First and the most important item here is that this will be based on a Very Small SharePoint implementation. The service is to support less than 100 users. If there was more trust of the cloud based products, the web based version of SharePoint would have been a likely choice. Not so much for us though. Even though we are a small company, we’ve employed the enterprise version of SharePoint. This was after running through Foundation, and then Standard versions. With Microsoft, all the good stuff comes in the Enterprise version. No a la carte here…Hello? Microsoft? A La Carte model please???
One of the first lessons learned was that SharePoint is more of a concept than a concrete object you can put your hands on. Sure, it has that element but…like that piece of dense chocolate cake that goes thunk… it’s heavier than you think. SharePoint is a server product that can have a inclusive SQL Express server or access an external server. Depending on which model you opt for, be prepared to create a lot of AD entries if you go for the more than a single server model.
SQL Server is a critical element of SharePoint
When isn’t SQL Server a critical element? While SharePoint does provide functionality to access external content, SQL Server is a central and critical piece of the SharePoint solution. In our deployment, I set it up so that we used an external, dedicated SQL Server to support SharePoint first. Secondary databases were added after the solution was in place and evaluated for their impact. The SQL Server is a bare metal server. While it has been documented that SQL will run virtualized, we did not want to take the chance and dedicated a server. Hardware is getting cheaper by the day.
What version? Since it is well known the the future of Microsoft products is going to be on 64 bit servers, we went with the latest version of SQL on a 64 bit box (SQL 2008 R2 x64).
Servers and Web Roles…More fun
Start up a Windows Server (2008 R2 x64 please) and you’re confronted with ROLES. Well, SharePoint needs a ROLE or two to function. Since it is an application the Application Server Role would be good. Web? I think SharePoint has “some” web parts to it, so IIS would probably be a good idea. Go to this PowerShell and SharePoint link for PowerShell stuff.
In addition to the roles mentioned, some other stuff should be set up ahead of time:
- A little component called: Microsoft SQL Server 2008 Native Client
- Microsoft Windows Identity Foundation
- Microsoft Sync Framework 2.0
- Microsoft Chart Controls for .Net Framework 3.5
- Microsoft Office 2010 Filter Packs
- Microsoft SQL Server 2008 Analysis Services ADOMD.NET (same place you found Native Client)
- For ADA Requirements
NOTE: I’ve tried to pull in the latest links but please double check as things to change and it’s always best to get stuff fresh.
In the small scenario, all of these components and roles are on one server. The only separation used is that the SQL Server is on a different box.
Looking around my office and thinking about this project, I have four books on SharePoint 2010 that I’ve collected over the past year or so (see below). Most of these were not even in Print when I started this project. It’s been a long an interesting road for sure. Some are dog eared. Others a full of sticky notes and yellow highlighter. Go figure…
SharePoint has a lot of Service Applications that can be enabled
Not all of the services should be activated just because. Only activate what you need. Just because you’ve activated it doesn’t mean you’re done either.
To get familiar with PowerShell support, go to the Microsoft SharePoint 2010 Products on the server menu:
Open up the SharePoint 2010 Management Shell and type Get-Command.
You will see a long list…
SharePoint Search: As mentioned in other blogs, there are two SharePoint search facilities, SharePoint Search and Fast Search. For fast, you want a different server. We’ve not implemented Fast. Normal search will suffice for now. When we need thumbnails and other fancy stuff, we’ll get another server for Fast.
One of the roles that will need to be enabled for our server will be Email Integration. This will require some separate steps but is necessary for records and content management.
Again, since this is a limited server farm, the default of having server administration role on the same server is not an issue. When our farms grows HUGE, then it might make sense to put the role on it’s own dedicated server.
Development Needs: Say what you will, having your own personal SharePoint server to do development is a good thing. Having it as a virtual system is even better. To facilitate this, I leveraged VMware Workstation to build separate SharePoint environments to mimic the three systems we have in place: Foundation, Standard and Enterprise. Why go through the trouble of setting Virtual Environments for SharePoint? In a word – SNAPSHOT. SharePoint is a large environment that can go sideways on you in an instant. Not all sideways events are easy to recover from either. By using a virtual environment, you can test stuff out without risking your sanity. I follow the same process for almost any additional tweak to the system:
If only the server was running with a similar facility! I’d have fewer gray hairs…
Notice the VMware reference? Well, I have to admit that I’m a bit confused on Microsoft’s virtual pc offerings. Eventually, I’m sure I’ll find a concise HOWTO and start using it. So far, mostly due to lake of time, the resources on MSDN and Virtualization seem, detailed but scattered. <—opinion!!!
At least one installation of SharePoint using VMware completed and a snapshot taken
Ready for the plunge, bringing up the server…taking down the server…bringing it back up. Crud, it isn’[t working as expected and what is this about Kerberos anyway?
http://book.pdfchm.net/microsoft-sharepoint-2010-unleashed/9780672333255/ – the overall reference book
http://blah.winsmarts.com/2009-12-Microsoft_SharePoint_2010__Building_Solutions_for_SharePoint_2010.aspx <- a great reference for setting that all important Development Environment.
Of course various .Net and SQL server references as well.
