Introduction to Service Applications and Topology

Todd Klindt – Sr. SharePoint ConsultantShane Young – Ownerwww.SharePoint911.comSession Code: OFS203

Who is this Todd guy?

WSS MVP since 2006Speaker, writer, consultant, Aquarius, former child actorPersonal Blogwww.toddklindt.com/blogE-mailtodd@sharepoint911.comTwitter me! @toddklindt

Who Am I?

Shane YoungOwner of SharePoint911.comMicrosoft Office SharePoint Server MVPConsultant, Trainer, Writer, & Speaker

shane@sharepoint911.comBlog

http://msmvps.com/shaneSharePoint Consulting

http://www.sharepoint911.com

http://twitter.com/shanescowsI am going to run for President when I grow up.

Our Cow Army

Session Outline

Service ApplicationsOverview of Service ApplicationsWhat’s new in SharePoint 2010IT Pro experienceDeveloper Story

TopologiesScale Points and ConsiderationsExamples

What is a Service Application?

Service Application: A configured logical instance of a ServiceProvides data or computing resourcesExposes administrative interfacesUses resources

Service DatabaseApplication Pool

Service Instances: Running physical instance of a service

How is a Service Application used?

Features, such as web parts, on a Web App use Service ApplicationsWeb App > Service Application Group > Service Application Connection > Service Application Service(s) > Service Application Database(s)

A Service Application Proxy connects a Web App to a Service appAssociations determined by administrators, can be changed any timeConnections can be managed individually or in groups (‘Service Application Proxy Group’)

Web Application

Service Application Group

Service Application Connection

Service Application Service(s)

Service Application Databases(s) (Not all SASs have databases)

Shared Service Provider

SharePoint

Search

Excel Calc Service

Business Data Catalog

User Profile Service

ContentConfig Workflow

SharePoint Server

Search

Excel Calc Service

Business Data Catalog

User Profiles

ContentConfig Workflow

2010 2007

Windows SharePoint Services

SharePoint Foundation

SharePoint Service Applications

SharePoint 2010

Search

Excel Calc Service

Business Data Connection

User Profiles

ContentConfig Workflow

SharePoint ServerShared Service Provider

Windows SharePoint Services

SharePoint Service Applications

SharePoint 2010

Search

Excel Calc Service

Managed Metadata

User Profiles

SharePoint Foundation

ContentConfig Business Data Connectivity

SharePoint Server

Sandboxed Code Service Usage & Health Logging

Word Conversion Service

PowerPoint Broadcast Service

PerformancePoint

Visio Graphics Service

Access Service

Web Analytics

3rd party services…

Service Applications by SKUEnterprise

Access Service Excel ServicesPerformance PointPowerPointVisio Graphic ServiceWord Automation Services

D has a database* can be cross farm

FoundationBusiness Data Connectivity * DUsage and Health Data Collection D Microsoft SharePoint Foundation Subscription Settings Service DWeb Analytics *

StandardManaged Metadata Services * D Search * DSecure Store Service * DState Service D User Profile * D

SSP => Service ApplicationSSPs are replaced with Service Apps

A la carte, ‘unboxed’ servicesIntegrated administration model3rd party extensibilityAnd much more…

SSP services split out into service applicationsUser Profiles Search Service AppExcel Service AppBusiness Connectivity Service AppAnd the new services in MOSS SKUs

MOSS 2007 SSPs upgrade into SharePoint Server 2010 Service Applications

What’s New – Framework

Extensible platformFramework incorporated into SharePoint Foundation3rd parties can build and ship services

Lots of new in-box Services:SharePoint Server has nearly 20 servicesOther products like Office Web Apps, Project Server, SQL ‘Gemini’ ship services

What’s New - Administration

Simplified administration modelManaged via Central admin and PowerShell

A la carte consumptionIncreased flexibility in deployment

Fault Tolerant Round-robin Load Balancing Support for hardware load balancing

Flexible, secure cross-farm federationTrust-based securityShare to anyone and consume from anywhereWCF-based web services for communicationNo direct DB Access

