Author Archives: m.pomfret

Configuring the Windows Firewall for SharePoint Farm Traffic (Single Server)

Applies to: SharePoint Server 2013, SharePoint Foundation 2013

What ports do I need to open? Which Firewall ports and where to open them are detailed in this document. If you cannot access the web server, application server or databases due to gateways, firewalls then this document is for you.

I have compiled a complete list of all the ports used. Most are configured by SharePoint but some needs to be manually configured. Of course, this is only one scenario and it all depends on network configuration you have and whether you have a single farm, or a multi-tiered farm configured behined gateways, firewalls etc.

On each SharePoint 2013 Server, you will need to set a firewall rule to allow SharePoint intra-farm traffic and HTTP/HTTPS traffic. Also, I have listed which SharePoint server (WFE or Application, Search etc) ports are required. This will help your scenario.

So deploying SharePoint farms on servers with an active Windows firewall requires opening several ports to achieve a fully functional farm,

Please Note : For best practice manage these firewall settings using domain policies.

PortsProtocolBoundUsage
80TCPInhttp
443TCPInhttps/ssl
25TCPInSMTP for e-mail integration
16500 – 16519TCPInPorts used by the search index component
22233-22236TCPIn / OutPorts required for the AppFabric Caching Service
32843-32845TCPInCommunication between Web servers and service applications
32846TCPIn / OutSharePoint User Code Service
808-809TCPInOffice Web Apps
5725TCPInUser Profile Synchronization Service
389TCP+UDPInUser Profile Synchronization Service (LDAP Service)
88TCP+UDPInUser Profile Synchronization Service (Kerberos)
53TCP+UDPIn / OutUser Profile Synchronization Service (DNS)
1433TCPOutServer default communication port (if no alias or custom port)
1434UDPOutSQL Server default port used to establish connection (if no alias or custom port)
445TCPOutSQL Server over named pipes
2383TCPOutSQL Analysis Server default communication port (if no alias or custom port)

Read More

SharePoint 2013 Service Accounts Best Practices

Applies to: SharePoint Server 2013, SharePoint Foundation 2013

The document describes how important Service Accounts were in the installation of SharePoint 2013, if they are not set up correctly they can open big security holes in your organization and give you serious problems further down the road.

The document also suggested that you cannot have only one set of Service accounts for every scenario, since not all scenarios require the same security (ex: a development environment does not require same security a UAT and likewise the production one). So, I suggested three sets of service accounts for different deployment scenarios of SharePoint 2013.

This document explains all the three sets of service accounts, explaining the difference between the sets and also what every account does!

NOTE: These sets only cover the basic installation and configuration of SharePoint 2013 and SQL. Other Service accounts will be needed for some Service Applications (Ex: Excel, Visio, Performance Point, etc)

Low Security Option

Summary

The Low security option is of course the one with the least accounts possible to install SharePoint in a proper manner. It uses only 1 SQL account that will be the SQL administrator and also run the services, and 5 SharePoint accounts: The Farm Administrator, the Web Application pool account, the SharePoint Service Application Pool account the Crawl account and the User Profile Synchronization account. More details under each section

For the SQL Server

NameDescriptionLocal RightsDomain Rights
SQL_Adminwrite vThe SQL Server service account is used to run SQL Server. It is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT. SQL Admin on the SQL ServeralueLocal Administrator on the SQL ServerDomain User

Explanation
As Stated previously, in the Low Security Option, we only use one Service Account for our SQL Server. This account needs to be a Local Administrator on the SQL server in order to be able to install SQL. We will also run the SQL AGENT and the Database Engine services with this account. This the account that will have the full power on your SQL server and you will use it to grant rights to your SP_Farm.

For the SharePoint Server

NameDescriptionLocal RightsDomain Rights
SP_FarmThe server farm account is used to perform the following tasks: -Setup -SharePoint Products Configuration Wizard -Configure and manage the server farm. -Act as the application pool identity for the SharePoint Central Administration Web site. -Run the Microsoft SharePoint Foundation Workflow Timer Service. Local Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL InstanceDomain User
SP_PoolThe Pool account is used to run the Web Application PoolsNoneDomain User
SP_ServicesThe Services Account is used to run the Service Application PoolNoneDomain User
SP_CrawlThe Default Content Access Account for the Search Service ApplicationNoneDomain User
SP_UserProfilesThe User Profile Synchronization AccountNoneReplicate Directory Changes permission on the domain

Explanation
The Low Security Option uses the minimum amount of accounts while also keeping a level of security. Here is the account breakdown:

SP_Farm is your main SharePoint account in this configuration. It needs to have Local Administrator rights to be able to install SharePoint Server and also the Securityadmin and DBcreator roles on the SQL Server to create the configuration and other databases. This account will be your main Farm Administrator and also run the Timer Service and the web application for Central Administration use to access the SharePoint content database

SP_Pool is a domain account used for application pool identity.. ex: When you create a Web Application, and you create a pool for it, you select this account!

SP_Services is a domain account used for the Service Applications Pools. ex: When you create a Managed Metadata Service application and create a pool for it, you select this account!

SP_Crawl is used within the Search Service Application to crawl content. The Search Service Application will automatically grant this account read access on all Web Applications. It will also run the SharePoint Windows Search Service.