SharePoint is not a system that you can just deploy. Basically, if you compare SharePoint 2010 with SharePoint 2003 it would be the same as Comparing a 2010 Dodge Challenger with one built in 1975. The may look similar on the outside but the insides are all different (scratch that… you can make SP2010 look like 2003 but why?). In 75, you could tweak or replace a carburetor for better performance but with the 2010 model, it’s a setting managed by the onboard computer system. Even changing the light bulb on the new Challenger is a challenge (trust me, you have to pull the front bumper off…)! Sorry, back to SharePoint.
With Improvement Comes Complexity
Under the hood, SharePoint is all new. While there may be some remnants hanging around the new beast is really comprised of a bunch of independent services. Something you discover pretty quickly after the bits are installed and you’ve visited both sides of the administration points. Both sides? Well, that depends on the the number of folks working on the project, who’s on first, what’s on second and so on.
The thing that’s nice about the service model is the ability to scale out over multiple servers. This adds a nice bit of scalability to the platform and reduces the strain on the crystal ball.
Now promoted and does more. Check… Well, a little more than that. Native search is one of the new services. Now, just because you’ve enable the service doesn’t mean it just works… There are a few steps and site particulars that need to be addressed before search is usable. See Post-installation steps for search…
But just talking about search brings up some interesting points. Which version of SharePoint you run will largely be dependent on the budget available. Enterprise builds upon Standard that builds upon Foundation. In fact, Foundation may be all the SharePoint you need at this time. See SharePoint Products. For some additional content, see SharePoint Server 2010 Operations Framework and Checklists.
SharePoint is a large ecosystem with deep features. Great stuff but be prepared for a learning curve.
Heath and Well Being of SharePoint
This one gets a bit sticky. It was also the most challenging point to convince the IT department to set up a sufficient number of service accounts. What really doesn’t help is the challenge of finding a concise list of what accounts are needed. You are going to love to learn to hate this:
You’ll spend a lot of time going through messages like:
Now, the ability to get help from within the application has improved. When I first started clicking on the links, the web page that opened was the general SharePoint landing page with no reference to the error provided the link…
Now, 9 time out of 10, you land on a page with helpful information:
The following figure shows that there is just one or two accounts that can be specified for SharePoint:
First, as far as accounts go, you need a specific administration account to set up and configure the server. After that is done, you’ll use that account to log into the server to specify the individual DOMAIN accounts to use for SharePoint. Some services can use the same account while others it is best to specify their own account.
One of the nice features to plan for is Automatic Password Change. Your domain accounts are going to be subjected to password expiration rules unless you override that policy. Since SharePoint can manage its own password change process, it’s a good thing.
A good document that addresses the accounts is Account permissions and security settings. Basically the list is as follows:
|sp_Admin||Server administration / Farm administration||Domain account, used when the server is created. Gets many of it’s permissions through components.|
|sp_SetupUser||used to setup each server in the farm||Must be a domain account, a member of the local admin, and must be able to access the SharePoint server database. If PowerShell is used the account must be a member of db_owner on the database server and have security admin and dbcreator rights. You’ll want to keep this account around. Removing it can cause all sorts of chaos.|
|sp_FarmService (database access account)||application poll identity for central admin, process account for SharePoint foundation and runs the TimerService||Must be a domain account with user account permissions
Granted additional permissions through SharePoint tools.
|sp_SearchService||SharePoint basic search features||Must be a domain account with user account permissions
Granted additional permissions through SharePoint tools.
|sp_SearchContentAccess||crawls across sp content sites||Must be a domain account with user account permissions
Must be a member of the Farm Admin group
Granted additional permissions through SharePoint tools.
|sp_ApplicationPool||application pools||Given machine level permissions through SharePoint tools or configured separately through PowerShell|
|sp_MySiteAppPool||application pool||Must be a domain account with user account permissions
Must not be a member of the farm admin group
That’s a start. for additional information, see the provided link above. For all accounts listed that need to be a domain account the format is <domain>\<user account>. ex: Domain\sp_Admin
Time to change up the soundtrack a bit. At first it was Arrowsmith and “Toys in the Attic” followed by Mindi Abair and “It just happens that way” and finally ended with Joe Walsh and “Life’s been good”.
Now, I’m sitting here staring at the SharePoint Central Administration Screen. Good ol’ w2k8r2spsa:20111/default.aspx. Lots of settings to go through.
1st though, let’s look at the “Monitoring Section”. You might want to look at SharePoint Server 2010: Operations Framework and Checklists.
At this point, you will probably not see the yellow or red notification across the screen but it will come!
- Click on Monitoring
- Click on Health Analyzer’s “Review problems and solutions”. If there were any issues the reports would show up here.
- Return to Central Administration
- Click on application Management. Your blank site shows up as SharePoint -80 (Port 80)
- Now, for grins, click on Configuration Wizards
- Launch Farm Configuration Wizard
- Go with the defaults on the next page, click “Next”
- Notice how the “/” option for sites no longer exists
- Click “Cancel”, we’ll add another site in a different fashion
- At this point, hopefully you are still logged in as spAdmin
- Open up a new tab on your browser
- Type in the address for the computer less the port or add port 80 <computername>:80
- Next click on “Site Actions” then “New Site”
The default template section opens and you have “All Types” and “All Categories” open. The “blog” template is visible. If you click on the “Content” filter type, the templates are reduced to Document Workspace, Blog and Document Center. I’ll add a blog.