What’s New - Security

Improved security modelClaims based authorization within the farmCommunication via WCF-based web servicesSupport for SSL/transport security

Application isolationEach service app uses separate database and optionally, separate app poolSupport for multiple service applications for a service with different accounts and databases

Multi-tenancyMost services are multi-tenant capableApplication-level security for content isolation

Shane Young & Todd Klindt

demo Service Application Administration

Managing a Service

Services are managed through Central AdminServices plug their management UI into Service Management page

Service AdminsDelegated admins with Central Admin accessManages one or more Service ApplicationsCentral Admin UI is trimmed to only the pages that the Service Admin has rights to accessSome services have their own additional specialized admin roles

Services are also managed through PowerShell

Deployment

Farm Config WizardCreates all Service Applications with default settings

ManuallyUse the ‘New’ dropdown in the Manage Service Applications page

Specify custom application pool, database locations etc…Creates service apps and their proxies

For most control, use PowerShellNew-SP*ServiceApplicationNew-SP*ServiceApplicationProxyCreate each piece individually (e.g. in Service-only farms)

Managed Accounts

SharePoint can now manage all service accountsUsername and passwordCan handle maintaining password

Not unique to service applications

Administration UI

Manage Service Application page:Create/Delete Service AppsManage Service App ‘metadata’Connect to remote Service AppsPublish and Secure Service Apps

Service-specific management UI:Service App specific settingsDashboards showing search crawl status, profile import status etc…

Manage Service Associations page:Control web app to service app association

Manage Services on Server page:Start/stop instances on specific servers

Windows PowerShell

All Admin operations are PowerShell enabled.Only Farm admins and Shell Admins can use PowerShellUse PowerShell to*:

• Create and Delete Service ApplicationsNew-SPSearchServiceApplication –name “My Search” –database sql-svr-01\srchdb01 –account “domain\srchsvc”

• Share Service ApplicationsPublish-SPServiceApplication –name “Company Search”

• Start and Stop InstancesStart-SPServiceInstance –Server app-svr-01 –Service “Microsoft.Excel.ExcelInstance”

• Perform Bulk OperationsGet-SPServiceApplication | Get-SPServiceApplicationSecurity|Grant-SPObjectSecurity –UserPrincipal “domain\user” –type “Admin” –Rights “full control”

* Actual syntax may differ in the Beta

Associations

By default, all Service Applications in a farm are associated with all Web Applications

Associations are not direct, but connect through a proxy

The default association can be changed so that Service App Connection Web App associations are managed on a case-by-case basisUse the ‘manage service associations’ UI in CA to manage associations

Publishing

‘Publishing’ a Service Application makes it available outside the farm‘Published’ Service Applications can be discovered and consumed by remote FarmsAll standard security policies still apply

i.e., Publishing doesn’t set or remove accessCross-farm trust via certificate exchange

Security

Security is managed per Service ApplicationAdmin Security:

Specifies who has admin rights over a Service AppUsed for security trimmingBy default, all farm admins included

Access SecuritySpecifies claims principals that have access to the serviceBy default, the ‘farm claim’ has accessSome services may define more granular access rights (i.e. read-only vs. read-write)

BUILDING SERVICE APPLICATIONS

SharePoint Service Application Framework

Out of Box Service Apps built on the frameworkISVs can build their ownBuilt-in support for scaling applications

Multi-Server support Fault Tolerant Round-Robin Load Balancer

Mechanisms to host and deploy WCF-based service appsAdmin UI and PowerShell IntegrationTimer Job SupportCan be multi-tenant aware

SAMPLE TOPOLOGIES

Deployment Scenarios

Single FarmIsolated HostingShared Resource Farm

Single Farm

http://corp/

SearchUser

Profiles

Excel Calc

Corp Farm

BCS

Corp Shared Farm

Isolated Hosting

SearchUser

Profiles

Excel Calc

http://legal http://hrweb

Search

Excel Calc

Enterprise Resource Center

Search User Profiles

BDC

http://my/ http://sharepoint/

Farm A Farm B

Services farm

Topologies

Topologies Agenda

Variables that influence Service application topologiesDesigning SharePoint topologies for 4 canonical casesMigrating your MOSS 2007 topology

