This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic building blocks of SharePoint infrastructure – things like DNS, load balancing, AD, high availability and disaster recovery, backup options, database options, and some of the core components of Windows in an understandable way so you can speak the lingo and seem really smart!
Zvonimir Mavretić
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Demystifying SharePoint Infrastructure – for NON-IT People
1. SHAREPOINT AND PROJECT CONFERENCE ADRIATICS 2013
ZAGREB, NOVEMBER 27-28 2013
Demystifying SharePoint
Infrastructure – for NON-IT People
ZVONIMIR MAVRETIĆ, EVISION / K2 ADRIATICS
3. SharePoint infrastructure
• Lot of acronyms:
• TCP/IP - Transmission Control Protocol/Internet Protocol
• DNS - Domain Name System
• HTTP - Hypertext Transfer Protocol
• TLS/SSL - Transport Layer Security/Secure Sockets Layer
• CA & PKI – Certificate Authority and Public Key Infrastructure
• SMTP – Simple Mail Transfer Protocols
• LDAP - Lightweight Directory Access Protocol
• AD – Active Directory
• HA & DR – High Availability and Disaster Recovery
• NLB – Network Load Balancing
• …
4. TCP/IP - Transmission Control Protocol/Internet Protocol
• The Internet protocol suite is the networking model and a set of
communications protocols used for the Internet and similar
networks.
• It is commonly known as TCP/IP, because its most important
protocols, the Transmission Control Protocol (TCP) and the
Internet Protocol (IP), were the first networking protocols defined
in this standard.
• It is occasionally known as the DoD model, because the
development of the networking model was funded by DARPA, an
agency of the United States Department of Defense.
Source: http://en.wikipedia.org/wiki/Internet_protocol_suite
5. DNS – Simple explanation
• Servers on the Internet have IP Addresses, like a telephone
number.
• A Domain Name (like evision.hr, twitter.com, or microsoft.com) is a
name badge on the Internet.
• DNS (domain name system) service is the Internet’s Telephone
Book.
• If you have someone’s name, you can look up their phone
number.
• DNS maps domain names to IP addresses and other pieces of
network data to get you to the right place.
6. DNS - Domain Naming System
• Provides resolution of names to IP addresses and resolution of IP
addresses to names
• Forward lookup - Requests name-to-address resolution
• Reverse lookup - Requests address-to-name resolution
• Client/Server system
• Name Servers - contain information about some segments of the
database
• Resolvers - create queries and send them across the network to a name
server
• FQDN
• Fully Qualified Domain Name
• Identifies a host’s name within the DNS namespace hierarchy
• Host name plus DNS domain name = FQDN
7. Subdomain
Second-Level Domain - Domain
Top-Level Domain TLD
Root .
.com
microsoft.com
www.microsoft.com …
k2.com
www.k2.com help.k2.com
.org … .hr
evision.hr
www.evision.hr
DNS Namespace
• Defines a hierarchical namespace where each level of the
namespace is separated by a “.”
8. How DNS Works
Preferred DNS Server: 10.1.1.1
10.1.1.1 Root Server
http://server1.microsoft.com
Recursive Query: server1.microsoft.com.
Is name in cache?
No
Am I authoritative?
No
Root Hints:
b.root-servers.net [128.9.0.107]
j.root-servers.net [198.41.0.10]
k.root-servers.net [193.0.14.129]
l.root-servers.net [198.32.64.12]
m.root-servers.net [202.12.27.33]
i.root-servers.net [192.36.148.17]
e.root-servers.net [192.203.230.10]
d.root-servers.net [128.8.10.90]
a.root-servers.net [198.41.0.4]
h.root-servers.net [128.63.2.53]
c.root-servers.net [192.33.4.12]
g.root-servers.net [192.112.36.4]
f.root-servers.net [192.5.5.241]
Iterative Query: server1.microsoft.com.
To: Root Servers
Is name in cache?
No
Am I authoritative?
Delegation:
.com. =
a.gtld-servers.net [192.5.6.30]
g-gtld-servers.net [192.42.93.30]
c.gtld-servers.net [192.26.92.30]
i.gtld-servers.net [192.36.144.133]
b.gtld-servers.net [203.181.106.5]
d.gtld-servers.net [192.31.80.30]
l.gtld-servers.net [192.41.162.30]
f.gtld-servers.net [192.35.51.30]
j.gtld-servers.net [210.132.100.101]
k.gtld-servers.net [213.177.194.5]
e.gtld-servers.net [192.12.94.30]
m.gtld-servers.net [202.153.114.101]
I don’t know. Ask:
a.gtld-servers.net [192.5.6.30]
g-gtld-servers.net [192.42.93.30]
c.gtld-servers.net [192.26.92.30]
i.gtld-servers.net [192.36.144.133]
b.gtld-servers.net [203.181.106.5]
d.gtld-servers.net [192.31.80.30]
l.gtld-servers.net [192.41.162.30]
f.gtld-servers.net [192.35.51.30]
j.gtld-servers.net [210.132.100.101]
k.gtld-servers.net [213.177.194.5]
e.gtld-servers.net [192.12.94.30]
m.gtld-servers.net [202.153.114.101]
Cache response
TLD Server
Is name in cache?
