Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
MICROSOFT
LEARNING
PRODUCT
10174A
Configuring and Administering Microsoft SharePoint 2010
Volume 2
Be sure to access the extended learning content on your Course Companion CD enclosed on the back cover of the book.
ii
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. 2010 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us /IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners.
MICROSOFT LICENSE TERMS OFFICIAL MICROSOFT LEARNING PRODUCTS - TRAINER EDITION Pre-Release and Final Release Versions
These license terms are an agreement between Microsoft Corporation and you. Please read them. They apply to the Licensed Content named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft updates, supplements, Internet-based services, and support services
for this Licensed Content, unless other terms accompany those items. If so, those terms apply. By using the Licensed Content, you accept these terms. If you do not accept them, do not use the Licensed Content. If you comply with these license terms, you have the rights below.
1. DEFINITIONS. a. Academic Materials means the printed or electronic documentation such as manuals,
workbooks, white papers, press releases, datasheets, and FAQs which may be included in the Licensed Content. location, an IT Academy location, or such other entity as Microsoft may designate from time to time. conducted at or through Authorized Learning Centers by a Trainer providing training to Students solely on Official Microsoft Learning Products (formerly known as Microsoft Official Curriculum or MOC) and Microsoft Dynamics Learning Products (formerly know as Microsoft Business Solutions Courseware). Each Authorized Training Session will provide training on the subject matter of one (1) Course. Center during an Authorized Training Session, each of which provides training on a particular Microsoft technology subject matter.
b. Authorized Learning Center(s) means a Microsoft Certified Partner for Learning Solutions
c. Authorized Training Session(s) means those training sessions authorized by Microsoft and
d. Course means one of the courses using Licensed Content offered by an Authorized Learning
e. Device(s) means a single computer, device, workstation, terminal, or other digital electronic or
analog device.
f.
Licensed Content means the materials accompanying these license terms. The Licensed Content may include, but is not limited to, the following elements: (i) Trainer Content, (ii) Student Content, (iii) classroom setup guide, and (iv) Software. There are different and separate components of the Licensed Content for each Course. Software means the Virtual Machines and Virtual Hard Disks, or other software applications that may be included with the Licensed Content.
g.
h. Student(s) means a student duly enrolled for an Authorized Training Session at your location.
i.
Student Content means the learning materials accompanying these license terms that are for use by Students and Trainers during an Authorized Training Session. Student Content may include labs, simulations, and courseware files for a Course. Trainer(s) means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer and b) such other individual as authorized in writing by Microsoft and has been engaged by an Authorized Learning Center to teach or instruct an Authorized Training Session to Students on its behalf. Trainers and Students, as applicable, solely during an Authorized Training Session. Trainer Content may include Virtual Machines, Virtual Hard Disks, Microsoft PowerPoint files, instructor notes, and demonstration guides and script files for a Course. Virtual Hard Disks means Microsoft Software that is comprised of virtualized hard disks (such as a base virtual hard disk or differencing disks) for a Virtual Machine that can be loaded onto a single computer or other device in order to allow end-users to run multiple operating systems concurrently. For the purposes of these license terms, Virtual Hard Disks will be considered Trainer Content. Microsoft Virtual PC or Microsoft Virtual Server software that consists of a virtualized hardware environment, one or more Virtual Hard Disks, and a configuration file setting the parameters of the virtualized hardware environment (e.g., RAM). For the purposes of these license terms, Virtual Hard Disks will be considered Trainer Content. you means the Authorized Learning Center or Trainer, as applicable, that has agreed to these license terms.
j.
k. Trainer Content means the materials accompanying these license terms that are for use by
l.
m. Virtual Machine means a virtualized computing experience, created and accessed using
n.
2. OVERVIEW.
Licensed Content. The Licensed Content includes Software, Academic Materials (online and electronic), Trainer Content, Student Content, classroom setup guide, and associated media. License Model. The Licensed Content is licensed on a per copy per Authorized Learning Center location or per Trainer basis.
3. INSTALLATION AND USE RIGHTS. a. Authorized Learning Centers and Trainers: For each Authorized Training Session, you
may: i. either install individual copies of the relevant Licensed Content on classroom Devices only for use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided that the number of copies in use does not exceed the number of Students enrolled in and the Trainer delivering the Authorized Training Session, OR
ii. install one copy of the relevant Licensed Content on a network server only for access by classroom Devices and only for use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided that the number of Devices accessing the Licensed Content on such server does not exceed the number of Students enrolled in and the Trainer delivering the Authorized Training Session. iii. and allow the Students enrolled in and the Trainer delivering the Authorized Training Session to use the Licensed Content that you install in accordance with (ii) or (ii) above during such Authorized Training Session in accordance with these license terms.
i.
Separation of Components. The components of the Licensed Content are licensed as a single unit. You may not separate the components and install them on different Devices.
ii. Third Party Programs. The Licensed Content may contain third party programs. These license terms will apply to the use of those third party programs, unless other terms accompany those programs.
b. Trainers:
i. Trainers may Use the Licensed Content that you install or that is installed by an Authorized Learning Center on a classroom Device to deliver an Authorized Training Session.
ii. Trainers may also Use a copy of the Licensed Content as follows:
A. Licensed Device. The licensed Device is the Device on which you Use the Licensed Content.
You may install and Use one copy of the Licensed Content on the licensed Device solely for your own personal training Use and for preparation of an Authorized Training Session. personal training Use and for preparation of an Authorized Training Session.
B. Portable Device. You may install another copy on a portable device solely for your own 4. PRE-RELEASE VERSIONS. If this is a pre-release (beta) version, in addition to the other provisions
in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not
contain the same information and/or work the way a final version of the Licensed Content will. We may change it for the final, commercial version. We also may not release a commercial version. You will clearly and conspicuously inform any Students who participate in each Authorized Training Session of the foregoing; and, that you or Microsoft are under no obligation to provide them with any further content, including but not limited to the final released version of the Licensed Content for the Course. Microsoft, without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software, Licensed Content, or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your feedback in them. These rights survive this agreement.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, you give to
c. Confidential Information. The Licensed Content, including any viewer, user interface, features
and documentation that may be included with the Licensed Content, is confidential and proprietary to Microsoft and its suppliers. i. Use. For five years after installation of the Licensed Content or its commercial release, whichever is first, you may not disclose confidential information to third parties. You may disclose confidential information only to your employees and consultants who need to know the information. You must have written agreements with them that protect the confidential information at least as much as this agreement. Survival. Your duty to protect confidential information survives this agreement.
ii.
iii. Exclusions. You may disclose confidential information in response to a judicial or governmental order. You must first give written notice to Microsoft to allow it to seek a
protective order or otherwise protect the information. Confidential information does not include information that d. becomes publicly known through no wrongful act; you received from a third party who did not breach confidentiality obligations to Microsoft or its suppliers; or you developed independently.
Term. The term of this agreement for pre-release versions is (i) the date which Microsoft informs you is the end date for using the beta version, or (ii) the commercial release of the final release version of the Licensed Content, whichever is first (beta term). Use. You will cease using all copies of the beta version upon expiration or termination of the beta term, and will destroy all copies of same in the possession or under your control and/or in the possession or under the control of any Trainers who have received copies of the pre-released version. Copies. Microsoft will inform Authorized Learning Centers if they may make copies of the beta version (in either print and/or CD version) and distribute such copies to Students and/or Trainers. If Microsoft allows such distribution, you will follow any additional terms that Microsoft provides to you for such copies and distribution.
e.
f.
ii. Virtual Hard Disks. The Licensed Content may contain versions of Microsoft XP, Microsoft Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 2000 Advanced Server and/or other Microsoft products which are provided in Virtual Hard Disks. A. If the Virtual Hard Disks and the labs are launched through the Microsoft Learning Lab Launcher, then these terms apply: Time-Sensitive Software. If the Software is not reset, it will stop running based upon the time indicated on the install of the Virtual Machines (between 30 and 500 days after you install it). You will not receive notice before it stops running. You may not be able to access data used or information saved with the Virtual Machines when it stops running and may be forced to reset these Virtual Machines to their original state. You must remove the Software from the Devices at the end of each Authorized Training Session and reinstall and launch it prior to the beginning of the next Authorized Training Session. B. If the Virtual Hard Disks require a product key to launch, then these terms apply: Microsoft will deactivate the operating system associated with each Virtual Hard Disk. Before installing any Virtual Hard Disks on classroom Devices for use during an Authorized Training Session, you will obtain from Microsoft a product key for the operating system software for the Virtual Hard Disks and will activate such Software with Microsoft using such product key. C. These terms apply to all Virtual Machines and Virtual Hard Disks:
You may only use the Virtual Machines and Virtual Hard Disks if you comply with the terms and conditions of this agreement and the following security requirements: o o You may not install Virtual Machines and Virtual Hard Disks on portable Devices or Devices that are accessible to other networks. You must remove Virtual Machines and Virtual Hard Disks from all classroom Devices at the end of each Authorized Training Session, except those held at Microsoft Certified Partners for Learning Solutions locations. You must remove the differencing drive portions of the Virtual Hard Disks from all classroom Devices at the end of each Authorized Training Session at Microsoft Certified Partners for Learning Solutions locations. You will ensure that the Virtual Machines and Virtual Hard Disks are not copied or downloaded from Devices on which you installed them. You will strictly comply with all Microsoft instructions relating to installation, use, activation and deactivation, and security of Virtual Machines and Virtual Hard Disks. You may not modify the Virtual Machines and Virtual Hard Disks or any contents thereof. You may not reproduce or redistribute the Virtual Machines or Virtual Hard Disks.
o o o o
ii. Classroom Setup Guide. You will assure any Licensed Content installed for use during an
Authorized Training Session will be done in accordance with the classroom set-up guide for the Course. iii. Media Elements and Templates. You may allow Trainers and Students to use images, clip art, animations, sounds, music, shapes, video clips and templates provided with the Licensed Content solely in an Authorized Training Session. If Trainers have their own copy of the Licensed Content, they may use Media Elements for their personal training use. iv. iv Evaluation Software. Any Software that is included in the Student Content designated as Evaluation Software may be used by Students solely for their personal training outside of the Authorized Training Session.
b. Trainers Only:
i. Use of PowerPoint Slide Deck Templates. The Trainer Content may include Microsoft PowerPoint slide decks. Trainers may use, copy and modify the PowerPoint slide decks only for providing an Authorized Training Session. If you elect to exercise the foregoing, you will agree or ensure Trainer agrees: (a) that modification of the slide decks will not constitute creation of obscene or scandalous works, as defined by federal law at the time the work is created; and (b) to comply with all other terms and conditions of this agreement.
ii. Use of Instructional Components in Trainer Content. For each Authorized Training Session, Trainers may customize and reproduce, in accordance with the MCT Agreement, those portions of the Licensed Content that are logically associated with instruction of the Authorized Training Session. If you elect to exercise the foregoing rights, you agree or ensure the Trainer agrees: (a) that any of these customizations or reproductions will only be used for providing an Authorized Training Session and (b) to comply with all other terms and conditions of this agreement.
iii. Academic Materials. If the Licensed Content contains Academic Materials, you may copy and use the Academic Materials. You may not make any modifications to the Academic Materials and you may not print any book (either electronic or print version) in its entirety. If you reproduce any Academic Materials, you agree that:
The use of the Academic Materials will be only for your personal reference or training use You will not republish or post the Academic Materials on any network computer or broadcast in any media; You will include the Academic Materials original copyright notice, or a copyright notice to Microsofts benefit in the format provided below: Form of Notice: 2010 Reprinted for personal reference use only with permission by Microsoft Corporation. All rights reserved. Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the US and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.
6. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed
Content. It may change or cancel them at any time. You may not use these services in any way that could harm them or impair anyone elses use of them. You may not use the services to try to gain unauthorized access to any service, data, account or network by any means.
7. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only allow you to use it in certain ways. You may not install more copies of the Licensed Content on classroom Devices than the number of Students and the Trainer in the Authorized Training Session; allow more classroom Devices to access the server than the number of Students enrolled in and the Trainer delivering the Authorized Training Session if the Licensed Content is installed on a network server; copy or reproduce the Licensed Content to any server or location for further reproduction or distribution; disclose the results of any benchmark tests of the Licensed Content to any third party without Microsofts prior written approval; work around any technical limitations in the Licensed Content; reverse engineer, decompile or disassemble the Licensed Content, except and only to the extent that applicable law expressly permits, despite this limitation; make more copies of the Licensed Content than specified in this agreement or allowed by applicable law, despite this limitation; publish the Licensed Content for others to copy;
transfer the Licensed Content, in whole or in part, to a third party; access or use any Licensed Content for which you (i) are not providing a Course and/or (ii) have not been authorized by Microsoft to access and use; rent, lease or lend the Licensed Content; or use the Licensed Content for commercial hosting services or general business purposes. Rights to access the server software that may be included with the Licensed Content, including the Virtual Hard Disks does not give you any right to implement Microsoft patents or other Microsoft intellectual property in software or devices that may access the server.
8. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and
regulations. You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting. Content marked as NFR or Not for Resale.
9. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or Licensed 10. ACADEMIC EDITION. You must be a Qualified Educational User to use Licensed Content marked as
Academic Edition or AE. If you do not know whether you are a Qualified Educational User, visit www.microsoft.com/education or contact the Microsoft affiliate serving your country. fail to comply with the terms and conditions of these license terms. In the event your status as an Authorized Learning Center or Trainer a) expires, b) is voluntarily terminated by you, and/or c) is terminated by Microsoft, this agreement shall automatically terminate. Upon any termination of this agreement, you must destroy all copies of the Licensed Content and all of its component parts.
11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-
based services and support services that you use, are the entire agreement for the Licensed Content and support services.
13. APPLICABLE LAW. a. United States. If you acquired the Licensed Content in the United States, Washington state law
governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws
of that country apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the
laws of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. The Licensed Content is licensed as-is. You bear the risk of
using it. Microsoft gives no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this agreement cannot change. To the extent permitted under your local laws, Microsoft excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES. This limitation applies to anything related to the Licensed Content, software, services, content (including code) on third party Internet sites, or third party programs; and claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages. Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French. Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en franais. EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont exclues. LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation pour les autres dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de bnfices. Cette limitation concerne: tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers ; et les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit stricte, de ngligence ou dune autre faute dans la limite autorise par la loi en vigueur.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage. Si votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera pas votre gard. EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre pays si celles-ci ne le permettent pas.
Welcome!
Thank you for taking our training! Weve worked together with our Microsoft Certied Partners for Learning Solutions and our Microsoft IT Academies to bring you a world-class learning experiencewhether youre a professional looking to advance your skills or a student preparing for a career in IT.
Microsoft Certied Trainers and InstructorsYour instructor is a technical and instructional expert who meets ongoing certication requirements. And, if instructors are delivering training at one of our Certied Partners for Learning Solutions, they are also evaluated throughout the year by students and by Microsoft. Certication Exam BenetsAfter training, consider taking a Microsoft Certication exam. Microsoft Certications validate your skills on Microsoft technologies and can help differentiate you when finding a job or boosting your career. In fact, independent research by IDC concluded that 75% of managers believe certications are important to team performance1. Ask your instructor about Microsoft Certication exam promotions and discounts that may be available to you. Customer Satisfaction GuaranteeOur Certied Partners for Learning Solutions offer a satisfaction guarantee and we hold them accountable for it. At the end of class, please complete an evaluation of todays experience. We value your feedback!
We wish you a great learning experience and ongoing success in your career!
IDC, Value of Certication: Team Certication and Organizational Performance, November 2006
xiii
Acknowledgment
Microsoft Learning would like to acknowledge and thank the following persons for their contributions towards developing this title. Their efforts at various stages in the development have ensured that you have a good classroom experience.
xiv
xv
xvii
Contents
Module 8: Configuring and Securing SharePoint Services and Service Applications
Lesson 1: Securing the Enterprise SharePoint Service Lesson 2: Securing and Isolating Web Applications Lesson 3: Services and Service Applications Lab A: Administering SharePoint Services Lab B: Configuring Application Security Lab C: Configuring Service Applications 8-3 8-19 8-25 8-42 8-48 8-54
xviii
xix
Module 11 Lab: Implement Office Web Apps Module 12 Lab A: Preparing SharePoint 2007 for Upgrade to SharePoint 2010 Module 12 Lab B: Upgrading SharePoint 2007 to SharePoint 2010 Module 13 Lab A: Implementing a Backup Strategy Module 13 Lab B: Implementing a Restore Strategy Module 14 Lab A: Configuring SharePoint Monitoring Module 14 Lab B: Analyzing SharePoint Health Module 14 Lab C: Reporting SharePoint Usage
8-1
Module 8
Configuring and Securing SharePoint Services and Service Applications
Contents:
Lesson 1: Securing the Enterprise SharePoint Service Lesson 2: Securing and Isolating Web Applications Lesson 3: Services and Service Applications Lab A: Administering SharePoint Services Lab B: Configuring Application Security Lab C: Configuring Service Applications 8-3 8-19 8-25 8-42 8-48 8-54
8-2
Module Overview
Configuring and securing Windows SharePoint Services and service applications are important steps to isolate sensitive data in your organization and keep your environment free of unwanted Microsoft SharePoint installations. Planning the deployment of SharePoint thoroughly is important to a successful SharePoint environment.
Objectives
After completing this module, you will able to: Secure your enterprise-level SharePoint service. Secure Web applications. Configure SharePoint services and service applications.
8-3
Lesson 1
Awareness of where SharePoint is installed in your organization and who has permissions to perform those installations are critical to maintaining security in your network infrastructure. This lesson teaches you how to track those installations and configure many of the services and accounts used to keep your SharePoint implementation secure.
Objectives
After completing this lesson, you will be able to: Track SharePoint installations in your organization. Block inappropriate SharePoint deployments. Approve relevant SharePoint deployments. Approve SharePoint client installations.
8-4
Manage services on your SharePoint servers. Describe SharePoint services. Describe administrative accounts. Describe managed accounts.
8-5
Key Points
Service connection points (SCPs), also known as Active Directory markers, are data points in Active Directory Domain Services (AD DS) that represent the presence of a SharePoint server and farm. By putting several pieces together, you can both track and control SharePoint installations in your enterprise. You can use the following process to track your SharePoint installations. 1. Use ADSIEdit to create a container object, CN=Microsoft SharePoint Products,CN=System,DC=contoso,DC=com.
Note: You can use other container names. However, if you do, you must create a Group Policy for the domain computers to set a string value ContainerDistinguishedName under the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SharePoint. This makes it possible for the SharePoint Products Configuration Wizard to detect the new name.
8-6
2.
Assign Create serviceConnectionPoint objects permission to the accounts that are used to install SharePoint.
You must follow these steps before you create the farm. The SharePoint Configuration Wizard, PSConfig.exe, checks whether the container has been created, and then creates the marker. The marker contains the URL for the Application Discovery and Load Balancer Service. You can also create markers manually by using Windows PowerShell cmdlets.
To retrieve service connection point information for a farm, use the following command:
Get-SPFarmConfig -ServiceConnectionPoint represent the presence of a SharePoint server and farm. By putting several pieces together, you can both track and control SharePoint installations in your enterprise.
Additional Reading
Track SharePoint 2010 Installations by Service Connection Point at http://go.microsoft.com/fwlink/?LinkID=197124&clcid=0x409. Track or block SharePoint Server 2010 installations at http://go.microsoft.com/fwlink/?LinkID=197125&clcid=0x409.
8-7
Key Points
You can block unwanted SharePoint installations in your domain by applying a group policy object (GPO). Use the following procedure to block unwanted SharePoint deployments: 1. 2. 3. 4. Navigate to HKLM\Software\Policies\Microsoft\Shared Tools \Web Server Extensions\14.0\SharePoint in the registry. Create a REG_DWORD value named DisableInstall. Set the value to 1. Apply to all servers by either using an Active Directory .admx file or Windows PowerShell.
Once this GPO is in place in your domain, users will receive the message SharePoint installation is blocked in your organization. Please contact your network administrator for more details when they try to install SharePoint.
8-8
Key Points
In an environment where you are using a GPO to block SharePoint installations, you must create a group of servers that are approved for installation. Use the following procedure to control where SharePoint can be installed. 1. 2. 3. In AD DS, create a Group Policy security filter on the organizational unit (OU) to which you applied the GPO. Create a new group in AD DS that contains all computer objects on which SharePoint is allowed to be installed. Grant the new group permissions. Give the group DENY - APPLY GROUP POLICY permission. This overrides the installation block for this specific group. Add approved servers to the new group that you created.
4.
8-9
Key Points
Sometimes in your SharePoint environment, you want developers to be able to install an instance of SharePoint on their development computer. There are three options for controlling this: Add clients to the approved server group. This method is very secure but hard to manage. You must add each client computer to the group or your developers cannot install SharePoint. Scope the GPO only to servers. This method is easy to manage but allows SharePoint to be installed on any computer that is not in the Servers OU. Create a separate GPO scoped to clients. This method is similar to the first, except that you can manage servers and client computers separately.
The method you use depends on your environment. You must weigh the cost of managing the structure with security.
8-10
Key Points
The SharePoint installation process creates additional Windows Services. Most of these services start and stop themselves as needed by SharePoint. The one exception is the SharePoint Timer service; this service must be running at all times for SharePoint to send email messages and perform scheduled tasks. You can manually start this service if it is in the stopped state. Some of the other services created by the SharePoint installation process are the following: SharePoint Administration. Performs administrative tasks for SharePoint. SharePoint Tracing. Manages trace output. SharePoint User Code Host. Executes user code in a sandbox. SharePoint VSS Writer. Volume Shadow Copy Service. SharePoint Foundation/Server Search. Provides full-text indexing and searching.
8-11
Key Points
You can manage the services in SharePoint 2010 by navigating to Central Admin Manage services on the server. Depending on the specific version of SharePoint that you have installed, the number of services that are available to you may differ. Other products, such as Microsoft Project Server, install new services in SharePoint. You can start or stop the available services and configure them with separate permissions from Central Administration. By configuring separate permissions, you can delegate administration on each service application instance. This model allows for flexible scaling and balancing of load. These are the SharePoint services: Access Database Service. View/edit/interact with Microsoft Office Access 2010 databases in the browser. Application Registry Service. Enables users to search and collaborate around business data. Business Data Connectivity Service. Access line-of-business data.
8-12
Central Administration. Central Administration Web site. Claims to Windows Token Service. Used for claims authentication. Document Conversions Launcher Service. Enables document conversion. Document Conversions Load Balancer Service. Load balancer for document conversion. Excel Calculation Services. View/edit/interact with Microsoft Office Excel 2010 files. Lotus Notes Connector. Enables SharePoint to connect directly with Lotus Notes and retrieve data. Managed Metadata Web Service. Access managed taxonomy hierarchies, keywords, and social tagging infrastructure as well as content type publishing across site collections. Microsoft SharePoint Foundation Incoming E-Mail. Simple Mail transfer Protocol (SMTP) for SharePoint. Microsoft SharePoint Foundation Sandboxed Code Service. Allows for sandboxed development. Microsoft SharePoint Foundation Subscription Settings Service. Tracks subscription IDs used in multi-tenant configurations. Microsoft SharePoint Foundation Web Application. Allows for hosting Web content. Microsoft SharePoint Foundation Workflow Time Service. Used for SharePoint workflow. PerformancePoint Service. Provides the capabilities of PerformancePoint Services. Search Query and Site Settings Service. Performs a query across built indexes. Secure Store Service. Replaces single sign-on (SSO) in SharePoint 2007. Used to store user names/passwords for external data systems. SharePoint Foundation Search. Provides full-text indexing and search to SharePoint users. SharePoint Server Search. Provides enhanced full-text indexing and search capabilities. User Profile Service. Allows for creation of MySites.
8-13
User Profile Synchronization Service. Synchronizes user profiles with Active Directory data. Visio Graphics Service. View/edit/interact with Microsoft Visio documents. Web Analytics Data Processing Service. Used for processing data for Web trending and site usage. Web Analytics Service. Used for Web trending and site usage statistics. Word Automation Services. View/edit/interact with Microsoft Office Word documents.
8-14
Administrative Accounts
Key Points
SharePoint 2010 needs a few domain accounts for setup and configuration. SharePoint uses these accounts for setup and/or administrative access to the farm. You can also use separate domain accounts for other service applications. The following summary provides information about the necessary administrative accounts.
8-15
You can manage this account by using Central Administration. This account has the following requirements: Domain user account permissions Local Administrator permissions on all SharePoint servers in the farm except Microsoft SQL Server and SMTP servers Access to SharePoint 2010 databases If you are running Windows PowerShell so that it affects databases: member of db_owner role Assigned to db_creator and security_admin SQL Server roles during setup and configuration
After you have run the configuration wizards, this account assumes the following characteristics: Becomes a member of the WSS_ADMIN_WPG security group Becomes a member of the IIS_WPG role Is granted db_owner permissions on the Config Database and CA Content Database
8-16
8-17
Managed Accounts
Key Points
A managed account is an AD DS user account whose credentials are managed by and contained in SharePoint. In addition to storing the credentials of the object, SharePoint Server 2010 can also use Active Directory domain policies to reset passwords automatically while meeting the requirements established by policy. You do not have to know the password for an account to assign it to service applications in SharePoint. You can manage these accounts from Central Administration, where you can view the existing managed accounts, register a new managed account, or change a password. Once you have established these accounts, you can assign them to a service application from Central Administration.
8-18
Note: Once a managed account is set up in SharePoint, the password for that account cannot be changed in Active Directory without synchronization issues. If a password is changed in Active Directory, you must manually change the password in SharePoint to match.
8-19
Lesson 2
By implementing isolation in your SharePoint environment, you can segment data into logical groups and give access only to those users who need it. Securing communication also helps keep users from accessing sensitive data.
Objectives
After completing this lesson, you will be able to: Describe how to manage isolation with a new application pool. Configure an application isolation pool. Configure SharePoint to use Secure Sockets Layer (SSL) communication.
8-20
Key Points
SharePoint uses application pools to isolate certain Web and service applications. There are advantages and disadvantages to using separate application pools for each Web application in your SharePoint farm.
Advantages
Different identities. Each application pool runs under a single domain account. The account has restricted permissions that allow it to do only what it needs to inside the specific Web application. Isolation of processes. Each application pool runs under a different process ID. This makes it easier to track events and logging corresponding to the process. Recycle/restart without affecting others. When an application pool is recycled, all Web sites using the pool are unavailable until the pool comes back online. Separate application pools limit this issue to a specific Web application.
8-21
Throttling of resource usage. Application pools use many resources, CPU, RAM, and disk. You can limit the usage of these resources to certain values in an application pool.
Disadvantages
Administration overhead. Managing one application pool versus managing multiple application pools. Idle worker process. When an application pool has been idle for a specific amount of time, the worker process associated with the application pool shuts down. When the site is accessed again, the worker process has to be recycled, which can take some time, and the user may experience a delay in accessing that page.
8-22
Key Points
This diagram shows a totally isolated environment. Each service application and Web application has been created with its own application pool. You should weigh the advantages and disadvantages previously discussed to determine whether this type of design is appropriate for your environment.
8-23
Key Points
Before you can enable SSL, you must have an SSL certificate. You can get one from a third party or create one using Active Directory Certificate Services (AD CS). When using AD CS, after installation you must create a certificate by using Internet Information Services (IIS). You can accomplish this by using the Service Certificates module in IIS 7. Once you create the certificate, you must install it on all Web front-end (WFE) servers in your farm. To configure sites to use SSL in SharePoint, you must either configure the environment to use SSL every time a new Web application is created or add an alternate access mapping (AAM) to an existing Web application. By adding an internal URL, you can add a new Web application zoned for the intranet that uses Secure HTTP (HTTPS).
8-24
Additional Reading
How to enable Active Directory Certificate Service in Windows Server 2008 R2 at http://go.microsoft.com/fwlink/?LinkID=197126&clcid=0x409. How to enable SSL on a SharePoint 2010 web application at http://go.microsoft.com/fwlink/?LinkID=197127&clcid=0x409.
8-25
Lesson 3
Services and service applications in SharePoint 2010 replace the Shared Service Provider (SSP) model in SharePoint 2007. There are many advantages to the service application model.
Objectives
After completing this lesson, you will be able to: Describe the SharePoint 2010 Service Application Framework service model. Describe service applications. Describe service application connections. Configure application connection groups. Plan service applications. Describe types of service applications. Implement service applications across farms.
8-26
Key Points
In SharePoint 2007, the Shared Service Provider (SSP) is a single point of failure that contains shared services, for example, search, profile, and Excel services. In many cases, there is a steep learning curve to understand how to use the SSP and how it interacts with the rest of SharePoint; consequently, it is difficult to deploy and manage. A Web application can be associated with only a single SSP, which means that the SSP in that farm has to contain every service that any Web application uses. Management is also inflexible because you either have access to the entire SSP or to none of it. The SSP is essentially a single database, so there is no way to scale to larger implementations. There is also limited documentation concerning larger implementations. The all-or-nothing approach of the SSP also leads to extraneous resource usage because a Web application has to use all services in the SSP, even if it needed only one.