- Click on “Blog”
- Give the Site a title and a URL Name.
- Then click on more options (You can also start with this)
- Look at “Permissions, Navigation and Navigation Inheritance”
- If access to this site is the same as the parent, leave the default “Use same permissions…” checked
- If the site will have special permissions, select “Use Unique…” simple right?
- Navigation – Two options to set
- If you want a link on the top only, the default of No, Yes is the setting
- If you want a link on the top and side, Yes, Yes is the setting
- No links = No No
- Navigation Inheritance – I would have made the default “Yes” but it is set to “No”. If you want a consistent connection to the home site, switch this to “Yes”
Adds “My Blog” to the link bar. The bigger deal is the “Home” button that seemed to do nothing before (e.g. Home = My Blog) has changed behavior to “Home = Site Home” and returns you to the main site page.
Ok, enough of playtime. Tomorrow it’s back to serious settings and configuration of SharePoint. It’s nice though to take a break and play with application.
While the Jury is still out (for me at any rate) SharePoint Designer is either a help or it’s not. Prior versions of the product could be hard on SharePoint. So, taking the innocent until proven guilty, I will be using it for this iteration.
First thing, after the SharePoint Administration presented the choice, I added an Enterprise Wiki site. Et voila… What, “Adventureworks”??? Whre did that Icon come from, what’s going on??? In the land of Microsoft, Adventure Works is alive and well and a template model when you choose the Enterprise Wiki site. Templates can be changed to provide consistent site look and feel. I’ll get to those later. For now, time to modify Adventure works into something I want to use.
- Using Site actions, click on Edit inSharePoint Designer – If not install, go ahead and accept the install instructions (64 bit is OK if 2010 is all you’re working in)
- If you opened it from the site, you’ll already be where you need to be, otherwise:
- Click on the Open Site button
- type in the root site address
- Click on Open
- Click on Master Pages Link
- Click on nightandday.master
- Edit this master page
- This will show you the masterpage the template used when it constructed the Enterprise Wiki site.
OK, so now what? Got the master page up and you can see a lot of stuff.
- So, you click on the Adventure Works logo
- Click delete
- Click on the save icon.
- A warning pops up:
You could goto to the Main Site Object and then click on the Edit Site Home Page link…
- Click on the link
- Click on the Edit in Browser Button
- Click on the check out button
- Edit your page
But wait, there’s more. You can’t get to the logo. It still says Adventure Works and you’re getting really tired of that site…
You tried editing the master page directly and ran into a warning.
Going through the main page and edit site home page allowed you to edit internal items on the page but not the header.
And hey, when did source control enter the picture…
For now, take the easy road.
- Exit SharePoint Designer, you’ll be back
- Click on Site Actions
- Click View All Site Content
- Click on Site Collection Images
- Click on Add New Item
- Navigate to your new snazzy logo and click on Open
- Click on OK
- You’re presented with a form where you can add a Title, Keywords, Comments, Author, etc. about the image
- Click on Check in when you are done
- Click on Site Actions
- Site Settings
- Click on Title, Description and icon under Look and Feel
- In the Logo URL and Description URL box, type: “/SiteCollection/<YourLogoName>.gif
- Click on Click here to test, then click on ok.
What? The stories over? Naw, just this segment. Applications are the main thrust so most of the SharePoint of this blog will be talking about that.
Todays experiment? What happens when you delete the base site? Not the admin site but the :80 site. How graceful will SharePoint handle this?
Most stuff you find on the web is all about moving forward but what if you really roll the site in something that doesn’t smell quite right?
Well, here goes.
- VM Ware SnapShot titled PreDelete and a date (maybe it’s just age but once you have more than one of these, it’s a nice way to figure out which one is what/when)
- Bring up the site – yup still there…
- Site Actions then Site Settings
- Under the Site Actions Section theres a link… Delete This SIte… [click]
- Read the warning…
- Yup, looks pretty serious…
- And yet one more warning…might not be a good idea
- The “Sites been deleted page” comes up. Click the back link to verify the site has been deleted.
- What happend to the Admin Site?
- Modify the URL and add in the Admin Port and pull it up.
As expected, the admin site is just fine. Now check on the Create Site Link and lets see what deleting the primary site actually did? Remember to be logged in as the SpAdmin account.
When you click on the create a site button, you have regained the ability to create a root level site. In fact, it’s back to the base level of the install.
- Enter In a new Title and Description
- Chosse the site type
- Assign Primary Site and Secondary Site Admins
- Provide a quota if needed
- Click on |OK|
- Now, click on the link for the new site…this is NOT the |OK| button on the same page
- Click on Site Actions once the page load
- Site Permissions and give the site owner access
Now you can go back to your site with the correct login and modify and change as needed. This is what I would call a punt. Short of rebuilding the whole SharePoint site, this method provides a way to get back to square one as long as everything on the host is solid.