SP_UserProfiles is the account used for the User Profile Synchronization between your Service Application and your Active Directory. This account does not need any local rights, however you need to give it Replicate Directory Changes rights on the Active Directory in order to allow the synchronization

Medium Security Option (Sweet Spot)

Summary
The Medium Security option is the Sweet Spot of a SharePoint installation. It uses slightly more accounts than the Low Security Option however it provides a huge security improvement. By giving less rights to each account you limit the possible damage in case an account gets hacked and also follow Microsoft’s recommendation of installing SharePoint 2013 with least-privilege administration. More details on the changes under every section!

For the SQL Server

NameDescriptionLocal RightsDomain Rights
SQL_AdminSQL Admin on the SQL Server. Used to Install the SQL Server.Local Administrator on the SQL ServerDomain User
SQL_ServicesIt is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT.NoneDomain User

Explanation

The difference between the Low Security and the Medium Security option for the SQL is that we now use two different accounts :The SQL_Admin and the SQL_Services. The big security improvement is that the account running the Agent and Database Engine services is not a local administrator anymore. Here is the account breakdown:

SQL_Admin: This will be your main SQL Administrator!. It needs Local Administrator rights in order to install the SQL server.

SQL_Services: This account does not have any local rights, it is only used to run the SQL Agent and Database Engine windows services.

For the SharePoint Server

NameDescriptionLocal RightsDomain Rights
SP_FarmThe server farm account is used to perform the following tasks: -Configure and manage the server farm. -Act as the application pool identity for the SharePoint Central Administration Web site. -Run the Microsoft SharePoint Foundation Workflow Timer Service.SecurityAdmin and DB_Creator rights on the SQL InstanceDomain User
SP_AdminThe server farm account is used to perform the following tasks: -Setup -SharePoint Products Configuration WizardLocal Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL InstanceDomain User
SP_PoolThe Pool account is used to run the Web Application PoolsNoneDomain User
SP_ServicesThe Services Account is used to run the Service Application PoolNoneDomain User
SP_CrawlThe Default Content Access Account for the Search Service ApplicationNoneDomain User
SP_SearchService Account to run the SharePoint Search “Windows Service”NoneDomain User
SP_UserProfilesThe User Profile Synchronization AccountNoneDomain User

Explanation

In the Medium Security option we increase the security by adding two new accounts: The SP_Admin and the SP_Search. Instead of giving all the Farm Administration power to the SP_Farm account, the SP_Admin will be the one that installs and configures SharePoint 2013 and have the local administrator rights, while the SP_Farm will only run the services and connect to the database. Furthermore, instead of letting the SP_Crawl account run both the Windows Service and have FULL-READ rights on all the web applications, the SP_Search will now run the Windows Service. Here is the breakdown of the accounts:

SP_Farm is a domain account that the SharePoint Timer service and the web application for Central Administration use to access the SharePoint content database. This account does not need to be a local administrator. The SharePoint configuration wizard grants the proper minimal privilege in the back-end SQL Server database.The minimum SQL Server privilege configuration is membership in the roles securityadmin and dbcreator.

SP_admin is a domain account you use to install and configure the farm. It is the account used to run the SharePoint Configuration Wizard for SharePoint 2013.The SPAdmin account is the only account that requires local Administrator rights. To configure the SPAdmin account in a minimum privilege scenario, it should be a member of the roles securityadmin and dbcreator on the SQL server.

SP_Pool is a domain account used for application pool identity.. ex: When you create a Web Application, and you create a pool for it, you select this account!

SP_Services is a domain account used for the Service Applications Pools. ex: When you create a Managed Metadata Service application and create a pool for it, you select this account!

SP_Crawl is used within the Search Service Application to crawl content. The Search Service Application will automatically grant this account read access on all Web Applications.

SP_Search Is used to run the SharePoint Windows Search Service.

SP_UserProfiles is the account used for the User Profile Synchronization between your Service Application and your Active Directory. This account does not need any local rights, however you need to give it Replicate Directory Changes rights on the Active Directory in order to allow the synchronization.

High Security Option

Summary

The High Security Option is the ones that provides the best security and of course the most Service Accounts. This only ads a small amount of extra security to the farm, however that extra security might be needed in some scenarios

For the SQL Server

NameDescriptionLocal RightsDomain Rights
SQL_AdminSQL Admin on the SQL Server. Used to Install the SQL Server.Local Administrator on the SQL ServerDomain User
SQL_AGENTIt is the service account for the following SQL Server services: SQL SERVER AGENTNoneDomain User
SQL_ENGINEIt is the service account for the following SQL Server services: Database Engine.NoneDomain User

Explanation

The difference between the Medium Security and High Security Option is that we now have a separate account for each of the two base services: SQL_Agent and Database Engine. Nothing changes for the SQL_Admin

SQL_Admin: This will be your main SQL Administrator!. It needs Local Administrator rights in order to install the SQL server.

SQL_Agent: This account does not have any local rights, it is only used to run the SQL Agent Windows Service

SQL_Engine: This account does not have any local rights, it is only used to run the Database Engine windows service.