8-27
Service applications (SAs) are the perfect alternative to the older Shared Service Provider architecture of SharePoint 2007. SAs are fundamental to the application and are included with the SharePoint Foundation Stock Keeping Unit (SKU). The SA model is much more flexible than is the SSP model: You can create more than one instance of a service application in a single farm. Web applications can consume any or all of the available services. You can also share service applications across farms. You can install applications separately from one another.
All of this gives you finer-grained control of the service that you are deploying to your users. Now, with the SA architecture, you can load balance the services in the farm on all front-end servers or just a subset of them, allowing for future scaling in the farm or even into the cloud. The SA architecture also allows for third-party development. Some other Microsoft products already have service applications that are installed to interact with SharePoint. You can manage all service applications in the SharePoint farm in Central Administration without having to navigate to an entirely different area to do so. You can also use Windows PowerShell to interact with service applications.
Note: When you upgrade from SharePoint 2007, your SSP is converted to service applications. Reference Module 12, Installing and Upgrading to SharePoint 2010 for more details.
8-28
Key Points
Several components make up the service application architecture. These components combine with one another to ensure that Web applications can consume services. Service. In SharePoint, you can configure services to run on the same server, or you can spread them across multiple servers. You can also load balance services automatically when two or more servers are configured to run a service. Service applications. Service applications are instances of services that are created. An application pool is associated with each service application instance. For most service applications, you can deploy multiple instances in a farm. You can also share them across multiple farms. Service application connections. For a service application to talk to a specific Web application, it must use a service application connection (proxy). A proxy is created automatically when you create a new service application.
8-29
Service application connection groups. You can group multiple proxies together, which is then referred to as a service application connection group (proxy group). Web applications. Web applications are the component that users see in their browsers. Web applications can consume any number of the services available.
Additional Reading
Services architecture planning at http://go.microsoft.com/fwlink /?LinkID=197128&clcid=0x409.
8-30
Service Applications
Key Points
You can create a service application instance by navigating to Manage Service Applications in Central Administration. There, you can see all of the service application instances that you have created, as well as create a new instance of a service application.
8-31
Physical instance. This is the actual process or Web service on the physical computer on which the service is running. Administrative interface. Some service applications have administrative Web sites where you can configure settings specific to that service application.
Additional Reading
Services architecture planning at http://go.microsoft.com/fwlink/?LinkID=197128&clcid=0x409.
8-32
Key Points
A service application connection, also known as a proxy, allows the user-driven Web applications to talk to service applications. Web Parts, the SharePoint object model, or internal code can use proxies to connect to service applications. Service application connections are created automatically when a service application is created. Example: 1. 2. When a search query is performed by the user, the Search Web Part on the WFE talks to the service application proxy. In turn, the service application proxy uses Windows Communication Foundation (WCF) to connect to the application server that is running the instance of the Search Service. This application retrieves information from the database and returns the results to the WFE to be displayed in the Web Part.
3.
8-33
8-34
Advantages
It is the simplest architecture to deploy. You deploy this architecture by using the SharePoint Initial Farm Setup Wizard. All service applications are available to all Web applications, meaning any Web application in the farm can consume any number of service applications. All service applications are managed centrally in one farm. This architecture provides the best use of resources because only one instance of each service group is needed.
8-35
Disadvantages
You cannot isolate service application data. Any Web application can consume any service application and its data. Individual departments or teams cannot manage service applications on their own.
Recommendations
The architecture that includes a single farm and a single service application group is the recommended configuration for most organizations, at least initially. This configuration works well when you want to host many sites for a single company on the same farm. Use this configuration to meet the following goals: You want to optimize the resources required to run service applications in a farm. You are sharing content and profile data across sites that otherwise require process isolation for performance or security reasons.
Advantages
The main Web applications have access to the service applications they need. Departments with a stricter data policy can have their own instances of service applications. Service applications can be managed departmentally by different user sets.
Disadvantages
This architecture is more taxing on farm resources because multiple instances of certain service applications have been created and run at the same time.
8-36
Recommendations
The architecture that includes a single farm and multiple service application groups is the recommended configuration for organizations that require that specific departments have their own isolated data and service application management. This configuration works well when you want to host many sites for a single company on the same farm, yet have some isolation. Use this configuration if you are sharing content and profile data across sites that otherwise require process isolation for performance or security reasons and you would like to isolate one departments data.
Advantages
The Web applications have access to only the service applications that they need. Departments with a stricter data policy can have their own instances of service applications. Service applications can be managed departmentally by different user sets. Data and service applications can be shared across farms.
Disadvantages
This architecture is the most taxing on farm resources because multiple instances of service applications have been created and run at the same time. This architecture requires more hardware to support the scaled-out infrastructure.
8-37
Recommendations
The architecture that includes multiple farms and multiple service application groups is the recommended configuration for large organizations that need distribution of data and/or management of service applications. This configuration works well when you want to isolate certain departments but share data across multiple farms. Use this configuration to meet the following goals: You are sharing content across farms. You are isolating certain department data from the rest of the farms.
8-38
Key Points
The biggest struggle when planning your service application infrastructure is striking a balance between performance and separation. The more proxy groups you define and use, the more you tax the servers in the farm. You should create new proxy groups only when you must isolate processes, data, or performance. Some typical services that are deployed for dedicated use are Excel Services, Managed Metadata, and Business Data Connectivity (BDC): Excel Services. To optimize performance for a targeted team or to isolate sensitive data. Managed Metadata. To allow a team or department to manage their own taxonomy, hierarchies, keywords, and so on. SharePoint Server 2010 combines the results of multiple Managed Metadata service applications so that taxonomies, content types, and other elements can be shared across an organization.
8-39
Business Data Connectivity. Individual teams or departments can integrate with their own line-of-business data systems and keep the data isolated from the rest of the organization.
8-40
Key Points
You can publish certain service applications and use them across farms. Some large implementations create a separate farm in which are kept all service applications that can be shared with all other farms to consume. This is most commonly done with Search and/or user profiles. Often, Managed Metadata is also shared so that an organization can share a single corporate taxonomy. Question: How would you use the Search Service as a cross-farm service application? Question: How would you use the User Profile Service as a cross-farm service application?
8-41
Key Points
You can publish certain service applications and make them available to other SharePoint farms to consume. To do so, servers exchange certificates across the farms. An administrator of the consuming farm must provide two trust certificates to the publishing farm: a root certificate and a security token service (STS) certificate. An administrator of the publishing farm must provide a root certificate to the consuming farm. You can export and copy certificates only by using Windows PowerShell 2.0. You must configure permissions on both the shared service application and the Application Discovery and Load Balancer Service Application. When everything is set up, you can publish the service for other farms to consume.
Note: If the farms are in two different domains, you must set up a two-way trust for User Profile or BDC Services to be shared.
8-42
Scenario
The Communications team at Contoso wants to publish content to the intranet by using Microsoft Word. The teams manager discovered that SharePoint includes a feature that can convert Word documents to Web pages and is complaining that the intranet site does not expose the document conversion command. Additionally, developers are experiencing errors that suggest some SharePoint services may not be running correctly. You have been asked to troubleshoot the problems and to ensure that SharePoint and Windows Services that are required to support the SharePoint farm are running correctly.
8-43
8-44
8-45
Results: After this exercise, you should have enabled document conversions on the intranet Web and configured and started several SharePoint farm services.
8-46
When you attempt to create this application, Central Administration will pause indefinitely. Wait two minutes, and then click Cancel.
8-47
Refresh the page, and then observe that the Managed Metadata Human Resources service application is listed as Stopped, and that there is no Managed Metadata Service Connection created for the service application. The Timer service must be running to process the jobs related to the creation of a service application.
Results: After this exercise, you should have experienced an effect of a stopped SharePoint 2010 Timer service and started the service.
8-48
Scenario
You recently inherited a SharePoint farm that was not set up using best practices. Your manager is a Certified Information Systems Security Professional (CISSP) and advocates security best practices. He would like you to explore the service account permissions and SSL settings of the SharePoint server and possibly change these settings to use specific service accounts. He would also like you to install SSL to secure the metadata that is traveling between the clients and servers.
8-49
8-50
Switch to Internet Information Services (IIS) Manager, and then confirm that the SharePoint Central Administration v4 application pool is now using the account, SP_Farm. Repeat the first step to reset the farm account to SP_Farm.
Results: After completing this exercise, you should have changed the farm account, reset its password, and configured the password change policy.
8-51
8-52
In the Actions panel, click Create Domain Certificate. Create a domain certificate with the following specifications: Common name: Contoso Organization: Contoso Organizational unit: SharePoint City/locality: Redmond State/province: WA Country/region: US Certificate authority: Contoso-SP2010-WFE1-CA Friendly name: Contoso
8-53
In the CONTOSO\SP_Farm row, click the Edit icon. Observe that the warning message you observed in Task 1 no longer appears. Close all open applications and windows.
Results: After this exercise, you should have configured Central Administration to use SSL.
8-54
Scenario
Your company Contoso has adopted SharePoint 2010 for many reasons. One is its new, more optimized service application environment and another is its ability to manage metadata. You want to allow sites in the client-facing Web application to use managed metadata and keywords, but you do not want managed metadata and keyword columns in the client Web application to have visibility into terms used internally. Therefore, you must configure a separate Managed Metadata Service for the client Web application.
8-55
8-56
Observe that there is an application proxy group labeled custom assigned to the intranet Web application.
Results: After this exercise, you should have configured a new managed metadata service application, modified the default proxy group, and created a custom application proxy group.
8-57
8-58
Review Questions
1. 2. 3. How would you use Active Directory markers in your environment? Which Active Directory accounts would you manage in SharePoint? Explain the different components of the service application architecture.
9-1
Module 9
User Profiles and Social Networking
Contents:
Lesson 1: Configuring User Profiles Lesson 2: Implementing SharePoint 2010 Social Networking Features Lab: A: Configuring User Profiles Lab: B: Administering My Sites 9-3 9-17 9-30 9-42
9-2
Module Overview
Social Computing has shown to be a growing trend for Internet related business; the impact it has brought to the corporate world has allowed for the evolution of information into a dynamic and rapidly changing form; information that communities of users can collaborate on and share with others within your organization. This is where social computing fits perfectly with the goals of Microsoft SharePointto be able to capture and share information, enable people to find information and other people, and the need to improve efficiency and productivity.
Objectives
After completing this module, you will be able to: Configure user profiles. Implement SharePoint 2010 social networking features.
9-3
Lesson 1
User profiles provide access to the people aspect of the social element of SharePoint. It provides the baseline to gather and capture information about the individuals you want to engage and interact with within your organization. In this lesson, you will see how that information can be gathered from different sources and the process to get that information into SharePoint.
Objectives
After completing this lesson, you will be able to: Describe the User Profile Service Application. Understand user profiles. Describe each of the profile properties. Understand data connections. Edit profile data.
9-4
Describe audiences. Describe the user profile synchronization process. Implement Microsoft ForeFront identity manager.
9-5
Key Points
The user profile service is a shared service in Microsoft SharePoint Server 2010 that provides a central location for configuring and managing the key elements of personalization settings and a key component in the social computing capabilities of the SharePoint platform. The manage profile service page cannot be accessed until an instance of a user profile service application exists. You can use the SharePoint Central Administration Web site in addition to Windows PowerShell to create and manage user profile service applications and other service applications for non-hosted environments. You can delegate management of a user profile service application to someone who does not have permissions to manage other services or settings contained in Central Administration.
9-6
Key Points
SharePoint users contain key characteristics by default and can optionally provide additional information about themselves that will enable users to communicate and share information effectively.
9-7
A good way to track a users people associations in the form of colleagues Client tools, like Microsoft Office Outlook 2010 can take advantage of user profile information.
Important: AD DS attributes and user profile properties may not necessarily match particularly where users are provided the capability to control information about themselves. This can make the synchronization and process a little complex. Knowing and understanding ADSI Edit is recommended.
Additional reading
Enable SharePoint Server 2010 Colleague in Outlook 2010 at http://go.microsoft.com/fwlink/?LinkID=197040&clcid=0x409. ADSI Edit at http://go.microsoft.com/fwlink /?LinkID=197041&clcid=0x409.
9-8
Profile Properties
Key Points
A profile property is the field that holds information about a given user that exists in your organization. An extensive set of fields is available and included by default. Examples include: skills, birthday, manager, and responsibilities. In many implementations, the default properties may be enough, but there are likely scenarios and situations that require the creation of custom properties. Examples might include items that describe a training path, certification, or product specialty. Since properties are specific types of data, and they do correspond to fields, when customizing we need to consider this. You can provide centrally defined values from the Managed Metadata Services Term sets to standardize on options and organizational policies.
Additional reading
User profile properties at http://go.microsoft.com/fwlink /?LinkID=197042&clcid=0x409.
9-9
Data Connections
Key Points
Data connections allow you to establish the relationship and connectivity to the source providing the profile data. There are sources that will be primary sources, which means they will be able to be defined by themselves with no additional data connections. Then there are secondary sources, which do require the configuration of a primary source. Primary sources are typically AD DS or LDAP Stores. Secondary sources are typically connections to line of business applications (LOBs) using the Business Connectivity Services functionality. A secondary source would complement the information retrieved from a primary source as it would be one directional and would not allow an overwrite of the information synchronized from a primary source.
9-10
Key Points
Profile data is stored in a SharePoint profile database as a replica of the source data. Based on the security settings of the profile properties, end users may actually be able to edit these properties by using their My Site or any custom profile editing page. Developers can write tools to update profile properties rather than using the importing mechanisms in SharePoint. Each profile property can have security set on it. This allows you to make profile properties required, optional, or even to disable a property if needed. You can also set the visible security of a property if it is sensitive data like a social security number, bank account number, or something similar.
9-11
Audiences
Key Points
Audiences are groupings of users determined by their memberships, for example, in AD DS or SharePoint groups, or by rules configured by an administrator. In Microsoft SharePoint Server, the audience rules can be based on information in the user profile; on membership in an identity management system, for example, AD DS or Microsoft Business Connectivity Services; or on the organizations reporting structure, assuming this information is stored in AD DS. Audiences are defined and contained in the User Profile Service Application. Audiences enable organizations to target content to specific users. Microsoft SharePoint Server 2010 allows targeting to the list-item level, rather than just to the list level. Each audience must be compiled before content can be targeted to that audience. Compilation identifies membership in an audience by crawling the data most recently reported from the identity management system.
9-12
Key Points
Profile synchronization in Microsoft SharePoint Server 2010 enables user profile service administrators to synchronize user and group profile information that is stored in the SharePoint Server 2010 profile store with profile information that is stored in directory services and business systems across the enterprise.
9-13
When you define the user profile synchronization, you need to meet the following security and process requirements: AD DS. At a minimum, the Replicate Directory Changes permission is needed on the AD DS domain(s) from which you wish to import data for SharePoint Server 2010. This account must be a member of the Farm Administrators group or must be an account that is designated as a user profile service administrator. If the NETBIOS name is different from the domain name, at least Replicate Directory Changes permission is also needed on the cn=configuration container. To export properties, such as profile pictures, from SharePoint Server 2010 to AD DS, at least Replicate Directory Changes permission is needed on the object and all child objects for the AD DS domains to which you want to export data from SharePoint Server 2010. Read/Write permission is also needed on the container that stores the user picture attribute, for example, the ThumbnailPhoto attribute. Authenticated users who have Replicate Directory Changes permissions will be granted readaccess to AD DS objects. Additional permissions can be granted using access control lists (ACLs) in AD DS. SharePoint Server 2010 will not write profile data back to AD DS unless Write permission is explicitly set on the account that has Replicate Directory Changes permissions. Business Data Connectivity service. The Business Data Connectivity model must include Finders and Specific Finders methods in SharePoint Server 2010 http://go.microsoft.com/fwlink/?LinkId=179316. Novell eDirectory version 8.7.3 (LDAP). Only Full Sync for users is supported in SharePoint Server 2010 SunOne version 5.2 (LDAP). Both full and incremental are supported. You must set up a change log to use Incremental Sync. IBM Tivoli 6.2 (LDAP). Both full and incremental are supported.
Profile synchronization can occur when profile information has changed in the SharePoint Server 2010 profile store or when profile information has changed in the directory service. After you configure profile synchronization, changes to either store are detected. Import or export occurs depending on the import/export settings for a particular user profile property.
9-14
Synchronization is defined within the user profile service application. This is configured and set up between SharePoint and the directory services applications that will provide the details on the user profile data being imported to be consumed by SharePoint. The high level process is defined by:
9-15
Key Points
Forefront Identity Manager (FIM) 2010 builds on the meta-directory, certificate and smart card management and user provisioning available in ILM 2007, and adds a rich management environment including integrated user management, selfservice for comprehensive credential management, group management, policy management, and expanded extensibility and connectivity. The benefit SharePoint 2010 gets from FIM 2010 relates to FIM providing the core engine that drives twoway replication between the source and the user profile imports associated. FIM 2010 feature investments are categorized into four areas.
Policy Management
SharePoint-based console for policy authoring, enforcement and auditing Extensible WS-* APIs and Windows Workflow Foundation workflows Heterogeneous identity synchronization & consistency
9-16
Credential Management
Heterogeneous certificate management with third-party CA support Management of multiple credential types Self-service password reset integrated with Windows logon as well as Webbased tool Integrated provisioning of identities, credentials, and resources
User Management
Automated, codeless user provisioning and de-provisioning Self-service user profile management
Group Management
Rich Microsoft Office-based self-service group management tools Offline approvals through Office Group and distribution list management also including dynamic membership calculation in these groups and DLs based on users attributes
9-17
Lesson 2
SharePoint 2010 brings social networking capabilities into the enterprise, where enormous value can be unlocked through information contained not in typical pages or files, but rather in social relationships, behavior, and expertise.
Objectives
After completing this lesson, you will be able to: Implement My Sites. Configure social networking features.
9-18
My Sites Overview
Key Points
My Site Web sites are personal sites in Microsoft SharePoint Server 2010 that provide users in an organization with a rich set of social networking and collaboration features. These features include: My Newsfeed page for managing colleagues, interests, and newsfeed settings My Content page for managing documents and other content such as lists, libraries, etc. My Profile page for managing things like user profile information and social tags and notes
These features give users a way to discover areas of expertise, projects, and business relationships from one central location. Each user can view his or her My Site Web site by clicking the corresponding user name in the top, right corner of any page and then clicking My Site.
9-19
In SharePoint Server 2010, My Site Web sites enable users to easily share information about themselves and their work. This sharing of information encourages collaboration, builds and promotes expertise, and targets relevant content to the people who want to see it. You can display profile properties to particular users in the organization, and enable administrators to set policies to protect privacy. My Site Web sites in SharePoint Server 2010 include the following: A profile for each user where users can share their expertise, profile pictures, and so on A newsfeed for tracking activities such as social tags, status updates, note board notes, and content ratings A tag and note tool that helps you conveniently tag or post notes on sites directly from a Web browser A shared picture library, shared document library, and personal document library with the ability to create and manage additional content as standard on other SharePoint site types The ability to add Web Parts such as a Really Simple Syndication (RSS) viewer, or My Links, to see a list of your saved libraries and links An organizational browser that uses Microsoft Silverlight 3 to provide a dynamic organizational browsing experience The ability to manage colleagues and memberships from one location
9-20
Key Points
The user profile service stores information about users in a central location. Information in a users profile includes a profile picture, the organization to which a user belongs, colleagues, and properties such as skills. SharePoint Server uses this information to personalize the data presented on a users My Site Web site. In order to provision My Site Web sites and enable social computing features such as social tagging and newsfeeds, you must create and enable the user profile service. The My Site Host is a special purpose site collection used for hosting My Site Web sites. The content part of My Site Web sites is hosted in its own site collection. My Site Host site collections are not created automatically in SharePoint Server 2010. An administrator of the User Profile Service Application must first create a My Site Host site collection before provisioning My Site Web sites in addition to the Web application that serves as its host.
9-21
Trusted My Site Host locations are used in organizations where multiple server farms are deployed or where multiple user profile service applications are configured. In such environments, users can create multiple My Site Web sites. For example, in a geographic deployment with a central farm in Europe and a regional farm in Africa, a user can click the My Site link when browsing content hosted by either farm. Consequently, the user can create a My Site Web site on the Europe farm and a My Site Web site on the Africa farm. If your organization includes multiple farms or multiple User Profile Service Applications that host My Site Web sites, you can prevent users from creating multiple My Site Web sites by using the Trusted My Site Host Locations feature. This feature enables you to specify trusted My Site locations. When trusted My Site locations are specified, users are redirected to the My Site that is intended for their user accounts, regardless of where they are browsing when they click the link to create a My Site Web site. This feature ensures that each user creates only one My Site Web site in the organization and relies on audience targeting. Pages support the three distinct views of My Sites: My Newsfeed page that shows colleague activities My Content site that lists shared documents, personal documents, pictures, libraries, lists, discussion boards, and surveys that a user owns My Profile page that displays personal profile information
Users can navigate between these pages by clicking the links on the My Site link bar at the top of the page. My Site Web sites rely on the following related features: Profile synchronization. Enables you to integrate profile information that you have stored in a directory service such as Active Directory Domain Services (AD DS) or a business system, such as SAP or Siebel, with SharePoint Server 2010. Expertise tagging. Lets users list the areas in which they have experience as part of their profile. This information can be used by other users in the organization to locate subject matter experts for a particular area. People search. Lets users find people by department, job title, knowledge, expertise, and common interests.
9-22
Deploy My Sites
Key Points
After a farm administrator has created a user profile service application, a designated administrator of the user profile service application can manage the following My Site Web site settings: My Site Web sites setup Trusted My Site host locations Personalization site links Links to Microsoft Office 2010 client applications
To perform the initial setup of My Sites, you must do the following: Create a My Site Host Web application, for example mysites.contoso.com. Dont forget to add a DNS host (A or AAAA) record. Use either the My Site Host site definition (template) or a blank site template.
9-23
Create a search center site collection, for example mysites.contoso.com/sites/Search using a search center site definition such as Enterprise Search Center. Give users permission to the search center. For example, add the Domain Users group to the search center Visitors group, or give Domain Users read permission to the search center. Add a managed path for My Sites, for example personal, with wildcard inclusion. Enable self-service site creation for the Web application. On the Manage Service Applications, click the link for the User Profile Service Application. You will be prompted to set up My Sites. Enter the URL to the My Site host, the search center, the managed path, etc. You will perform these procedures in the lab for this module.
Administrative Credentials
To use Central Administration to set up My Sites, you must be a member of the Farm Administrators group or a Service Application Administrator for the user profile service application.
9-24
Key Points
To configure social networking features including My Sites, user profiles, organization profiles, and profile synchronization, open the Manage Profile Service page: 1. 2. On the Central Administration page, under Application Management, click Manage Service Applications. On the Manage Service Applications page, click the name of the user profile service that you want to manage. The Manage Profile Service page opens. 1. In the People section, you can configure user permissions. By default, Authenticated Users have permission to use all social features and to create My Sites. You can restrict the permissions of users in your enterprise by removing Authenticated Users and adding specific groups or users.
9-25
2.
Click Manage Policy to specify which social and My Site features are visible, and to control the visibility level of profile attributes.
You can enable or disable social tags and note boards for a user or group. See http://go.microsoft.com/fwlink/?LinkID=197047&clcid=0x409. In the Manage Farm Features page, you can disable the Social Tags and Note Board Ribbon Controls, which removes the I like it and Tags and Notes commands from the ribbon. This is a user interface change only, but if you disable tagging, you should remove the social ribbon control so that users dont click it, only to discover that it doesnt work. The Trusted Host Locations setting specifies other locations for My Sites that are trusted. This is not necessary in a typical farm that has only one User Profile Service Application. However, if you have multiple farms or multiple User Profile Service Applications, you should add the locations of their My Sites as a trusted host location. If you want to push a link to a users My Site, click Configure Personalization Site. Links created here can be targeted to audiences, and appear in the top navigation bar of a users My Site. You can also push links into Microsoft Office client applications. Click Publish Links to Office Client Applications.
Additional reading
Enable or disable personal and social features for users or groups at http://go.microsoft.com/fwlink/?LinkID=197043&clcid=0x409. Activate or deactivate the SocialRibbonControl farm-level feature at http://go.microsoft.com/fwlink/?LinkID=197044&clcid=0x409. Plan policies for user profiles at http://go.microsoft.com/fwlink /?LinkID=197045&clcid=0x409.
9-26
Audiences
Key Points
Audiences group users in an organization so that you can personalize information to ensure that it is relevant to them. Audiences enable organizations to target content to specific users. Audiences are groupings of users determined by their memberships in Microsoft Exchange distribution lists (DL) or SharePoint groups, or by rules configured by an administrator. In Microsoft SharePoint Server, the audience rules can be based on information in the user profile; on membership in an identity management system, for example, Active Directory Domain Services (AD DS) or Business Connectivity Services; or on the organizations reporting structure (if this information is stored in Active Directory). Audiences are defined and contained in the User Profile Service Application. When you configure an audience, you specify one or more rules to determine the membership of the audience. The rules will be applied as All, or Any.
9-27
When you add a new audience, you also select an owner for the audience. This is an informational attribute onlyit does not grant any permissions. The owner should be someone who understands why the audience was created and who can be contacted if there is a problem with the audience. The person who created the audience is often specified as the owner, but this is not a requirement. Having audience owners is helpful in enterprises that have a large number of audiences created by several different administrators. Each audience must be compiled before content can be targeted to that audience. Compilation identifies membership in an audience by crawling the data most recently reported from the identity management system.
Note: You will not see membership of a new audience until it is complied.
Additional reading
Add, edit, or delete an audience (SharePoint Server 2010) at http://go.microsoft.com/fwlink/?LinkID=197046&clcid=0x409.
9-28
Organization Profiles
Key Points
Organization profiles support the creation of communities of practice. Much like user profiles, an organization profile has attributes and relationships to other organizations and users. It becomes very important for an organization to be able to categorize and identify users based on organizational needs or to identify specific levels of expertise with your community of work. It is important to gather and assess the value of networks of knowledge and expertise. For example, giving you the opportunity to identify specific resources with experience in a given product. It allows making those networks stronger and better aligned with the needs an organization has. Finding communities of interest allows for internal subject matter experts and perhaps even the furthering of the adopting of an environment such as SharePoint 2010.
9-29
Providing insight into an organizations makeup provides you with a better understanding of how to find information that is essential to how a task is performed and who to go to in case of questions. An organizations profile lets you know how and where to find information by better defining the teams, departments and individuals that are part of it.
9-30
Scenario
Your corporation has never had an employee directory despite the multiple requests of the Human Resources department. Since implementing SharePoint 2010, the Human Resources department has again requested the directory be implemented using SharePoint user profiles. Previous IT policies prevented making changes to Active Directory and forced the creation of a separate Human Resources database of user information. You have been tasked to set up user profiles in the new farm using Active Directory as the primary data source and integration with profile properties that come from the secondary HR data source.
9-31
9-32
Note: It can take up to 5 minutes for the ProfileSynchronizationSetupJob to appear on the Running Jobs list. If you dont see the job start, re-start the timer service, but be sure you DO NOT restart it if this job is running.
Monitor the page. Press F5 to refresh the page. Repeat this step until the ProfileSynchronizationSetupJob disappears.
Navigate to the Job History page. Confirm that the Status of ProfileSynchronizationSetupJob is Succeeded. Click the System Settings link and then navigate to the Services on Server page. Confirm that the Status of the user profile synchronization service is Started. Close SharePoint 2010 Central Administration.
9-33
If a service is not started, then press F5 to refresh the view. Repeat this step until the services have started.
Close the Services console. Open the folder C:\Program Files\Microsoft Office Servers\14.0 \Synchronization Service\MaData. Confirm that the ILMMA folder exists. Confirm that a folder named MOSS-GUID exists with todays date. If they do not exist, wait until the timer job has completed fully, at which point the folders will appear.
Close the Windows Explorer window that is showing the MaData folder.
9-34
Results: After completing this exercise, you should have created a new User Profile Service Application and started all services related to user profile synchronization.
9-35
9-36
Password: Pa$$w0rd Containers to synchronize: the People, SharePoint, and Users organizational units (OUs)
Tip: l (lowercase L) is the Lightweight Directory Access Protocol (LDAP) name for the locale, or city attribute.
9-37
Results: After completing this exercise, you should have configured and performed user profile synchronization.
9-38
9-39
9-40
Business data connectivity entity: AdventureWorks Connect as a 1-to-1 mapping with the EmployeeID profile property
9-41
Question: What group does the farm account have to be in in order for user profile synchronization to work?
Results: After completing this exercise, you should have configured and performed profile attribute synchronization from an external source.
9-42
9-43
Create a new site collection in the Web application with the following configuration: Title: My Site Host Template: My Site Host Primary site collection administrator: CONTOSO\SP_Admin
9-44
Results: After completing this exercise, you should have configured My Sites.
9-45
Note: If My Profile is not visible, click My Settings, and then click My Profile.
Click My Content. A My Site is created. The Processing screen may display for 1 to 2 minutes. Click My Profile. Review the tabs on the My Site.
