Microsoft System Center Data Protection Manager 2007 (DPM) is a Microsoft backup and recovery tool that can be used to protect and recover SharePoint data.
Why is DPM exciting? It requires very little processing on the server because writes are done frequently at the data block level. Data block-level updates are much less resource intensive than either SharePoint or SQL Server full or partial backups.As a result, you can run DPM on a production server during standard business hours!
DPM provides a SharePoint backup that you can use to recover the configuration database, content databases, and Shared Services Provider databases. With a bit of additional scripting, you can use DPM to protect Search as well.
With other DPM tools (file system backup and the System Recovery Tool), you can also use DPM to provide protection for front-end Web servers, including IIS configurations, and customizations.
Although we've had some DPM content out for a while, we’ve just published a white paper that pulls everything together (especially backing up front-end Web servers and customizations) for Office SharePoint Server administrators. Check the white paper out here, and let us know what you think!
- Margo
P.S. Here are some of my favorite DPM resources--let me know if you've got others!
DPM/SharePoint landing page
Data Protection Manager Blog
White paper for helping sell the idea of DPM to your manager: DPM Whitepaper: Protecting SharePoint Products and Technologies
White paper for how to back up Search:
Backing up Office SharePoint Server Search by using System Center Data Protection Manager
Since we published an initial support and guidance statement for deploying Office SharePoint Server on Hyper-V (Using SharePoint Products and Technologies in a Hyper-V virtual environment), a series of tests were run to measure Office SharePoint Server performance on virtual servers.
These tests collected performance data from small and medium farm configurations deployed on:
-
Physical servers
-
Hyper-V virtual servers
Detailed information about our performance tests, results, comparative analysis, and configuration recommendations are documented in Performance and capacity requirements for Hyper-V, which is now available on TechNet.
If you are considering deploying SharePoint on Hyper-V, or have already done so, this article is a valuable "must read". As always, your feedback is greatly appreciated.
-- Dan Wesley, IT Pro UA writer
Microsoft SQL Server 2008 includes several new and enhanced features that are important for deploying Office SharePoint Server 2007. New and enhanced SQL Server 2008 features are especially relevant for SharePoint deployments in four principal areas:
- Performance
- Availability
- Security
- Resource management
You can improve Office SharePoint Server performance by implementing the new database backup compression feature in SQL Server 2008. The ability to compress database backups is a significant improvement for Office SharePoint Server users; it enables you to significantly decrease the size of your database backups and shipped logs.
You can improve Office SharePoint Server availability by implementing the new log stream compression feature in SQL Server 2008. One of the performance-limiting factors of database mirroring is network throughput between the principal and mirror servers. SQL Server 2008 supports compression of the log stream, which consists of the inserts, updates, and deletes that are transferred between servers. Log stream compression can help maximize network throughput, especially in environments where network conditions are poor.
You can improve Office SharePoint Server security by using the new Transparent Data Encryption (TDE) feature in SQL Server 2008. TDE enables you to encrypt entire databases and requires no application awareness or modification. TDE encrypts data as it is written to disk and decrypts data as it is read from disk.
You can improve Office SharePoint Server resource management by using SQL Server 2008 Resource Governor. SQL Server Resource Governor enables you to maintain and administer your SQL Server resources, such as CPU and memory. You can use SQL Server Resource Governor to precisely control how your SQL Server resources are allocated. With SQL Server Resource Governor, you can apply thresholds to incoming connections based on assigned criteria.
For prescriptive guidance about implementing some of the new features in SQL Server 2008 that enhance the deployment of Office SharePoint Server 2007, see Integration of SQL Server 2008 and Office SharePoint Server 2007.
For information about SQL Server 2008 system requirements, see Hardware and Software Requirements for Installing SQL Server 2008.
Douglas Goodwin, Writer
SharePoint Server UA team
Hi. I'm Kirk Stark, a writer on the SharePoint IT Pro UA team.
A new tool that was released with version 2.0 of the SharePoint Administration Toolkit for Office SharePoint 2007 is the User Profile Replication Engine (RE), which permits a Shared Services Provider administrator the ability to replicate user profile data between Shared Services Providers (SSP).
While the basic functionality has been documented on TechNet, we wanted to include an example of how a company might implement the RE specifically. The following is a case study on how a fictional company, Contoso, might implement the User Profile Replication Engine in its corporate environment.