No
Am I authoritative?
Delegation:
microsoft.com. =
dns2.cp.msft.net [207.46.138.21]
dns1.cp.msft.net [207.46.138.20]
dns1.tk.msft.net [207.46.232.37]
dns2.tk.msft.net [207.46.232.38]
dns3.uk.msft.net [213.199.144.151]
dns4.uk.msft.net [213.199.144.152]
dns3.jp.msft.net [207.46.72.123]
dns4.jp.msft.net [207.46.72.124]
dns1.dc.msft.net [207.68.128.151]
dns2.dc.msft.net [207.68.128.152]
dns1.sj.msft.net [207.46.97.11]
I don’t know. Ask:
dns2.cp.msft.net [207.46.138.21]
dns1.cp.msft.net [207.46.138.20]
dns1.tk.msft.net [207.46.232.37]
dns2.tk.msft.net [207.46.232.38]
dns3.uk.msft.net [213.199.144.151]
dns4.uk.msft.net [213.199.144.152]
dns3.jp.msft.net [207.46.72.123]
dns4.jp.msft.net [207.46.72.124]
dns1.dc.msft.net [207.68.128.151]
dns2.dc.msft.net [207.68.128.152]
dns1.sj.msft.net [207.46.97.11]
microsoft.com
DNS Servers
Is name in cache?
No
Am I authoritative?
Yes
server1.microsoft.com=192.168.7.99
Cache response
http/tcp session- 192.168.7.99
192.168.7.99
10.1.1.1 Root Server
TLD Server
microsoft.com
DNS Servers
192.168.7.99
http://server1.microsoft.com
server1.microsoft.com=192.168.7.99
http/tcp session- 192.168.7.99
Recursive Query: server1.microsoft.com.
9. DNS - Popular Record Types
• Address Records / Host (A or AAAA)
• points names to IPv4 (A) or IPv6 (AAAA) addresses
• ex. www.evision.hr is at 141.138.14.171
• Canonical Name / Alias (CNAME)
• points one name to another
• intranet.evision.hr is an alias for www.evision.hr
• Mail Exchanger Records (MX)
• points email to an inbound email server
• mail.evision.hr handles mail for evision.hr
• Pointer Records (PTR)
• points address to name
• 141.138.14.171 is the address for www.evision.hr
10. HTTP - Hypertext Transfer Protocol
• Hypertext is structured text that uses logical links (hyperlinks)
between nodes containing text. HTTP is the protocol to exchange
or transfer hypertext.
Source: http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
Client request Server response
11. TLS/SSL - Transport Layer Security/Secure Sockets Layer
• Transport Layer Security (TLS) and its predecessor, Secure Sockets
Layer (SSL), are cryptographic protocols which are designed to
provide communication security over the Internet.
• X.509 certificates and asymmetric cryptography are used verify
counterparty to exchange a symmetric key.
• Symmetric session key is used to encrypt data between the
parties.
• Certificate authorities and a public key infrastructure are needed
to verify the relation between a certificate and its owner, as well as
to generate, sign, and administer the validity of certificates
Source: http://en.wikipedia.org/wiki/Transport_Layer_Security
12. CA & PKI - Certificate Authority and Public Key Infrastructure
• Certificate authority or certification authority (CA), is an entity that
issues digital certificates.
• Digital certificate certifies the ownership of a public key by the named
subject of the certificate.
• CA is a trusted third party that is trusted by both the subject (owner) of
the certificate and the party relying upon the certificate.
• Commercial CA issues certificates automatically trusted by most web browsers – VeriSign,
GeoTrust, Thawte Digital Certificates, Entrust.net,…
• Internal CA issues certificates trusted only on managed devices - manually or through policy
deployed root CA certificates as trusted
• A public-key infrastructure (PKI) is a set of hardware, software, people,
policies, and procedures needed to create, manage, distribute, use,
store, and revoke digital certificates
Source: http://en.wikipedia.org/wiki/Certificate_authority and http://en.wikipedia.org/wiki/Public_key_infrastructure
13. SMTP – Simple Mail Transfer Protocols
• Simple Mail Transfer Protocol (SMTP) is an Internet standard for
electronic mail (e-mail) transmission across Internet Protocol (IP)
networks
• SMTP uses TCP port 25. SMTP connections secured by SSL are known
by SMTPS on TCP port 465
• Electronic mail servers and other mail transfer agents use SMTP to
send and receive mail messages
• User-level client mail applications to access their mail box accounts on
a mail server usually use some of this:
• SMTP for sending, Post Office Protocol (POP) or the Internet Message Access
Protocol (IMAP) for retrieving
• Exchange ActiveSync or Exchange Messaging Application Programming
Interface (MAPI)
Source: http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
14. LDAP - Lightweight Directory Access Protocol
• The Lightweight Directory Access Protocol (LDAP) is an
application protocol for accessing and maintaining distributed
directory information services over an Internet Protocol (IP)
network.