9-46
Configure your birthday to display to My Colleagues. Save your changes. On the profile page, click More information. Observe that the newly populated profile properties are now visible.
Results: After completing this exercise, you should have created a My Site for Dan Jump, and modified his user profile.
9-47
9-48
Open the Information Technology Members page, and then make this group the default group for the site. Close Internet Explorer.
9-49
Results: After this exercise, you should have configured various social networking features.
9-50
Question: What group does the farm account have to be in in order for user profile synchronization to work?
10-1
Module 10
Administering and Configuring SharePoint Search
Contents:
Lesson 1: Configuring Search Lab A: Configuring Search Lesson 2: Refining Search Lab B: Tuning SharePoint Search 10-3 10-24 10-41 10-48
10-2
Module Overview
Configuring and refining Microsoft SharePoint 2010 Search correctly are critical to finding content in your organization in a quick and relevant manner. Enterprise Search has been greatly enhanced to provide for a consistent and interactive environment for you to organize and find your content and/or external content.
Objectives
After completing this module, you will be able to: Configure the search features of SharePoint Server 2010. Refine searches in SharePoint 2010.
10-3
Lesson 1
Configuring Search
By configuring SharePoint Search in your environment, you can help users have a better experience when searching for content. This lesson teaches you how to configure Search to match your organizations needs and also monitor issues that may arise.
Objectives
After completing this lesson, you will be able to: Describe SharePoint 2010 Search editions. Describe the SharePoint 2010 Search architecture. Understand how to scale searching. Describe content distribution. Administer searching.
10-4
10-5
Key Points
SharePoint 2010 Search has three different product editions: Search Server 2010 Express. Search Server 2010 Express can only be used as a standalone system and has the following characteristics: Scales to 10 million items with subsecond response times. Search Server 2010 Express can meet the scale and performance needs of your organization. Searches 31 file types using the extensible iFilter platform, including Microsoft Office; Hypertext Markup Language (HTML); SharePoint 2003, SharePoint 2007, and SharePoint 2010 sites; Open Document format; and many others. Helps find information across your company in 51 languages. Improvements include compound handling, numbers, and dates in languages such as Thai, Russian, and Arabic.
SharePoint 2010 Search. SharePoint 2010 Search includes all the features of Search Server 2010 Express but can be scaled to several servers.
10-6
Microsoft FAST Search Server 2010 for SharePoint. FAST Search adds increased performance and relevancy tuning algorithms, along with several layers of extensible interfaces.
Each of these is a different product with different features. As you move down the list, each edition builds on the last, adding more features. This module concentrates on SharePoint 2010 Search.
Additional Reading
SharePoint 2010 Enterprise Search at http://go.microsoft.com/fwlink /?LinkID=192165&clcid=0x409.
10-7
Key Points
In SharePoint 2007, the search architecture has several limitations: Only one Search database is shared by the crawl and query components. In larger environments, this introduces latency in both crawling content and querying indexes. There is also a large impact on Microsoft SQL Server resources. Often, crawling has to be done during nonbusiness hours so as not to interfere with searches during the business day. Consequently, the content is refreshed only once a day. A single index file stored on the query servers is used, creating a single point of failure and no scalability. If the index file is corrupted or lost, a full crawl has to be completed.
10-8
In SharePoint 2010, there are four main components to the search architecture:
Component Crawl components Description Role of the index servers. Can be scaled out to include additional servers for balancing the index. Crawler is a stateless worker and does not store any of the index on the hard drive. When crawling is complete, it propagates the content to the query servers. Crawl History databases and metabase database Index partitions Both stored in SQL Server, which can be scaled with additional databases and/or servers. Crawl History database stores the history and logs of past crawls. Metabase database stores the metadata of searched items. Role of the query servers. Can be scaled out to include additional index partitions on additional servers. Administration component Search Admin database. There is only one, used for Search Administration page in Central Administration; no need to scale.
10-9
During the indexing process, the crawler accesses and reads content items. The process of extracting the information from these files results in a content index that is propagated to the file system of the query server and the Search database in SQL Server. User search queries run against this content index and the Search database. Depending on how much content you have, you may need more than one crawling server. Similarly, depending on the number of users and queries they send, you may need more than one query server to service their requests.
Additional Reading
Whats new in enterprise search at http://go.microsoft.com/fwlink /?LinkID=197049&clcid=0x409.
10-10
Scaling
Key Points
Using the built-in management tools, you can monitor the usage of your crawlers and query servers. When their performance starts to degrade, you should consider adding more of them. Because of the componentized architecture of SharePoint 2010 Search, you can scale very easily compared with SharePoint 2007 Search. Each crawl server in the farm can crawl different content so that a multithreaded approach can be used to create the index. Also, adding crawl databases relieves input/output (I\O) contention issues because all crawl servers wont be trying to write to the same database at the same time. Multiple query servers allow for load balancing of requests. Also, each query server has a smaller partition of the index. When a query comes in from a user, all query servers are notified and search their part of the index. The results are merged and then presented to the user.
Additional Reading
Search Architectures at http://go.microsoft.com/fwlink/?LinkID=167739.
10-11
Content Distribution
Crawl Distribution
In SharePoint 2010, you can distribute the crawl role to multiple servers. This allows for built-in load balancing of crawls. You can also create more crawl databases to ease the burden on the hardware. You can overwrite the default load balancing by using host distribution rules. With these rules, you can force certain crawlers to crawl certain content. You can also implement crawler impact rules to reduce the load on the content sources being crawled.
Query Distribution
You can distribute the query role to multiple servers so that users have a faster search experience as a result of load balancing. Crawlers partition the data, called an index partition, and propagate it to each query server. When a user searches, all query servers are notified to look for content. When the content is found, all results are consolidated and sent back to the user.
10-12
Administration
Search Administration
After the planning and installation of SharePoint, you must make sure that the services that make up Search are running on a server in the environment.
10-13
On the Search Administration page, you can configure the following items:
Component System status Details Configure the default account used to access content Configure the contact email address Configure the proxy server information Scopes update schedule Enable/disable search alerts and query logging Note: These settings must be configured before using the Enterprise Search service. Crawl history Shows you, by content source, the past crawls and any errors that were encountered. It also shows the start time, end time, and duration of each crawl. Shows you the components used to make up the search architecture. Any crawl, query, administration, or database components are shown here along with their status.
Farm-Level Administration
On the Farm Search Administration page, you can see the following farmwide settings: Proxy server being used for the entire farm. A proxy server is used in most organizations to access the Internet. This setting allows you to crawl content that is external to your network. Time-out settings for a search. Configure the amount of seconds the search system waits when connecting to a content repository. Ability to toggle on/off Secure Sockets Layer (SSL) warnings. If SSL warnings are on, the crawler will not crawl a site if the site name does not match the name on the SSL certificate.
Note: These settings must be configured before using the Enterprise Search service.
This page also contains links to the Search Service application and to where you can modify the topology.
10-14
Additional Reading
Post-installation steps for search at http://go.microsoft.com/fwlink /?LinkID=197050&clcid=0x409.
10-15
Crawl Configuration
Content Sources
SharePoint 2010 enhances content sources and how they are indexed. It now supports more than 400 structured and unstructured content types. You can have up to 500 content sources, each supporting up to 500 start addresses. The content processing algorithms were enhanced to use stronger linguistics. Support for crawling 85 different languages has been added. Also, there are now ways to build custom content types to crawl external data using a common connector framework. After creating an instance of the Search service application, a default content source is created: Local SharePoint sites. Crawls are not performed or scheduled automatically when a Search service application is created unless you do a basic installation.
10-16
When creating a new content source, you can select the type of content to be crawled. SharePoint sites, Web sites, file shares, Microsoft Exchange Server public folders, line-of-business data, and custom repositories can be crawled. By selecting Line Of Business Data, you can choose a Business Data Connectivity (BDC) service application to crawl. You can crawl either all data sources associated with that service application or just a subset. You also can create new content source types for crawling custom repositories. To do so, you must register a custom connector. You can schedule full crawls or incremental crawls. You typically use full crawls only for the first crawl because they create the index from scratch and take a lot of time to complete. By setting the content source priority for crawls, you can prioritize certain content sources over others.
Crawl Rules
You can configure crawl rules to omit or include certain paths during a crawl. You can do so to exclude sensitive data in the farm that should not be searchable. Example: Files starting with a certain phrase such as SSN All files under a certain folder, such as the Payroll folder Certain Web sites, such as the Completed HR InfoPath forms library
Use Search Administration to create a crawl rule by providing a path that should be affected by the rule. You can also use wildcards (*) to denote all folders or files under a path. You can choose to exclude all items in the path or just ones with complex URLs. You can also choose to include all items in the path instead. Specifying different authentication to the content source is also supported.
Crawl Logs
Crawl logs provide information about all content that was indexed for a particular content source. They can provide insight on why some content was not indexed and any errors that were encountered during the crawl.
10-17
It is very possible that after running a full or incremental crawl you lose some of your search results. This could indicate any number of errors including the following: Permission error, such as a possible password change iFilter error, such as a file does not have a supported iFilter installed Protocol error, such as a possible blocked protocol in the environment
You use a crawl log timer job to schedule how often the logs are refreshed. By default, this interval is set to five minutes, but you can change this in the settings. Using the crawl logs in Search Administration helps you troubleshoot issues with Search and resolve them in a timely manner.
10-18
Additional Reading
Manage crawl rules at http://go.microsoft.com/fwlink /?LinkID=197051&clcid=0x409. Best practices for using crawl logs at http://go.microsoft.com/fwlink /?LinkID=197052&clcid=0x409.
10-19
Query Configuration
Authoritative Pages
You can use authoritative pages to enhance the overall search rankings of items in a site. Sites can be added to the following areas: Most authoritative pages. The items on these pages show up first in the search results and are ranked higher than the rest. By default, the first Web application created in the farm is added to this field. This is a required field. Second-level authoritative pages. These items show up right under the most authoritative pages and the search rankings are slightly lower. Third-level authoritative pages. Yet another level of authoritative pages that controls search rankings and results page placement. Sites to demote. The sites placed here are actually pushed to the bottom of the search results page and are the lowest in the search rankings.
You can also force a refresh after you make any changes to the rankings.
10-20
Federated Search
With Federated Search, you can use other search indexes to supplement your own, and vice versa. Use Federated Search when you already have other search architectures in place. Rather than have SharePoint replicate the indexing process, you simply federate results from other repositories of content. Following are several reasons why you might set up Federated Search: You have a need for a quick, powerful way to bring together results. Data is distributed across many repositories. Multiple interfaces are complicated. Size, security, or cost makes crawling infeasible. Search already exists on repositories.
OpenSearch is a popular term used for search engines/products that support interoperability between searching and indexes. The interface is very simple, searches are performed over HTTP requests, and results are returned as really Simple Syndication (RSS) and Atom feeds. When you plug in other federated OpenSearch providers, you must provide an .osdx file of those search systems. Consider the following points before doing this: How will security be implemented? The provider is responsible for security trimming, not SharePoint.
Metadata Properties
When SharePoint Search crawls data, it automatically extracts metadata from the content. You can map these crawled properties to managed properties to drive a taxonomy that users can use to refine search results. The managed property types that you can configure are as follows: Text Integer Decimal Date and time Yes/no
10-21
Also, you can use multiple values at the same time when mapping.
Example
A text type managed property (UserName) is configured and is mapped to the crawl property People:UserName(Text). During a crawl, when content with a UserName attribute is found, it is linked to the UserName managed property. When users search on this content, they can refine the results to only those that are owned by a specific UserName.
Search Scopes
Search scopes are subsets of content from the search index file. Users can choose a specific search scope when searching by using the drop-down menu to the right of the search box. You can create search scopes for the following items: Project data that needs to be searched separately A specific content source that contains data from only one Web site An organizational group that needs to see only their data
A search scope can encompass several other search scopes and can be set at either the service application level or the site administration level. You can also configure a search scope to send users to another search results page when they search on that scope.
Additional Reading
Manage federated locations at http://go.microsoft.com/fwlink /?LinkID=197053&clcid=0x409. Manage metadata properties at http://go.microsoft.com/fwlink /?LinkID=197054&clcid=0x409. Manage search scopes at http://go.microsoft.com/fwlink /?LinkID=197055&clcid=0x409.
10-22
Search Reporting
Key Points
SharePoint 2010 makes it easy for administrators and users to manage Search. Reports can give them a view into their environment. The first step is to make sure that the Web Analytics service application is started in the farm. When users run search queries, Web analytics data is gathered, and every 24 hours the data is processed into reports. The gathering process allows the Web Analytics service to provide automatic recommendations for Best Bets for administrators. The data also helps identify I/O issues and memory pressure from crawl and query statistics. The analytics data can be displayed in three different levels: Farm level (Central Administration, Administrative Reports, Monitoring, View Administrative Reports) Web application level (Monitoring, View Web Analytics Reports) Site collection level (Site Settings, Site Collection Web Analytics Reports)
10-23
Additional Reading
Use search administration reports at http://go.microsoft.com/fwlink /?LinkID=197056&clcid=0x409.
10-24
Scenario
You have installed a new SharePoint 2010 farm to address the needs of employees at Contoso, Ltd., to search for information across both intranet sites and shared folders. You have been asked to prototype a SharePoint search capability on the Information Technology Department Web site and, based on your experience with the prototype, to configure SharePoint to support search requirements.
10-25
10-26
Create a file named C:\Data\Temporary Drafts\Crawl Rules.txt with the following text:
SharePoint crawl rules allow you to manage the content that is included and excluded.
Results: After this exercise, you should have created text files in a shared folder.
10-27
An error message appears. The SharePoint Server Publishing Infrastructure feature must be active to create a Web using the Enterprise Search Center site definition. You can create a Web using the Basic Search Center site definition without activating the SharePoint Server Publishing Infrastructure feature. The SharePoint Server Standard Site Collection Features feature must also be active before you can create a Web with either site definition. Close the error message.
10-28
Results: After this exercise, you should have created a Search Center and tested the default behavior of SharePoint Search.
10-29
Monitor the crawl status of the Shared Folder - Data content source until the full crawl is complete.
10-30
10-31
Results: After this exercise, you should have created a content source for the shared folder Data, a crawl schedule, and a crawl rule that excludes files from the Temporary Drafts folder.
10-32
10-33
Note: Deployment is a term in the PDF file. You must install a 64-bit iFilter for PDFs on all servers that perform indexing to index the contents of PDF documents successfully.
Results: After this exercise, you should have created a file type for PDFs.
10-34
10-35
Results: After this exercise, you should have configured a variety of search settings.
10-36
10-37
Tip: When adding the mapping to the crawled property ows_Summary(Text), select SharePoint from the category list.
10-38
Add the following element as the last element in the <ResultType DisplayName="All Results" Name="Default"> element:
<PropertyRef Name="ContosoSummary"/>
Results: After this exercise, you should have created a new managed property and customized the advanced Search Center to expose a capability to search with the new property.
10-39
10-40
Results: After this exercise, you should have created a new search scope and added the scope to the Information Technology Department Web.
10-41
Lesson 2
Refining Search
When you refine SharePoint Search in your environment, users have better search results and a more interactive experience when searching for content. This lesson teaches you how to refine Search to improve how it works and how relevant the results are.
Objectives
After completing this lesson, you will be able to: Describe the concept of search relevance. Use the Refinement panel. Understand how to use keywords and Best Bets. Eliminate noise words. Use the thesaurus.
10-42
Relevance
Key Points
Relevance is about how closely the search results returned to the user match what the user wanted to find. Ideally, the results on the first page are the most relevant so that the user does not have to look through several pages of results to find the best matches for the search. Enterprise Search in SharePoint includes a revamped ranking engine developed in collaboration with Microsoft Research. It is specifically tuned for the unique requirements of searching enterprise content. The following factors can affect search rankings: Static or dynamic algorithm. Dynamic ranking looks at the properties of the content to decide how relevant it is. Static ranking ignores the metadata and just looks at the content itself, such as file type and language. Authoritative pages. Sites that are manually configured to be higher in the search rankings than others.
10-43
Social tagging and ratings. In SharePoint 2010, users can tag certain items or sites that they like so that they can find them quicker the next time. They can also rate items or sites. Both of these actions increase the relevancy of the item. Click-through history. The more a search result is clicked, the higher the search ranking for that item.
Overall search results are also security filtered, meaning that if a user does not have access to a document, that document will not show up in the search results.
Additional Reading
Relevance in SharePoint Search at http://go.microsoft.com/fwlink /?LinkID=197057&clcid=0x409.
10-44
Refinement Panel
Key Points
The Refinement panel is a new feature of SharePoint 2010 Enterprise Search. It allows for multifaceted searching so that users can search for items and receive hundreds of results. Users can filter the results using metadata such as the following: File type. For example, Word files, Microsoft Office Excel files, PDFs Site. For example, the company intranet, microsoft.com Author. For example, Bill, Steve, Nancy Modified date. Taxonomy. For example, specific keywords
You can link these properties to managed properties in Search Administration, but you must edit the Refinement panel Web Part as well to take advantage of any new properties. Because the Web Part is editable, it is extensible to third-party development.
10-45
Key Points
Keywords are words that are attached to content to help make it easier for users to find specific content when searching. Best Bets are keywords that raise the search rankings for that content. You add Best Bets to a keyword to mark the items that are most relevant for that keyword. When a portal user types a keyword into the search box, all results for that keyword are displayed prominently in the search results. After you add, edit, or delete a keyword or Best Bet, you must wait until the next scheduled update of the portal content before the Best Bets appear in the search results. Because Best Bet results are rendered in their own Web Part, you can move them around the search page wherever you like. You can also change the Extensible Stylesheet Language Transformations (XSLT) that is used to display the results of the Best Bets.
10-46
Noise Words
Key Points
Noise words are words that are disregarded during a search. There are a list of predefined noise words out of the box, including words such as it, is, and a. You can add noise words to the noise word list by adding them to the language file. There are noise lists for each language and a language-neutral list. The file names are like noise*.txt (US English = Noiseenu.txt). When you want to reduce the size of the index you can add noise words to the noise word files. By adding noise words, you effectively tell the indexer not to add the words to the index. When a noise word is added, it is automatically removed from any search thereafter. There is no need to reindex the content.
10-47
Thesaurus
Key Points
You must train SharePoint Search on how some words relate to each other. Out of the box, words such as run and jog are not considered the same. You must build thesaurus files to tell SharePoint how these words interact. This allows users to replace words in a query with other words that they specify or to extend the definition to include other words. A thesaurus file must be built for each language you support in your environment.
10-48
Scenario
During the testing of the prototype Search Center on the Information Technology Department Web Search Center, users complained that the relevance of results was not accounting for the fact that the most important files are, at this point, the files stored in shared folders. Users also pointed out that searches with specific keywords should yield predefined results that are likely to be most useful, and that certain keywords should be treated as synonyms. Finally, the governance committee added a requirement that you prevent searches using keywords that are frowned on by Contosos employee ethics policies. You are tasked with refining SharePoint Search to meet these expectations.
10-49
10-50
Tip: You might need to scroll to the right, and to the top, to see the properties panel.
10-51
After making your changes to the Web Part, click Save & Close.
Results: After this exercise, you should have created keyword Best Bets and customized the presentation of Best Bets.
10-52
Tip: If the number of results is reported as an approximate number, page through the results so that you can identify the exact number of results that were returned.
10-53
Tip: If the number of results is reported as an approximate number, page through the results so that you can identify the exact number of results that were returned.
10-54
Perform a search for the keyword MOSS. Verify that the number of results is equal to the number of results returned when you searched for sharepoint. Search results appear because searching for MOSS now produces search results for SharePoint through replacement.
Perform a search for the keyword WSS. Write down the number of results. More results appear than in Task 1 because searching for WSS also returns results for the term SharePoint Foundation because of expansion.
Results: After this exercise, you should have modified the English thesaurus file.
10-55
10-56
Note: In a production environment, you should consider reindexing all content after modifying the noise word file so that the words are removed from the index itself.
Results: After this exercise, you should have added new noise words and validated the behavior of noise words.
10-57
Review Questions
1. 2. 3. How would you design the architecture for your environment? How can reporting be used to better understand your environment and assess needs for changes to the infrastructure? How can you use relevance tuning to give your users a better search experience?
11-1
Module 11
Implementing Office Web Apps
Contents:
Lesson 1: Implementing Business Connectivity Services Lesson 2: Configuring Excel Services Lesson 3: Understanding PerformancePoint Services Lesson 4: Implementing InfoPath Forms Services Lesson 5: Implementing Visio Services Features Lesson 6: Implementing Access Services Lesson 7: Implementing Office Web Apps Lab: Implementing Office Web Apps 11-4 11-13 11-22 11-29 11-36 11-42 11-47 11-52
11-2
Module Overview
When discussing Microsoft SharePoint, it is important that you understand you are working with a business platform. SharePoint is an environment that lets you enable different services that act as a gateway to applications and tools that bring business value to the user. SharePoint provides tools you have used and are familiar with in your day-to-day activities. You can configure and enable services that allow access to data that resides in line of business applications such as ERP systems or database environments that host data or the information thats critical for your business. For example, SharePoint can work as a central repository that is connected to your organizations help desk environment to keep track of service tickets. Being able to access information is a great capability that brings information closer to the user and provides services that allow for visualization in a graphical manner rather than in a tabular format. Graphic representations of data are attractive and appealing to the user.
11-3
Objectives
After completing this module, you will be able to: Describe business connectivity services. Configure Excel services. Describe PerformancePoint Services. Configure InfoPath services. Implement Visio services. Implement Access services. Install Office Web Apps.
11-4
Lesson 1
Business Connectivity Services (BCS) is the gateway to an interconnected approach to data. You can configure data through a central location that allows you to use, reuse, and modify the data. The capability of using BCS as a means to access information that you can then integrate with the profile elements of SharePoint make it an important concept to understand.
Objectives
After completing this lesson, you will be able to: Describe BCS. Configure BCS. Describe Business Data Catalog indexing.
11-5
Key Points
BCS is the new name for what was previously called Business Data Catalog (BDC). BDC still exists and is very much a part of the new BCS functionality. BCS is a set of services and features that provide a way to connect SharePoint solutions to sources of external data and to define external content types that are based on that external data. External content types resemble content types, in the form of using columns to define the information they will hold, and allow the presentation of and interaction with external data in SharePoint lists, known as external lists, and include: Web Parts Microsoft Office Outlook Microsoft SharePoint Workspace 2010 Microsoft Office Word 2010 clients.
11-6
External systems that BCS can connect to include: Microsoft SQL Server databases SAP applications Web services including Windows Communication Foundation Web services Custom applications Web sites based on SharePoint
By using BCS, you can design and build solutions that extend SharePoint collaboration capabilities and the Office user experience to include external business data and the processes that are associated with that data. Examples of the BCS goals are to: Bring external data into SharePoint. Provide external data in a central location. Extend the reach of enterprise data. Enable you to easily create and customize solutions.
Custom Solutions
Using BCS, you can create, read, update, delete, and query (CRUDQ) external systems from a Microsoft Office application or SharePoint site if the external system supports the operations and is appropriately modeled in the BDC service. The core function of BDC is to provide connectivity support to the following types of external systems: Databases Web/WCF services .NET connectivity assemblies Custom data sources
11-7
Description In addition to connectors for the previous list of data sources provided by BDC, BDC provides a pluggable framework with which developers can plug in connectors for new external system types, thus enabling these new data source types to be accessed via the BDC. In Office SharePoint Server 2007, BDC supported only single item operations, such as search. BDC now provides batch and bulk operation support, which enable you to read multiple items in a single call, thus reducing round trips to the backend. BDC now supports reading blob data. This is useful for streaming blobs of data from the external system. BDC now supports dot notation in field names and therefore enables you to read and write complex types. Business Connectivity Services provides a set of tools to facilitate creation of models and Office 2010 application artifacts, declaratively and by writing code. You can use Microsoft SharePoint Designer 2010, which can rapidly create composite solutions that meet external unit needs without writing code. You can use Microsoft Visual Studio to create or extend solutions with sophisticated workflows and data that spans structured line-of-external (LOB) systems, unstructured SharePoint applications or Microsoft Office applications, and Web 2.0 services. Developers can use the BDC Runtime object model to write generic applications by using the stereotyped APIs as building blocks. Such generic applications are then assured to work against any external system, including those that are preexisting and those that are yet to be built. Developers can also write specific applications that make assumptions about the abstract entity model (the fields exposed by these, and the types of the fields). In addition, with the .NET Assembly Connector, Custom Connector and the pluggable Secure Store Provider, it provides a rich extensibility mechanism for software developers.
Read Blobs
11-8
11-9
Key Points
The Business Data Connectivity service is a shared service in SharePoint 2010. It is available in both SharePoint Foundation and SharePoint Server. Important elements that you must understand are: For SharePoint Server 2010, services are not contained within a Shared Services Provider (SSP) as they were in Microsoft Office SharePoint Server 2007. The infrastructure for hosting services has been transitioned and integrated into SharePoint Foundation 2010. You can configure individual services independently with different sets of administrators. This allows for multiple instances of the same service, such as the Business Data Connectivity service.
11-10
You can share an instance of the Business Data Connectivity service across server farms. For example, a Business Data Connectivity service can be run in a central farm and accessed from regional locations so that the same solution is available across these locales, and the applied elements are specific to each culture. Within a server farm, you deploy service applications such as the Business Data Connectivity service, by one of the following methods: Selecting services while running the Farm Configuration Wizard and choosing the Business Data Connectivity service. Adding services individually on the Manage Service Applications page in the Central Administration Web site. Using Windows PowerShell.
You can administer shared services, such as the Business Data Connectivity service, in isolation. The administrators of a particular instance of a shared service may only have permissions to administer that service instance and are not necessarily able to administer other services or other features in the Central Administration Web site. This feature, called delegated administration, allows administration to be managed by administrators who have expertise in the particular service being administered but who are not members of the central IT organization. Thus, for example, an administrator of a Business Data Connectivity service application in an enterprise might be familiar with the following information: The particular external content types being managed by that Business Data Connectivity service application The solutions supported by it The security implemented on the external data sources that provide the data
The administrator would have permissions to administer those objects but would not have permissions to administer other elements of the SharePoint deployment.
11-11
External systems and external system instances. An external system is a supported source of data, such as a Web service, SQL Server database, and other relational databases, that can be modeled by the Microsoft Business Connectivity Services. An instance of an external system includes connection and authentication information for a specific instance of an external data source. BDC models and resource files. The Business Data Connectivity service supports two types of XML application definition files: application models and resource files. An application model contains the XML descriptions of one or more external content types.
Description
Deletes all data from the Business Data Connectivity Metadata Store for a specified partition. Copies a set of permissions of a Business Data Connectivity Metadata Store metadata object to its child objects.
Copy-SPBusinessDataCatalogAclToChildren
Disable-SPBusinessDataCatalogEntity
Deactivates an external content type in the Business Data Connectivity Metadata Store. Activates an external content type in the Business Data Connectivity Metadata Store. Exports a Business Data Connectivity Model.
Enable-SPBusinessDataCatalogEntity
Exports all data from the Business Data Connectivity Metadata Store associated with a partition. Returns a Business Data Connectivity Metadata Store metadata object. Grants a right to a principal for the specified Business Data Connectivity Metadata Store metadata object.
Grant-SPBusinessDataCatalogMetadataObject
Import-SPBusinessDataCatalogDotNetAssembly
Imports data that is associated with the Business Data Connectivity Metadata Store for a partition.
11-12
(continued)
PowerShell cmdlet Import-SPBusinessDataCatalogModel New-SPBusinessDataCatalogServiceApplication Description Imports a Business Data Connectivity Model.
Creates a new Business Data Connectivity service application in the farm. Creates a new Business Data Connectivity service application proxy in the farm. Deletes a Business Data Connectivity Model. Revokes a right to a principal in the specified Business Data Connectivity Metadata Store metadata object. Sets the value of a property or attribute of a Business Data Connectivity Metadata Store metadata object. Sets global properties for a Business Data Connectivity service application in the farm.
New-SPBusinessDataCatalogServiceApplicationProxy
Remove-SPBusinessDataCatalogModel Revoke-SPBusinessDataCatalogMetadataObject
Set-SPBusinessDataCatalogMetadataObject
Set-SPBusinessDataCatalogServiceApplication
ImportSPSiteSubscriptionBusinessDataCatalogConfig
Imports data associated with an exported file that contains all data associated with the Business Data Connectivity Metadata Store for a given partition.
RemoveSPSiteSubscriptionBusinessDataCatalogConfig
11-13
Lesson 2
Microsoft Office Excel Services in Microsoft SharePoint Server 2010 is a shared service that you can use to publish Microsoft Office Excel workbooks to a SharePoint Server. The published workbooks are available for your users to consume and collaborate. You can manage and secure any published workbook according to your organizational needs and then share it within your organization. Excel Services extend the value that business intelligence can bring to your organization; you can store data that represents your organizations key business processes, organize that data in a useful manner, and present that data as meaningful information. Knowledge workers can act on that information to increase productivity and to provide feedback that improves underlying business processes.