For the SharePoint Server

NameDescriptionLocal RightsDomain Rights
SP_FarmThe server farm account is used to perform the following tasks: -Configure and manage the server farm. -Act as the application pool identity for the SharePoint Central Administration Web site. -Run the Microsoft SharePoint Foundation Workflow Timer Service. SecurityAdmin and DB_Creator rights on the SQL InstanceDomain User
SP_AdminThe server farm account is used to perform the following tasks: -Setup -SharePoint Products Configuration WizardLocal Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL InstanceDomain User
SP_PoolThe Pool account is used to run the Web Application PoolsNoneDomain User
SP_ServicesThe Services Account is used to run the Service Application PoolNoneDomain User
SP_CrawlThe Default Content Access Account for the Search Service ApplicationNoneDomain User
SP_SearchService Account to run the SharePoint Search “Windows Service”NoneDomain User
Sp_MySitePoolUsed for the My Sites Web ApplicationNoneDomain User
SP_UserProfilesThe User Profile Synchronization AccountNoneReplicate Directory Changes permission on the domain.

Explanation

The only difference between the Medium security and the High Security option is that we now have a separate account for the Web Application Pool hosting the ‘My Sites’ since it has a different security policy than the other Web Applications . I will only give the details for the new account in the breakdown:

SP_MySitePool is a domain account used for the My Sites Web Application Pool Identity. It’s very similar to the SP_Pool, however it is only used for the My Sites Web Application.

Read More

Recommend Service accounts for SharePoint 2013

Applies to: SharePoint Server 2013, SharePoint Foundation 2013

This article describes SharePoint administrative and services account to be used in the following areas: Microsoft SQL Server, the file system, file shares, and registry entries.

Important. Do not use service account names that contain the symbol $.
Service Accounts

Service accounts are in the AD domain account. The service accounts should form to a syntax standard and should be different for each environment i.e. development, UAT and production. The rights are to be configured via group policy.

Here are the list of recommended service accounts.

AccountNameDescription
SetupSP_SetupThe server farm account is used to perform the following tasks: -Setup -SharePoint Products Configuration Wizard -Configure the server farm.
FarmSP_FarmThe server farm account is used to perform the following tasks: -SharePoint Products Configuration Wizard -Manage the server farm. -Act as the application pool identity for the SharePoint Central Administration Web site. -Run the Microsoft SharePoint Foundation Workflow Timer Service.
PoolSP_AppPoolThe Pool Account is used to run the Web Application Pools
ServicesSP_ServicesThe Services Account is used to run the Window Services
Excel ServicesSP_ExcelThe Services Account for the Excel service
Visio ServicesSP_VisioThe Services Account for the Visio service
Performance PointSP_PerPointThe Services Account for the Performance Point service
User Profile ServiceADSP_ProfileService Account to run the SharePoint UPS Service Application
Search ServiceSP_SearchService Account to run the SharePoint Search “Windows Service”
Default Content Access SP_CrawlThe Default Content Access Account for the Search Service Application
My SiteSP_MyPoolThe MyPool Web Application Account
Visio GraphicsSP_VisioUIt runs the Unattended Service account for Visio
ExcelSP_ExcelUIt runs the Unattended Service account for Excel
PowerPivotSP_PowPivtUIt runs the Unattended Service account for PowerPivot
Claims to Windows TokenSP_C2WTSIt runs the Claims to Windows Token Service Account

Read More

Hardware and Software Requirements for SharePoint 2013

Applies to: SharePoint Server 2013, SharePoint Foundation 2013

Summary: Lists the minimum hardware and software requirements to install and run SharePoint 2013 with Service Pack 1.

In this article:

 

Important

The information in this article applies to SharePoint Foundation 2013 and SharePoint Server 2013. For information about the features that each version supports, see the SharePoint 2013 Product Page.
Some of the hardware requirement values in this article are based on test results from SharePoint 2010 Products and still apply to SharePoint 2013. This article will be updated with appropriate values and republished when new data becomes available. Hardware requirement values obtained from SharePoint 2010 Products that are listed in this article do not apply to search in SharePoint 2013.
This article links to SharePoint 2010 Products guidance where that guidance is still valid. The SharePoint 2010 Products guidance is not applicable for search in SharePoint 2013 because the search architecture has changed significantly.
The hardware and software requirements in this article refer to physical and virtual servers in a SharePoint farm.

SharePoint 2013 provides for several installation scenarios. Currently, these installations include single server with built-in database installations, single-server farm installations, and multiple-server farm installations. This article describes the hardware and software requirements for SharePoint 2013 in each of these scenarios.

Hardware and software requirements for other SharePoint 2013 capabilities

If you plan to use capabilities that are offered through SharePoint 2013 or through other integration channels, such as SQL Server or Exchange Server, you also need to meet the hardware and software requirements that are specific to that capability. The following list provides links to hardware and software requirements for some SharePoint 2013 capabilities:

Hardware requirements – location of physical servers

Some enterprises have data centers that are located in close proximity to one another and are connected by high-bandwidth fiber optic links. In this environment it is possible to configure the two data centers as a single farm. This distributed farm topology is called a stretched farm. Stretched farms for SharePoint 2013 are supported as of April 2013.

For a stretched farm architecture to work as a supported high-availability solution, the following prerequisites must be met:

  • There is a highly consistent intra-farm latency of <1ms one way, 99.9% of the time over a period of ten minutes. (Intra-farm latency is commonly defined as the latency between the front-end web servers and the database servers.)
  • The bandwidth speed must be at least 1 gigabit per second.

To provide fault tolerance in a stretched farm, use the standard best practice guidance to configure redundant service applications and databases. For more information, see Create a high availability architecture and strategy for SharePoint 2013.