Let’s say Contoso has offices in New York, Hong Kong, and London. In geographically dispersed deployment scenarios, Shared Services Provider (SSP) services isolations become a deterrent to personalization and using such associated services as User Profiles and Audiences to their full potential. The User Profile Replication Engine solves these problems by maintaining consistent user profile data throughout the complete SharePoint ecosystem, including geo deployments. The Replication Engine does multi-master data replication from one source to multiple destinations in the form of a full or incremental synchronization using MOSS Web services for the User Profile and User Profile Change services.
The Web services are used to pull the data (all profile data or just the changes) from a source SSP and immediately push/write the data to other SSPs on behalf of the user or User Profile service. This data includes profile property data, user colleague data, site membership data, user links data, and the associated privacy policy attached to the data. The Replication Engine can synchronize data as a scheduled service or through manual initiation. Data can be pulled and pushed for all users or just a subset of users, as well as all data or a subset of data. The data is then used to keep the User Profile, Audiences, and People Search services accurate and up-to-date.
Using this solution an organization can host the user’s My Site environment in the geographical region of the user (such as New York), allowing the user to profile himself or herself locally and have that data replicated to all other regions (London and Hong Kong). This allows services in those regions to use a local copy of that data for their services. Particular service consumption is People Search, which needs a local copy for indexing. With this solution, an organization can host People Search in the main region (New York) while serving up data from all regions, creating a seamless user experience including accurate social distance grouping. This same seamless user experience also transfers to other services, such as My Sites and Audiences.
This solution can also be used to assist with centralized user profile data management, managing user data across a multi-division organization, or as a deployment or test tool used to populate data from a production environment to a test/development or backup environment for data recovery.
Profile Feed Management and Geo Replication: Overview
Purpose:
· Extend the reach of enterprise people data.
· Keep Office SharePoint 2007 profile data across three worldwide regions consistent for People Search and Audiences targeting.
· One location (New York) has a feedstore that is not available in the other two regions.
Profile Feed Management
The following diagram explains how a user would import and configure Business Data Catalog (BDC) profiles.
Details:
· A system hosting external user related data is at the backend.
· Fed into Office SharePoint Server profile database using the BDC with Application Definition files.
· Feed data complements User-entered data and Active Directory data.
Best practices for feed management:
· Optimize the data retrieval, such as SQL queries, in your Application Definition file.
Geo Replication
· The job of the Replication Engine is to replicate from one source to one or more destinations. Geo replication keeps Office SharePoint Server People Search and Audiences consistent across regions.
· The RE keeps profile database in synch so all users have a consistent people search experience and consistent data are available to regional admins for content targeting.
· Enable global deployment under My Site settings in the SSP.
· New York RE is configured to replicate Feed and User supplied data for all users.
· Hong Kong RE is configured to replicate User supplied data from Hong Kong users.
· London RE is configured to replicate User supplied data from London users.
In the following diagram, the Contoso solution has the Trusted My Sites Host Locations lists in each SSP configured and has the current SSP in the first position because the lists are interrogated from the top down, with each being asked, “Does this user belong to you?”
Best practices for geo replication:
· Robust error logging to be trapped by Microsoft Operations Manager (MOM).
· Implement Instrumentation.
Overall benefits:
· Centralized People Search experience.
· Reduced WAN traffic over the ocean for BDC imports.
· Seamless My Site experience for users.
Thanks to PM Greg Mattox for his help with this post, and as always, we welcome your comments and suggestions, especially if such examples as this are helpful.
Hi. I’d like to announce the publication of a new scenario describing the creation and deployment of a large enterprise’s Internet presence site based on Microsoft Office SharePoint Server 2007. We authored this scenario as a series of articles describing the various stages in the development of the site, along with an accompanying poster that illustrates the site’s architecture, topology, and other data. We are excited about this scenario because it is comprehensive, describing in an end-to-end fashion how a large enterprise plans, designs, builds, and operates its Internet presence Web site.
If you are a business decision maker, system or solution architect, IT manager, site manager, Web developer, or Web designer, this content will help you envision the entire process of planning and implementing both an Internet presence site based on SharePoint Server 2007 and the infrastructure and operations necessary to host and support it in an enterprise. It outlines the steps for site-related and infrastructure-related tasks in an interwoven manner, to suggest a useful order in which to coordinate tasks across the Infrastructure and Site-development teams.