11-14
Objectives
After completing this lesson, you will be able to: Describe Excel services. Configure Excel services
11-15
Key Points
Excel Services in Microsoft SharePoint Server 2010 is designed to help you analyze business data and increase business intelligence. Excel Services is a Microsoft SharePoint Server 2010 shared service that you can use to publish Microsoft Excel client workbooks on SharePoint Server. The published workbooks are available throughout your organization for knowledge workers to use. You can secure and manage any published workbook according to your organizational needs and then share it throughout your organization. With business intelligence, you can store data that represents your organizations key business processes, organize that data in a useful manner, and present that data as meaningful information.
11-16
Excel Services allows you to use compatible browsers to be able to work with Excel spreadsheets. It accomplishes this with a zero footprint client; you dont have to install any plug-ins in the browsers. This allows heterogeneous platforms to work with Excel workbooks, providing: Better symmetry across Excel and Excel Services. The paradigm changed from refusing to open files, which contain unsupported features to making a best effort to open any workbook. For features partially supported, either cached valuesfor example, query tablesare displayed or the user is notified to remove the feature prior to displaying the workbookfor example, Office Art shapes. More support for common features such as embedded images but also new Excel 2010 features like Sparklines, Slicers, PowerPivot, improved conditional formatting, and improved functions. Continued integration with SharePoint. Continued tight integration with SharePoint for security, content management, version control, document-level compliance, data connection management, service administration, as well as integration between Excel Services, PerformancePoint Services, and other BIrelated capabilities shipped in SharePoint 2010. Improved user experience. Its an Ajax-based service, which means you can refresh elements of a page instead of having every change require a page refresh. New scrolling which lets you easily and smoothly navigate through your Excel content. Tools for application development. Improvements to the Excel Services Web services, and an introduction of a JavaScript Object Model and a REST API. With these new APIs, both professional developers and end users can build business applications, mash-ups, or just provide an easy way to share Excel content beyond the workbook. Unattended service account. Excel Services provides a low privilege unattended service account for users to consume as a single retrieval of data account. Users then can use this as a privileged account in Microsoft Office 2010. Excel Services relies on the Secure Store Service to store the encrypted unattended account. The unattended account credentials are stored or cached as needed per session or connection so that when a workbook is loaded that contains a data connection for the unattended account, this account is called from the Secure Store and used. The Secure Store stores the Excel Services secured data and is present on all SharePoint Server farms. The Secure Store functions regardless of how authentication is configured in a farm.
11-17
Manage Service Applications. The SharePoint Central Administration Web site contains a link to the Manage Service Applications page, which lists all of the services the user has rights to administer. Essentially, all available services for a particular user or role are collected on the Manage Service Applications page. This page will allow you to manage the specific service you are using. For example, managing Excel Services. Windows PowerShell. Windows PowerShell is capable of providing a complete Excel Services deployment, as well as the unattended installation and deployment of Microsoft SharePoint 2010 products. Administrators who need to look up trusted locations and user-defined functions are now able to do this by using a single Windows PowerShell key. All Stsadm.exe commands used against Excel Servicesspecific settings will fail; instead use the SPServiceApplication Windows PowerShell command. Trusted Locations. Trusted locations are now provided by default; no administrator action typically is needed. However, if Universal Naming Convention (UNC) types of trusted folders or locations are used with Excel Services, the administrator must create new trusted locations for these. Multi-User Collaboration. The multi-user collaborative environment provides multiple users with the ability to edit any workbook simultaneously. (When user is active, the polling rate is determined by an adaptive algorithm executed on the Excel Calculation Services. All edits are processed in the order in which they are received by the ECS so the last edit overwrites any previous edit to the same workbook cell.) Delegate services permissions. SharePoint Server contains a new shared service infrastructure that allows the administrator to delegate permissions to manage other services to users. Slicer feature. The Slicer feature is a new type of data filter in Microsoft Excel 2010 that is interactive, flexible in design and layout, and always conveys the current filtering state. With these data filters, more people benefit from the power of analyzing data using PivotTables and OLAP functions. The Slicer feature gives Excel 2010 authors the ability to easily write OLAP data models and build rich, interactive reports around them. The reports can then be published to Excel Services and will display and interact just as they do in the Excel client. The Slicer feature also is parameterized by other Web Parts in BI dashboards.
11-18
The Slicer feature does manual filtering only and does not provide advanced filtering such as label, date, value, and top-10 types of filtering. The Slicer feature can be connected to multiple PivotTables and act as a common, shared filter so selections made in this Slicer feature are automatically propagated to all PivotTables that are connected to it. Additionally, the Slicer feature can be formatted by applying styles.
Additional Information
Browser compatibility details at http://go.microsoft.com/fwlink /?LinkID=197236&clcid=0x409.
11-19
Key Points
Several different settings are configurable from the Service Application management page. Excel Services provides functionality that requires fine tuning depending on the scenario you will be running. Two examples of the different scenarios are: accounting data being centrally accessed, and high performing scientific worksheets. The scenarios mentioned previously, while both are focused on providing numeric meaning to the application they support, their performance values and thresholds may be different based on your requirements. Several elements of Excel Services that can be adjusted and configured are: Global settings. Defines load balancing, memory, and throttling thresholds to adjust performance. You can also set the unattended service account and data connection timeouts. Trusted files locations. Defines the places or libraries where spreadsheets can be loaded from. Trusted data providers. Defines the data providers that can be added or removed when refreshing data connections.
11-20
Trusted data connection libraries. Define a SharePoint document library where data connections can be loaded and accessed from. User-defined function assemblies. Define custom developed code assemblies that provide functionality and data to be used by spreadsheets.
Returns a file type or list of file types that are prevented from being loaded.
GetSPExcelDataConnectionLibrary
Returns a trusted data connection library or a list of trusted data connection libraries.
Get-SPExcelDataProvider
Get-SPExcelFileLocation
Get-SPExcelServiceApplication
GetSPExcelUserDefinedFunction New-SPExcelBlockedFileType
Returns a user-defined function or a collection of user-defined functions. Adds a file type to the list of file types that Excel Services Application prevents from being loaded.
NewSPExcelDataConnectionLibrary New-SPExcelDataProvider
11-21
(continued)
PowerShell cmdlet New-SPExcelFileLocation Description Adds a new trusted location to Excel Services Application.
Removes an entry from the list of file types that are prevented from being loaded on Excel Services Application.
RemoveSPExcelDataConnectionLibrary Remove-SPExcelDataProvider
Removes a data connection library from Excel Services Application. Removes a data provider from Excel Services Application.
Remove-SPExcelFileLocation
Sets properties of a data connection library for Excel Services Application. Sets properties of a safe data provider for Excel Services Application. Sets properties of a trusted file location for Excel Services Application. Sets global properties for Excel Services Application.
Set-SPExcelFileLocation
Set-SPExcelServiceApplication
SetSPExcelUserDefinedFunction
11-22
Lesson 3:
PerformancePoint Services is a business tool that enables you to measure the data complexities of day-to-day performance. By extending the capabilities of understanding business performance, you are able to deliver better results and understand the points your organization needs metrics for by implementing dashboards, reports and key performance indicators.
Objectives
After completing this lesson, you will be able to: Describe PerformancePoint. List PerformancePoint features.
11-23
PerformancePoint Overview
Key Points
PerformancePoint Services is a performance management service that you can use to monitor and analyze your business. It is an extension of the Business Intelligence process that provides tools your organization can use to determine the gains and losses a business needs to be aware of and informed about. Those tools include key performance indicators, easy-to-read charts, and a central repository in the form of a dashboard. PerformancePoint Services give you the ability to focus on understanding information thats critical to your business in the form of a scorecardmeasures the importance of, for example, sales values, and their critical elements when relevant to a geographical location or region. It provides something very similar to a house made of glassevery side you see provides relevant information to the person that has access to that information. For example, a sales manager will likely see the same information a general manager does, but the meaning of that data will be interpreted differently. PerformancePoint Services allow you to set the level of detail behind the information that those relevant roles need to access.
11-24
PerformancePoint Services assist organizations in enabling their users to make informed business decisions that match the objectives and strategies your organization has defined. Dashboards, scorecards, KPIs, and reports help drive accountability. Integrated analytics help workers quickly move from monitoring information to analyzing it, and where appropriate, sharing it throughout the organization. Before PerformancePoint Services became part of Microsoft SharePoint Server 2010, Microsoft Office PerformancePoint Server 2007 was a standalone server. Now the functionality of Microsoft Office PerformancePoint Server 2007 is available as an integrated part of the Office SharePoint Server Enterprise license. PerformancePoint Services retains much of the same features and functionality as its predecessor while including additional benefits, enhancements, and new functionality.
11-25
PerformancePoint Features
Key Points
PerformancePoint Services include many new and updated features and functionality.
11-26
Physical Architecture
For information about the physical architecture, see the diagram in Overview of PerformancePoint Services architecture, (http://go.microsoft.com/fwlink /?LinkID=197237&clcid=0x409) which shows the PerformancePoint Services architecture for farm deployment that utilizes three servers.
11-27
Description
Clears all the trusted locations for a PerformancePoint Services application identity. Displays unattended service account settings. Returns a PerformancePoint Service application object and properties.
Get-SPPerformancePointSecureDataValues
Get-SPPerformancePointServiceApplication
GetSPPerformancePointServiceApplicationTrustedLocation
Returns a trusted location object and properties for a PerformancePoint Services application.
11-28
(continued)
PowerShell cmdlet New-SPPerformancePointServiceApplication Description
New-SPPerformancePointServiceApplicationProxy
Creates a proxy for a PerformancePoint Services application. Creates a new trusted location for a PerformancePoint Services application. Deletes a PerformancePoint Services application from a farm.
NewSPPerformancePointServiceApplicationTrustedLocation Remove-SPPerformancePointServiceApplication
Remove-SPPerformancePointServiceApplicationProxy
Deletes the proxy for a PerformancePoint Services application. Removes a single trusted location from a PerformancePoint Services application.
RemoveSPPerformancePointServiceApplicationTrustedLocation
Set-SPPerformancePointSecureDataValues
Sets global settings for the unattended service account. Sets global run-time properties for a PerformancePoint Services application.
Set-SPPerformancePointServiceApplication
11-29
Lesson 4:
InfoPath Forms Services supports the deployment and integration of InfoPath browser forms in SharePoint Server 2010. This provides employees, customers, and business partners of an organization to use forms to standardize, customize, and validate data collection. Forms are often deployed as one element in a business solution that uses a broad functionality of the services and features offered in SharePoint Server.
Objectives
After completing this lesson, you will be able to: Describe InfoPath forms. Configure the InfoPath forms service.
11-30
Key Points
InfoPath Forms Services in Microsoft SharePoint Server 2010 gives you the ability to deploy your organization's forms to Microsoft SharePoint Server and enable users to fill out these forms by using a Web browser. Users can publish form templates to a list or form library in a site collection with InfoPath Forms Services in SharePoint Server 2010, if the form template: Contains no business logic. Does not require full trust. Does not use data connections that are managed by an administrator.
Site collection administrators can also publish user form templates that contain code by using sandboxed solutions. Since user form templates can be deployed by many users, a server can potentially host thousands of user form templates. Even form templates that contain no business logic can cumulatively put a heavy load on the server.
11-31
Sandboxed solutions enable users to upload form templates with code or data connections in environments without full trust. Sandboxed solutions make connections and execute code in a limited environment, without needing individual approval by administrators, and they cannot include code that requires full trust, such as impersonating accounts by using administrator-level privileges. The level of trust for sandboxed solutions is configured in advance by the administrator. InfoPath Forms Services is an ASP.NET 2.0 Web application. It allows users to fill out business forms online and without InfoPath installed on their client machines. It allows control over your forms solutions by providing centralized management of electronic forms for the entire organization. A form template designer can create browser-enabled forms in InfoPath and deploy them to IFS. When publishing InfoPath forms, the data validation can be set up as JavaScript and made such that the forms do not post back on validation on the Web pages. Browser-enabled forms can also be targeted at mobile devices. When modifying or upgrading your forms, IFS will help you to manage the versioning process.
11-32
Key Points
When configuring InfoPath Forms Services, you can apply many settings to control performance adjustments to the needs of your organization. This is achieved by limiting what the forms can do when being published to end users. Configuration options for user form templates include the following: Browser-enabled user form templates settings. User form templates, which are form templates that are deployed by non-administrators, can be opened in a browser. Administrators can choose to disable this feature so that only administrator-approved form templates are browser-enabled. They can also configure whether form templates are rendered in the browser. The other option available to access those forms is the InfoPath Filler desktop application.
11-33
Authentication and connection settings. Form templates make data connections by using the default authentication methods and authorization settings for the user account in Windows. Administrators can decide to use data connection files with settings that are specific to InfoPath Forms Services. They can set the time-out and response size settings for connections to user form templates. They can also decide to use the Web Service Proxy to authenticate form template requests. User sessions settings. Forms that are being filled out can generate a large amount of transient data. InfoPath Forms Services uses the Microsoft SharePoint Server State Service to store this data so that repeated round trips to and from the form do not repeatedly transfer this data. Administrators configure the precise settings that are used to fill out forms.
Form templates can use data connection (.udcx) files to specify data connection options for forms that are made from those form templates. The Configure InfoPath Forms Services page contains settings for allowing cross-domain data connections and using data connection files for user form templates. You can configure the following settings for authentication and data connections: Data connection time-out length and maximum data connection response size. Authentication settings for user form templates. Cross-domain access for user form templates. Designers can use custom code to modify the time-out for a data connection, but the maximum time-out value set by the farm administrator cannot be exceeded. When the custom time-out and maximum time-out values differ, the shorter time-out value is always used.
Data connection files that are used by form templates can be stored in a central data connection library in the Central Administration Web site, or in a data connection library on the same site collection as the form template. Data connection files that are stored in the central library are used by administratorapproved forms. Data connection files that are stored on individual site collections can only be used for forms that are based on form templates in that site collection. Data connection files can be packaged and deployed along with form templates as part of solution packages.
11-34
The following is a description of the IFS cmdlets: Get-SPInfoPathFormTemplate. Returns an InfoPath form template or the list of form templates if the identity parameter is not specified. Set-SPInfoPathFormTemplate. Sets properties of an InfoPath form template. You can use this to change the category for the form template. Install-SPInfoPathFormTemplate. Installs an InfoPath form template on a server farm. Installation includes both uploading and upgrading of form templates. Uninstall-SPInfoPathFormTemplate. Removes a form template from a server farm.
11-35
Enable-SPInfoPathFormTemplate. Activates a form template to the specified site collection. Disable-SPInfoPathFormTemplate. Deactivates a form template from the specified site collection. Start-SPInfoPathFormTemplate. Starts an InfoPath form template on a server farm after an upgrade. Stop-SPInfoPathFormTemplate. Disables an InfoPath form template on a server farm before an upgrade. Update-SPInfoPathFormTemplate. Upgrades all forms templates on the server farm. Test-SPInfoPathFormTemplate. Verifies that a form template can be browserenabled. Get-SPDataConnectionFileDependent. Verifies that a form template can be browser-enabled.
11-36
Lesson 5
Microsoft Visio Services in Microsoft SharePoint Server 2010 is a service application that lets users share and view Microsoft Visio Web drawings. The service also enables data-connected Microsoft Visio 2010 Web drawings to be refreshed and updated from various data sources.
Objectives
After completing this lesson, you will be able to: Describe Visio services. Configure Visio services.
11-37
Key Points
The Visio Services Web Part is a very powerful way to connect your Visio process shapes to other Web Parts on the page. There is also a new site definition called the Visio Process repository site that is a central location for storing your Visio diagrams.
11-38
11-39
Key Points
Visio Services provide you with a range of options to work with in order to provide the best performance possible. Performance is a key element that needs to be addressed when configuring Visio Services as it has graphics elements that provide great value to your deployment, but at the same time, it can limit the response time needed based on the volume of users you have considered. The settings that can be configured can be modified by using Central Administration. The settings are: Global settings. Manages settings for performance and security. Settings define the maximum size you can use for a Visio drawing to be rendered and also the maximum amount of time, in minutes, that a drawing will remain on cache. Trusted Data Providers. This setting presents you with the capability of adding or removing the data providers,odbc, oledb, or SharePoint lists that can be used when refreshing or accessing data connections.
11-40
Description Returns the settings for external data connections for a Visio Services application.
Get-SPVisioPerformance
Returns the Visio Services settings for the performance of a Visio Services application.
Get-SPVisioSafeDataProvider
Returns the settings of a safe data provider for a Visio Services application.
Get-SPVisioServiceApplication
GetSPVisioServiceApplicationProxy
Returns properties of a Visio Services application proxy or a collection of Visio Services application proxies.
New-SPVisioSafeDataProvider
Adds a new data provider to a Visio Services application. Adds a new Visio Services application to a farm.
New-SPVisioServiceApplication
NewSPVisioServiceApplicationProxy Remove-SPVisioSafeDataProvider
Adds a new Visio Services application proxy to a farm. Removes a data provider from a Visio Services application. Configures settings related to external data connections for a Visio Services application.
Set-SPVisioExternalData
11-41
(continued)
PowerShell cmdlet Set-SPVisioPerformance Description Sets performance properties for a Visio Services application. Specifies a description of a safe data provider for a Visio Services application.
Set-SPVisioSafeDataProvider
Set-SPVisioServiceApplication
11-42
Lesson 6:
Access Services is a service application available in SharePoint Server 2010 that allows users to edit, update, and create linked Access 2010 databases that can be viewed and manipulated by using an Internet browser, the Access client, or a linked HTML page.
Objectives
After completing this lesson, you will be able to: Describe Access services. Publish Access content to SharePoint.
11-43
Key Points
Access Services is a service application of Microsoft SharePoint Server 2010 that allows users to edit, update, and create linked Microsoft Office Access 2010 databases that can be viewed and manipulated by using an Internet browser, the Access client, or a linked HTML page. IT professionals and end users can use Access Services to allow the use of Access applications inside a Web browser, to publish and share information across teams, and to create and modify applications where no Access client is available. Access Services allows you to create, edit, and save Access databases in the following ways: By allowing access and configuration of a Microsoft SharePoint Server database on any computer that can connect to and has permission to use Access Services on a networked computer running SharePoint Server. By allowing the creation, publishing, and sharing of a SharePoint Server Web database from any computer that can connect to and has permission to publish to a computer that is running SharePoint Server and that has Access 2010 installed.
11-44
By allowing the download, modification, and republishing of modified data in an Access Web application from any computer that has Access 2010 installed and can connect to a computer running SharePoint Server.
11-45
Key Points
Access 2010 provides templates that allow for quick creation of powerful applications that can address the needs that your users have for a system that allows interaction with data. The interaction with data can be for data retrieval purposes, or to modify data. While those solutions bring the power to their desktop applications, your users can now publish their Access solution to SharePoint and enable rich functionality that presents a solution in a Web-driven format. Access Database published as: Access Database becomes a Site Access Tables become Lists Access Forms become ASPX Pages UI Macros map to JavaScript Data Macros to SharePoint Workflows
SQL Server 2008 R2 is required for Access Reports to become RDL files
11-46
Additional Reading
For more information, read Improving the Reach and Manageability of Access 2010 Database Applications with Microsoft Access Services at http://go.microsoft.com/fwlink/?LinkID=197238&clcid=0x409.
Windows PowerShell is a tool for you to manage Access Services and also to conduct automation of process management
PowerShell cmdlet Get-SPAccessServiceApplication Description Returns an Access Services application or a collection of Access Services applications.
NewSPAccessServiceApplication Set-SPAccessServiceApplication
Creates a new instance of an Access Services application. Sets global properties of an existing Access Services application.
11-47
Lesson 7
Within a SharePoint 2010 environment where Microsoft Office Web Apps have been installed and configured, Office Web Apps give you browser-based viewing and editing of Office documents from anywhere you have a connection to your organizations SharePoint site. If you have Microsoft Office 2010, you can save Word, Excel, PowerPoint, and OneNote documents directly from your Office program to SharePoint. Even if you dont have Office 2010, you can store documents in a SharePoint library and start using Office Web Apps right away. There are two different modes to work with hereone is the capability of reading directly from the browser, and the other is to edit directly from the browser, each is treated as a different mode.
Objectives
After completing this lesson, you will be able to: Describe Office Web Apps. Configure Office Web Apps.
11-48
Key Points
Office Web Apps extend the Microsoft Office programs you already knowWord, PowerPoint, Excel, and OneNotewith the added benefits of anywhere-access and easy sharing. When you click on an Office document that is stored in a SharePoint Library, the document opens directly in your browser. The document looks similar in the browser as it does in the Office program, and Office Web Apps allows you to edit documents in the browser, using the familiar look and feel of Office. Office Web Apps work in some of the most widely used browsers, and are officially supported in Windows Internet Explorer 7 and 8 and Firefox 3.5 for Windows, Mac, and Linux, as well as Safari 4 for the Mac. When you want to make changes beyond what is available in the browser, you can easily open the document in an Office program on your computer, and then save it back to the document library.
11-49
Office Web Apps make it easier for you to: Extend your Office experience on the Web. Use the Office tools you are familiar with, in a Web environment. Work anywhere. A browser is all you need to access your documents. Work together. Your teammates can work with you on projects regardless of which version of Microsoft Office they have.
To use Office Web Apps in SharePoint, you must have access to a SharePoint 2010 environment where Office Web Apps have been installed and configured. OneNote Web App gives you and your team a centralized place for collecting notes, brainstorming on a topic, or assembling the bits and pieces that will become a formal document. Microsoft PowerPoint Web App extends your Microsoft PowerPoint experience to the Web browser, where you can work with presentations directly on the Web site where the presentation is stored. PowerPoint Web App is part of Office Web Apps, available in Windows Live SkyDrive and in organizations that have configured Office Web Apps on SharePoint 2010. Broadcast Slide Show is a new capability in Microsoft Office 2010 that enables presenters to broadcast a slide show from Microsoft PowerPoint 2010 to remote viewers who watch in a Web browser. Broadcast Slide Show provides companies with a low-infrastructure presentation broadcast capability that works through the Web. Two kinds of broadcast services are available: PowerPoint Broadcast Service. By default, PowerPoint 2010 provides all presenters with a link to the public PowerPoint Broadcast Service hosted by Microsoft. This service requires presenters to sign in with a Windows Live ID. Presenters who use this service receive a public Internet link that they can share with anyone on the Internet they invite. Internal Services. You can host your own broadcast service with Office Web Apps installed on SharePoint 2010 products. You create one or more broadcast services by creating site collections that use the PowerPoint Broadcast site template. You can set permissions for who can use the service through group membership on the site. Up to ten services can be specified.
11-50
Key Points
Office Web Apps can be installed in standalone or farm SharePoint 2010 deployments. For both standalone SharePoint servers and SharePoint server farms, deploying Office Web Apps involves three primary phases: Running setup and PSConfig. Tasks include running Setup.exe and SharePoint Products and Technologies Post Setup and Configuration Wizard (PSConfig) on a standalone SharePoint server or each server in a SharePoint server farm. Running Setup.exe installs Office Web Apps files and components on a server. Running PSConfig is required as part of Office Web Apps setup in order to register the Office Web Apps services and, depending on the SharePoint installation type, start the service instances, create the service applications, service application proxies, and activate the Office Web Apps feature.
11-51
Activating the Office Web Apps services. Includes starting the service instances, and creating the service applications and service application proxies. Whether you must activate the services will depend on the stateof SharePoint and whether PSconfig and the SharePoint Farm Configuration Wizard have previously been run. Activating the Office Web Apps feature. Includes activating the Office Web Apps feature on all existing SharePoint site collections where the Office Web Apps should be available. If PSconfig or the SharePoint Farm Configuration Wizard has been run before installing Office Web Apps, at least one site collection will exist. The feature will be activated automatically for new site collections created after Office Web Apps is installed.
11-52
Scenario
Contosos strategic objectives for the year set a target for improved employee productivity. SharePoint 2010s collaboration features are a pivotal component to achieving this objective. One initiative related to this project is to provide Microsoft Office client application functionality to users in a variety of scenarios, including remote users on personal computers that may not have Microsoft Office installed. You have been tasked with installing, configuring, and testing Office Web Apps to improve end user productivity.
11-53
11-54
Results: After completing this exercise, you should have installed and configured Office Web Apps.
11-55
Exercise 2: Configuring and Testing the Office Web Apps in a Document Library
In this exercise, you will test the functionality of Office Web Apps. You will configure a document library to open documents in the browser. You will upload a PowerPoint presentation and a Word document to a document library, and then test the viewing and editing experience of the Office Web Apps. The main tasks for this exercise are as follows: 1. 2. 3. 4. Configure documents to open in a browser. Create and upload a PowerPoint presentation. Create and save a Word document. Test Office Web Apps.
Save the presentation with the name Marketing Strategy. In Internet Explorer, open the Shared Documents document library, and upload the Marketing Strategy presentation.
11-56
Tip: You may experience one or more delays of up to one minute during this step. If you are prompted for credentials, enter the user name, CONTOSO\SP_Admin, and the password, Pa$$w0rd.
In Internet Explorer, refresh the view of the Shared Documents document library, and then verify that SharePoint Governance Plan appears
11-57
Add the title, Market Demographics, to the slide. View the slide show. Close the presentation.
Results: After completing this exercise, you should have tested the functionality of Office Web Apps.
11-58
Review Questions
1. 2. What options are available to work with Office Web Apps? What are some options to configure Service Applications?
12-1
Module 12
Installing and Upgrading to SharePoint 2010
Contents:
Lesson 1: Installing SharePoint Servers and Farms Lesson 2: Upgrading to SharePoint 2010 Lesson 3: Evaluating Installations and Upgrades Lesson 4: Configuring SharePoint Operational Settings Lesson 5: Updating SharePoint Lab A: Preparing SharePoint 2007 for Upgrade to SharePoint 2010 Lab B: Upgrading SharePoint 2007 to SharePoint 2010 12-4 12-16 12-32 12-38 12-50 12-60 12-70
12-2
Module Overview
This course introduces you to many of the fundamental concepts of Microsoft SharePoint 2010, as well as the basics of how to perform common activities such as installing SharePoint on a server. This module is designed to take that knowledge and apply it to what may seem to be more complex situations and implementations of SharePoint 2010, but which are also common ways that SharePoint 2010 is used in by many organizations. This module covers a wide range of operational activities, such as building SharePoint farms consisting of multiple servers, upgrading SharePoint 2007 installations to SharePoint 2010, ensuring operational stability and utility of your SharePoint farm, and the proper way to keep your environment stable and secure by applying regular updates effectively.
12-3
Objectives
After completing this module, you will be able to: Install SharePoint servers and farms. Upgrade SharePoint 2007 to SharePoint 2010. Plan SharePoint installations and upgrades. Configure operational settings in SharePoint 2010. Update SharePoint.
12-4
Lesson 1
Building a SharePoint farm with multiple servers presents you with far more choices, as well as much more complexity, than does a single-server farm. This lesson introduces the various roles a server can play in a SharePoint farm, common models for deploying servers in a farm, and the actual processes involved in creating a farm with multiple servers.
Objectives
After completing this lesson, you will be able to: Describe SharePoint server roles. Describe SharePoint server topologies. Build a SharePoint farm consisting of multiple servers. Script the farm-building process. Build a farm that supports multiple languages.
12-5
Key Points
SharePoint 2010 can meet the needs and constraints of a broad range of use cases. It serves small teams of five or fewer users, but also the largest of enterprises use it. It enables collaboration, makes information more discoverable, serves anonymous content to millions of users over the Internet, or all three at once. To enable this flexibility and complexity, SharePoint assigns servers in a farm various roles that dictate the specific functions and features each server contributes to the overall environment. You can assign multiple roles to a single server, and multiple servers in a farm can have the same role assigned.
12-6
The SharePoint 2010 server roles are the following: SharePoint Foundation Web Application Server Application Server Query Server (Search) Crawl Server (Search Service Application Server
SQL Server
12-7
Key Points
You can consolidate SharePoint server roles on a single server or spread the roles across multiple servers. When moving from one to two servers in a farm, you should always move Microsoft SQL Server to its own server first. Some topologies require additional configuration, such as the creation of a failover cluster for SQL Server, or additional hardware, such as a load-balancing device for Web servers. You typically separate farms with three or more servers into three tiers, according to server roles: The Web Tier contains servers assigned the Microsoft SharePoint Foundation Web Application Server role. Servers with this role are also known as Web front ends (WFEs). These are the servers responsible for serving content to end users over SharePoint Web pages and Web services.
12-8
The Application Tier contains servers assigned the Search Crawl role, the Search Query role, and servers hosting the farms service applications. The servers in this tier host services such as Search, PerformancePoint Services, Microsoft Office Excel Calculation Services, and other services consumed by the farms users through SharePoint. The SQL Server Tier contains servers hosting the farms SQL Server instance or instances. The servers in this tier host the farms databases in SQL Server.
Every server farm configuration is unique. You must consider your specific requirements, resources, and constraints when designing your SharePoint 2010 farm.