 

Hardware requirements—web servers, application servers, and single server installations

The values in the following table are minimum values for installations on a single server with a built-in database and for web and application servers that are running SharePoint 2013 Service Pack 1 in a single / multiple server farm installation under a Windows Server 2012 environment.

Please note: you must have sufficient hard disk space for the base installation and sufficient space for diagnostics such as logging, debugging, creating memory dumps, and so on. For production use, you must also have additional free disk space for day-to-day operations.

In addition, maintain five times as much free space as you have RAM for development, UAT & production environments.

Installation Scenario Deployment type and scale RAM Processor Hard disk space
Web server in a three-tier farmPilot, user acceptance test deployment of SharePoint Server 2013 or SharePoint Foundation 2013.16 GB64-bit, 4 cores250 GB for system drive
Application server in a three-tier farmProduction, user acceptance test, or production deployment of SharePoint Server 2013 or SharePoint Foundation 2013.32 GB64-bit, 4 cores250 GB for system drive

Hardware requirements – database servers

The requirements in the following table apply to database servers in environments that have multiple servers in the farm.

Note: The requirements listed in this section apply to SQL Server 2014.

Component Minimum requirement
Processor64-bit, 8 cores for small deployments (fewer than 1,000 users)
RAM• 64 GB for small deployments (fewer than 1,000 users) These values are larger than those recommended as the minimum values for SQL Server because of the distribution of data that is required for a SharePoint 2013 environment..
Hard disk500 GB for system drive

Software requirements

The requirements in the following section apply to the following installations:

  • Single server with built-in database
  • Server farm with a single server in the farm
  • Server farm with multiple servers in the farm
Important:
SharePoint 2013 does not support single label domain names. For more information, see Information about configuring Windows for domains with single-label DNS names.

The Microsoft SharePoint Products Preparation Tool can assist you in the installation of the software prerequisites for SharePoint 2013. Ensure that you have an Internet connection, because some prerequisites are installed from the Internet. For more information about how to use the Microsoft SharePoint Products Preparation Tool, see Install SharePoint 2013 on a single server with SQL Server and Install SharePoint 2013 across multiple servers for a three-tier farm.

Note:
SQL Server 2014 requires the May 2014 Cumulative Update to be installed. To install the May 2014 Cumulative Update see Updates to SharePoint 2013.
Note:
Windows Server 2012 R2 is only supported on a SharePoint Server 2013 Service Pack 1 environment. For additional information about Windows Server 2012 R2 support, see SharePoint 2013 SP1 support in Windows Server 2012 R2.

Minimum software requirements

This section provides minimum software requirements for each server in the farm.

Minimum requirements for a database server in a farm:

  • One of the following:
    • The 64-bit edition of Microsoft SQL Server 2012.
    • The 64-bit edition of SQL Server 2008 R2 Service Pack 1
  • The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter or the 64-bit edition of Windows Server 2012 Standard or Datacenter
  • The SharePoint parsing process crashes in Windows Server 2008 R2 (KB 2554876)
  • FIX: IIS 7.5 configurations are not updated when you use the ServerManager class to commit configuration changes (KB 2708075)
  • Hotfix: ASP.NET (SharePoint) race condition in .NET 4.5 RTM:
    • Windows Server 2008 R2 SP1 (KB 2759112)
    • Windows Server 2012 (KB 2765317)
  • Microsoft .NET Framework version 4.5

Minimum requirements for a single server with built-in database:

  • The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter or the 64-bit edition of Windows Server 2012 Standard or Datacenter
  • The SharePoint parsing process crashes in Windows Server 2008 R2 (KB 2554876)
  • FIX: IIS 7.5 configurations are not updated when you use the ServerManager class to commit configuration changes (KB 2708075)
  • Hotfix: ASP.NET (SharePoint) race condition in .NET 4.5 RTM:
    • Windows Server 2008 R2 SP1 (KB 2759112)
    • Windows Server 2012 (KB 2765317)
  • The Setup program installs the following prerequisite for a single server with built-in database:
    • Microsoft SQL Server 2008 R2 SP1 – Express Edition
  • The Microsoft SharePoint Products Preparation Tool installs the following prerequisites for a single server with built-in database:
    • Web Server (IIS) role
    • Application Server role
    • Microsoft .NET Framework version 4.5
    • SQL Server 2008 R2 SP1 Native Client
    • Microsoft WCF Data Services 5.0
    • Microsoft Information Protection and Control Client (MSIPC)
    • Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    • Windows Management Framework 3.0 which includes Windows PowerShell 3.0
    • Windows Identity Foundation (WIF) 1.0 and Microsoft Identity Extensions (previously named WIF 1.1)
    • Windows Server AppFabric
    • Cumulative Update Package 1 for Microsoft AppFabric 1.1 for Windows Server (KB 2671763)

Minimum requirements for front-end web servers and application servers in a farm:

  • The 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Datacenter or the 64-bit edition of Windows Server 2012 Standard or Datacenter.
  • The SharePoint parsing process crashes in Windows Server 2008 R2 (KB 2554876)
  • FIX: IIS 7.5 configurations are not updated when you use the ServerManager class to commit configuration changes (KB 2708075)
  • Hotfix: ASP.NET (SharePoint) race condition in .NET 4.5 RTM:
    • Windows Server 2008 R2 SP1 (KB 2759112)
    • Windows Server 2012 (KB 2765317)
  • The Microsoft SharePoint Products Preparation Tool installs the following prerequisites for front-end web servers and application servers in a farm:
    • Web Server (IIS) role
    • Application Server role
    • Microsoft .NET Framework version 4.5
    • SQL Server 2008 R2 SP1 Native Client
    • Microsoft WCF Data Services 5.0
    • Microsoft Information Protection and Control Client (MSIPC)
    • Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    • Windows Management Framework 3.0 which includes Windows PowerShell 3.0
    • Windows Identity Foundation (WIF) 1.0 and Microsoft Identity Extensions (previously named WIF 1.1)
    • Windows Server AppFabric
    • Cumulative Update Package 1 for Microsoft AppFabric 1.1 for Windows Server (KB 2671763)

Minimum requirements for client computers

Minimum recommended services for development environments

The following are the minimum SharePoint 2013 services and service applications that are recommended for development environments:

  • App Management service application
  • Central Administration web site
  • Claims to Windows Token service (C2WTS)
  • Distributed cache service
  • Microsoft SharePoint Foundation 2013 Site and Subscription Settings service
  • Secure Store Service
  • User Profile service application (SharePoint Server 2013 only)

Optional software

The optional software in this section is supported but is not required to install or use SharePoint 2013. This software might be required by capabilities such as business intelligence. For more information about system requirements for other capabilities, see Hardware and software requirements for other SharePoint 2013 capabilities.

Environment Optional software
Single server with built-in database, front-end web servers, and application servers in a farm• .NET Framework Data Provider for SQL Server (part of Microsoft .NET Framework) • .NET Framework Data Provider for OLE DB (part of Microsoft .NET Framework) • Workflow Manager You can install Workflow Manager on a dedicated computer. • Microsoft SQL Server 2008 R2 Reporting Services Add-in for Microsoft SharePoint Technologies This add-in is used by Access Services for SharePoint 2013. • Microsoft SQL Server 2012 Data-Tier Application (DAC) Framework 64-bit edition • Microsoft SQL Server 2012 Transact-SQL ScriptDom 64-bit edition • Microsoft System CLR Types for Microsoft SQL Server 2012 64-bit edition • Microsoft SQL Server 2012 with Service Pack 1 (SP1) LocalDB 64-bit edition • Microsoft Data Services for the .NET Framework 4 and Silverlight 4 (formerly ADO.NET Data Services) • Exchange Web Services Managed API, version 1.2 • Microsoft SQL Server 2008 R2 Remote Blob Store which is part of the Microsoft SQL Server 2008 R2 Feature Pack • SQL Server 2008 R2 Analysis Services ADOMD.NET • KB 2472264 If you are running a geo-distributed deployment and your servers are running Windows Server 2008 R2, then installing KB 2472264 can optimize network latency in a dedicated datacenter network. For more information, and to download the software, see You cannot customize some TCP configurations by using the netsh command in Windows Server 2008 R2
Client computer• Windows 7 For information about how to use Windows 7 with SharePoint 2013 in a development environment, see Start: Set up the development environment for SharePoint 2013. • Silverlight 3 • Office 2013 • Microsoft Office 2010 with Service Pack 2 With KB 2553248 • Microsoft Office 2007 with Service Pack 2 With KB 2583910 • Microsoft Office for Mac 2011 with Service Pack 1 • Microsoft Office 2008 for Mac version 12.2.9 Support ends April 9, 2013.

Links to applicable software

To install Windows Server 2008 R2 SP1, Windows Server 2012, SQL Server, or SharePoint 2013, you can go to the web sites that are listed in this section. You can install most software prerequisites through the SharePoint 2013 Start page. The software prerequisites are also available from web sites that are listed in this section. You can enable the Web Server (IIS) role and the Application Server role in Server Manager.

In scenarios where installing prerequisites directly from the Internet is not possible you can download the prerequisites and then install them from a network share. For more information, see Install prerequisites for SharePoint 2013 from a network share.

Prerequisite installer operations and command-line options

The SharePoint 2013 prerequisite installer (prerequisiteinstaller.exe) installs the following software, if it has not already been installed on the target server, in this order:

  1. Microsoft .NET Framework version 4.5
  2. Windows Management Framework 3.0
  3. Application Server Role, Web Server (IIS) Role
  4. Microsoft SQL Server 2008 R2 SP1 Native Client
  5. Windows Identity Foundation (KB974405)
  6. Microsoft Sync Framework Runtime v1.0 SP1 (x64)
  7. Windows Identity Extensions
  8. Microsoft Information Protection and Control Client
  9. Microsoft WCF Data Services 5.0
  10. Windows Server AppFabric
  11. Cumulative Update Package 1 for Microsoft AppFabric 1.1 for Windows Server (KB 2671763)

You can run prerequisiteinstaller.exe at a command prompt with the following options. When you run prerequisiteinstaller.exe at a command prompt, you may be asked to restart the server one or more times during the installation process. After rebooting, you should continue the prerequisite installation by running prerequisiteinstaller.exe with the /continue option.

  • /? Display command-line options
  • /continue This is used to tell the installer that it is continuing from a restart
  • /unattended No user interaction

The installer installs from the file that you specify in the command-line options described in the following list. In this list, <file> signifies the file from which you want to install. If you do not specify the <file> option, the installer downloads the file from the Internet and installs it. If the option does not apply to the current operating system, it is ignored.

