Michael's session at STP Nairobi (AKA SharePoint Saturday Nairobi) was dedicated to "best practices around setting up SharePoint."
Beginning with the topic of architecting the farm, Michael said that it's "most important to understand that there are three tiers of infrastructure": the Web tier, the data tier, and the Service Applications tier (the "middle tier"). "You need to architect your environment around these three tiers of SharePoint infrastructure."
Regarding architecting the farm, Michael explained that small farm models include all-in-one instances (everything on a single server; avoid this model), and instances of having the database roles and SharePoint roles on separate servers. The smallest "highly available" farm involves four servers: two SharePoint servers, and two database servers, allowing for failover. The best practice is six servers: two Web servers, two database servers, and two servers dedicated to Service Apps. The ideal is to have your Service App farm and content farm separate (six servers total) and thus have the ability to update and patch servers individually.
Michael pointed out that large SharePoint farms are highly scalable with multiple servers dedicated to each tier.
Moving on to SharePoint server virtualization, Michael explained that virtualization allows you to be much more flexible in your architecture. A single-server virtualized environment allows for a test environment in even smaller organizations. In larger organizations with a two-server highly available farm, you'll enjoy high availability across hosts and all components virtualized. An increasingly common approach is a mix of physical and virtual servers, where the highest transaction servers are physical. Michael pointed out that virtualized environments are just as scalable as are physical ones.
Michael said that "the key to proper virtualization is to ensure that you have the proper amount of resources allocated to each of the hosts" (processor, available memory, network bandwidth, network latency, etc.).
"Before you deploy SharePoint," he said, "you need to understand that each site collection can only exist in a single content database." In 2010, "SharePoint stores things in full," so spread out the data via distributed content database design. Michael advises that you "architect around scalability when you're setting up SharePoint." "Remote BLOB Storage (RBS) allows you to take the BLOBs and put them somewhere else," (somewhere outside of your content database, that is) which shrinks your content database accordingly.
SQL Server optimization involves setting up multiple files for SharePoint databases: the DB-A file, the DB-B file, and the tempdb file. This approach is just one example of how you can boost performance levels.
It's "highly recommended [that you] pre-size your content databases and tempdb files to avoid fragmentation."
Michael shared that it is "another best practice to Implement SQL Maintenance Plans, [which will] keep the databases from becoming corrupt."
Speaking to high availability and disaster recovery (HA and DR), Michael said that there are lots of new options in SQL Server 2012, such as AlwaysOn Availability Groups. These Groups include synchronous-commit (which combines clustering and mirroring), as well as an asynchronous-commit option. Michael noted, however, that using AlwaysOn requires enterprise licenses for both Windows and SQL Server 2012.
Touching on the topic of network load balancing at the Web tier, Michael said that it's supported using both hardware-based load balancing as well as software-based load balancing (via Windows Network Load Balancing).
"From a security perspective," said Michael, "there are a lot of layers of security that aren't natively supported in SharePoint." There are five layers of SharePoint security: infrastructure security (the best practice is to implement Kerberos authentication); data security (it's recommended that you implement Role-based Access Control); transport security (SSL certificates are the most critical, as "it's important to encrypt that traffic"); edge security ("use a tool to secure inbound connections to your SharePoint environment"); and rights management (restricting what someone can do once they've gained access to a document).
There was no DNS server available, so Michael was unable to demonstrate failover as intended, so he used his remaining time to engage in an extended Q&A, addressing specific, environment-based issues that attendees were experiencing, and helpfully providing custom-tailored recommendations in each case.
All sessions on the STP Africa Tour:
- STP Johannesburg: Paul Swider's 'Data Visualization with SharePoint & SQL 2012'
- STP Johannesburg: Joel Oleson's 'Social Intranet Evolution'
- STP Cape Town: Mark Miller's 'Re-Experience SharePoint: Interface Enhancements in SharePoint'
- STP Cape Town: Eric Harlan's 'SharePoint 2013 Upgrade'
- STP Nairobi: Michael Noel's 'The Ultimate SharePoint Infrastructure Best Practices Session'
- STP Nairobi: Mark Miller's Keynote: 'Building Community Around the World'