Here is a link to the scenario content and here is a link to the downloadable poster.
We hope you find this scenario useful and, of course, want your feedback. Do you find this type of content useful in helping you plan your large-scale solution based on SharePoint Server 2007? How would you improve it? We put a lot of specific data into these topics -- does the data conform to your experiences? If not, how does it differ? Are there other scenarios you would like to see documented in a similar manner? Any other feedback?
We’re looking forward to hearing from you and hope you find this content useful as you plan your own sites and solutions based on Office SharePoint Server 2007.
Thanks,
Rob Silver
Technical writer, SharePoint Server IT Pro Content Team
We recently published a couple of resources targeted to designing sites for WSS collaboration:
Based on some of our popular Microsoft Office SharePoint Server 2007 assets, the design guidance is scaled to Windows SharePoint Services 3.0.
The sample design illustrates, describes, and contrasts how to implement collaboration with three different types of collaboration sites represented:
By following the design guidance, you can soundly implement any one or all of the different types of collaboration sites.
Also, as a feature of collaboration, we expect that many of you will be accessing sites remotely or from outside of your company firewall. The article and poster for the design sample provide pointers to guidance on designing for secure external access.
Let me know if this type of "scenario" content is helpful.
Thanks, Brenda Carter, IT Pro Writer, SharePoint Products and Technologies
Hi there—we’re wondering if you've got feedback on the Best Practices Resources Center that we blogged about a couple of weeks ago.
Which is your favorite article?
· Operational Excellence
· Team Collaboration Sites
· Publishing Portals
· Search
· My Sites
Are there any more topics that you’d really like to see a group of best practices developed for?
And, of course, do you have any feedback on what we could do to make the information more discoverable or useful?
Thanks!
Earlier this year, we published operations procedures and resource centers for Records Management and Web Content Management. This week, we completed the Enterprise Content Management operations content and resource centers by publishing the Document Management operations procedures for both MOSS and WSS, and the Document Management resource center.
What’s covered?
The Document Management operations procedures include procedures for managing document libraries, managing content types and permissions for a document library, and describe how to configure Information Rights Management settings.
The Document Management resource center lists resources you can use to evaluate, plan, deploy, and operate a document management system using Microsoft Office SharePoint Server 2007. Here you will also find community resources, case studies, Webcasts and podcasts which provide you with additional resources to help you get the most out of your Microsoft Office SharePoint Server 2007 document management system.
Feedback welcome!
Have you ever wished you could have a say in the way documentation is written here at Microsoft? Well, now’s your chance. We welcome your feedback on the new Managing Documents procedures and the new Document Management resource center and will do our best to make the improvements you suggest. What would we like to know? We’d like to know things like: Is this content useful? Is it detailed enough? Did we leave something out that you feel would be helpful? Did we include something that you feel has no value? We’re also interested in hearing what you like about this content so we can keep doing it. Anything you feel we should know about the Managing Documents content or the Document Management resource center is very important to us. Let us know what you think!
There are three ways that you can provide feedback about the new Managing Documents procedures and the new Document Management resource center:
- The upper-right corner of each page has a Click to Rate and Give Feedback section. Click a star to rate the page and optionally provide feedback.
- You can e-mail us at uablog at Microsoft.com.
- You can use the “Leave a Comment” feature in this blog to provide comments, either about this blog post, the Managing Documents procedures or about the Document Management resource center.
We look forward to hearing from you and to working with you to make our content the best it can be.
-- Claudia Lake
SharePoint IT Pro documentation team
Many issues that customers run into with Office SharePoint Server 2007 can be traced back to a small set of specific design problems. The SharePoint Customer Advisory Team and the Microsoft Consulting Services team for SharePoint have collaborated to bring you a set of guidelines that lay out the best practices for success with Office SharePoint Server 2007. Following these practices will help you avoid some of the common deployment pitfalls and keep your SharePoint environments available and performing well. Get the details now from the Best Practices Resource Center.
Also, by popular demand, we've created a CHM download for the Windows SharePoint Services 3.0 Technical Library. Enjoy!