  • /SQLNCli:<file> Install Microsoft SQL Server 2008 SP1 Native Client from <file>
  • /PowerShell:<file> Install Windows Management Framework 3.0 from <file>
  • /NETFX:<file> Install Microsoft .NET Framework version 4.5 from <file>
  • /IDFX:<file> Install Windows Identity Foundation (KB974405) from <file>
  • /IDFX11:<file> Install Windows Identity Foundation v1.1 from <file>
  • /Sync:<file> Install Microsoft Sync Framework Runtime SP1 v1.0 (x64) from <file>
  • /AppFabric:<file> Install Windows Server AppFabric from <file> (AppFabric must be installed with the options /i CacheClient,CachingService,CacheAdmin /gac)
  • /KB2671763:<file> Install Microsoft AppFabric 1.1 for Windows Server (AppFabric 1.1) from <file>
  • /MSIPCClient:<file> Install Microsoft Information Protection and Control Client from <file>
  • /WCFDataServices:<file> Install Microsoft WCF Data Services from <file>

Installation options

Certain prerequisites are installed by the prerequisite installer with specific options. Those prerequisites with specific installation options are listed below with the options that are used by the prerequisite installer.

  • Windows AppFabric

/i CacheClient,CachingService,CacheAdmin /gac

  • Microsoft WCF Data Services

/quiet

The prerequisite installer creates log files at %TEMP%prerequisiteinstaller.<date>.<time>.log. You can check these log files for specific details about all changes the installer makes to the target computer.

 

Read More

Benefits of Cloud Computing

Cloud computing has a number of benefits from improved data security to greater flexibility allowing employees to work remotely. Find out how cloud solutions could help your business.

What are the principle benefits of cloud computing for businesses?

Cloud computing has been around for some years now, initially as a somewhat hazy concept to describe the move from on-premise to off-premise IT, and in more recent times, as a more defined hosted service delivery model. Greater numbers of businesses – both large and small – are now choosing to embrace the cloud, eager to make the most of their IT budgets and maximise return on investment.

While some have committed to a full-scale overhaul of their IT setup from the outset, others have dipped their toes in the water by testing cloud services for non-critical functions. Having experienced success with their initial deployment, many have embarked on a wider rollout of hosted services – to either complement or replace their existing infrastructure. And the positive reports have not gone unnoticed by other companies, who – conscious of the success their rivals have experienced in the cloud – have recognised the potential value in their own upgrade.

Cloud computing can benefit companies in a number of ways, depending upon their size, scale, sector and strategic goals. Here are five of the top advantages of sourcing IT services in the cloud:

Lower capital expenditure

The ability to source IT services on-demand – as and when they are required – allows businesses to move to an investment model based on operational expenditure. No longer are they required to commit to large-scale capital projects, spending thousands on servers and software licences which may only have a limited lifespan. When businesses source IT services in the cloud, it is the vendor that takes responsibility for the majority of the infrastructure. Businesses simply become consumers of IT services rather than the owners of the hardware.

Easier maintenance and upgrades

Cloud computing provider is responsible for server, software and network management, in-house IT professionals can be allocated other work. No longer do they need to spend all day simply keeping the company’s PC fleet working properly. Cloud vendors employ dedicated teams of experts whose sole responsibility is ensuring continuity of service. In terms of upgrades, these are provided at the vendor-end, rather than in-house, which saves both time and money for cloud users. When the cloud provider invests in new solutions, these are made available to customers, enabling them to access advanced tools and applications at no extra cost.

Greater flexibility and mobility

cloud services at their fingertips, employees can work from almost any location. They can access important files, data, documents and IT tools from a range of devices from almost any connected location. Providing they have the required bandwidth, it is possible to work online, replicating the office environment and ensuring employees can work as productively as possible.

Last year, a study conducted by IDG highlighted the range of services utilised by business employees in the cloud. These included work email (94 per cent), office apps (76 per cent) virtual private network server (75 per cent), databases (72 per cent), archives (55 per cent), production systems (55 per cent), CRM (47 per cent) and video conferencing (25 per cent).

Continuity of business

An associated benefit of remote working capability is the fact that, in the event of a disaster, the continuity of operations should never be in doubt. Should there be a fire, flood, theft, technology outage, or snow and ice prevent people from making it into the office, they have the option of working from a different location. Employees can simply log on as normal, access their work desktop, and continue as they would have done on any normal working day. All documents, files and data are hosted in the cloud, meaning they are accessible from almost any system, providing the user has the necessary access codes.

Improved IT security

In the early days of the cloud, concerns over the security of data hosted off-site were seen as a notable inhibitor to service adoption. However, as cloud computing has matured, and businesspeople have gained more of an understanding as to how it works, many of these fears have been allayed.

Rather than weakening IT security, there is a case for saying that cloud computing improves companies’ defences. This is because of the huge amount of money cloud providers spend on securing their data centre infrastructure, and keeping their customers’ data safe. Vendors benefit from economies of scale – they can afford to invest in the latest solutions and preventative approaches, whereas relatively few individual businesses can to the same degree.

Read More

SharePoint 2013 Platform Options – Hybrid with Office 365

What BDMs and architects need to know about a Hybrid with Office 365 deployment.

