collections

Up to 5 zones with different URLs For use with all site collections

Host Named Site Collections

Up to 5 URLs per site collection

PowerShell Support for Multiple URLs Set-SPSiteUrl Remove-SPSiteUrl Get-SPSiteUrl

$site = Get-SPSite https://intranet.contoso.comSet-SPSiteURL -Identity $site -Url https://extranet.contoso.com -Zone Default

Zones Still available for implementing different authentication, protocols or policies

Alternate Access Mappings are not used

Multiple URLs work even without multiple web application zones!

Managed Paths Still available to create a structure or hierarchy

Set at the farm level (PowerShell) No unique managed paths for every site collectionhttps://intranet.contoso.com/projects/projectAhttps://teams.contoso.com/projects/projectB

Certificates

Typically you need:

• Wildcard certificate for content webapp• Wildcard certificate for apps webapp

Or a SAN certificate with both wildcards in it

Mixing Path & Host

Just because you can, doesn’t mean you should

Migrating to Host Named Site Collections

$webApp = Get-SPWebapplication 'https://portal.contoso.com' foreach($spSite in $webApp.Sites) {

if ($spSite.HostHeaderIsSiteName) { Write-Host $spSite.Url 'is host-named' }

else { Write-Host $spSite.Url 'is path based' }

}

Migrating to Host Named Site Collections

Backup-SPSite -Identity 'https://portalOld.contoso.com' -Path 'c:\Backup\portalContoso.bak'

Restore-SPSite -Identity 'https://portal.contoso.com' -Path 'c:\Backup\portalContoso.bak' -DatabaseName 'portal_content' -HostHeaderWebApplication 'https://content.contoso.com'

Good Practices Create (empty) root site collection Create mysite host site collection Develop a custom site creation provider

Considerations DNS record for each HNSC Be aware of webapp-scoped features

DemoHost Named Site Collections

Going BeyondAdvanced Topics

SSL Offloading

Reverse Proxy server

• Terminates the SSL request• Forwards an HTTP request to SharePoint• SharePoint renders with HTTPS in the response

Requirement:Support for custom HTTP Header “Front-End-Https:On”

SSL Offloading You don’t need AAM and zones for HNSC At least one IIS site should have a binding on port 80

The SSL terminator or reverse proxy must preserve the original HTTP host header from the client

The protocol used for a host-named site collection depends on the URL set by Set-SPSiteURL

Using multiple webapps with HNSC• Not recommended• Manual steps: IP addresses in IIS to have

multiple sites listening on same port without host header

• DNS records point to different IP addresses

Summary Maintain strict platform hygiene Understand the relationship between IIS & SP

Keep it simple - consolidate! Consider Host Named Site Collections Be aware of limitations & confusing terminology

Ideal for green field projects Use SSL - Everywhere!

Thank you!@thomasvochten#SPSOslo