12-9
Key Points
Before building a multiple-server SharePoint farm, identify the server that should host the SharePoint Central Administration Web site; it should be the first server in the farm. Run the SharePoint 2010 installation application to begin installing the platform on the server hosting the Central Administration Web site. Run the SharePoint 2010 Prerequisite Installer on the server. When installing SharePoint, select the Complete Install option.
Create the farm using the SharePoint 2010 Products and Technologies Configuration Wizard before installing SharePoint 2010 on any other servers in the farm. Follow the steps listed previously to install SharePoint on each of the other servers in the farm, and then join each server to the new farm. Once they are joined to the farm, use the Central Administration site or the SharePoint 2010 Windows PowerShell cmdlets to provision the proper service applications on each new server and apply the desired server role (or roles) to it.
12-10
Key Points
By scripting the build process for a farm, you can automate the installation of SharePoint on a server and the creation of your SharePoint farm itself. Scripting the build process ensures that your deployment process is consistent and accurate in its activities. You should script the Microsoft SharePoint Products Preparation Tool (PrerequisiteInstaller.exe) using command-line switches that can, alternately, be placed in a file called PrerequisiteInstallerArguments.txt.
Note: Switches are documented in the command Help: type PrerequisiteInstaller.exe /?.
12-11
You must also create an installation configuration file to ensure that SharePoint 2010 is properly installed on your server by the script. To extract an example Config.xml file from the installation media, complete the following steps: 1. 2. Open a command prompt on a computer storing the SharePoint installation media and navigate to the directory containing it. Run the following command:
Officeserver.exe /extract:C:\SPInstallation
3. 4.
In Windows Explorer, open the C:\SPInstallation\files\setup directory and make a copy of the Config.xml file. Open the copied Config.xml file with Notepad.exe and make the following edits: a. b. Provide your product key in the PIDKEY node. Set the SERVERROLE node to APPLICATION.
5.
Your build script should, at a minimum, perform the following actions: a. b. c. Run PrerequisiteInstaller.exe to automate the installation of the software required to install SharePoint 2010. Call the installers Setup.exe with your custom Config.xml file to install SharePoint 2010 on the server. Build the farm using SharePoint 2010 Windows PowerShell cmdlets.
d. Install SharePoint on additional servers and join them to the farm (this can be done by using a separate script if desired).
12-12
Key Points
After you have installed SharePoint 2010 on the first server in your farm, your script must call several key SharePoint 2010 cmdlets to begin the process of actually building your farmthe equivalent of running the SharePoint 2010 Products and Technologies Configuration Wizard during a manual build. To build a farm, your script must run the following cmdlets: New-SPConfigurationDatabase. Creates the farms configuration and Central Administration site content databases Install-SPHelpCollection. Installs the SharePoint Help files on the server Initialize-SPResourceSecurity. Secures SharePoint files and registry entries on the server Install-SPService. Installs and provisions SharePoint services in the farm Install-SPFeature. Installs the features on the server; use the AllExistingFeatures switch
12-13
New-SPCentralAdministration. Creates the Central Administration site Install-SPApplicationContent. Installs the application content
Note: Use the Windows PowerShell Get-Help cmdlet to review the functionality and requirements of each cmdlet before implementing it in your script.
To add a new SharePoint 2010 server to an existing farm your script must run the following cmdlets: Connect-SPConfigurationDatabase. Connects the server to the farms configuration database Install-SPHelpCollection, Initialize-SPResourceSecurity, Install-SPService, Install-SPFeature, and Install-SPApplicationContent. Same usage as described previously
When you have joined a server to a farm, calling the Get-SPFarm cmdlet to select the servers in the farm should return a result if the process was successful. If it does not, review the SharePoint log files to troubleshoot the problem.
12-14
Key Points
In Windows Server 2008 operating system on all Web servers in the farm, install the system language files using Control Panel Regional And Language Options. Only install the language files for the language packs you plan to implement in your SharePoint farm. East Asian languages include Chinese, Japanese, and Korean. Complex script and right-to-left-oriented languages include Arabic, Armenian, Georgian, Hebrew, the Indic languages, Thai, and Vietnamese.
12-15
Install the SharePoint 2010 language packs you plan to implement on each Web server in the farm. After each language pack is installed, run the SharePoint 2010 Products and Technologies Configuration Wizard on each server.
12-16
Lesson 2
Likely many organizations with existing SharePoint 2007 environments plan to upgrade to SharePoint 2010; your organization may be one of them. The upgrade process has flexibility built in to give options to fit your organizations capabilities and resources, as well as the ability to grant site owners control over upgrades to their individual sites.
Objectives
After completing this lesson, you will be able to: Determine the prerequisite steps to perform prior to upgrading. Perform an in-place upgrade. Perform a database attach upgrade.
12-17
Perform a visual upgrade. Complete the upgrade process. Upgrade a farm that supports multiple languages.
12-18
Preparing to Upgrade
Key Points
To upgrade to SharePoint 2010 successfully, your farm must meet Microsoftdefined prerequisites to qualify for an upgrade. Several tools are available to evaluate the current state of a SharePoint 2007 farm and its readiness to be upgraded to SharePoint 2010: SharePoint 2007 Service Pack 2 introduced a new STSADM operation, PreUpgradeCheck, which you can run to evaluate whether your farm meets those prerequisites set by Microsoft and can be upgraded. PreUpgradeCheck generates an HTML report, and you can run the operation multiple times to evaluate the progress of your preparations.
Note: Improvements were added for the PreUpgradeCheck operation in the October 2009 SharePoint Cumulative Update (CU) packages. It is recommended you apply this upgrade prior to using the operation to test the farm and upgrade it.
12-19
SharePoint 2007 Service Pack 2 and October 2009 CU also added and enhanced another important STSADM operation: EnumAllWebs. Use this operation to identify any orphaned sites in your environment, which must be repaired or deleted prior to an upgrade. SharePoint 2010 Test-SPContentDatabase cmdlet can be used with SharePoint 2007 content databases to evaluate their readiness for upgrade to a new farm. It identifies missing customizations and files, which is especially important for database attach upgrades (described later). SPDiag version 2 (included in the SharePoint Administration Toolkit 4.0) gathers a great deal of important and useful data about your SharePoint 2007 farm. Run it prior to an upgrade as an additional way to identify any possible issues or errors that may exist in the farm and present a risk to a successful upgrade to SharePoint 2010.
Two types of upgrades are available to move a SharePoint 2007 farm to SharePoint 2010: The in-place upgrade uses the resources of your existing farm and upgrades them to SharePoint 2010. The database attach upgrade requires additional hardware on which to build a new SharePoint 2010 farm. Your SharePoint 2007 content databases are moved to the new farm and upgraded to SharePoint 2010.
Test the upgrade process thoroughly before doing it in a production environment. Make a point to document in detail each step necessary to complete the process, identify required information and components, and determine how long the upgrade takes to complete.
12-20
Key Points
An in-place upgrade takes a SharePoint 2007 farms binaries and database and upgrades them to SharePoint 2010 functionality and settings. As long as your existing farm meets the SharePoint 2010 hardware and software requirements, it can be upgraded without the purchase of new assets. Another benefit of the in-place upgrade is that it is designed to allow for failed upgrades or upgrades with errors to be restarted at the point of failure so that you do not have to repeat successful steps in each successive attempt. It also offers deep and informative error reporting and logging capabilities to give you better insight into the upgrade process. However, the in-place upgrade is often not the best solution for upgrading to SharePoint 2010. For large farm deployments of SharePoint 2007, the database attach upgrade offers a much better possibility of success because it greatly reduces the complexity, scope, and delivery time of the upgrade. If your hardware is not upto-date or is marginal for meeting SharePoint 2010 base requirements, you are most likely better off procuring new hardware and using the database attach upgrade to move your farms contents over to a new SharePoint 2010 farm.
12-21
Because it uses your farms existing severs and infrastructure, the in-place upgrade does require that the farm be unavailable to users during the upgrade, and it takes more time to complete because it updates a single server at a time. It is also an allor-nothing activity: once the upgrade process starts, you cannot reverse it; the farm cannot reset to SharePoint 2007 without a complete rebuild. Prior to beginning an in-place upgrade, review the available disk space on each server in your farm. The upgrade process requires considerable storage to hold its files, logs, and output.
12-22
Key Points
Prior to executing the upgrade in a production environment, it is important to test the process in a staging or testing environment set up to mirror the content and configuration of your production farm. Testing is an important part of the upgrade process because it gives you valuable information about which items in your farm need updating or fixing prior to the upgrade, identifies steps that may have been omitted during planning, and helps with estimating the amount of time it takes to complete the upgrade. Understanding how your environments configuration and content should be upgraded before you start the upgrade process greatly increases your chances for success. Consider using server virtualization for your test environment; it can help lower costs and be easily reset to a starting point for multiple tests.
12-23
To upgrade, complete the following steps: 1. 2. Run the SharePoint 2010 Installer to update the SharePoint binaries installed on the targeted server in your farm to SharePoint 2010. Run the SharePoint 2010 Products and Technologies Wizard to update the farms databases to SharePoint 2010 and the servers records in the configuration database. Repeat steps 1 and 2 individually for each server in the farm. You can perform a visual upgrade to upgrade the farms site collections and sites to the SharePoint 2010 user experience, or you can postpone this if you find issues or errors when previewing the visual upgrade. Do not allow users entry until the entire farm has been reviewed and validated as functional and properly upgraded.
3. 4.
5.
12-24
Key Points
The database attach upgrade is designed to migrate the contents of a SharePoint 2007 farm and upgrade them to SharePoint 2010 by adding them to a new SharePoint 2010 farm. Database attach upgrades allow for content to be moved from SharePoint 2007 to SharePoint 2010 gradually (a content database at a time) as well as in parallel, which can also help to reduce or eliminate downtime required for the upgrade process. It does, on the other hand, require separate hardware and software because the existing SharePoint 2007 environment is not used for the SharePoint 2010 farm, and additional work is necessary to configure the new environment to meet the same specifications as the original. Because a new farm is used to host the content, you may need to update URLs in the SharePoint farm as well as URLs pointing to it to avoid broken links. Finally, it is important to remember that the database attach upgrade method only migrates the content of your SharePoint 2007 environment to SharePoint 2010; no configuration settings or customizations are included in the upgrade.
12-25
Key Points
Like the in-place upgrade, effective and thorough testing plays an important role in a successful database attach upgrade. You can use two methods to test the upgrade throughout the process; both should be considered to provide the best opportunity for a successful upgrade: Using a test environment to verify that content databases can be successfully attached to the new farm and upgraded to SharePoint 2010 The Test-SPContentDatabase SharePoint 2010 Windows PowerShell cmdlet, which tests the targeted content database to identify potential issues, such as the following: Orphaned sites Missing customizations (including site definitions, features, templates, and assemblies)
12-26
To begin the upgrade, you must construct a new SharePoint 2010 farm. When the target SharePoint 2010 farm is built, deploy any customizations used by the sites in the SharePoint 2007 content databases to be upgraded as well as applicable configuration settings made in the SharePoint 2007 farm to the SharePoint 2010 farm, if they are compatible. To perform a database attach upgrade, complete the following steps: 1. 2. 3. Copy the content database backups to the SharePoint 2010 farms SQL Server instance and attach them to the instance. To perform the upgrade, attach the content databases to the SharePoint 2010 farm using the Mount-SPContentDatabase cmdlet. You can perform visual upgrades to upgrade the farms site collections and sites to the SharePoint 2010 user experience, or you can postpone this if you find issues or errors when previewing the visual upgrade. If desired, you can migrate the SharePoint 2007 farms user profiles to the SharePoint 2010 farm by attaching the SharePoint 2007 farms shared services provider (SSP) database to the SharePoint 2010 farm with MountSPCContentDatabase.
4.
Note: This is the only aspect of a SharePoint 2007 SSP database that can be migrated to SharePoint 2010 using the database attach upgrade method.
5.
12-27
Key Points
After completing an in-place or database attach upgrade, the SharePoint 2010 farms site collectionsand their Webs, or subsitesstill have the SharePoint 2007 user interface (UI). The UI, the SharePoint master pages, and Cascading Style Sheets (CSS) must be upgraded separately using a visual upgrade. The visual upgrade options for site administrators are the following: Keep the previous interface Preview the site with the SharePoint 2010 UI Update the site to the SharePoint UI
Farm administrators can also update the UI of all site collections in the farm using the SharePoint 2010 object model and Windows PowerShell.
12-28
Key Points
By previewing the visual upgrade using the sites Site Actions menu, site administrators can save their users from dealing with upgrade errors: If there are issues, they can be resolved before committing the upgrade. Updating the user interface using the Site Actions menu finalizes the visual upgrade and cannot be rolled back, so site administrators should preview it at least once.
Farm administrators can batch visual upgrades of multiple site collections with the Windows PowerShell and the SharePoint 2010 object model: This method allows for the mass update of a large number of site collections quickly and effectively. This method does not offer preview or rollback options, but farm administrators can change back the settings using the same process.
12-29
Key Points
When you have finished the selected type of upgrade, you may still have several tasks to do before the upgrade is complete. You should not consider your farm open for end users until these, or any similar steps you may define for your specific environment, are completed so that users are presented with a stable and feature complete SharePoint environment to work in. Your farms service applications may require the following: Configure new services and service applications (in-place upgrades only) Update user profiles with new taxonomy and social data Set up the Secure Store service and migrate single sign-on (SSO) data (database attach upgrades only) Update Business Data Catalog components to compatibility with Business Connectivity Services (database attach upgrades only)
12-30
Farm administrators are granted permissions to all services using the database attach upgrade. If you follow the practice of assigning the least privilege required, make sure to restrict this after the upgrade. Update InfoPath form template links (database attach upgrades only). If the migrated applications use forms-based authentication (FBA), they must be updated to use claims-based authentication (CBA) because SharePoint 2010 now requires that CBA be enabled to use FBA. Validate the upgrade one last time to ensure that the upgrade is completely finished and the farm can be opened for use.
12-31
Key Points
If your SharePoint 2007 farm had a certain language pack deployed to it, you must deploy a SharePoint 2010 version of the language pack to your new farm. If you need to change a sites language, do not do it before the upgrade; wait until it is safely in a SharePoint 2010 farm. It is better to move the site into SharePoint 2010 while it is in a known and stable state, rather than attempt to update it with a new language. That way, if changes need to be made to a sites UI or content for the new language, you have to do them only once in SharePoint 2010 rather than in both SharePoint 2007 and SharePoint 2010. If you need to change the language used on a server in the farm, implement the new languages files and language pack on a new SharePoint 2010 farm. Then, use the database attach upgrade to bring the new content database into the new farm, upgrading its database and its language all at once.
12-32
Lesson 3
In information technology administration, just like in life in general, things rarely go as you may have planned. No matter how much you test your installation or upgrade processes (and test them you should!), there is always the opportunity for something unforeseen to occur and cause you problems. The important point to strive for is not to avoid these obstacles, but to be prepared for them, to know how to identify them, and to be able resolve them quickly and effectively. This lesson is designed to introduce you to some of the common ways you can assess the outcome of your operations and take action on your findings. The items in this lesson focus on the ways that SharePoint can inform you of an error or an issue, but they are not the only tools available to you. Be careful to also analyze the stability of your entire environment after an install or upgrade and never lose sight of your SharePoint farms ultimate goal: to provide your users with tools and resources to help them be more productive and successful in their work.
12-33
Objectives
After completing this lesson, you will be able to: Review and describe result data. Troubleshoot upgrade errors and issues.
12-34
Key Points
Whether you are building a new SharePoint 2010 farm or upgrading from a SharePoint 2007 environment, always make sure to review the results documentation created by the process. The log files created during an installation or upgrade and the tool associated with those activities contain valuable information about not only the outcome of the activity, but also the current state of your environment when the installation or upgrade completes. The log files generated by these processes include the following: The SharePoint 2010 Setup.exe log file The SharePoint 2010 Products and Technology Configuration Wizard (PSConfig.exe) PSCDiagnostics log file The SharePoint 2010 upgrade Upgrade log files
12-35
SharePoint 2010 creates a new log file each time one of these processes is executed, rather than appending the new data on to an old file. You can use tools such as Windows PowerShell and LogParser to improve data extraction and reporting. You can also review the Central Administration site Check Update Status page for additional information, and you should run STSADM o LocalUpgradeStatus on all SharePoint servers in the farm to review their individual statuses.
12-36
Key Points
SharePoint creates a new upgrade log, as well as a new log listing only the errors encountered during the process, for each iteration of the upgrade process that you complete. Review the contents of each log file associated with the installation or upgrade carefully to verify that the process did not encounter any issues or errors. Search the log files for key terms such as Error, Warning, Failure, or Success, as well as any items that may be of significance to your situation or environment. If you find any issues, try to resolve those with the broadest impact or scope first before focusing on small problems or errors. The Test-SPContentDatabase cmdlet is still very useful after the completion of an upgrade, or even an install. It can run against a SharePoint 2010 farms content databases long after an installation or upgrade has been completed to check the status and health of a content database.
12-37
Do not forget to validate the end-user experience of your SharePoint 2010 farm after it is built or has been upgraded. Review the following items to ensure that they are fully functional and meet the requirements of your end users: Verify themes, styles, and images. Verify permissions. Identify broken links. Identify broken, missing, or hidden Web Parts. Identify large lists that may be throttled by default.
12-38
Lesson 4
Even though you may have successfully installed SharePoint 2010 in a new environment, it may not be automatically set up and ready for your users to start using. In almost every SharePoint 2010 farm, you still must perform several activities, regardless of whether you have 1 server or 10 servers or it is a fresh install or an upgrade from SharePoint 2007. This lesson identifies some of the most common activities you need to complete in your farm before you can open it for business. This lesson discusses configuring some of the core components of your farm, introduces a great new tool for assessing the health of your SharePoint 2010 farm, walks you through how to establish additional paths of access to the farm as well the process behind setting up the farm to host multiple organizations in siloed site collections.
12-39
Objectives
After completing this lesson, you will be able to: Use the farm configuration wizard tools. Run the SharePoint Health Analyzer. Configure alternate access mappings. Configure email and Short Message System (SMS) settings. Enable multitenancy. Set up timer jobs.
12-40
Key Points
The Farm Configuration Wizard is a tool new to SharePoint 2010 that is designed to help you complete some of the common tasks necessary to get your farms first SharePoint site up and running, as well as the services it needs to deliver content and functionality to end users. It is available to your farms administrators on the SharePoint Central Administration Web site.
12-41
Although administrators can manually carry out the tasks completed by the Farm Configuration Wizard either through the Central Administration site or with Windows PowerShell cmdlets, the Farm Configuration Wizard is a good way for administrators new to SharePoint 2010 to understand what information is necessary to complete its tasks and to complete them in a consistent manner. What it does: Configures selected service applications for your farm, such as Excel Calculation Services or the Managed Metadata service application Sets up managed accounts for those service applications, allowing SharePoint to manage account passwords directly without administrator intervention Creates your farms first content Web application
What it does not do: Do not confuse it with the SharePoint 2010 Products and Technologies Configuration Wizard. The Farm Configuration Wizard configures components and services in the farm, whereas the SharePoint 2010 Products and Technologies Configuration Wizard is responsible for creating and updating the farm itself. It does not do fine-grained configurations; the service applications and Web application created by the Farm Configuration Wizard still require additional administration and configuration before they are fully functional.
12-42
Key Points
Another valuable tool available in SharePoint 2010 to measure the well-being and stability of your SharePoint farm is the SharePoint Health Analyzer, located in the Monitoring section of your farms Central Administration Web site. It is intended to help you identify configuration issues in your SharePoint farm and optimize availability and performance. The SharePoint Health Analyzer is included with every edition of SharePoint and is preconfigured with a full set of defined health rules for evaluation. What it does: It checks rules on a scheduled basis, and it can also be run ad hoc. Administrators can enable or disable rules, configure schedules, and determine a rules scope. It generates visual alerts in the Central Administration site and emails alerts. It can be extended with custom-developed rules.
12-43
What it does not do: The SharePoint Health Analyzer does not replace comprehensive monitoring solutions such as Microsoft System Center Operations Manager. The SharePoint 2010 Management Pack (MP) for System Center Operations Manager actually includes the same set of default rules used by the Health Analyzer, as well as additional event and monitoring rules, integration with SharePoints Unified Logging System (ULS) logs, and valuable Microsoft Knowledge Base articles that provide contextual information and troubleshooting guidance for administrators.
12-44
Key Points
Alternate access mappings (AAMs) enable a single SharePoint 2010 Web application to be accessed through multiple URLs. Each SharePoint Web application can have up to five different AAMs for accessing its content. When you create each AAM, you must assign it an identifying label, such as Default or Intranet; these labels do not dictate how the AAM must be used or add any additional functionality to the AAM, they are simply for identification. Usage scenarios for AAMs include the following: Reverse proxy access Load-balanced Web servers Enabling multiple authentication providers for a site
You can create AAMs in the Application Management section of your farms Central Administration site or by using the New-SPApplication Windows PowerShell cmdlet.
12-45
Key Points
In SharePoint 2010, you can configure your farm to communicate directly and automatically with its users and administrators by email and/or SMS text message. This makes it easier for users to receive important notifications quickly as well as allows administrators both to receive and send messages through the farm. On the Central Administration sites System Settings page, you can configure the following settings: Delivery of email from the farm to users for access notifications, alerts, task assignments, and so forth Delivery of email to administrators from users requesting access or assistance with issues Delivery of text messages between your farm and mobile devices
12-46
To configure outgoing email you need a Simple Mail Transfer Protocol (SMTP) server and an email address for sending and receiving. To configure incoming email you need an SMTP server configured (it can be the same server you used for outgoing email) and a drop folder for storing messages on the servers file system. To configure SMS messaging, you need a URL for your SMS service provider and account access data for the SMS service.
12-47
Enabling Multitenancy
Key Points
The new SharePoint 2010 multitenancy features allow for site collections in a single Web application to be grouped and for each groups user experiences, profile stores, search indices, and other resources to be isolated from one another while still using the shared resources of the overall farm. You can use multitenancy to deliver hosted SharePoint environments for multiple customers without configuring separate infrastructure resources for each customer account. Common use cases are the following: Hosted SharePoint sites as a service for sale to the public, similar to Microsoft SharePoint Online offerings Hosted SharePoint sites as a service provided by a large enterprise to its internal divisions, allowing for rapid deployment of sites, segmentation of functionality and information, and shared infrastructure resources Delegation of common administrative tasks
12-48
Key Points
SharePoint 2010 gives administrators much more control over timer jobs, how they are scheduled, when they can be run, and where they are run. In previous editions of SharePoint, administrators could use the Central Administration site only to check on the status of timer jobs and delete failed jobs. The Central Administration sites Timer Jobs Definitions page now enables the following configuration: Code-free modification of an individual timer jobs schedule A Run Now option to enable ad hoc execution of specific timer jobs Rich information on the status and outcome of a timer job on the timer jobs status page
12-49
The Timer Job Definitions page also displays useful information about what a timer job does, where it runs, and when it is run. To view more detailed information about the current status of a timer job, you can visit the Timer Job Statuses page. It displays information about when a timer job is next scheduled to run, which timer jobs are currently running, any failed timer jobs, and historical execution data for each of the farms timer jobs.
12-50
Lesson 5
Updating SharePoint
When SharePoint is up and running the way you want it, your focus should turn to more operational matters: performing maintenance on your environment and ensuring its long-term health and stability. A key maintenance activity for any software platform, and for SharePoint in particular, is updating to the application in the form of updates, hot fixes, and service packs. Whether these updates introduce new functionality, enhance existing capabilities of the environment, or resolve important issues, when you apply them in an effective and timely manner you can maintain a secure and robust SharePoint environment. Microsoft has done a lot to make the application of SharePoint updates a much more manageable process, with specific attention to reducing the amount of downtime necessary for updating. SharePoint 2010 can integrate multiple versions of SharePoint into a single farm so that administrators of environments with multiple servers can gradually distribute updates throughout a farm without interrupting services to users.
12-51
Objectives
After completing this lesson, you will be able to: Describe the SharePoint update process. Describe SharePoint update types. Update a single-server farm. Update a multiple-server farm.
12-52
Key Points
To update most applications, even complex server-based applications, is usually a matter of running an installer to apply updates to the application, verify the results of the process, and then declare it complete. Because SharePoint stores so much of its configuration data in its databases, the update process requires additional planning and consideration. The SharePoint platform is updated in two distinct ways: Binary updates Database updates
Binary updates modify the installed SharePoint binaries on each SharePoint server in the farm by deploying updates through installation packages, similar to how most typical software updates are done. Database updates can modify the configuration, structure, and content of the farms SQL Server databases and can be scripted using Windows PowerShell cmdlets; this part of the update process is what makes SharePoint unique.
12-53
In previous versions of SharePoint, the binaries on every server in a farm, as well as its databases, all had to be using the same version of SharePoint. If they were not using the same version, the farm could encounter errors, lose some functionality, or even become completely inoperable. In SharePoint 2010, a farms binaries can be updated to a newer version than its databases use, allowing for more fluid updating activities that require less downtime for end users. This gives administrators more flexibility in planning their updating activities so that updates can be rolled out gradually to meet tighter requirements for uptime while keeping the SharePoint platform updated and secure. The eventual goal of applying updates to SharePoint is still the same: to update the SharePoint environment to the latest and most stable version so that it has the best combination of security and functionality available from Microsoft. This is accomplished by finalizing the update process with the SharePoint Products and Technologies Wizard, bringing all of a farms components to a consistent version.
12-54
Key Points
SharePoint follows Microsofts standard convention for numbering versions of software products: MMMM.mmmm.BBBB.rrrr (where MMMM indicates the major version for the product, mmmm is the minor version, BBBB is the build version number, and rrrr is the revision number, which indicates the versions type of update). The two important values to consider when reviewing the version number of a SharePoint installation are the major version number and the build version number. The major version indicates the released version of the product; all versions and updates to SharePoint 2010 are marked with a major version value of 14. Because upgrading a farm from SharePoint 2007 to SharePoint 2010 changes the farms major version from 12 to 14, that process is considered to be a version-to-version upgrade. The build version number indicates the specific level in the major version that SharePoint has been updated to, such as the release to manufacturing (RTM) version or that of a later cumulative update (CU) or service pack (SP). Applying updates to SharePoint is considered to be a build-to-build upgrade.
12-55
Update compatibility ranges define the spectrum of version numbers that servers and databases in a farm can cover and still function cohesively. Services packs should delineate compatibility ranges, meaning that all updates to SharePoint between its RTM release and Service Pack 1 should be in the same compatibility range, while updates made between Service Pack 1 and Service Pack 2 are in a separate compatibility range. Microsoft makes the following types of updates available: Individual updates to resolve specific issues or vulnerabilities as they arise. Cumulative updates (CU), which cumulatively roll up all publicly released updates since the last major update and are released every two months. Service packs, which indicate a major update to the platform and include updates as well as new functionality. Service packs are released very infrequently and should represent the boundary for compatibility ranges.
12-56
Key Points
In a single-server SharePoint 2010 environment, the important point to understand is that downtime or an outage is unavoidable. Because the farm does not include any redundancy it must be unavailable during the upgrade process to prevent resource contention, data corruption, and fatal errors. You need to communicate that outage proactively to your farms users, as well as make it unavailable during the updates in case the message is not delivered in time to all users. Always take the time necessary to review the documentation completely for each update prior to installing it and adjust the following steps according to the installation information included with the update. If at all possible, test the updates in a separate environment prior to deploying them in your production environment and back up your production environment before updating itthe only way to roll back a SharePoint 2010 update is to rebuild your farm and restore your content to it.
12-57
To apply a build-to-build update to a single-server SharePoint farm, complete the following steps: 1. 2. 3. 4. Obtain the update from Microsoft and copy it to the server. Schedule an outage window during off-peak hours and communicate it to your users. Prior to the advertised outage window, run the updates installer to deploy the binary update to the servers file system. When the outage window begins, make the farm unavailable by stopping its Web sites in Internet Information Services (IIS), and then update the farms content databases using the Upgrade-SPContentDatabase cmdlet. Finalize the update by running the SharePoint Products and Technology Configuration Wizard. Review the updates log file to verify that the update completed without error. Validate that the farms sites are fully functional. Communicate to users that the outage window has ended.
5. 6. 7. 8.
12-58
Key Points
The steps to update a SharePoint 2010 farm with multiple servers are similar to those for updating a single-server farm. However, in addition to the obvious changes in scale, more detailed planning is necessary to reduce downtime and issues. You should update in stages servers assigned redundant roles in the farm so that you can shift traffic and workloads to some servers with a given role while the other servers are updated. This allows your farm to continue to function without disrupting service, or at least it keeps disruptions to a minimum. You should still alert users about the update activity because they may experience degraded performance (resulting from a reduction in available resources in the farm) or unforeseen errors may force you to take an outage.