Overview

Hybrid with Office 365

Combine the benefits of Office 365 with an on-premises deployment of SharePoint 2013
Choose which features to integrate.

SharePoint Search

  • Users can see search results from both environments.
  • Extranet users can log in remotely with an on-premises Active Directory account and use all available hybrid functionality.

Business Connectivity Services

  • From SharePoint Online: Users can perform both read and write operations.
  • The BCS service connects to an on-premises SharePoint Server 2013 farm.
  • The BCS service configured on the on-premises farm brokers the connection to on-premises OData Service endpoints.

Duet Enterprise Online

  • From SharePoint Online: Users can perform read and write operations against an on-premises SAP system.

Best for

  • Use Office 365 for external sharing and collaboration instead of setting up an extranet environment.
  • Move My Sites (OneDrive for Business) to the cloud to make it easier for users to access their files remotely.
  • Start new team sites in Office 365.
  • Integrate an Office 365 site with on-premises BCS SharePoint environment.

License requirements

  • Office 365 — Subscription model, no additional licenses needed.
  • On-premises — All on-premises licenses apply.

Architecture tasks

In addition to tasks for both the Office 365 and on-premises environments:

  • Determine how much feature integration is desired and choose the hybrid topology.
    See this model poster: Which hybrid topology should I Use?
  • If required, determine which proxy server device will be used.

IT Pro responsibilities

In addition to tasks for both the Office 365 and on-premises environments:

  • Configure the proxy server device, if required
  • Configure the hybrid identity management infrastructure: SSO and server-to-server authentication between the two environments.
  • Configure the integration of chosen features: search, BCS, Duet Enterprise
Read More

SharePoint 2013 Platform Options – Microsoft Azure

What BDMs and architects need to know about a Microsoft Azure deployment.

Overview

Microsoft Azure

Take advantage of the cloud while maintaining full control of the platform and features.

  • Microsoft Azure is a platform that provides the infrastructure and app services needed to host a SharePoint 2013 farm.
  • Infrastructure Services.
  • Best native cloud platform for SQL Server and SharePoint.
  • Computing resources are available almost immediately with no commitment.
  • Focus on applications, instead of datacenters and infrastructure.
  • Inexpensive development and test environments.
  • SharePoint solutions can be accessible from the Internet or only accessible from a corporate environment through a site-to-site VPN tunnel.
    Customizations are not limited.

Best for

  • SharePoint for Internet Sites — Public facing sites. Take advantage of Microsoft Azure AD for customer accounts and authentication.
  • Developer, test, and staging environments — Quickly provision and un-provision entire environments.
  • Hybrid applications — Applications that span your datacenter and the cloud.
  • Disaster recovery environment — Quickly recover from a disaster, only pay for use.
  • Farms that require deep reporting or auditing.
  • Web analytics.
  • Data encryption at rest (data is encrypted in the SQL databases).

License requirements

  • Microsoft Azure subscription (includes the server operating system)
  • SQL Server
  • SharePoint 2013 Server License
  • SharePoint 2013 Client Access License

Architecture tasks

Design the Microsoft Azure network environment:

  • Virtual network within Microsoft Azure, including subnets.
  • Domain environment and integration with on-premises servers.
  • IP addresses and DNS.
  • Affinity groups and storage accounts.

Design the SharePoint environment in Microsoft Azure:

  • SharePoint farm topology and logical architecture.
  • Microsoft Azure availability sets and update domains.
  • Virtual machines sizes.
  • Load balanced endpoint.
  • External Endpoints for public access, if desired.
  • Design the disaster recovery environment.

IT Pro responsibilities

Deploy and manage the Microsoft Azure and SharePoint environment:

  • Implement and manage the Microsoft Azure network environment.
  • Deploy the SharePoint environment.
  • Update SharePoint farm servers.
  • Add or shut down virtual machines as needed based on farm utilization.
  • Increase or decrease virtual machine sizes, as needed.
  • Backup the SharePoint environment.
  • Implement the disaster recovery environment and protocol.

 

Read More

SharePoint 2013 Platform Options – On-premises

What BDMs and architects need to know about an on-premises deployment.

Overview
On Premises

  • You own everything.
  • Capacity planning and sizing.
  • Server acquisition and setup.
  • Deployment.
  • Scaling out, patching, and operations.
  • Backing up data.
  • Maintaining a disaster recovery environment.
  • Customizations are not limited.

Best for

  • In-country farms (when data is required to reside within a jurisdiction).
  • Complex BI solutions that must reside close to BI data.
  • Private cloud solutions.
  • Highly customized solutions.
  • Legacy solutions with third- party components that depend on hardware and software that are not supported on Microsoft Azure Infrastructure Services.
  • Privacy restrictions that prevent synchronization of Active Directory accounts with Microsoft Azure Active Directory (a requirement for Office 365).
  • Organizations that desire control of the entire platform and solution.

License requirements

  • Server Operating System
  • SQL Server
  • SharePoint 2013 Server License
  • SharePoint 2013 Client Access License

Architecture tasks

Design the SharePoint environment in an existing on-premises environment:

  • SharePoint farm topology and logical architecture.
  • Server hardware.
  • Virtual environment, if used.
  • Load balancing.
  • Integration with Active Directory and DNS.
  • Design the disaster recovery environment.

