Chapter 7 — Scaling Out a Sharepoint Farm

MS Sharepoint 2010 – Admin’s Companion – P. 345

As a Sharepoint professional you need to understand when and how to scale out
your environment based on the unique needs that your organization faces day to day.

You need to differentiate between services and a service application.

Service – a component that provides an output that can be utilized by an application.
Service application – an application that is built to utilize one or more services that exist in the environment.

Services in Sharepoint 2010 are the foundation for Service Applications.

Some services can be shared across server farms, while others can be shared only within a single farm. So are service applications.

All Service applications in a farm reside within the same IIS web site
Sharepoint Web Services. Within that web site, Service Applications are named utilizing a long GUID format. The default path for all service application is:
….\14.0\Web Services

Service application proxy groups – When you create a service application, a service application CONNECTION
is also created. The CONNECTION connects web application and the service application. It’s also call application proxy.

A new service application connection (proxy) is added to the farm’s default proxy group. When you create a new web application, you can select the default proy group, or you can create a custom one. You can add or remove from the default proxy group.

** Custom proxy groups are not reusable across multiple Web Applications.

Publishing Service Applications – service applications that can be extended to other farms are called cross-farm services. Cross-farm services must be published first to be consumed by other farms.

Cross-farm services include: BDC, Managed metadata, people (User Profile), Search, Secure Store, Web Analytics

For a farm to consume a service application that is published from another farm, perform these:
(1) Admin of both farms must exchange trust certificates.
Consuming à Publishing, root certificate and security token service (STS)
Publishing à Consuming, root certificate.

(2) On the farm on which the service application resides, the admin must explicitly publish the service application.

(3) An admin must connect the consuming farm to the service application.

When working with trust certificates, you need to use Windows Powershell.

Part of scaling out your farm is to know which services belong to which tier.

Start thinking about grouping your service applications.

Web Application 1 and Web Application 2à Default Proxy Group à A group of service collections.

Service Application isolation can be applied to any of the following:
1. Application pool
2. Web Application
3. Application proxy group

In some extreme cases you might need to consider moving some of the service applications to a different farm – a farm of their own. The first service application you need to consider doing this is Search.

Start and Stopping a service – P.364

The very first step in the service application architecture process.
(1) Make sure you are a farm administrator.
(2) Go to Central Admin
(3) System Settings à Servers à
Manage Services on Server.

**** To start/stop services on different servers, toggle the menu and select a server:

You can install a service application even though the service it depends on is not started. (Bad!!!) so need to make sure the service is on before installing service application.

Deploying Service Application to an Existing Web Application —

(1) Go to Central Admin
(2) Application Management à Manage Web Applications
(3) Select a web application,

(4) In the popup, select [Custom] then you can select or deselect service applications. (associate or de-associate)

Creating New Instance of a Service Application —

In Sharepoint 2010, you have the option of creating multiple instances of the same service application. To create a new instance of Excel service:
1. Central Admin
2. Application Management à Manage Service Applications
3. Select New à Excel Service Application

4. Provide a unique name for the service application
5. Choose an existing application pool, or use a new one.

Modifying the Application Pool of a Deployed Service Application – (IIS Manager)

Click “Basic Settings” on the right.

Then you can change the application pool.

Modifying the Service Applications in the default application proxy group —
You can add or remove service application from/to your default service application proxy group.
(1) Go to Central Admin
(2) Application Management à Service Application à Configure Service Application Associations.

Click “Default” to edit the default proxy group.

Publishing Service Application —

If the service application is not a cross-platform service application, then in the PUBLISH screen you can only choose the Connection Type: (instead of more options)

Publishing Service Application to Remote Farms – to allow service application to be consumed by remote farms, you must:
(1) exchange trust certificates
with the remote farm,
(2) explicitly publish the service application
on the farm it resides, and
(3) explicitly connect the service application
on the farm that is consuming it.

Step 1: Exchange Trust Certificate with the Remote Farm —

Consuming farm – export the root certificate, STS certificate
Publishing farm – export the root certificate

Exporting Root Certificate from Consuming Farm –
(make sure you are a member of SharePoint_Shell_Access role on the configuration database
and a member of the WSS_ADMIN_WPG local group)

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export(“Cert”) | Set-Content <C:\ConsumingFarmRoot.cer> -Encoding byte

Exporting STS Certificate from Consuming Farm –

$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export(“Cert”) | Set-Content <C:\ConsumingFarmSTS.cer> -Encoding byte

Exporting Root Certificate from Publishing Farm – (same as above)

Consuming Farm à copy root cert and STS to Publishing Farm
Publishing Farm à copy root cert to Consuming Farm

Importing the Root Certificate and Creating a Trusted Root Authority on the Consuming Farm —

$trustCert = Get-PfxCertificate <C:\PublishingFarmRoot.cer>
New-SPTrustedRootAuthority <PublishingFarm> -Certificate $trustCert

Do the same thing on the Publishing Farm. Then on the Publishing Farm, import the STS Certificate
(from Consuming Farm) and create a Trusted Service Token Issuer.

$stsCert = Get-PfxCertificate <c:\ConsumingFarmSTS.cer>
New-SPTrustedServiceTokenIssuer <ConsumingFarm> -Certificate $stsCert

Then you need to activate the Application Discovery and Load Balance Service Application. (Topology Service)

1. First you must get the Farm ID of the consuming farm:
(Get-SPFarm).IDà returns a GUID
2. Got o publishing farm, and tell the service (topology service) the ID of the farm so it can make it available to the farm.
Blah Balh Balh – lots of Powershell scripts.

Explicitly Publish the Service Application —

Go to Central Admin, select a service app, click “PUBLISH”, select the checkbox “PUBLISH THIS SERVICE TO OTHER FARMS“.

Under Trusted Farms, click “Add a Trust Relationship with Another Farm”.

Explicitly Connect the Service Application —

Connect to the service application from the consuming farm.
Go to Central Admin, Application Management à Manage Service Applications, Connect.

Enter the address of the remote service application. Then you will see the availability of the remote service.

Topologies for Sharepoint 2010 – P.387

Best practices: Per WFE (Web Front End): 10,000 users.

Server Roles:

Web Server: (WFE), to host web pages, web services, and web parts that are necessary to process requests served by the farm.

Application server: You can group services with similar usage and performance characterics on a server, and you can scale out services onto multiple servers.

Database Server:

Scaling Out a Farm with Server Groups: server group is a concept and will not be implemented in Sharepoint

Page 389, before reading the Contoso Topologies example, 11:37PM, 1/12/2011

4:18 AM, 1/13/2011

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: