The purpose of this article is to describe how to implement a medium SharePoint Farm – three-tier, four-servers. Before going into details I would like to recommend you to download the following file: Topologies for SharePoint 2010.
If you want you can download this post as a PDF file – How to Implement a Three-Tier SharePoint Farm.
My SharePoint Topology
My environment is hosted on Windows Server 2008 R2 Hyper-V and consists of four servers: SQL, SPLive1, SPLive2 and an Application Server.
Basically the services in farm will be split according to the following table (please take into consideration only the production environment – highlighted with green):
Furthermore the SPLiveAPP machine will host the service applications too (for example: User Profile Service, Business Data connectivity, Web analytics, Managed Metadata, Secure Store Service).
The deployment process can be structured into four big chapters:
- Install the prerequisites.
- Install the SharePoint binaries.
- Configuring the SharePoint server and farm.
- Configuring services and applications on the farm.
I won’t go into details with the classic installation of SharePoint (which corresponds to number 1 and 2). For more details about this you can read the following links from MS TechNet:
- Hardware and software requirements (SharePoint Server 2010)
- Plan browser support (SharePoint Server 2010)
- Setting Up the Development Environment for SharePoint 2010
Configuring the SharePoint Server and Farm
As you can see (in the above screenshot) I have also installed on my machine the German Language Pack for SharePoint. In order to be able to join the other servers to this farm the same language packs and security updates must be already installed on them.
For more details you can always read this TechNet article which describes a similar situation: Add a Web or application server to the farm (SharePoint Server 2010)
In my case the SQL server is named SQL and the configuration DB of the farm is SharePoint_Config_SPLive. Then, I’m adding SPLive2 to the farm, basically by repeating the operation.
- Microsoft SharePoint Foundation Incoming E-Mail
- Microsoft SharePoint Foundation Web Application
- Microsoft SharePoint Foundation Workflow Timer Service
Now, we have to enable a Windows NLB on SPLive1 and SPLive2 with the name of SPLive. If you are using a Hyper-V virtualized environment, before stating the NLB creation, please read this:
- Deploying Network Load Balancing (NLB) and Virtual Machines on Windows Server 2008 R2
- Network Load Balancing Deployment Guide
You have to enable the Spoofing of MAC addresses option on all the NLB cluster members (in my case SPLive1 and SPLive2). This can be done only if the virtual machines are powered off.
On SPLive1 add the Network Load Balancing feature, and then repeat the action for SPLive2.
Then on SPLive1 open the Network Load Balancing Manager console, and create a new NLB cluster (in my example I have named the cluster SPLive), starting from SPLive1.
I will limit the NLB only for port 80 which corresponds to HTTP.
Then, I will add SPLive2 to the NLB cluster.
To finish with the NLB I will add a DNS record for the newly created cluster (an A record for SPLive).
Now I will add another managed account to the SharePoint Farm. In Central Administration, click Security und then Configure managed accounts.
Under this identity will run all the web application pools and even service applications, but this is a laboratory environment. In a real environment you should plan carefully the service accounts. In theory you should isolate the shared services and even specific web applications. For example you could isolate the web application which hosts the extranet site collection(s).
For a regular implementation there could be the following service accounts:
- DOMAIN\srv-sql – SQL Server Service account
- DOMAIN\srv-adsync – Active Directory Sync account
- DOMAIN\srv-splive-farm – SharePoint setup and server farm account
- DOMAIN\srv-splive-user – SharePoint common shared services account
- DOMAIN\srv-crawl – SharePoint search crawl account
- DOMAIN\srv-servicesearch – General SharePoint search service account
- DOMAIN\srv-bcs – SharePoint Business Connectivity Service service application account
- DOMAIN\srv-mms – SharePoint managed metadata service account
- DOMAIN\srv-ups – SharePoint User Profile Service application account
Now it’s time to create a web Application and a site collection to test the NLB, then I will configure the following shared services: User Profile Service, Business Data connectivity, Managed Metadata, Secure Store Service and Search. In Central Administration, click on Application Management, and then create a New Web Application.
In the Public URL type the FQDN address of the created NLB. In my case this was: splive.stadler.local, and then create the web application. After the creation process is finished you should see a new web site in the IIS console in both servers.
Now I’m going to extend the web application (Central Administration -> Application Management -> Extend) over the Intranet zone, using as value for the Public URL the NetBIOS name of the NLB cluster (in my case SPLive) and of course the port 80. The idea is to make the web application available for the users on both FQDN and NetBIOS names.
Now the only thing left to do is to create a site collection in order to test the farm. If everything was configured fine I should be able to pause one at the time the virtual machines forming the NLB cluster and the site collection will still be accessible via browser.
Configuring services and applications on the farm
For a standard SharePoint implementation I would like to suggest the implementation of the following shared services: Managed Metadata, Search Services, Secure Store Service (required for the future implementation of services like BDC or Excel Services), User Profile Service, Usage and Health Services, Web Analytics Services.
All this services will be implemented on the Application Server, except the Search Service. The query functionality will be provided by the WFE servers.
We will navigate to Central Administration -> Application Management -> Manage Service Applications (under the Service Applications header).
I will configure the services in the following order:
- Managed Metadata Service
- Search Service – Getting Started with Enterprise Search in SharePoint 2010 Products
- Secure Store Service (required for the future implementation of services like BDC or Excel Services)
- User Profile Service
- Usage and Health Services
- Web Analytics Services
Small things to be known :):
- Remember to start the Windows Service required by the Service Application on the desired server in the farm (in my case SPLiveAPP). A comprehensive summary for service guidance can be found in the following document: Topologies for SharePoint 2010
- Managed Metadata Service requires a CTHub (content type hub) Site Collection; After you create the site collection please enable the Content Type Syndication Hub site collection feature;
- Search Service doesn’t automatically configure the search topology on more than one server. If you want to split the search functions, remember to change the search topology. If you split the Query to another server(s) please start the “Search Query and Site Settings Service” service on each of the Query servers;
- User Profile Service requires Managed Metadata Service;
- User Profile Service requires that the SharePoint Farm Account is also a Local Administrator of the machine;
- User Profile Service requires a Site Collection to be created using the My Site Host template;