-- Samantha Robertson
Alternate access mappings enable multiple internal URLs to be mapped to a single public URL. An internal URL is the URL of a Web request as it is received by Office SharePoint Server 2007 or Windows SharePoint Services 3.0. A public URL is the URL of an externally accessible Web site.
The public URL is the base URL that Office SharePoint Server 2007 and Windows SharePoint Services 3.0 use in the pages that they return in response to Web requests. Alternate access mappings support Internet deployment scenarios in which the URL of a Web request is not the same as the URL that was typed by an end user because the URL has been modified by a reverse proxy.
A reverse proxy sits between end users and Web servers. Requests to a Web server are first received by the reverse proxy and, if those requests pass the proxy's security filtering, the proxy forwards the requests to the Web server. Reverse proxies can be configured to receive a Web request over the Internet by using HTTPS (Hypertext Transfer Protocol over Secure Socket Layer), and then forward the request to a Web server by using HTTP. This is referred to as off-box SSL termination.
Alternate access mapping collections can contain up to five authentication zones, but each zone can only have a single public URL. Mapping collections correspond to the following authentication zones:
- Default
- Intranet
- Internet
- Custom
- Extranet
Administrators need to make sure that alternate access mappings are configured correctly for every SharePoint deployment, no matter how simple or complex. For more information about alternate access mappings, see:
Plan alternate access mappings (Windows SharePoint Services)
Plan alternate access mappings (Office SharePoint Server)
For more information about authentication for Windows SharePoint Services 3.0 and Office SharePoint Server 2007, see the Authentication Resource Center for SharePoint Products and Technologies.
Douglas Goodwin, Writer
SharePoint Server UA team
There is a tremendous wealth of technical performance and capacity–related information available for Office SharePoint Server 2007 on TechNet. I know, because I wrote quite a lot of it. However, the greater the volume of content that becomes available, the harder it can be to find.
Yes; I can hear you now. “Kelley,” you’re saying, “thank you so much for sharing with us this valuable piece of information, that is in no way extremely obvious and well-known by every sentient being in existence, and even some non-sentient ones, such as fruit flies.”
You’re welcome.
And now, allow me to introduce the (begin drum roll here) Performance and Capacity Planning Resource Center for SharePoint Server 2007 (cue trumpet flourishes and fireworks)! We’ve rigorously reviewed, analyzed, folded, starched, ironed, and consolidated every existing bit of performance and capacity planning content available today in one easy-to-use page.
Some highlights include:
· Topics organized into meaningful categories:
o Planning
o Recommendations
o Estimate performance based on test results
· Sections listing available resources:
o Demos
o Tools from Microsoft
o Tools from partners and the SharePoint community
o Community resources
We hope you’ll find this resource center helpful, and that it will save you time, money and precious, precious tears. We would like to hear from you if there’s anything we can do better. We actually do read customer comments and suggestions, and in fact, a large part of our work is improving our content based on your input.
Enjoy!
-- Kelley Vice
SharePoint IT Pro Writer
Freshly updated: Office SharePoint Server Operations TOC.
You seemed to like the tinkering we did in the Planning section for SharePoint Server, so we decided to extend the exercise to the Operations section. We've adopted a structure that is similar to the planning structure, with two main sections for administration tasks:
- Site and solution administration contains administration tasks for sites and solutions.
- Infrastructure administration contains administration tasks for the infrastructure supporting the sites and solutions.
We've also added a third section to the outline called Administration tools, to collect overviews and information about the tools you need to use when performing administration tasks.
Again, before:
And after:
Note that we're still busily working on content in these areas, so this TOC re-org does not mean we're done writing operations content. But in the meantime, we hope this organization makes it easier for you to find the content that's there. As always, we'd love your feedback.
- Samantha Robertson, Technical Writer
To enable Kerberos authentication for services in Office SharePoint Server 2007, you must create and register Service Principal Names (SPNs) in Active Directory. To create SPNs in an Active Directory domain, you must have domain administrative-level permissions.