12-59
As with a single-server farm, it is important always to take the time necessary to review the documentation completely for each update prior to installing it and adjust the following steps according to the installation information included with the update. Make sure to review the documentation carefully for instructions specific to farms with multiple servers. It is still critical to test your update and protect your production environment with a backup prior to starting the update process. To apply a build-to-build update to a multiple-server SharePoint farm, complete the following steps: 1. 2. 3. Obtain the update from Microsoft and copy it to each server in the farm. Schedule an outage window during off-peak hours and communicate it to your users. Update the binaries on each SharePoint server in the farm prior to the advertised outage window. a. b. Review the farms servers to identify each servers role(s) so that you can group together servers with the same roles for updating. If the farm has load-balanced WFEs, remove half the clusters node and update them, and then reverse the configuration to ensure optimal uptime.
4. 5. 6. 7. 8. 9.
Ensure that the binary updates installer has been run on every server in the farm prior to the outage window. When the outage window begins, update the farms content databases using the Upgrade-SPContentDatabase cmdlet. Finalize the upgrade by running the SharePoint Products and Technology Configuration Wizard. Review the upgrades log file to verify that the upgrade completed without error. Validate that the farms sites are fully functional. Communicate to users that the outage window has ended.
12-60
12-61
8.
12-62
2.
3.
To open the site listing in Notepad, type the following command and press ENTER:
notepad C:\SiteList.xml
12-63
4.
Delete the following two elements (the entire line of XML): Site Url="http://intranet.contoso.com" Site Url="http://intranet.contoso.com/sites/IT"
Confirm that the only remaining Site element is for the Sales site collection. 5. 6. 7. 8. Click File, and then click Save. Close Notepad. Switch to Administrator: Command Prompt. To move the Sales site collection from the WSS_Content_Intranet content database to the WSS_Content_Sales content database, type the following command, and then press ENTER:
"C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Bin\stsadm.exe" -o mergecontentdbs -url http://intranet.contoso.com -sourcedatabasename WSS_Content_Intranet -destinationdatabasename WSS_Content_Intranet_Sales -operation 3 -filename C:\SiteList.xml
9.
2. 3. 4.
12-64
5.
6. 7.
Click Format, and then click Word Wrap. Observe the information that is reported for each site collection, including the owner (primary site collection administrator), content database, and storage utilization. Close Notepad. Close Administrator: Command Prompt.
8. 9.
12-65
8. 9.
Click the Execute button. Confirm that at the bottom of the Results panel, the status indicates Query executed successfully.
12-66
10. Repeat steps 69 to back up and truncate the WSS_Content_Intranet_IT database. Use the following query:
use WSS_Content_Intranet_IT dbcc shrinkfile ('WSS_Content_Intranet_IT') dbcc shrinkfile ('WSS_Content_Intranet_IT_log') go backup database WSS_Content_Intranet_IT to disk = 'C:\Backups\WSS_Content_Intranet_IT.bak' go backup log WSS_Content_Intranet_IT to disk = 'C:\Backups\WSS_Content_Intranet_IT_log.bak' go dbcc shrinkfile ('WSS_Content_Intranet_IT') dbcc shrinkfile ('WSS_Content_Intranet_IT_log') go
11. Repeat steps 69 to back up and truncate the WSS_Content_Intranet_Sales database. Use the following query:
use WSS_Content_Intranet_Sales dbcc shrinkfile ('WSS_Content_Intranet_Sales') dbcc shrinkfile ('WSS_Content_Intranet_Sales_log') go backup database WSS_Content_Intranet_Sales to disk = 'C:\Backups\WSS_Content_Intranet_Sales.bak' go backup log WSS_Content_Intranet_Sales to disk = 'C:\Backups\WSS_Content_Intranet_Sales_log.bak'
12-67
12. Repeat steps 69 to back up and truncate the WSS_Content_MySites database. Use the following query:
use WSS_Content_MySites dbcc shrinkfile ('WSS_Content_MySites') dbcc shrinkfile ('WSS_Content_MySites_log') go backup database WSS_Content_MySites to disk = 'C:\Backups\WSS_Content_MySites.bak' go backup log WSS_Content_MySites to disk = 'C:\Backups\WSS_Content_MySites_log.bak' go dbcc shrinkfile ('WSS_Content_MySites') dbcc shrinkfile ('WSS_Content_MySites_log') go
13. Open the C:\Backups folder. 14. Confirm that the database and log backup files were created. 15. Close the C:\Backups folder. 16. Close SQL Server Management Studio. When prompted to save your changes, click No.
12-68
12-69
3. 4. 5. 6. 7.
Switch to Command Prompt. Review the output of the command. Switch to Internet Explorer. Review the report. Close all open windows and applications.
12-70
12-71
1. 2. 3. 4. 5. 6. 7. 8. 9.
Log on to SP2007-WFE1 as CONTOSO\Administrator with the password Pa$$w0rd. Click Start, point to All Programs, click Microsoft SharePoint 2010 Products, and then click SharePoint 2010 Products Configuration Wizard. On the Welcome to SharePoint Products page, click Next. A message appears to inform you that services may have to be started or reset. Click Yes. On the Specify Farm Security Settings page, type 10174_SharePoint_2010 in the Passphrase and Confirm passphrase boxes. Click Next. On the Visual Upgrade page, review the message and options. Click Preserve the look and feel of existing SharePoint Sites, and allow end users to update their sites user experience. Click Next.
10. On the Completing the SharePoint Products Configuration Wizard page, click Next. A SharePoint Products Configuration Wizard message opens. The message reminds you to install the binaries on all servers in the farm before you run the wizard. Click OK. 11. On the Configuration Successful, Upgrade In Progress page, read the message, and then click Finish. SharePoint 2010 Central Administration opens.
12-72
2. 3. 4. 5.
6. 7. 8.
Read the first warning message. Press F3 to locate the next warning message, and then read the message. Repeat this step for all warning messages. Close Notepad.
12-73
7.
12-74
5. 6.
Identify the Starting object for the upgrade session. Observe the number of errors and warnings.
7.
12-75
10. Click Finish. 11. Close SharePoint 2010 Central Administration. 12. Close all open windows and applications.
12-76
12-77
12-78
Review Questions
1. 2. 3. What options are available to administrators when running visual upgrade? Which are the application server roles available? What advantages does scripting a build process offer?
13-1
Module 13
Implementing Business Continuity
Contents:
Lesson 1: Protecting and Recovering Content Lesson 2: Working with Backup and Restore for Disaster Recovery Lesson 3: Implementing High Availability Solutions Lab A: Implementing a Backup Strategy Lab B: Implementing a Restore Strategy 13-4 13-11 13-28 13-44 13-52
13-2
Module Overview
This module describes the principles and processes that are behind business continuity. It identifies possible solutions, and identifies which elements of Microsoft SharePoint can help you determine the plan that you implement. The cost that loss of a system can represent is minimal in comparison to the impact the loss of information can have on an organization. Loss of information can happen in many different types of failures. Some may be natural causes, and others can be man-made. Business continuity is defined as the process and procedures that are implemented to outline a plan that sets the path to recovery from disruption of service and restores access to information in a given time period.
13-3
Objectives
After completing this module, you will able to: Describe how to protect content and recover content. Perform backup and restore operations to mitigate against disasters. Implement high availability solutions with SharePoint Server.
13-4
Lesson 1
When working as an administrator, one essential task is determining how to protect the information that is part of the lifecycle of your organization. In order to achieve this, you must be able to use features that are an intrinsic part of SharePoint, including version control and the Recycle Bin.
Objectives
After completing this lesson, you will be able to: Configure version control. Configure and manage the Recycle Bin. Import and export content.
13-5
Key Points
Version control is a way to store multiple copies of a document. Those multiples you can store are defined by the historical changes you may want to keep on an item. Version control has the following options: No versioning. Nothing is stored and all changes overwrite the previous version, leaving no trail. Major version. This represents major changes in the document, and each change becomes a major version. Major and minor versions. Documents can exist in two formsa major version, denoted by a .0, or a minor version, denoted by a .1 to .9. This setting is the most granular setting possible, and it will require the most planning for space considerations.
13-6
Key Points
The Recycle Bin is a means of simple content recovery that users can perform in a SharePoint 2010 implementation. The default setting for the Recycle Bin is to be active and to provide a 30-day window within which a user can recover an item without administrator intervention. In order to provide this recovery window, it is important to understand the way the Recycle Bin operates. The Recycle Bin has two stages: Stage 1. This first stage of the Recycle Bin is a site level protection that allows users with contribute, design, or full control permission to recover items intended for deletion. Stage 2. The second stage Recycle Bin is a site collection level protection. At this level, information needs to be recovered by the site collection administrator.
13-7
The process to go from Stage 1 to Stage 2 depends on the configuration of the Recycle Bin settings in Central Administration. These settings are specific per Web application. The configurable settings include: Enable or disable the Recycle Bin protection Define the time in days to keep a given item through the stages Define the percentile amount of live site quota allocated for Stage 2 items
13-8
Key Points
The importing and exporting content feature provides a level of granularity that is useful when working with sites, lists, or libraries. It provides a quick way of protecting sensitive information that uses a simple mechanism to help provide protection. Import and export operations can be centrally managed by using Central Administration or by taking advantage of Windows PowerShell.
Exporting Content
The export option in SharePoint gives you a very granular level of control over the content that you want to extract, such as sites, lists, and libraries. This export process will create a file that will contain the information you select.
13-9
To export content using Windows PowerShell: 1. 2. 3. 4. On the Start menu, click All Programs. Click Microsoft SharePoint 2010 Products. Click SharePoint 2010 Management Shell. At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:
Export-SPWeb -Identity <Site URL> -Path <Path and file name> [ItemUrl <URL of site, list, or library>] [-IncludeUserSecurity] [IncludeVersions] [-NoFileCompression] [-GradualDelete] [-Verbose]
Importing Content
The import option in SharePoint lets you bring in content in a granular style. It allows you to select the items that are needed from an export that was performed previously from a backup or from read-only databases. To import content using Windows PowerShell: 1. 2. 3. 4. On the Start menu, click All Programs. Click Microsoft SharePoint 2010 Products. Click SharePoint 2010 Management Shell. At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:
Import-SPWeb -Identity <Site URL> -Path <Export file name> [Force] [-NoFileCompression] [-Verbose]
Note: It is important that you do not rely on import and export to replace backup and restore procedures.
13-10
Additional Reading
Export a site, list or document library at http://go.microsoft.com/fwlink/?LinkID=197239&clcid=0x409. Import a list or document library at http://go.microsoft.com/fwlink/?LinkID=197240&clcid=0x409.
13-11
Lesson 2
You can recover from various disaster scenarios if you have a well-defined plan that describes the actions that you must take in a given situation and the processes you must complete after a system failure or instance of data loss.
Objectives
After completing this lesson, you will be able to: Define disaster recovery. Protect your content by using backup. Protect your farm deployments by using backup.
13-12
Perform backup operations to protect your configuration. Protect customizations. Use restore to recover from disasters. Use Microsoft System Center Data Protection Manager (DPM) 2010.
13-13
Key Points
As a SharePoint Administrator, you are responsible for implementing an effective disaster recovery solution that meets the needs of your users; a solution that takes into consideration your organizations goals, and overall, a platform that offers healthy and functional operations. Disaster recovery is the process of bringing the SharePoint solution back to a healthy and functional operational state after a failure or disaster. It is important to define and understand the metrics that dictate the effectiveness of the process; this is known as Recovery Point Objective, or the amount of data to be recovered and lost; and Recovery Time Objective, or the time that will elapse for the solution to be in a recovered operational state and back online. This information is not only to have a value for the information you collect. There is a need to make sure the plan you are defining and stating is part of the collection of considerations you are taking into your Service Level Agreement and also part of your Operational Level Agreement. The SLA is the overall agreement between IS/IT and the business department. OLAs are agreements between different IS/ITdepartments and the Service Level Manager.
13-14
Key Points
When working with backups, you are creating a copy of data that is used to restore and recover that data in the event of a system failure. Backups allow you to restore data after a failure. If your backup strategy is sound, you have a greater chance of recovering from many system failures, including the following: Media failure User errors (such as accidental content deletion) Hardware failures (for example, a failed hard disk or permanent loss of a server) Natural disasters
When considering SharePoint content, you should focus on working with items that are stored in a site collection; this is a common process to add a safety level to protecting content beyond version control and the stages of the Recycle Bin.
13-15
There are several features you can take advantage of when running backups of a site or site collection. The features are: Executing backups from Central Administration. Executing backups of content databases using Microsoft SQL Server Administration tools like SQL Server Management Studio.
Granular Backups
In SharePoint 2007, all granular backup and restore operations were only available by using STSADM. SharePoint 2010 has integrated granular backup and restore operations into both Central Administrator and PowerShell. Performing backup operations deemed as granular can be performed from Central Administrator or PowerShell. Granular restore operations are only available using PowerShell. SharePoint 2010 offers more flexible options in terms of what can be backed up and restored. Its possible to back up and restore site collections, sites, lists, document libraries, and items. The options for performing granular backups using Central Administrator are: Perform a site collection backup Export a site or list Recover data from an unattached content database
13-16
The granular backup and export architecture uses a Transact-SQL query and export calls. This process results in a more read-intensive and processing-intensive operation than farm backup. A farm backup will capture most of the information with regards to configuration and content in a SharePoint deployment. From the granular backup system, a user can back up a site collection, or export a site or list. If your database implementation is based on Microsoft SQL Server Enterprise Edition, the granular backup system can make use of SQL Server database snapshots to ensure that data remains consistent while the backup or export is in progress. When a snapshot is requested, the SQL Server database snapshot of the appropriate content database is taken. SharePoint Server uses it to create the backup or export package, and then the snapshot is deleted. Database snapshots and their originating database are linked. If for any reason the originating database were to become deleted or unavailable, this would affect the snapshot as well.
Additional Reading
To back up a site collection: http://go.microsoft.com/fwlink /?LinkID=197243&clcid=0x409. Back up a content database: http://go.microsoft.com/fwlink /?LinkID=197242&clcid=0x409.
13-17
Key Points
It is recommended for your backup plan that you consider backing up the complete farm by including both the configuration and content. Regular backups of the farm will greatly reduce the possibility of data loss that is possible due to hardware failures, power outages, or other elements that may impact your environment. Performing a backup does not affect the state of the farm. It does require resources and has the potential to affect farm performance when the backup process is taking place.
Considerations
To avoid performance issues, run backups of the farm during off hours. Backing up the farm backs up the configuration and Central Administration content databases, but these cannot be restored using Microsoft SharePoint Server 2010 tools.
13-18
In order for SharePoint Server 2010 to backup remote Binary Large Objects BLOB), the FILESTREAM remote BLOB store provider needs to be used. This will allow for the BLOBs to be safely stored. If you are using another provider, you must manually back up the remote BLOB stores. The farm backup process does not back up any certificates that you used to form trust relationships. Ensure that you have copies of those certificates before you back up the farm. You must re-establish these trust relationships after restoring the farm. If you are using SQL Server with Transparent Data Encryption (TDE), and you are backing up your environment by using SharePoint tools or SQL Server tools, the TDE encryption key is not automatically backed up or restored. You must back up the key manually. When restoring, you must manually restore the key before restoring the data.
A farm backup will include all elements of server farm. It is considered a full backup.
Considerations:
Farm backups cannot be restored to other product versions Downgrade and upgrade topologies with farm backup and restore are not possible The destination farm must have the same topology as the original farm
Additional reading
To back up a farm: http://go.microsoft.com/fwlink /?LinkID=197244&clcid=0x409.
13-19
Key Points
You should perform backups at the farm level; however, there are circumstances that may require you to perform certain types of backups that align more with business requirements. For example, performing configuration or service backups. When performing a farm backup, the configuration information is included, but you cannot recover the configuration data without performing a full farm restore. If the configuration changes and no other element within the farm is affected, then it is good practice to back up the configuration settings. Service application backups allow you to be granular in having only the needed services backed up. For example, Access Services is not critical, but the items for Excel Services are.
13-20
Considerations:
You cannot use SQL Server tools or Data Protection Manager (DPM) to back up the farm configuration. Backing up the farm configuration will not back up the information you have to have to restore service applications. If you want to restore a service application, you must perform a configuration and content backup of the farm or service application. When performing a service application backup for the first time, you need to use the Full option. This defines a marker so Differential backups can be used.
13-21
13-22
Protecting Customizations
Key Points
Customizations to SharePoint sites can include the following: Custom DLLs, assemblies that have been deployed to the global assembly cache (GAC) XML files used to configure feature or site definition XML files Master pages, page layouts, and cascading style sheets Web Parts, site or list definitions, custom columns, new content types, custom fields, custom actions, coded workflows, and workflow activities and conditions Third-party solutions and their associated binary files and registry keys, such as IFilters
13-23
13-24
Key Points
Once you have a valid backup, you have the ability to restore that backup to the same farm or to new server hardware. There are manual steps that you must perform following your restore operation to get the farm back up and running. In SharePoint 2010, most of the missing items have been added into the backup process, and you have fewer items that require a manual set up after the restore. Before you restore a SharePoint 2010 farm, ensure that the following requirements are met: To restore a farm by using the SharePoint Central Administration Web site, you must be a member of the Farm Administrators group. To restore a farm by using Windows PowerShell, you must be a member of the SharePoint_Shell_Access role on the configuration database and a member of the WSS_ADMIN_WPG local group on the computer where SharePoint 2010 Products is installed.
13-25
The database server's SQL Server account, the Timer service account, and the Central Administration application pool account must have Read permissions to the backup locations. The database server's SQL Server account must be a member of the sysadmin fixed server role. Your login account must have Read permissions to the backup locations. Ensure that the SharePoint Foundation Administration service is started on all farm servers. By default, this service is not started on stand-alone installations.
Consider the following before you restore a farm: Restoring from one version of SharePoint Products and Technologies to a different version is not supported. After recovery, search might take as long as 15 minutes to be available again. It can take longer than 15 minutes if the search system has to crawl all the content again. If you backup and restore the complete service, the system does not have to perform a full crawl.
13-26
Key Points
System Center Data Protection Manager delivers unified data protection for Microsoft Windows servers and clients as a backup and recovery solution for Windows environments. DPM 2010 provides the protection and restore scenarios from disk, tape, and cloudin a scalable, manageable, and cost-effective way. Benefits you see by implementing System Center Data Protection Manager: No need for a recovery farm Automatic protection of new content databases without the need for a consistency check Scheduling of the SharePoint catalog job which enables item level recovery
13-27
Example
1. 2. 3. 4. DPM initiates a database recovery to a recovery database server. This could be on the passive node in a SharePoint server cluster. The production WFE used to protect the farm connects to the recovered database and begins the extraction process. Content Migration API on the production WFE is used to export content from the unattached database. Content Migration API is used again to import the package back into the SharePoint object hierarchy and associated SQL Server database in the production farm.
13-28
Lesson 3
A highly available solution considers many factors that allow the implementation to achieve the expectations of your organization. Redundancy of services is essential to provide the best possible means of access for your users. The goal of a high availability solution provides continuous, long-term access to data. When analyzing such solutions, one must consider the needs of the business and various technical and non-technical constraints that impact high availability solutions, including all factors that contribute to planned and unplanned downtime. In this lesson, you will learn and discuss how to implement solutions that mitigate those situations.
13-29
Objectives
After completing this lesson, you will be able to: Describe high availability. Describe SharePoint Roles and Services. Implement Load Balancing. Implement SQL Server Clustering. Implement SQL Server Database Mirroring. Implement Log Shipping. Work in Read-Only Mode.
13-30
Key Points
Organizations have come to rely more and more on their Information Technology (IT) infrastructure to support their business needs. In many cases, an organizations server infrastructure provides applications or contains data that is critical to business operations. As a result, the availability of those applications and the retention and safety of that data must be managed to ensure business continuity through high availability and data recovery. High availability refers to the ability of a server infrastructure to remain available and operable in the event of hardware, application, or service outages within the server infrastructure itself. Organizations that are required to meet service level agreements (SLAs) or that run applications critical to an organizations daily business typically use high availability solutions to achieve required server uptimes. This uptime value is often referred to as the number of 9s referred to in the percentage of that servers total availability. It is not uncommon for companies to strive for five nines of uptime (99.999%), which equates to less than ten minutes per year of server downtime.
13-31
High availability typically involves multiple servers configured to perform the same role or provide similar services. If one of the servers experiences a hardware or software failure, the remaining servers continue to provide the services. SharePoint Server 2010 contains several features that assist you in maintaining high availability in your server infrastructure.
13-32
Key Points
SharePoint is a distributed platform consisting of services that run on servers in specific roles. The roles are identified as: Web front-end. Connection points for users, configured by using load balancing. Application Servers. Host service applications can provide redundancy and load balanced solutions. Database Server. Hosts the content and configuration databases for a SharePoint environment. There are several solutions for implementing a high availability solution. For example, the list below describes some the possible solutions that can be used individually or combined to extend the scope of protection: Failover Clustering. Failover clustering allows for a group of servers to work together to provide a set of applications or services. The level of protection provided is at the server level.
13-33
Database Mirroring. Microsoft SQL Server database mirroring is a software-based high availability solution that sends transactions directly from a principal database to a mirror database when the transaction log buffer for the principal database is written to disk. The level of protection provided here is at the database level and does not include system databases. Log Shipping. Log Shipping is a low-cost method of creating a standby server by using standard hardware. Log shipping works by initially restoring a full database backup of the database from the primary server to a secondary server, and then periodically applying transaction logs. The level of protection provided here is at the database level and does not include system databases. Database Snapshots. Database snapshots are read-only, static views of a database. Each database snapshot is transactionally consistent with the source database as of the moment of the snapshot's creation. Snapshots can be used in the event of a user error on a source database, because an administrator can revert the source database to the state it was in when the snapshot was created. Data loss is confined to updates to the database since the snapshot's creation. The level of protection provided here is at the database level and does not include system databases.
13-34
Key Points
NLB provides high availability and scalability for TCP/IP-based services, including Web servers, File Transfer Protocol (FTP) servers, as well as other mission-critical servers and services. In an NLB configuration, multiple servers run independently, and do not share any resources. This group of servers is referred to as a cluster. Client requests are distributed among the servers, and in the event of a server failure, NLB detects the problem and distributes the load to another server. NLB allows you to increase network service performance and availability. In terms of a SharePoint implementation, it is the structuring and distribution of the Web front-end roles to maximize the experience the users will have when accessing the SharePoint site. Using multiple components with load balancing, instead of a single component, increases reliability through redundancy. The load balancing service is usually provided by dedicated software or a hardware-based device (such as a multilayer switch or a DNS server).
13-35
It is commonly used to mediate internal communications in computer clusters, especially high-availability clusters. If the load is more on a server, then the secondary server takes some load while the other is still processing requests. NLB typically provides the following features: High availability Performance Scalability
13-36
Key Points
Failover clustering allows for a group of servers to work together to provide a set of applications or services. Together, these servers provide a fault tolerant configuration that continues to provide its applications and services, even if one of the servers in the cluster fails or becomes unavailable. Failover clustering is another technology in Windows Server 2008 R2 that provides for high availability. In a failover cluster, a group of servers, or cluster, work together to increase the availability of a set of applications and services. Physical cables and software connect the clustered servers, referred to as nodes. If any of the cluster nodes fail, other nodes begin to provide service to clients (a process known as failover). With this method, system downtime is minimized and a high level of availability is provided.
13-37
Applications that are best suited for configuration in a failover cluster are applications that use a centralized set of data. Applications like Microsoft SQL Server, Microsoft Exchange Server, and services like Dynamic Host Configuration Protocol (DHCP), file and print, and Dynamic Name System (DNS) use centralized data sets and are therefore ideal for being configured as a failover cluster.
Applications or services that are added to a failover cluster must be cluster-aware in order to take advantage of the full benefits provided by failover clustering. Clusteraware refers to the applications ability to register with the failover cluster in order to communicate with the cluster and take advantage of the clusters features. SQL Server is a cluster-aware application. SQL Server is a cluster aware service that works under the Microsoft Windows Clustering and the functionality of the database engine then is controlled and monitored by the cluster functionality so it can failover to a partner node in the event of failure. A failover cluster instance appears as a server on the network, but has functionality that provides failover from one node to another if the current node becomes unavailable. For a SharePoint Server 2010 implementation, this is fully transparent and automatic.
Additional Reading
Getting Started with SQL Server 2008 R2 Failover Clustering at http://go.microsoft.com/fwlink/?LinkID=197245&clcid=0x409. Installing a SQL Server 2008 R2 Failover Cluster at http://go.microsoft.com/fwlink/?LinkID=197246&clcid=0x409.
13-38
Key Points
Microsoft SQL Server database mirroring is defined as a software-based high availability solution that sends transactions directly from a principal database to a mirror database when the transaction log buffer for the principal database is written to disk. To implement SQL Server Database Mirroring on a Microsoft SharePoint Server 2010 farm, you implement the high availability database mirroring capability, also known as high safety mode with automatic failover. In order to implement the high availability database mirroring configuration, you will define three server instancesa principal, a mirror, and a witness. The witness server enables SQL Server to automatically fail over from the principal server to the mirror server. While there is only one witness server in this configuration, in the event of witness failure, the servers in the configuration would establish quorum and continue with the operations. Failover from the principal database to the mirror database typically takes several seconds.
13-39
In a SharePoint Server 2010 farm, SQL Server Database Mirroring provides redundancy for the content and configuration databases. It can also be configured for service databases.
Configuration
Central Administration in SharePoint 2010 provides an entry point that configures the failover partner for the database mirroring configuration.
Note: Configuration databases do not have an entry point to configure database mirroring. You can use Windows PowerShell to configure the failover partner.
Additional Reading
Configure availability by using SQL Server database mirroring at http://go.microsoft.com/fwlink/?LinkID=197247&clcid=0x409. Sample script for configuring SQL Server database mirroring at http://go.microsoft.com/fwlink/?LinkID=197248&clcid=0x409
13-40
Overview
Log shipping is a low-cost method of creating a standby server by using standard hardware. Log shipping works by initially restoring a full database backup of the database on the primary server to a secondary server, and then periodically applying transaction logs from the primary server to the standby system. Log shipping is available for user databases but not system databases.
13-41
Optionally, you can create a monitor server. The monitor server logs any problems with log shipping as well as listing the last backup and restore operations. Monitor servers should be separate to the primary and standby servers in case one of the servers fails.
Additional Reading
Configure availability by using SQL Server database mirroring at http://go.microsoft.com/fwlink/?LinkID=197247&clcid=0x409. Sample script for configuring SQL Server database mirroring at http://go.microsoft.com/fwlink/?LinkID=197248&clcid=0x409.
13-42
Key Points
SharePoint 2010 supports read-only databases. This means that you have set the database to a Read Only state in SQL Server. SharePoint will recognize this state and adjust the API accordingly. In a read-only farm, only content databases are read-only. All other databases, including the configuration database, Central Administration content database, and search database, are read/write. Site collections that are associated with a readonly content database are automatically set to be read-only if the locking status of the site collection was previously set to None, No Additions, or Read Only. If the locking status of the site collection was previously No Access, it remains No Access when the database locking status is changed. If you plan to provide users with access to a read-only site or farm, you should set expectations for what they will be able to do on the site and how the user interface will differ.
13-43
The user experience of a read-only site is characterized by the following: Common tasks that do not require writing to the content database are fully available Most of the common tasks that require writing to the content database is not available, either because they have been disabled in the user interface, or because the user is no longer allowed to apply changes Some common tasks that require writing to the content database appear to be available, but return errors
13-44
Scenario
Contosos SharePoint governance plan requires that sites be backed up regularly. You have been asked to demonstrate the out of box backup functionality of SharePoint Server 2010, and to create an automated, nightly backup of the SharePoint farm.
13-45
Note: In a production environment, you should configure NTFS permissions that ensure the least privilege access to the folder. The service account that performs the backup operation should be given Full Control permission to the backup share.
13-46
Perform a full backup of the Web application, SharePoint intranet.contoso.com80, to the backup share, \\SP2010-WFE1.contoso.com\SharePointBackup. The Backup and Restore Job Status page opens. The page refreshes every few seconds. You can click Refresh to refresh the page manually.
Note: The backup operation may complete with warnings. This is expected in this lab. You may continue to the next step.
Results: After this exercise, you should have backed up the intranet Web application using Central Administration.
13-47
Locate the SPHistoryObject element. This element describes the backup operation, and is used during a restore operation.
13-48
Locate the SPBackupDirectory element. This element is a reference to the folder in which the backup files are stored. Locate the SPWarningCount and SPErrorCount elements. These elements report warnings and errors. Close Notepad. Open the spbr0000 folder, and then observe the backup (*.bak) files in the folder. Open the file, Spbackup.xml, in Notepad. Examine the file. This file contains attributes related to the backup operation and to each of the components. It is used during a restore operation. You should not modify, delete, or rename the Spbackup.xml file.
Close Notepad.
13-49
Navigate to the top of the log, and then use the Find command to find the text, BACKUP DATABASE. Observe the command that was sent to SQL Server to back up one of the SharePoint databases. Answer the following questions: Which SharePoint database was backed up? Which database backup (.bak) file in the backup folder contains that SharePoint database?