• Directory services may provide any organized set of records, often
with a hierarchical structure, such as a corporate email directory.
• A common usage of LDAP is to provide a "single sign-on" where
one password for a user is shared between many services, such as
applying a company login code to web pages (so that staff log in
only once to company computers, and then are automatically
logged into the company intranet).
Source: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
15. AD – Active Directory
• Microsoft implementation of directory services
• Provides a centralized location to store information in a
distributed environment about networked devices and services
and the people who use them.
• Implements the services that make this information available to
users, computers, and applications.
• Acts both as a database storage system (directory store) and a set
of services that provide the means to securely add, modify, delete,
and locate data in the directory store
• Lightweight Access Directory Protocol (LDAP) is the primary
access protocol for Active Directory.
16. Some Active Directory Terminology
• Forest – A collection of one or more trees of domains, organized as
peers and connected by two-way transitive trusts. The forest holds one
or more trees.
• Trees - A tree holds one or more Domain and domain trees, linked in a
hierarchy.
• Domains – A directory-based container object containing a hierarchical
structure of other containers and objects. Domains can be joined into
trees of domains
• Domain Controllers – Stores a physical Copy of the Active Directory
Database and runs logon services
• Kerberos - authentication protocol which works on the basis of 'tickets'
to allow nodes communicating over a non-secure network to prove
their identity to one another in a secure manner.
17. HA & DR – High Availability and Disaster Recovery
High Availability is for: Disaster Recovery is for:
Photo licensed with Creative Commons, used from:
http://www.flickr.com/photos/melancon/280076809/
Photo licensed with Creative Commons, used from:
http://www.flickr.com/photos/meltedplastic/2854777253/
18. HA & DR – High Availability and Disaster Recovery
High Availability is for:
• Clustering
• Synchronous Mirroring
• Replication
• AlwaysOn Availability Groups in
SQL 2012
Disaster Recovery is for:
• Replication
• Asynchronous Mirroring
• Log Shipping
• SAN Replication
• Virtualization Replication
• Geo-distributed clustering in
SQL 2012
• AlwaysOn Availability Groups in
SQL 2012
Photo licensed with Creative Commons, used from:
http://www.flickr.com/photos/melancon/280076809/
Photo licensed with Creative Commons, used from:
http://www.flickr.com/photos/meltedplastic/2854777253/
27. NLB – Network Load Balancing
• Load balancing is a technique to spread work between many computers,
processes, disks or other resources in order to get optimal resource
utilization and decrease computing time.
• A load balancer can be used to increase the capacity of a server farm beyond
that of a single server.
• It can also allow the service to continue even in the face of server down time
due to server failure or server maintenance.
• A load balancer consists of a virtual server which, in turn, consists of an IP
address and port.
• Virtual server is bound to a number of physical services running on the
physical servers in a server farm.
• A client sends a request to the virtual server, which in turn selects a physical
server in the server farm and directs this request to the selected physical
server.
This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic building blocks of SharePoint infrastructure – things like DNS, load balancing, AD, high availability and disaster recovery, backup options, database options, and some of the core components of Windows in an understandable way so you can speak the lingo and seem really smart!
Identical (or nearly)hardware requiredMust be geographically next to each other right nowOnly one disk – so when data is deleted, it’s deleted instantlyPay attention to hardware compatibilityVirtual clusters may work, may notClustering + Mirroring = Hotness
Two separate servers, with two independent sets of disksTransactions are committed at both servers before the result is returned to the clientMachines must be very close to each other, like in the same stateFailovers are done at the individual database levelDoesn’t include anything that’s not inside the database, like logins and jobsBe wary of accidental failoversBe wary of single-db failoversBe wary of index maintenance jobsMonitor performance closely
Can use 2-way replication or p2p replication to get high availabilityCan be DR since you can have replication partners far apartLot more work and management involvedNot a set-it-and-forget it solutionBe wary of schema changesNot all 3rd party apps support itCan be bandwidth-intensiveCan fall behindNeed a good monitoring solution
Same as our synchronous mirroring slide, but the servers can be a long way from each other
Still need regular backup strategyRun one server “behind” for restoresCompressed backups reduce storage and bandwidth problemsMonitor what’s happening
It’s complicated.It’s expensive.It requires full time dedicated management staff.Learn it once, and it works for all of your applications AND all of your OS’s.
Picture is from NetApp, but the same concept applies across multiple vendorsOnly works for virtualized gear