Authentication clients
Clients use these registered SPNs to identify each instance of a service. A Web browser, such as Microsoft Internet Explorer, is the client when you attempt to render a Web page from an Office SharePoint Server 2007 Web application. The Microsoft .NET Framework is the client when Office SharePoint Server 2007 crawls local content sources or makes a call to the Shared Services Provider (SSP) infrastructure. An SSP is a logical grouping of a common set of services and service data that can be provided to Web applications and their associated Web sites. An SSP infrastructure enables the sharing of services across:
- Server farms
- Web applications
- Site collections
The Office Server Web Services Web site is the SSP infrastructure for Office SharePoint Server 2007. The SSP infrastructure exists on any server running Office SharePoint Server 2007 that is deployed using the Complete installation option. Kerberos authentication does not work with the Office Server Web Services Web site unless the Infrastructure Update for Microsoft Office Servers is installed. For information about downloading and installing the Infrastructure Update, see the Updates Resource Center for SharePoint Products and Technologies.
Farm deployment
To deploy an Office SharePoint Server 2007 server farm using Kerberos authentication, you must install and configure a variety of applications on your computers to support the following functionality:
- Communication between Office SharePoint Server 2007 and Microsoft SQL Server database software.
- Access to the SharePoint Central Administration Web application.
- Access to other Web applications, including a portal site Web application, a My Site Web application, and an SSP Administration site Web application.
- Access to shared services for the Office SharePoint Server 2007 Web applications in the SSP infrastructure.
When a client (Internet Explorer or the .NET Framework) attempts to access a resource using Kerberos authentication, the client must construct an SPN to be used as part of the Kerberos authentication process. If the client does not construct an SPN that matches the SPN that is registered in Active Directory, Kerberos authentication will fail, usually with an “access denied” error.
There are versions of Internet Explorer that do not construct SPNs with port numbers. If you are using Office SharePoint Server 2007 Web applications that are bound to non-default port numbers in IIS, you might have to direct Internet Explorer to include port numbers in the SPNs that it constructs. In a farm running Office SharePoint Server 2007, the Central Administration Web application is hosted, by default, in an IIS virtual server that is bound to a non-default port.
In a farm running Office SharePoint Server 2007, by default, the .NET Framework does not construct SPNs that contain port numbers. This is why Search cannot crawl Web applications using Kerberos authentication if those Web applications are hosted on IIS virtual servers that are bound to non-default ports. It is also the reason why Kerberos authentication cannot be correctly configured and made to work for the SSP infrastructure unless the Infrastructure Update for Microsoft Office Servers is installed.
New, custom-format SPN
The Infrastructure Update for Microsoft Office Servers includes a new, custom-format SPN for Kerberos authentication for the SSP infrastructure. This custom-format SPN introduces a new Service Class: MSSP. The custom-format SPN uses the following format: MSSP/<host:port>/<SSP name>. This new custom-format SPN sets a .NET Framework property to direct the .NET Framework to use a specific SPN for a given URI. The .NET Framework is used to make inter-server calls to the Office SharePoint Server 2007 SSP infrastructure Web services.
The SSP infrastructure includes a Search shared service at both the root level and the virtual directory level in IIS. There is also an Excel Calculation Services shared service at the virtual directory level in IIS. After the SSP infrastructure is configured for Kerberos authentication, Kerberos will be used for accessing shared services at both the root level and the virtual directory level. You do not need to register SPNs for root-level Web services. You only need to register SPNs for virtual-directory-level Web services. This is because when joining a computer to a domain, a HOST-class SPN is automatically registered for the computer account in the domain, and the SPN will work for the root-level Web service. However, you do need to register SPNs corresponding to the virtual directories that actually correlate to the SSPs in your farm.
For more information about Kerberos authentication for Office SharePoint Server 2007, see Configure Kerberos authentication (Office SharePoint Server).
Douglas Goodwin, Writer
SharePoint Server UA team
By Brenda Carter, IT Pro Technical Writer, SharePoint Products and Technologies
Last March, Shane Young and I sat down with Dave Coleman at the SharePoint conference in Seattle to review the solution design for Twynham School in the UK. Shane Young is a Microsoft Most Valuable Professional (MVP) who has designed solutions for several schools, including the Boulder Valley School District and Central Michigan University. Typically in these sessions Microsoft experts give design guidance to customers. However, during this session Coleman showed us how it’s done.
Coleman described how he stumbled across the initial version of SharePoint Team Services years ago and has since developed a growing Web presence with each subsequent version of SharePoint Products and Technologies. With his small IT team and a strong partnership with the community at the school, Coleman has produced a world-class IT solution. His team also hosts sites for several feeder schools. Finally, Coleman’s team generously shares their expertise (and templates!) with the other 63+ secondary schools in the area, helping them get up and running with SharePoint quickly.