Repeat step 5 to identify the database backup file that contains the backup of the WSS_Content_IT database. Close Notepad.
Results: After this exercise, you should have investigated the files and logs in the SharePoint backup share. You should also have identified the database that is a backup of the SQL database, WSS_Content_IT.
13-50
13-51
Note: The operation to perform a full backup of the entire farm takes several minutes to complete.
Results: After this exercise, you should have created a backup script using Windows PowerShell and scheduled the script to run nightly.
13-52
Scenario
You have recently configured an automated, nightly backup of your SharePoint farm. The SharePoint governance policy requires you to test your backups every 60 days. You have been tasked with testing the most recent backup by restoring it to a staging environment. You must also verify that you can perform a partial restore of a site collection, site, and list.
13-53
13-54
Results: After this exercise, you should have deleted and then restored a SharePoint Web application.
13-55
13-56
Write down the warning message. Navigate to the top of the log, and then use the Find command to find the text, RESTORE DATABASE. Observe the command that was sent to SQL Server to back up one of the SharePoint databases. Answer the following questions: Which SharePoint database was backed up? Which database backup (.bak) file in the backup folder contains that SharePoint database?
Close Notepad.
Results: After this exercise, you should have investigated the restore logs in the SharePoint backup share.
13-57
13-58
In the Select the backup sets to restore box, select the check box next to WSS_Content_Intranet_IT.
Tip: If you do not see WSS_Content_Intranet_IT listed, it is because you did not restore the correct database. Return to Lab A, Exercise 2, Task 2 to identify the database that contains WSS_Content_Intranet_IT. Then repeat Task 1 of this exercise.
After you start the export, monitor the Granular Backup Job Status page until the job is complete.
13-59
After you start the export, monitor the Granular Backup Job Status page until the job is complete.
13-60
Results: After this exercise, you should have restored a deleted SharePoint document library and list.
13-61
Module Review
Review Questions
1. 2. What tools can be used to backup SharePoint 2010 out of the box? Is there an advantage to combining multiple High availability technologies?
14-1
Module 14
Monitoring and Optimizing SharePoint Performance
Contents:
Lesson 1: Monitoring Logs Lesson 2: Configuring SharePoint Health Analyzer Lesson 3: Configuring Usage Reports and Web Analytics Lesson 4: Monitoring and Optimizing SharePoint Performance Lab A: Configuring SharePoint Monitoring Lab B: Analyzing SharePoint Health Lab C: Reporting SharePoint Usage 14-4 14-11 14-17 14-22 14-28 14-31 14-36
14-2
Module Overview
This module explores the activities you need to perform to have a well-tuned Microsoft SharePoint deployment. Being able to use capabilities SharePoint provides and being able to configure them to get the most out of the information those agents gather lead to understanding better what is happening in your environment. Lesson 1 describes the needed elements to establish a performance baseline by using the Unified Logging Service (ULS). Lesson 2 describes how SharePoint can keep track of its health and how you can configure what to keep track of and any actions needed to recover from a potential error condition. Lesson 3 explores the possibilities behind out of the box reports that can identify the usage in counters and values that enable you to make informed decisions based on the situations users are experiencing when using SharePoint Server.
14-3
Lesson 4 provides guidelines needed to determine the running values and establish a baseline about your environment to fully understand recommended practices and be able to determine how they fit into your deployment.
Objectives
After completing this module, you will be able to: Use monitoring logs to establish a baseline for performance monitoring. Configure SharePoint Health Analyzer. Configure both usage reports and Web analytics. Monitor your SharePoint servers performance and optimize them.
14-4
Lesson 1
Monitoring Logs
From time to time, situations arise with server performance or behavior that result in the need for you to log information to troubleshoot your SharePoint deployment. To gather useful information and have relevant data to interpret, it is important to understand the Unified Logging Service, or ULS. This service provides a unified approach to retrieving log data and the different areas and tools to work with to the make the most out of logging information.
Objectives
After completing this lesson, you will be able to: Configure diagnostic logging. Administer ULS log files. View and interpret administrative reports.
14-5
Key Points
Following deployment, it might be necessary for you to configure the diagnostic logging settings of your SharePoint Server 2010 environment. The guidelines in the following list can help you form best practices for your specific environment. Change the drive that logging writes to. Diagnostic logging is configured by default to the same location where SharePoint is installed; this can cause an adverse impact on performance as a result of the amount of data being written to the log. Restrict log disk space usage. By default, there is no limit on the amount of disk space logging can use; however, it is possible to configure size-based restrictions so that when the disk restriction is used up, the oldest logs are removed and new logging data information is recorded.
14-6
Use the Verbose setting sparingly. You can configure diagnostic logging to record verbose-level events. This can become quite active because it writes every possible action SharePoint performs. You can use verbose-level logging to record a greater level of detail when you are making critical changes, and then reconfigure logging to record only higher-level events after you make the change.
Note: When configuring values that are different from their default representation, in SharePoint Central Administration the logging level is shown in bold type.
Back up logs. The diagnostic logs contain important data. Back them up regularly to make sure that this data is preserved. Enabling restrictions causes the logs to be overwritten and possibly deleted. The true value of logs, however, is presented by the information you can access during critical events. This is an option to implement for organizational purposes where log archival is required. Enable event log flooding protection. Enabling event log flooding protection configures the system to detect repeating events in the Microsoft Windows event log. This set of values is configurable through Windows PowerShell.
14-7
Key Points
The concept of a unified logging service is not new to SharePoint Server 2010; however, the level of control and information you can gather is. The trace logs hold valuable information about the activity that occurs in a SharePoint deployment. By default, the logs are stored in the path C:\Program Files\Common Files \Microsoft Shared\Web Server Extensions\14 under the LOGS directory. A recommended best practice is to change this path to one that is meaningful to your deployment. It is also a good idea to move this off of the C drive to save space on the C drive. SharePoint gets very fussy if the C drive becomes full. It is also important to note that if you do move the logs off of your C drive, all members of your farm must have this alternate location. If you move them to D:\Logs, every farm member has to have a D drive. When working with users and trace logs to troubleshoot any errors, it is important to remember to introduce users to the value behind correlation IDs.
14-8
Correlation IDs are globally unique identifiers (GUIDs) that appear in the event of an error on attempting to access a resource through a browser. The correlation ID is useful to track the event in the trace logs. Correlations IDs can appear even if there isnt an error, such as in the Developer Dashboard. They also can be used in Microsoft SQL Server profiler traces, not just the browser. Also, correlation IDs are farm wide, so a conversation that hits multiple servers has the same correlation ID in each servers logs. Here recommended practices for logging: Use nonsystem drives that are write-optimized to store the ULS logs. Rely on correlation IDs to isolate problems as they occur. Implement a logging policy that defines retention periods.
14-9
(continued)
Cmdlet New-SPLogFile Description Creates a new trace log file on the server, closing out the current one Creates a timer job that collects the trace logs from all the computers in the farm and saves them to a single file on the local computer
Merge-SPLogFile
Additional Reading
Logging and events cmdlets at http://go.microsoft.com/fwlink/?LinkID=197197&clcid=0x409.
14-10
Key Points
Administrative reports give you access to information on the performance and execution of components such as search crawls and query performance. The administrative reports you can access are provided in the form of standard reports and advanced reports; in SharePoint, you can also add custom reports. As you view reports, you have the option to apply filters to focus on a given application and time frame. You can access reports in the Monitoring section in Central Administration.
Additional Reading
View administrative reports at http://go.microsoft.com/fwlink/?LinkID=197198&clcid=0x409.
14-11
Lesson 2
Key Points
The SharePoint Health Analyzer is a new configurable option that enables SharePoint Server to report on potential issues and in some situations take action to mitigate those issues. You can configure the SharePoint Health Analyzer to identify conditions that fit your specific deployment needs. Some conditions are active on completing installation of SharePoint Server 2010.
Objectives
After completing this lesson, you will be able to: Configure health rules. Define health schedules. View health reports.
14-12
Key Points
Health rules give you the ability to monitor SharePoint Server and be proactive in understanding any potential issues that may arise. This information is presented to you as a list, just like other list items in a SharePoint deployment. For example, health rules can identify issues such as search crawls not running and a content database indicating an error or offline status. Also, you can receive proactive information about configuration or security issues such as when accounts are given more access than is necessary. For example, the databases used by SharePoint have fragmented indices rule has been defined to check for a very specific condition that needs verification of status from SQL Server. If that rule is triggered, a preconfigured action will take place if it is set to repair automatically. Not all rules are configured to repair automatically. Whether or not a rule repairs automatically depends on how the rule is created and whether it includes the necessary implementation to execute a repair. The same is also common when working with health rules that require your intervention as an administrator.
14-13
The default rules that are in place monitor some conditions; however, you can customize your own conditions and provide actions that execute to mitigate the errors. To configure a health rule you must have access to Central Administration and be a member of the Farm Administrators group. To learn how to create your own health rules, see http://go.microsoft.com/fwlink /?LinkID=197199&clcid=0x409.
14-14
Key Points
A health rule checks for specific conditions that affect performance, configuration, and security in your SharePoint Server deployment, and a health schedule defines the execution or timer definition for running that health rule. You can configure schedules by using either Central Administration or Windows PowerShell. The following table lists the Windows PowerShell cmdlets that are useful for health scheduling.
Windows PowerShell Cmdlet Get-SPTimerJob Set-SPTimerJob Start-SPTimerJob Description Retrieves the timer job Sets the schedule for a timer job Starts a specific timer job
14-15
You can configure a schedule by the second, minute, hour, day, week, or month. Specific date conditions are also an option, for example: First Monday of every month. Rules can be executed immediately in the rule definition. This is a great way to verify that a problem has been fixed without waiting for the job to run again: Address the issue, run the rule manually, and see whether the condition is resolved.
14-16
Key Points
Health reports return data collected on performance characteristics of your farm. Out of the box, the two reports included list the slowest-loading pages in your farm and the most active users in your farm. In both of these reports, you can refine the results based on a specific criterion such as server or Web application to better determine where problems may be.
14-17
Lesson 3
As the system or farm administrator, your purpose is to guarantee the well-being of your organizations SharePoint environment. This, of course, includes being able to monitor health and performance of the different components that enable users to access your SharePoint environment. At some point, you must learn about your users patterns of usage. The frequency at which users view a specific page or the department a user comes from becomes part of the information you consume, and you can also identify latency in displaying specific content given a network segment that is geographically remote. This is the information you can gather when you configure and view usage reports and gather details in the form of Web Analytics.
Objectives
After completing this lesson, you will be able to: Configure usage data collection. View and interpret the collected data.
14-18
Key Points
The usage and health data settings are farmwide; you cannot set them for individual servers in the farm. Logging uses system resources and can affect performance and disk usage. Only log those events for which you want regular reports. For ad hoc reports or investigations, enable logging for specific events, and then disable logging for the events after the report or investigation is complete. Usage and health data collection is the collection of binary large objects (BLOBs) that are processed into a logging database. You can configure the logging database retention period. For processing both BLOBs and databases, you need to consider disk performance and capacity in addition to network considerations. The usage database collects information from health rules, the event viewer, diagnostics, and so forth. You can use this database to build custom reports. The Usage and Health Data Collection service application is a prerequisite to Web Analytics and other service applications such as Search and is provisioned by default if you run the Farm Configuration Wizard.
14-19
These settings are applied to all events. To set event collection settings for individual event types, use the following Windows PowerShell cmdlets. To change the Database Server and Database Name values, you must use Windows PowerShell.
Windows PowerShell Cmdlet Set-SPUsageService Description Sets parameters for the usage data to be gathered. Settings such as log location and maximum space to be used are configured here. See http://go.microsoft.com /fwlink/?LinkID=199509&clcid=0x409 Configures the retention period for the usage logs. See http://go.microsoft.com/fwlink /?LinkID=199510&clcid=0x409 Configures the settings for the Usage database, such as database server and credentials to be used. See http://go.microsoft.com/fwlink /?LinkID=199511&clcid=0x409
Set-SPUsageDefinition
Set-SPUsageApplication
14-20
Key Points
Web Analytics reports are based on the information that is gathered by configuring the usage logs. The reports presented include prebuilt reports in Central Administration. Reports are assigned to logical elements in a SharePoint environment, such as farm, site collection, and site level; each provides different yet pertinent information for that level. You can access the reports by clicking the link View Web Analytics Reports. This presents the usage data gathered. Samples of the reports available include Summary Report, Number of PageViews, Unique Daily Visitors, Top Pages, and Top Destinations. A key element provided as well is automatic Best Bets recommendations for Search configuration. You can define reports to be viewed based on a date range. Here, it is important to consider the value you set for the retention policy because this limits the range of data available to report on. You can also export the reports to Excel and conduct further analysis on the information.
14-21
Additional Reading
View Web Analytics reports at http://go.microsoft.com/fwlink/?LinkID=197200&clcid=0x409.
14-22
Lesson 4
SharePoint is a very complex product that is composed of several different elements, including SQL Server, which defines the storage location for configuration, logs, and content; and Windows Server services such as Internet Information Services (IIS), which hosts ASP.NET and the Microsoft .NET Framework, which provide functionality and the user interface for SharePoint Web sites. Because of this, you have a wide range of checkpoints for validation and monitoring of your SharePoint environment. It is very important to use the monitoring and performance analysis tools provided by the components of SharePoint, such as SQL Server. Counters and dynamic management views are very useful in determining proper parameters for the databases. An understanding of the proper rendering of content coming from the Web functionality is key to knowing whether a page is loading efficiently.
14-23
Objectives
After completing this lesson, you will be able to: Determine how to collect performance monitoring statistics. Use those statistics to improve the performance of your SharePoint servers.
14-24
Performance Monitoring
Key Points
You can add to the usage database the performance counters that assist you in monitoring and evaluating your farms performance so that they are logged automatically at a specific interval. Then, you can query the usage database to retrieve these counters and graph the results over time. Heres an example of using the Add-SPDiagnosticsPerformanceCounter Windows PowerShell cmdlet to add the %Processor Time counter to the usage database:
Note: You need to run this on only one of the Web servers.
Add-SPDiagnosticsPerformanceCounter -Category "Processor" -Counter "% Processor Time" -Instance "_Total" -WebFrontEnd
14-25
Additional Reading
System Center Operations Manager at http://go.microsoft.com/fwlink /?LinkID=197201&clcid=0x409. Planning for Virtualized deployments at http://go.microsoft.com/fwlink /?LinkID=197202&clcid=0x409.
14-26
Performance Optimization
14-27
Keep in mind that SharePoint is a combination of various products, such as the Windows Server operating system, IIS, and SQL Server. This means you must pay special attention to contributing elements of those products that require attention and monitoring. So, in many ways, you need to understand those additional components to make sure you are providing an optimization plan that covers the entire range of functional components.
14-28
Scenario
Contosos SharePoint governance plan specifies levels of monitoring for the development and production environments that differ from the out of box settings. You have been tasked with configuring monitoring and with demonstrating how developers can use monitoring to troubleshoot errors generated by their code.
14-29
14-30
Results: After this exercise, you should have configured verbose diagnostic logging for your SharePoint farm.
14-31
Scenario
You have just installed a SharePoint 2010 farm. When you open Central Administration, an error message appears at the top of the page that indicates an error in configuration. The SharePoint governance plan mandates that SharePoint farms at Contoso should be deployed using Microsoft-recommended best practices. You have been tasked with determining the cause of the error message and correcting the configuration of the farm.
14-32
Tip: The list of rules is paged. Click the Next Page button, displayed as a rightpointing arrow below the list, to see additional rules.
2.
Open the Some content databases are growing too large rule. Observe that you can change the following attributes of the rule, but do not make any changes at this time: Title Scope Schedule
14-33
Note: You cannot change the actions that the rule uses to perform its health analysis task. The rules actions are determined by the code used to develop the rule.
3.
Results: After this exercise, you should have configured rule definitions and run two rules.
14-34
3. 4.
14-35
3. 4. 5.
For All Categories, set event log reporting level to Error and trace log reporting level to Unexpected. Browse to the Health Analyzer Rule Definitions page. Run the rule One or more categories are configured with Verbose trace logging. Browse to the Review problems and solutions page and confirm that the rule One or more categories are configured with Verbose trace logging is not shown on the report. Close all open applications and windows.
6.
Results: After this exercise, you should have configured Health Analyzer rules, reviewed Health Analyzer reports, and repaired Health Analyzer problems.
14-36
Scenario
Contoso recently implemented a systems management report center. You are required to submit reports related to performance and usage. You have been tasked with creating a SharePoint performance and usage report that uses the SharePoint logging database as its data source.
14-37
2. 3.
4.
Results: After this exercise, you should have executed the logging timer jobs that populate the logging database.
14-38
3.
14-39
4.
Create a PivotTable report. In the PivotTable Field List panel, in the Choose fields to add to report list, select the following options: MachineName WebApplicationName JobTitle
5.
Drag the Duration field from the field list to the Values box. You now have a report of timer job durations presented by server, by webapplication, and by timerjob.
Results: After this exercise, you should have created a usage report based on data from the SharePoint logging database.
14-40
Review Questions
1. 2. 3. How can you minimize the impact of logging in your environment? What is event log flood protection? What value do Correlation IDs bring to troubleshooting?
14-41
Tools
Tool ULS Log Viewer Use for Where to find it
A windows application for viewing http://go.microsoft.com/fwlink SharePoint ULS log files more easily. /?LinkID=199513&clcid=0x409 Supports filtering and easy viewing of data.
14-42
Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your learning experience. Please work with your training provider to access the course evaluation form. Microsoft will keep your answers to this survey private and confidential, and will use your responses to improve your future learning experience. Your open and honest feedback is valuable and appreciated.
L8-101
L8-102
9.
10. On the ribbon, click File, and then click Save. After a few moments, the Save As dialog displays the Documents library. 11. Click Save. 12. Observe the status bar at the bottom of the Word window. Wait until Word has finished saving the document. 13. Close Word and click Yes and OK to check in the document. 14. Switch to Internet Explorer. 15. To confirm that the document was saved in the document library, press F5 to refresh the page, and then click Retry.
2.
L8-103
5.
Click the Web Application list, and then click Change Web Application. The Select Web Application dialog appears.
6. 7.
Click SharePoint - intranet.contoso.com80. In the Enable Document Conversions section, click Yes, and then click OK. At the top of the page, a message appears that indicates you must choose a document conversion server.
8. 9.
Click the Load Balancer server drop-down arrow. Observe that you have no options. You must enable the SharePoint service on front-end Web servers before you can enable document conversions.
L8-104
4. 5.
L8-105
3.
In the Servers section, click Manage services on server. The Services On Server page opens. A list of all registered SharePoint Services is displayed.
4.
In the Claims to Windows Token Service row, click Start. The service starts.
5.
In the Microsoft SharePoint Foundation Subscription Settings Service row, click Start. The service starts.
6.
In the SharePoint Foundation Search row, click Start. The configuration page opens.
7. 8. 9.
In the Service Account list, select CONTOSO\SP_ServiceApps. In the Content Access Account section, in the User name box, type CONTOSO\SP_ServiceApps. In the Password box, type Pa$$w0rd.
L8-106
This will stop the SharePoint 2010 Timer service. When this Windows Service has stopped, your SharePoint farm loses much of its functionality. 4. Close Administrator: Command Prompt.
L8-107
10. Press F5 to refresh the page. 11. Observe that the Managed Metadata Human Resources service application is listed as Stopped, and that there is no Managed Metadata Service connection created for the service application. The Timer service must be running to process the jobs related to the creation of a service application.
L8-108
10. In the Process Model section, observe the Identity property of the application pool. 11. Click Cancel.
L8-109
4. 5. 6.
Click Register Managed Account. In the User name box, type CONTOSO\SP_Admin. In the Password box, type Pa$$w0rd, and then click OK.
10. Confirm that the account assigned to the SharePoint 2010 Timer service is SP_Admin. 11. Click Cancel. 12. Switch to Internet Information Services (IIS) Manager. 13. Right-click SharePoint Central Administration v4, and then click Advanced Settings. 14. In the Process Model section, confirm that the Identity property of the application pool is SP_Admin. 15. Click Cancel. 16. Repeat steps 16 to reset the farm account to SP_Farm.
L8-110
L8-111
10. Select the Certification Authority Web Enrollment option. 11. Click Next.
L8-112
12. On the Specify Setup Type page, ensure that Enterprise is selected, and then click Next.
Note: If you cannot select Enterprise, ensure that you are logged in as CONTOSO\Administrator.
13. On the Specify CA Type page, ensure that Root CA is selected, and then click Next. 14. On the Set Up Private Key page, click Next. 15. On the Configure Cryptography for CA page, click Next. 16. On the Configure CA Name page, click Next. 17. On the Set Validity Period page, click Next. 18. On the Configure Certificate Database page, click Next. 19. On the Confirm Installation Selections page, click Install. 20. On the Installation Results page, click Close.
L8-113
10. In the Country/region list, select US. 11. Click Next. 12. Click Select. 13. Click contoso-SP2010-WFE1-CA, and then click OK. 14. In the Friendly name box, type Contoso. 15. Click Finish.
L8-114
4. 5.
In the Quick Launch, click Security. In the General Security section, click Configure managed accounts. The Managed Accounts page opens.
6. 7. 8.
In the CONTOSO\SP_Farm row, click the Edit icon. Observe that the warning message you observed in Task 1 no longer appears. Close all open applications and windows.
L8-115
L8-116
3. 4.
In the Application Proxy Group column, click default. Verify that the Managed Metadata Clients option is clear, and then click OK.
Click OK. Observe that there is an application proxy group labeled custom assigned to the intranet Web application.
Tip: Do not click the Managed Metadata Clients link. The link opens the management page for the service application. Instead, click any part of the row other than the link.
L8-117
4. 5.
On the ribbon, click Publish. Select the Publish the Service Application to other farms option. Because this lab contains only one farm, you cannot configure a trust relationship.
6.
Click OK.
L9-119
L9-120
4.
Click New, and then click User Profile Service Application. The Create New User Profile Service Application page opens.
5. 6. 7. 8. 9.
In the Name box, type User Profile Service Application. In the Application pool name box, type UserProfilePool. In the Configurable list, select CONTOSO\SP_Farm. Review, but skip the remaining sections. Click Create. The service application is created.
10 Click OK.
10. In the Timer Jobs section, click Check job status. 11. In the Timer Links section of the Quick Launch, click Running Jobs.
L9-121
12. Monitor the page. 13. Press F5 to refresh the page. 14. Repeat this step until the ProfileSynchronizationSetupJob appears.
Note: It can take up to 5 minutes for the ProfileSynchronizationSetupJob to appear on the Running Jobs list. If you dont see the job start, re-start the Timer Service, but be sure you DO NOT restart it if this job is running.
15. Monitor the page. Press F5 to refresh the page. Repeat this step until the ProfileSynchronizationSetupJob disappears.
16. In the Timer Links section of the Quick Launch, click Job History. 17. Confirm that the Status of ProfileSynchronizationSetupJob is Succeeded. 18. In the Quick Launch, click System Settings. 19. In the Servers section, click Manage services on server. The Services on Server page opens. 20. Confirm that the Status of the user profile synchronization service is Started. 21. Close SharePoint 2010 Central Administration.
L9-122
If a service is not started, then press F5 to refresh the view. Repeat this step until the services have started.
3. 4. 5.
Close the Services console. Open the folder C:\Program Files\Microsoft Office Servers\14.0 \Synchronization Service\MaData. Confirm that the ILMMA folder exists. Confirm that a folder named MOSS-GUID exists with todays date. If the folders do not exist, wait until the timer job has completed fully, at which point the folders will appear.
6.
Close the Windows Explorer window that is showing the MaData folder.
L9-123
4.
Click User Profile Service Application. The management page for the service application opens. If an error is displayed, it is probably because the Web services have not completed startup following the IISRESET operation. Press F5 to refresh the page until the error disappears.
5. 6.
Confirm that there are numbers on the right side of the page, which indicates that the service application is running. Close SharePoint 2010 Central Administration.
L9-124
10. On the Tasks to Delegate page, click Create a custom task to delegate. 11. Click Next. 12. On the Active Directory Object Type page, click Next. 13. On the Permissions page, in the Permissions list, select the Replicating Directory Changes check box. 14. Click Next. 15. On the Completing the Delegation of Control Wizard page, click Finish. 16. Close Active Directory Users and Computers.
L9-125
Note: This is the account used by the User Profile Synchronization Service in the Beta virtual machine.
10. In the Password and Confirm password boxes, type Pa$$w0rd. 11. Click Populate Containers. 12. In the Containers section, expand CONTOSO, and then select the People, SharePoint, and Users check boxes. 13. Click OK. A new synchronization connection is created.
L9-126
Tip: l (lowercase L) is the Lightweight Directory Access Protocol (LDAP) name for the locale, or city attribute.
L9-127
17. Click Add. 18. Observe that the new attribute mapping appears in the Property Mapping for Synchronization section. 19. Click OK.
10. Return to step 8 until the Profile Synchronization Status displays Idle.
11. In the Profiles section, confirm that the Number of user profiles is 53 and confirm that Profile Synchronization Status displays Idle.
L9-128
3. 4. 5. 6.
Click Find. Click CONTOSO\SP_Admin, and then click Edit My Profile. Browse to City, notice it has nothing in it. Click Cancel and Go Back.
L9-129
7. 8.
Click OK. Wait 30 seconds. The synchronization does not start immediately.
9.
10. Observe the Profile Synchronization Status in the Profile Synchronization Settings section. 11. Return to step 9 until the Profile Synchronization Status displays Idle.
L9-130
Note: You must type the text exactly as shown, with no space.
7.
Note: You must type the text exactly as shown, with a space.
8. 9.
In the Type list, select integer. In the Policy Settings section, in the Default Privacy Setting list, select Everyone.
10. Select the Replicable check box. A message appears indicating that replicated data will not be deleted. 11. Click OK. 12. Click the Allow users to edit values for this property radio button.
L9-131
13. In the Display Settings section, select the Show in the profile properties section of the users profile page check box. 14. Select the Show on the Edit Details page check box. 15. Click OK.
10. In the Database role membership list, select the db_owner check box. 11. Click OK. 12. Repeat steps 6-10 for CONTOSO\SP_Farm. 13. Close Microsoft SQL Server Management Studio.
L9-132
3.
Type http://intranet.contoso.com/sites/IT, and then click Open. Wait for the site to open.
4.
When prompted for credentials, use Contoso\SP_Admin with the password Pa$$w0rd.
5. In the Site Objects panel, click External Content Types. Wait for SharePoint to retrieve external content types. 6. 7. 8. 9. On the ribbon, click External Content Type. In the External Content Type Information section, next to Name, click New external content type. Type AdventureWorks. Click Click here to discover external data sources.
10. Click Add Connection. The External Data Source Type Selection dialog box appears. 11. In the Data Source Type list, select SQL Server. 12. Click OK. The SQL Server Connection dialog box appears. 13. In the Database Server box, type SP2010-WFE1. 14. In the Database Name box, type AdventureWorks. 15. Click OK. 16. In the Data Source Explorer box, expand AdventureWorks. 17. Expand Tables. 18. Right-click Employee, and then click Create All Operations. The All Operations dialog box appears. 19. Click Next. 20. Click Finish. 21. To save the external content type, press CTRL+S. 22. Close SharePoint Designer.
L9-133
L9-134
8.
Next to the Business Data Connectivity Entity box, click the Select External Content Type button.
Tip: The Select External Content Type button is the right-most button.
The External Content Type Picker dialog box appears. 9. Click AdventureWorks.
10. Click OK. 11. Click Connect User Profile Store to Business Data Connectivity Entity as a 1:1 mapping. 12. In the Return items identified by this profile property list, select EmployeeID. 13. Click OK.
10. Select the Replicable check box. A message appears indicating that replicated data will not be deleted.
L9-135
11. Click OK. 12. In the Display Settings section, select the Show in the profile properties section of the users profile page check box. 13. Select the Show on the Edit Details page check box. 14. In the Source Data Connection list, select AdventureWorks. 15. In the Attribute list, select Gender. 16. Click Add. 17. Click OK.
L9-136
3.
In the Service Applications section, click Manage Service Applications. The Manage Service Applications page opens.
4. 5.
Click User Profile Service Application. In the Synchronization section, click Start Profile Synchronization. The Start Profile Synchronization page opens.
6. 7. 8.
Click Start Full Synchronization. Click OK. Wait 30 seconds. The synchronization does not start immediately.
9.
10. Observe the Profile Synchronization Status in the Profile Synchronization Settings section. 11. Return to step 9 until the Profile Synchronization Status displays Idle.
L9-137
8. 9.
Question: What group does the farm account have to be in in order for user profile synchronization to work? Answer: The farm account must be a local administrator. This requirement is enforced by the set up of Forefront Identity Manager in the synchronization process.
L9-138
Note: A DNS host record for mysites.contoso.com has already been created in the domain's DNS zone.
7. 8. 9.
In the Application Pool section, in the Configurable list, select CONTOSO\SP_Farm. In the Database Name and Authentication section, in the Database Name box, type WSS_Content_MySites. Click OK. The Application Created page opens.