IT Pro responsibilities

Deploy and manage the SharePoint on premises environment:

  • Provision servers.
  • Deploy the SharePoint environment.
  • Update SharePoint farm servers.
  • Add or remove farm servers as needed based on farm utilization.
  • Backup the SharePoint environment.
  • Implement the disaster recovery environment and protocol.
Read More
Goverance Segments

What is governance in SharePoint 2013

Applies to: SharePoint Server 2013

Governance is the set of policies, roles, responsibilities, and processes that control how an organization’s business divisions and IT teams work together to achieve its goals. Every organization has unique needs and goals that influence its approach to governance. Larger organizations will probably require more—and more detailed—governance than smaller organizations. A good governance plan can:

  • Streamline the deployment of products and technologies, such as SharePoint Server 2013.
  • Help keep your organization’s system secure and compliant.
  • Help ensure the best return on your investment in technology.
Governance for SharePoint Server 2013 includes three major areas, each of which is equally important: IT governance, information management, and application management.
Goverance Segments
Different types of sites require different governance policies. This is because different sites have different requirements, which reflect their importance to the organization. Published sites have tighter governance over information and application management than team sites and personal sites (My Sites).

Generally, the larger the number of people who get information from a particular type of site, the more tightly it is governed, and vice versa. This is shown in the following graph. For example, if your intranet home page is available for everyone in your organization, it’s generally much more tightly governed than the site for the accounting department, which is more tightly governed than most group or team sites, and so on. Personal sites are generally the least governed types of sites.

Graph showing how, typically, the amount of governance increases with the number of people who rely on a site.

 

Goverance Site types
Your governance policies should support your organization’s goals and be kept up-to-date as your organization’s needs change. We recommend that you create a team from various disciplines across your organization to develop and maintain these policies. Include people from as many of the following roles as possible:

RoleResponsibility
Executive stakeholdersKey executives should define the overall goals of the governance committee and periodically evaluate the success of the implemented practices and policies.
Financial stakeholdersFinancial officers should make sure that governance rules and processes help increase the return on your organization’s investment in SharePoint products.
Business division leaders Business leaders represent the teams that do the primary work of the enterprise and drive the architectural and functional requirements of the deployment. They work with information architects to structure the information architecture and taxonomy standards. Business leaders also work with IT leaders to create service-level agreements and other support policies.
IT managersIT managers help develop their service offerings and determine how to achieve their IT responsibilities (for example, improving security and maintaining reliability) while supporting the features required by the business teams.
Software development leadersSoftware development leaders help determine which customization tools are approved, how to verify code security, and ensure code-related best practices.
Technical specialistsTechnical specialists design, build, and run IT services and solutions.
Trainers Instructional experts should develop a training plan for your organization.
Influential information workersThe members of your organization who do the day-to-day work should help ensure that the services and information architecture meet their needs.
Information architects or taxonomistsMembers of these groups design information systems and taxonomies. Based on their analysis of the information needs of the audience, they develop plans that support organizational objectives and define site architecture and navigation.
Compliance officersGovernance includes making sure that an organization meets its regulatory and legal requirements and manages its corporate knowledge. If your organization has roles that are responsible for compliance or legal oversight, include representatives from those disciplines in your governance team.

Your organization might not have all of these roles, or it might use a different name for some of these roles.

Governance and training

ProvideWhy?
Training for the products and servicesTraining and education about SharePoint in your governance plan helps drive adoption and reduce support costs.
Education about your governance policiesTraining your user community appropriately increases compliance with your policies, increases satisfaction with your services, and reduces support costs.
Content to support your services and policiesHaving good quality resources and information available helps your users find the answers when they have questions about a service, process, or policy.
A good search infrastructureHaving a good search infrastructure helps your users find what they need when they need it.

Best practices for governance plans

An effective governance plan anticipates the needs and goals of your organization’s business divisions and IT teams. Because every enterprise is unique, we recommend that you tailor a governance plan to your environment by using the following steps.

  1. Determine initial principles and goals.   The governance committee should develop a governance vision, policies, and standards that can be measured to track compliance and to quantify the benefit to your organization. For example, your plan should identify service delivery requirements for both technical and business aspects of your SharePoint deployment.
  2. Classify your business information.   Organize your information according to an existing taxonomy, or create a custom taxonomy that includes all the information that supports your business solution. After your information is organized, design an information architecture to manage it. Then, determine the most appropriate IT services to support it.
  3. Develop an education strategy.   The human element is, after the governance plan, the most important ingredient in the success or failure of a SharePoint deployment. A comprehensive training plan should show how to use SharePoint according to the standards and practices that you are implementing and explain why those standards and practices are important. Your plan should cover the kinds of training required for specific user groups and describe appropriate training tools. For example, your IT department might maintain a frequently asked questions (FAQ) page about its SharePoint service offerings, or your business division might provide online training that shows how to set up and use a new document management process.
  4. Develop an ongoing plan.   Successful governance is ongoing. The governance committee should meet regularly to review new requirements in the governance plan, reevaluate and adjust governance principles, and resolve conflicts among business divisions for IT resources. The committee should provide regular reports to its executive sponsors to promote accountability and to help enforce compliance across your organization. Although this process seems complicated, its goals are to increase the return on your investment in SharePoint, take full advantage of the usefulness of your SharePoint solution, and improve the productivity of your organization.
Read More
1 2 3