Young applauds Twynham for their savvy solution and especially for openly sharing their work with the education community: "Colemans' team is saving education providers worldwide countless hours by sharing their lessons learned and helping them start on the right foot." Young emphasizes that starting with a viable design that has been proven in the field can greatly reduce the learning curve.
The purpose of this blog article is to introduce you to Shane Young and the Twynham team and to let them field your questions right here on this blog!
Shane Young has over 12 years experience architecting and administering large-scale server farms using Microsoft enterprise technologies. He has architected SharePoint solutions for clients ranging from 20 to 25,000 users. He is the President and lead consultant of www.SharePoint911.com.
Twynham School is a secondary school on the south coast of the UK and is rated among the top 10% of schools nationally. From left to right, the Twynham team includes:
- Sylvia Haghighi (IT Technician)
- Dan Rolles (Senior IT Technician)
- Chris McKinley (SQL Admin/Web Developer)
- Darren White (Web Developer)
- Dave Coleman (Network Manager)
- Mike Herrity (Assistant Headteacher)
For information about Twynham’s solution architecture as well as the architecture that Coleman recommend for single schools, see the following technical case study resources:
The Twynham IT team also hosts a site to showcase their solution: http://www.twynhamschool.com/supportinglearning/.
Here are some highlights from the Twynham case study:
- While Twynham’s farm runs on five servers, Coleman reports that a single server is plenty of hardware for a single school. For the recommended specs, see the article!
- Coleman’s team spent a summer digitizing media assets and hosts a bank of media files that teachers can easily incorporate into classroom sites. The media files are hosted on a separate server that is directly attached to a Web server. The article describes how Coleman ensures that students have access only to media files that are appropriate for their age and curriculum.
- Teachers collaborate on the content that is offered on each subject site. For example, the French subject site incorporates RSS news feeds from French newspaper sites as well as links to other French media sites.
- Twynham makes extensive use of podcasts across many of the subject sites. Students can subscribe to the podcasts and listen to them on their MP3 players, mobile phones, and computers.
- The IT team and staff collaborated on sites to help students prepare for standardized exams. In the two months prior to the 2007 exams, Twynham Year 11 students viewed over 70,000 pages to prepare for their exams.
- External access to sites was a priority. Students can access class materials and blog about what they are learning from home and even during their travels to World War I sites in England or overseas trips to geological sites in New Zealand.
If you are a medium-size school district or university and are interested in working with me to produce a similar technical case study, let me know! (bcarter@microsoft.com).
Meanwhile, feel free to post questions for Shane Young and the Twynham IT team. Thanks, Brenda
Hi. I’m Rob Silver – one of the writers covering SharePoint Products and Technologies for the IT pro audience at Microsoft. I’m excited to announce two new articles that we are publishing this week. They are both related to SharePoint governance. Governance is the set of roles, responsibilities, and processes that you put in place in an enterprise to guide the development, adoption, and use of a solution based on SharePoint Products and Technologies. We know that this is an area of concern for our IT audiences and we will continue adding content to enhance our coverage of SharePoint governance.
Here are the articles we are publishing this week:
· Increasing SharePoint engagement (white paper): SharePoint MVP Robert Bogue has written many popular white papers. His new paper defines the problem of increasing Office SharePoint Server 2007 engagement in an organization, identifies typical engagement-blockers, and suggests strategies to increase engagement at the team, departmental, and enterprise levels.
· Sample code acceptance checklist for IT organizations: The ability to customize sites by adding custom solutions gives Office SharePoint Server 2007 power and flexibility. However, a poorly designed or implemented executable module that runs in a SharePoint farm can do harm even beyond the scope of the Web application for which it was intended. To help you ensure that the solutions that you deploy provide the intended benefits without exposing the enterprise to unnecessary risk, you can require developers to submit a checklist to verify that their solutions have been coded and tested according to best practices. Use this sample code acceptance checklist as a starting point for your own checklist to help verify the quality of solutions that are submitted for deployment.
I hope you find both these articles useful as you work out your approach to governing SharePoint and increasing SharePoint engagement. If you are interested in governance, be sure to visit our Governance Resource Center for more governance articles and tools.
Thanks,
Rob