10. Click Create Site Collection. 11. In the Title box, type My Site Host. 12. In the Template Selection section, click the Enterprise tab. 13. Select My Site Host. 14. In the Primary Site Collection Administrator section, in the User Name box, type CONTOSO\SP_Admin.
L9-139
15. Click OK. The Top-Level Site Successfully Created page opens. 16. Click OK.
L9-140
L9-141
6. 7. 8
In the My Site Host location box, type http://mysites.contoso.com. In the Location box, type personal. Click OK.
L9-142
Note: If My Profile is not visible, click My Settings, and then click My Profile.
The profile page for Dan Jump, CEO, opens. 5. In the top link bar, click My Content. A My Site is created. The Processing screen may display for 1 to 2 minutes. 6. In the top link bar, click My Profile. The profile page opens. 7. Review the tabs on the My Site.
L9-143
3. 4. 5. 6.
In the Birthday section, in the Show To list, select My Colleagues. Click Save and Close. Click More information. Observe that the newly populated profile properties are now visible.
L9-144
L9-145
9.
10. Click in the What's happening? status box. 11. Type Working on our marketing strategy, and then press ENTER.
10. Click OK. 11. Click Information Technology Members. 12. On the Information Technology Members page, click Settings, and then click Make Default Group. 13. Click OK. 14. Close Internet Explorer.
L9-146
10. Click User Profile Service Application Activity Feed Job. 11. Click Run Now. 12. Click User Profile Service Application Activity Feed Job. 13. Press F5 to refresh the page. Repeat this step until the Last run time indicates that the job has completed. 14. Click OK. 15. Repeat the above steps and run the following jobs: User Profile Service Application User Profile to SharePoint Full Synchronization User Profile Service Application User Profile to SharePoint Quick Synchronization
L9-147
4.
In the My Organization Chart section, click Toni Poe. Toni Poes profile opens.
5. 6. 7.
Review the contents of the In Common with You section. Click Organization Browser. Click Dan Jump. Dan Jumps section of the organization browser expands.
8.
5. 6. 7. 8. 9.
Click the Sharing tab. Click Advanced Sharing. Select the Share this folder option. Click Permissions. Click the Allow option next to Full Control.
10. To close all dialogs, click OK, click OK again, and then click Close. 11. Double-click Data. 12. On the toolbar, click New folder. 13. Type Temporary Drafts, and then press ENTER. 14. Close the Windows Explorer window Data.
3. 4. 5. 6.
Click File, and then click Save. In the File name box, type C:\Data\SharePoint Search, and then press ENTER. Click File, and then click New. Type the following:
SharePoint crawl rules allow you to manage the content that is included and excluded.
7. 8. 9.
Click File, and then click Save. In the File name box, type C:\Data\Temporary Drafts\Crawl Rules, and then press ENTER. Close Notepad.
The SharePoint Server Standard Site Collection Features feature must also be active before you can create a Web with either site definition. 8. Close the error message, and then close the Create page.
10. In the Start Addresses box, type \\sp2010-wfe1.contoso.com\Data. 11. Scroll to the Start Full Crawl section, select the Start full crawl of this content source option, and then click OK. A new content source is created and a full crawl is started. 12. Click Refresh above the list of content sources. Repeat this step to refresh the page until the Status column of the Shared Folder - Data row displays Idle.
3.
Click Refresh above the list of content sources. Repeat this step to refresh the page until the Status column of the Shared Folder - Data row displays Idle.
Note: Deployment is a term in the PDF file. You must install a 64-bit iFilter for PDFs on all servers that perform indexing to index the contents of PDF documents successfully.
10. Below the Select a crawled property list, click Next, which is represented by a right-pointing arrow below the list. 11. In the Select a crawled property list, click ows_Summary(Text).
Note: If you do not see ows_Summary(Text) in the list, you must reindex your content source and wait for it to show up on this page.
12. Click OK. 13. Select the Allow this property to be used in scopes option, and then click OK.
8.
9.
After the <PropertyDefs> tag, before the first <PropertyDef> element, add the following text:
<PropertyDef Name="ContosoSummary" DataType="text" DisplayName="Summary"/>
10. Locate the <ResultTypes> tag, locate the <ResultType> element <ResultType DisplayName="All Results" Name="Default">, and then locate the end of that element, which is the next </ResultType> tag. 11. Before the </ResultType> tag you located in the previous step, add the following text:
<PropertyRef Name="ContosoSummary"/>
12. In the Text Editor dialog, click OK. 13. In the Advanced Search Box properties panel, click OK. 14. On the ribbon, click Save & Close.
4. 5.
In the address bar, type http://intranet.contoso.com/sites/IT/Search, and then press ENTER. On the Advanced Search page, in the Add property restrictions section, in the (Pick Property) list, select Summary, and then type Contoso in the text box. Click Search. The file IT Policies and Procedures for SharePoint 2010 is listed as the result.
6.
6. 7. 8. 9.
In the text box, type http://intranet.contoso.com/sites/IT/Search/Pages. In the Site Collection Search Dropdown Mode section, select Show scopes dropdown, and then click OK. In the Site Collection Administration section, click Search Scopes. Click Display Groups.
10. Click Search Dropdown. 11. Select the Shared Files option, and then click OK.
Note: If you do not see Shared Files, you need to wait for the scope to be updated.
5.
In the Search box, type sharepoint, and then press ENTER. The files sharepoint search.txt and sharepoint governance checklist.pdf are listed as the only results.
Lab Review
Question: In what scenarios would you create a crawl rule? Answer: Answers may vary. A common scenario is a requirement to use an account other than the default crawl account to index content. Another common scenario is a requirement to exclude a subset of data in a content source from indexing. Question: You have added documents from a popular application to a SharePoint document library, but they are not being indexed. What must be done to ensure that a file is indexed both for its attributes and content? Answer: A file type must be added, and an iFilter must be installed. Question: You have extended a Web application and now search results are listed twice with different URLs. How can you prevent this duplication of results? Answer: Create a server mapping that replaces the URL of results from the extended Web application with the URL of the original Web application, effectively hiding the duplicate results. Question: Users want to be able to search list items based on a custom column in the list. How can you accomplish this and make it easy for users to perform the queries in the user interface without typing property:value search syntax? Answer: Create a managed property for the custom column. Then, customize the Search Center to support queries based on the new property. Question: Users are complaining that too many results are being returned. How can you provide users a way to narrow down their search results? Answer: Implement search scopes that target specific sets of data.
10. In the Keyword Definition box, type Microsoft SharePoint Server is the business collaboration platform for the enterprise and the Internet, and then click OK.
Tip: You might need to scroll to the right, and to the top, to see the properties panel.
3. 4.
In the properties panel, click XSL Editor. Locate the line that matches the following:
<xsl:template match="All_Results/BestBetResults/Result">
5.
Update the Extensible Stylesheet Language (XSL) template starting with that line and ending with the line </xsl:template> to the following:
<xsl:template match="All_Results/BestBetResults/Result"> <xsl:if test="$DisplayBB = 'True'" > <xsl:if test="position() <= $BBLimit" > <xsl:variable name="url" select="url"/> <xsl:variable name="id" select="id" /> These are the results that the Contoso Search Team recommends, based on your query.<br/> <xsl:if test="$DisplayTitle = 'True'" > <span style="padding-right: 4px;"> <img src="/_layouts/images/star.gif" alt="" /> </span> <span class="srch-BestBetsTitle"> <a href="{$url}" id="{concat('BBR_',$id)}"> <xsl:value-of select="title"/> </a> <br/> </span> </xsl:if> <xsl:if test="$DisplayDescription = 'True' and description[. != '']" >
<div class="srch-BB-Description"> <xsl:value-of select="description"/> <br/> </div> </xsl:if> <xsl:if test="$DisplayUrl = 'True'" > <span class="srch-BB-URL"> <a href="{$url}" id="{concat('BBR_U_',$id)}" dir="ltr"> <xsl:value-of select="$url"/> </a> </span> <br/> <br/> </xsl:if> </xsl:if> </xsl:if> </xsl:template>
6. 7. 8.
Click Save. In the Search Best Bets Web Part properties panel, click OK. On the ribbon, click Save & Close.
Tip: If the number of results is reported as an approximate number, page through the results so that you can identify the exact number of results that were returned.
4.
In the search box, type MOSS, and then press ENTER. No search results are found.
5. 6. 7. 8.
In the search box, type WSS, and then press ENTER. Write down the number of results that appear. In the search box, type SharePoint Foundation, and then press ENTER. Write down the number of results that appear.
Tip: You need to expand the Name column in Windows Explorer to see the full name of the folders.
2.
3.
4. 5.
Tip: If the number of results is reported as an approximate number, page through the results so that you can identify the exact number of results that were returned.
4. 5.
In the search box, type MOSS, and then press ENTER. Verify that the number of results is equal to the number of results returned when you searched for sharepoint. Search results appear because searching for MOSS now produces search results for SharePoint through replacement.
6. 7.
In the search box, type WSS, and then press ENTER. Write down the number of results. More results appear than in Task 1 because searching for WSS also returns results for the term SharePoint Foundation as a result of expansion.
4. 5.
Note: In a production environment, you should consider reindexing all content after modifying the noise word file so that the words are removed from the index itself.
Lab Review
Question: Describe the two functions of synonyms in a thesaurus file. Answer: A query keyword can be replaced with another keyword to yield a more accurate result set. A query keyword can be used along with its synonyms to yield an expanded result set.
10. On the Welcome page, click Next. A message appears informing you that services will be restarted. 11. Click Yes. 12. On the Completing the SharePoint Products Configuration Wizard page, click Next. SharePoint is configured to support the Microsoft Office Web Apps. 13. On the Configuration Successful page, click Finish. 14. Close the Windows Explorer window that is showing the Lab11 folder. SharePoint 2010 Central Administration opens.
Exercise 2: Configuring and Testing the Office Web Apps in a Document Library
Task 1: Configure documents to open in a browser
1. In the Microsoft Internet Explorer address bar, type http://intranet.contoso.com/sites/IT, and then press ENTER. If you get an error, it is memory related; just click Go back to Site. 2. 3. 4. 5. 6. 7. 8. 9. Click Site Actions, and then click Site Settings. In the Site Collection Administration section, click Site collection features. In the Office Web Apps row, click Activate. In the Quick Launch, click Shared Documents. On the ribbon, click the Library tab. Click Library Settings. Click Advanced Settings. In the Opening Documents in the Browser section, click Open in the browser.
9.
10. Switch to Internet Explorer. 11. In the Quick Launch, click Shared Documents. 12. Click Add document. 13. Click Browse. 14. In the navigation pane, click Documents and then click Marketing Strategy, and then click Open. 15. Click OK. The document is uploaded to the shared documents library. The shared documents library page refreshes and the presentation, Marketing Strategy, appears.
9.
Click Save.
10. On the ribbon, click File, and then click Close. 11. Close Microsoft Word. 12. Switch to Internet Explorer. 13. In the Quick Launch, click Shared Documents to refresh the view of the document library. The document, SharePoint Governance Plan, appears in the Shared Documents library.
10. Type Market Demographics. 12. On the ribbon, click the View tab. 13. Click Slide Show.
14. Click each slide to advance to the following slide. 15. Click the black slide at the end of the presentation to exit. 16. Click File, and then click Close.
Results: After completing this exercise, you should have tested the functionality of Office Web Apps.
Lab Review
Question: Describe the business scenarios for which Office Web Apps are useful. Answer: Answers will vary, but may include responses from users on nonWindows platforms who require the ability to view and edit Word, PowerPoint, and Excel documents; scenarios in which multiple users need to collaborate and make concurrent edits to documents; users who do not have the Microsoft Office client applications installed; and remote users working from computers without Office client applications.
8.
Repeat steps 67 for the following databases. When you are finished, close the SQL Server Management Studio. WSS_Content_Intranet_IT. WSS_Content_MySites. SharePoint_AdminContent_GUID. SharePoint_Config.
2. 3. 4. 5. 6. 7.
3.
To open the site listing in Notepad, type the following command and press ENTER:
notepad C:\SiteList.xml
4.
Delete the following two elements (the entire line of XML): Site Url="http://intranet.contoso.com" Site Url="http://intranet.contoso.com/sites/IT"
Confirm that the only remaining Site element is for the Sales site collection. 5. 6. 7. 8. Click File, and then click Save. Close Notepad. Switch to Administrator: Command Prompt. To move the Sales site collection from the WSS_Content_Intranet content database to the WSS_Content_Intranet_Sales content database, type the following command and then press ENTER:
"C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Bin\stsadm.exe" -o mergecontentdbs -url http://intranet.contoso.com -sourcedatabasename WSS_Content_Intranet -destinationdatabasename WSS_Content_Intranet_Sales -operation 3 -filename C:\SiteList.xml
9.
5.
6. 7.
Click Format, and then click Word Wrap. Observe the information that is reported for each site collection, including the owner (primary site collection administrator), content database, and storage utilization. Close Notepad. Close the command prompt.
8. 9.
7. 8.
Click the Execute button. Confirm that at the bottom of the Results panel, the status indicates Query executed successfully.
9.
Repeat the preceding steps to back up and truncate the WSS_Content_Intranet_IT database. Use the following query:
use WSS_Content_Intranet_IT dbcc shrinkfile ('WSS_Content_Intranet_IT') dbcc shrinkfile ('WSS_Content_Intranet_IT_log') go backup database WSS_Content_Intranet_IT to disk = 'C:\Backups\WSS_Content_Intranet_IT.bak' go backup log WSS_Content_Intranet_IT to disk = 'C:\Backups\WSS_Content_Intranet_IT_log.bak' go dbcc shrinkfile ('WSS_Content_Intranet_IT') dbcc shrinkfile ('WSS_Content_Intranet_IT_log') go
10. Repeat the preceding steps to back up and truncate the WSS_Content_Intranet_Sales database. Use the following query:
use WSS_Content_Intranet_Sales dbcc shrinkfile ('WSS_Content_Intranet_Sales') dbcc shrinkfile ('WSS_Content_Intranet_Sales_log') go backup database WSS_Content_Intranet_Sales to disk = 'C:\Backups\WSS_Content_Intranet_Sales.bak' go
backup log WSS_Content_Intranet_Sales to disk = 'C:\Backups\WSS_Content_Intranet_Sales_log.bak' go dbcc shrinkfile ('WSS_Content_Intranet_Sales') dbcc shrinkfile ('WSS_Content_Intranet_Sales_log') go
11. Repeat the preceding steps to back up and truncate the WSS_Content_MySites database. Use the following query:
use WSS_Content_MySites dbcc shrinkfile ('WSS_Content_MySites') dbcc shrinkfile ('WSS_Content_MySites_log') go backup database WSS_Content_MySites to disk = 'C:\Backups\WSS_Content_MySites.bak' go backup log WSS_Content_MySites to disk = 'C:\Backups\WSS_Content_MySites_log.bak'
13. Confirm that the database and log backup files were created. 14. Close the C:\Backups folder. 15. Close SQL Server Management Studio. When prompted to save your changes, click No.
8.
9.
10. Repeat steps 19 for the Web application SharePoint mysites.contoso.com80. 11. Close SharePoint 3.0 Central Administration.
A report opens in Windows Internet Explorer. 3. 4. 5. 6. 7. Switch to Command Prompt. Review the output of the command. Switch to Internet Explorer. Review the report. Close all open windows and applications.
Lab Review
Question: Why did you defragment the database indexes before the upgrade? Answer: A fragmented database means the upgrade will take longer. By reducing the database fragmentation, you speed up the movement from one database schema to another.
1. 2. 3.
Log on to SP2007-WFE1 as CONTOSO\Administrator with the password Pa$$w0rd. Click Start, point to All Programs, click Microsoft SharePoint 2010 Products, and then click SharePoint 2010 Products Configuration Wizard. On the Welcome to SharePoint Products page, click Next. A message appears to inform you that services may have to be started or reset.
4. 5. 6. 7. 8.
Click Yes. On the Specify Farm Security Settings page, type 10174_SharePoint_2010 in the Passphrase and Confirm passphrase boxes. Click Next. On the Visual Upgrade page, review the message and options. Click Preserve the look and feel of existing SharePoint Sites, and allow end users to update their sites user experience.
9.
Click Next.
10. On the Completing the SharePoint Products Configuration Wizard page, click Next. A SharePoint Products Configuration Wizard message opens. The message reminds you to install the binaries on all servers in the farm before you run the wizard. 11. Click OK. SharePoint 2010 is configured. 12. On the Configuration Successful, Upgrade In Progress page, read the message, and then click Finish. SharePoint 2010 Central Administration opens.
Note: You might need to wait a few minutes before the upgrade completes. Press F5 to refresh the page, and then return to step 1.
2.
Observe the number of Errors and Warnings. There should be no errors. However, warnings are expected.
3. 4.
Identify the Log File that contains a record of events during the upgrade. Open the log file in Notepad.
5.
6. 7. 8.
Read the first warning message. Press F3 to locate the next warning message, and then read the message. Repeat this step for all warning messages. Close Notepad.
4. 5. 6.
Click the first item in the Upgrade sessions list. Identify the Starting object for the upgrade session. Observe the number of errors and warnings.
7.
5.
In the Upgrade and Patch Management section, click Review database status. The Manage Databases Upgrade Status page opens.
6.
Confirm that the Status for all databases is No action required. If they are not yet upgraded, your upgrade process is still running.
10. Click Finish. 11. Close SharePoint 2010 Central Administration. 12. Close all open windows and applications.
Lab Review
Question: Why did you detach the content databases before the upgrade? Answer: Although the content databases in this lab are small, the ones you may have in production could be very large. Rather than upgrade in place, you can use the database attach approach to migrate the content one database, or many, at a time. Question: Why would you want to choose the visual upgrade approach? Answer: Some customization may not work properly with the new master pages of SharePoint 2010. By doing a visual upgrade, you can keep the old look and test the new look and feel for any incompatibilities.
Note: In a production environment, you should configure NTFS permissions that ensure the least privilege access to the folder. The service account that performs the backup operation should be given Full Control permission to the backup share.
12. Click Advanced Sharing. 13. Select the Share this folder check box. 14. Click Permissions. 15. Select Allow check box next to Full Control. 16. Click OK. 17. Click OK. 18. Click Close.
6. 7.
Select the SharePoint intranet.contoso.com80 check box. Click Next. The Perform a Backup Step 2 of 2: Select Backup Options page opens.
8. 9.
In the Backup Type section, click Full. In the Backup location box, type \\SP2010-WFE1.contoso.com \SharePointBackup.
10. Click Start Backup. A timer job is created to perform the backup of the selected item(s). The Backup and Restore Job Status page opens. The page refreshes every few seconds. You can click Refresh to refresh the page manually. 11. Wait until Phase shows as Completed.
Note: The backup operation may complete with warnings. This is expected in this lab. You may continue to the next step.
4.
Locate the SPHistoryObject element. This element describes the backup operation, and is used during a restore operation.
5.
Locate the SPBackupDirectory element. This element is a reference to the folder in which the backup files are stored.
6.
Locate the SPWarningCount and SPErrorCount elements. These elements report warnings and errors.
7. 8. 9.
Close Microsoft Notepad. In Windows Explorer, open the spbr0000 folder. Observe the backup (*.bak) files in the folder.
10. Right-click Spbackup.xml, and then click Edit. 11. Examine the Spbackup.xml file. This file contains attributes related to the backup operation and to each of the components. It is used during a restore operation. You should not modify, delete, or rename the Spbackup.xml file. 12. Close Notepad.
7. 8. 9.
Write down the warning message. Press CTRL+HOME to navigate to the top of the log. Press CTRL+F, then type BACKUP DATABASE, and then press ENTER.
10. Observe the command that was sent to SQL Server to back up one of the SharePoint databases. Answer the following questions: Which SharePoint database was backed up? Which database backup (.bak) file in the backup folder contains that SharePoint database?
11. Press F3 to find the next instance of the text, BACKUP DATABASE. Repeat this step as necessary to locate the backup command that was used to back up the WSS_Content_Intranet_IT database. Answer the following question: Which database backup (.bak) file in the backup folder contains that SharePoint database? Write down the file name. You will need it in Lab 13B.
6. 7. 8.
Click File, and then click Save. In the File name box, type c:\scripts\backup.ps1, and then press ENTER. Minimize, but do not close, Notepad.
10. On the Action page, click Start a program. 11. Click Next. 12. On the Start a Program page, in the Program/script box, type PowerShell.exe. 13. In the Add arguments (optional) box, type C:\Scripts\backup.ps1. 14. Click Next. 15. On the Summary page, select the Open the Properties dialog for this task when I click Finish check box. 16. Click Finish. 17. Click Change User or Group. 18. Type CONTOSO\SP_Farm and then click OK. 19. On the General tab, in the Security options section, click Run whether user is logged on or not. 20. Select the Run with highest privileges check box. 21. Click OK. The Task Scheduler dialog box appears. 22. In the Password box, type Pa$$word. 23. Click OK.
4.
Tip: It may take up to 60 seconds for the script to call the backup APIs, and for the new backup folder to appear.
The operation to perform a full backup of the entire farm can take up to 30 minutes to complete.
Lab Review
Question: Does SharePoint automatically clean your Spbrtoc.xml file when you delete a corresponding backup directory? Answer: No, you are responsible for cleaning out any backup entries from this file. This can be done using Windows PowerShell.
3.
In the Farm Backup and Restore section, click Restore from a backup. The Restore from Backup Step 1 of 3 page opens.
4. 5.
Select the radio button next to Farm in the first (oldest) backup. Click Next. The Restore from Backup Step 2 of 3 page opens.
6. 7.
Select the check box next to SharePoint - intranet.contoso.com80. Click Next. The Restore from Backup Step 3 of 3 page opens.
8.
In the Restore Options box, click Same configuration. A confirmation message appears.
9.
Click OK.
10. In the Login Names and Passwords section, in the Password box, type Pa$$w0rd. 11. Click Start Restore. A timer job is created to perform the restore of the selected item(s). The Backup and Restore Job Status page opens. The page refreshes every few seconds. You can click Refresh to refresh the page manually. 12. Wait until Phase shows as Completed.
10. Right-click Sprestore.xml, and then click Edit. 11. Examine the Sprestore.xml file. This file contains attributes related to the restore operation and to each of the components. You should not modify, delete, or rename the sprestore.xml file. 12. Close Notepad.
4. 5.
Press CTRL+HOME to navigate to the top of the log. Press CTRL+F, then type Progress: Starting Restore, and then press ENTER. This step locates the beginning of the restore operation.
6.
In the Find dialog box, in the Find what box, type Warning: and then press ENTER.
7. 8. 9.
Write down the warning message. Press CTRL+HOME to navigate to the top of the log. Press CTRL+F, then type RESTORE DATABASE, and then press ENTER.
10. Observe the command that was sent to SQL Server to restore one of the SharePoint databases. Answer the following questions: Which SharePoint database was backed up? Which database backup (.bak) file in the backup folder contains that SharePoint database?
10. Select C:\SharePointBackup\spbr0000\00000xxx.bak, where 00000xxx.bak is the backup of the WSS_Content_Intranet_IT database that you identified in Lab A, Exercise 2, Task 2. 11. Click OK. 12. Click OK. 13. In the Select the backup sets to restore box, select the check box next to WSS_Content_Intranet_IT.
Tip: If you do not see WSS_Content_Intranet_IT listed, it is because you did not restore the correct database. Return to Lab A, Exercise 2, Task 2 to identify the database that contains WSS_Content_Intranet_IT. Then repeat Task 1 of this exercise.
14. Click OK. A message appears indicating that the restore operation was successful. 15. Click OK.
8. 9.
10. Click the Site list, and then click Change Site. 11. Click /sites/IT. 12. Click OK. 13. Click the List down list, and then click Change List. 14. Click the next page button, which is displayed as a right-pointing arrow in the upper-right corner of the page. 15. Click Shared Documents. 16. Click OK. 17. Click Export site or list. 18. Click Next. 19. In the Filename box, type \\SP2010-WFE1.contoso.com\SharePointBackup \ITSharedDocuments.cmp. 20. Select the Export full security check box. 21. Click Start Export. The Granular Backup Job Status page appears 22. Press F5 to refresh the page. Monitor the Current Job section. Wait until Status is No operation in progress. 23. Confirm that in the Previous Job section, Status is Succeeded. Repeat steps 22 and 23 until the Status of the Previous Job is Succeeded.
2.
10. Click the Site list, and then click Change Site.
11. Click /sites/IT. 12. Click OK. 13. Click the List down list, and then click Change List. 14. Select Announcements. 15. Click OK. 16. Click Export Site or list. 17. Click Next. 18. In the Filename box, type \\SP2010-WFE1.contoso.com\SharePointBackup \ITAnnouncements.cmp. 19. Select the Export full security check box. 20. Click Start Export. The Granular Backup Job Status page appears 21. Press F5 to refresh the page. Monitor the Current Job section. Wait until Status is No operation in progress. 22. Confirm that in the Previous Job section, Status is Succeeded. Confirm that the Completed time is current, indicating that the job is the export job that you just performed. Repeat steps 21 and 22 until the Status of the Previous Job is Succeeded, and the Completed time is current.
Lab Review
Question: Can you use Central Administration to restore a list to a site? Answer: No, the out of the box Central Administration site does not have this functionality; you must use the PowerShell cmdlet Import-SPWeb to restore the exported list. Question: Can you restore a single document using Central Administration? Answer: No, you cannot restore a single document. You would need to restore the library to a temporary location and then download the item you are looking for.
9.
In the Least critical event to report to the trace log, select Verbose.
Note: It is not recommended you configure a trace log level of Verbose in a production environment.
10. In the Event Log Flood Protection section, select the Enable Event Log Flood Protection option. Event log flood protection is a new setting that prevents the repetitive logging of redundant events. 11. In the Trace Log section, select the Restrict Trace Log disk space usage option. 12. In the Maximum storage space for Trace Logs (GB) box, type 10, and then click OK.
Tip: The list of rules is paged. Click the Next Page button, displayed as a rightpointing arrow below the list, to see additional rules.
4.
In the Availability section, click Some content databases are growing too large. The Health Analyzer Rule Definitions page opens.
5. 6.
Click Edit Item. Observe that you can change the following attributes of the rule, but do not make any changes at this time: Title Scope Schedule Enabled Repair Automatically Version
Note: You cannot change the actions that the rule uses to perform its health analysis task. The rules actions are determined by the code used to develop the rule.
7. 8.
3. 4.
Select the All Categories option. Observe that the two lists, Least critical event to report to the event log and Least critical event to report to the trace log, are reset. They no longer are set to Verbose. In the Least critical event to report to the event log list, select Error. In the Least critical event to report to the trace log list, select Unexpected, and then click OK. In the Health Analyzer section, click Review rule definitions. The Health Analyzer Rule Definitions page opens.
5. 6. 7.
8. 9.
In the Configuration section, click One or more categories are configured with Verbose trace logging. Click Run Now.
10. Click Close. 11. In the Quick Launch, click Monitoring. 12. In the Health Analyzer section, click Review problems and solutions. The Review Problems And Solutions page opens. 13. Confirm that the report does not include the problem One or more categories are configured with Verbose trace logging. 14. Close all open applications and windows.
Lab Review
Question: How often do Health Analyzer rules run, and when might you want to run them manually? Answer: Each rule has its own schedule. You can run a rule manually when you suspect a problem that is evaluated by a rule. If the rule finds a problem, you can in some cases click the Repair Automatically button to fix the problem.
10. In the Log Collection Schedule section, click Log Collection Schedule. 11. Click Microsoft SharePoint Foundation Usage Data Import. 12. Click Run Now. 13. Click Microsoft SharePoint Foundation Usage Data Processing. 14. Click Run Now. 15. Log off of SP2010-WFE1.
Results: After this exercise, you should have executed the logging timer jobs to populate the logging database.
10. On the toolbar, click Execute. 11. Record the ConfigValue value that is displayed in the Results panel.
4. 5.
On the ribbon, click Data. Click From Other Sources, and then click From SQL Server. The Data Connection Wizard appears.
6. 7. 8. 9.
On the Connect To Database Server page, in the Server name box, type SP2010-WFE1. Click Next. On the Select Database And Table page, in the Select the database that contains the data you want list, select WSS_Logging. In the list of tables, select TimerJobUsage_PartitionXX table, where XX is the ConfigValue value you obtained in Task 1.
10. Click Next. 11. On the Save Data Connection File And Finish page, click Finish. The Import Data dialog box appears. 12. Click PivotTable Report, and then click OK. 13. In the PivotTable Field List panel, in the Choose fields to add to report list, select the following options in the order listed: MachineName WebApplicationName JobTitle
14. Drag the Duration field from the field list to the Values box. You now have a report of timer job durations presented by server, by webapplication, and by timerjob.
Lab Review
Question: Why is it important that you run queries against the logging database rather than the Microsoft SharePoint content databases? Answer: The logging database is configured to support any SELECT query, whereas the content database must have special locking hints specified when doing queries. Third-party queries and applications could cause locking and latency of the Web front ends, and therefore it is not recommended or supported to run queries directly against SharePoint databases.