I have carried out many Health Check’s of SharePoint 2007 environments and I acknowledge that SharePoint 2007 is a very complex installation which makes use of numerous Microsoft components, such as IIS, Active Directory, SQL, Windows Server technologies and ASP.NET. As a result it is very easy to install SharePoint 2007 incorrectly. I have seen a common trend in mistakes made at many of my clients in the past due to the complexity of a SharePoint installation and configuration and the pitfalls it presents.
As a result I have decided to share some of these common SharePoint installation and configuration blunders.
| Issues |
Risk |
| Incorrect Service Accounts |
Very High |
|
No IIS (IIS corruption)
|
Very High |
| No Valid Backups* |
Very High |
| SharePoint Content Database Size |
Very High |
|
No Enterprise Search Configuration**
|
Medium |
| Farm Topology |
Medium |
| W2K3 Server Errors |
Low |
| Path Levels |
Low |
| Web Applications |
Medium |
* No valid backups exist due to incorrect installation
**Enterprise search has not been configured as a result of an incorrect installation (no Service Account access to Search and Content Databases)
Many of my clients have implemented a SharePoint solution without any expectations on user adoption and the realisation that this solution can fast become a business critical application and without recognition that ‘SharePoint Sprawl’ is very real.
As a result no initial considerations are made in terms of availability, redundancy, administration and the SharePoint installation itself, until in most cases real issues occur.
Service Accounts
Many of my clients have attempted installing SharePoint 2007 themselfs and one of the most common mistakes is the incorrect use of service accounts, in most cases a single account is used for all the SharePoint services, resulting in a number of issues further down the line. This becomes apparent when logging into the SharePoint Central Administration Site with this installation account the system defaults to the ‘System Account’.
SharePoint requires eight Service Accounts and these are outlined below:
|
Service Account
|
Reason |
Permissions Requirements |
Suggested Naming Convention |
| The Portal Application Pool Service Account |
Used to access the web application for the SharePoint Portal |
Domain User |
SPApppool_Portal |
| The MySite Application Pool Service Account |
used to access the web application for the SharePoint Portal |
Domain User |
SPApppool_MySite |
| The Content Access Service Account |
Used to access the content held in the SQL content databases |
Domain User |
SPContent |
| The Database Access Service Account |
Used to create and access the SharePoint configuration database |
Domain User |
SPData |
| The SharePoint Search Service Account |
Used to for Search Queries |
Domain User |
SPSearch |
| The SharePoint Index Service Accounts |
Used to Index Search Content |
Domain User |
SPService |
| The Single Sign-On Service Account |
Used for the Single Sign-On Service |
Domain Admins (Initially)Domain Users |
SSPOService |
| The Enterprise Application Service Account |
Used for the Enterprise Application Service in Single-Sign On |
Domain Users |
EntAppService |
| The SharePoint Install Service Account |
This account will be used to install and configure SharePoint |
Domain AdminsDomain Users |
SPInstall |
The use of correct Service Accounts is critical in a SharePoint 2007 implementation and is at the core of many of the issues that are experienced further down the line.
Database Sizes
I have found in most cases that there is only one content database for all the MOSS data usually summing up to huge amounts of data, this is a critical issue, as the recommended maximum data size is between 100GB and 200GB per content database, depending on the specification of the SQL Server. Database configurations that are greater than the recommended size will result in poor performance as well as long backup windows. For more detial please see The SharePoint Storage and Storage Performance White Paper.
Server Farm
Many clients have implemented SharePoint 2007 in a ‘single-farm’ environment. This environment is recommended for Pilot or Development scenario’s only, below are some recommended farm topologies for a highly available SharePoint 2007 solutions.
Four-server farm
The smallest server farm that builds in availability consists of four servers:
· Servers one and two: Web servers and query role installed on both computers. Additional application server roles, such as Excel Calculation Services, can be installed on one or both servers.
· Servers three and four: clustered or mirrored database server. The caveat with this farm size, however, is the choice of where to deploy the index server role. If the index role is installed on the same server computer as the query role, the index role no longer propagates content indexes to external query servers. Consequently, if you install the index server role to one of the Web servers, you lose the ability to host the query role on both Web servers. You can install the index role on the database server, achieving availability of the query role on the Web servers. However, the performance of the database server will be affected.
Five-server farmThe most common highly available server farm topology introduces a middle tier and consists of five server computers.
Given this topology, you can install all application server roles on the dedicated application server. This design optimizes the performance of the front-end Web server computers by enabling you to offload one or more application server roles to the middle tier. The primary planning decision to make with this topology is where to install application server roles. The index server role should remain on the dedicated application server. However, your decision about where to install additional application server roles depends on whether you want to optimise the server farm for performance or for availability. If redundancy of application server roles is a priority, you can install application server roles that are designed to be redundant (Excel Calculation Services, query, and Microsoft Office Project Server 2007) on the two front-end Web server computers. To optimize for performance, consider moving first the Excel Services role to the application server and next the query role.