Choosing an Architecture

Consider both logical and physical aspectsStart with a logical architecture

Consolidated vs DistributedBuild it out to a physical architecture

Low scale -> Medium scale -> High-scaleScale out as needed

Logical Topology Considerations

Business NeedsOrganizations may need isolation between respective Services

Regulatory RestrictionsGeo Political Regulatory

Information ArchitectureArchitecture of Web Sites influence association to Services

Physical Topology Considerations

ScaleScale-up/Scale-out needs influence physical topology

Link Latency Host Services close to Users and Content

Directory ArchitectureHost Services close to Directory for better auth, profile sync etc.

Scaling Services – Step 1

Scale within the farmScale-upScale-out on each tier

Add Web Front Ends for content serversAdditional app servers for compute-intensive servicesScale SQL for data-centric services

‘Affinitize’Specific Web apps to WFEs using NLBsServices on specific app servers

Scaling Services – Step 2

Multiple content farmsSplit services into separate farm

Security boundary Usage/scale Political / organizational Patching flexibility

Multiple Services farmsGeo-distributedLoadStart by separating out Search

Three Sample Topologies

Small OrganizationMedium EnterpriseLarge, Distributed Enterprise

These are examples, not prescriptive guidance

Small Organization

Woodgrove

Small-Medium OrganizationSingle or few locations< 5000 UsersMainly uses Collab, Search1-3 IT Staff spanning multiple rolesNeed to accommodate multiple “projects”

Woodgrove – Logical Arch

http://my/personal/<user>

http://my

Application pool

HR

Http://woodgrove/

Application pool

Facilities Purchasing

Team 1

http://team

Team 2 Team 3

Web application—Published Intranet Content Web application—My Sites Web application—Team Sites

Application pool

User ProfileManaged Metadata

SearchSecure Store Service

Access Services

I I S Web Site—“SharePoint Web Services”

Excel Calculation Services

Business Data Connectivity

Woodgrove – Physical Topology

SQL Server

Web+App Servers

Woodgrove – Salient Points

Single farmMostly configured with default settingsCombined App server/WFE tierManaging growth

New content in site collectionsAdd additional servers

Medium Enterprise

Fabrikam

Typical Medium-Large Sized Org10k-50k UsersMay use all or some SharePoint workloads~10 IT Staff spanning multiple roles and solutionsLimited intra-organizational “seams”Need to accommodate multiple “projects”

Fabrikam – Logical Arch

http://finance

Application pool

Web application—Finance Web

Application pool

Division 1

http://fabrikam

Division 2 Division 3

Web application—Company Web

http://my/personal/<user>

http://my

Web application—My Sites

Application pool

Managed Metadata

Secure Store Service

Default group Custom group

Access Services

Managed Metadata

http://hrweb

Application pool

Web application—HRWeb

Search

Custom group

Excel Calculation Services

Excel Calculation Services

User Profile

I IS Web Site—“SharePoint Web Services”

Business Data Connectivity

Business Data Connectivity

Fabrikam – Physical Topology

Excel ServicesCentral AdminUser Profiles

Metadata

Query Index

Excel ServicesUser Profiles

Metadata

Fabrikam – Salient Points

Single farmIsolated web appsMultiple service appsMultiple proxy groups

Distinct server rolesManaging growth

Adding new sites, web appsScale out through adding WFE or App ServersConsider splitting out content farms

Large Enterprise

Large Enterprise

Large multinational corporation>50k UsersGeographically distributedDedicated vertical and horizontal IT departmentsOrganizational boundariesUses all or most SharePoint workloadsInternal hosting with different SLAs

Logical Arch

Enterprise services farm

Application pool

User Profile Managed Metadata

HR

http://Fabrikam

Application pool

Facilities Purchasing

Published content farm

Web application—Published Intranet Content

http://my/personal/<user>

http://my

Application pool

Team 1

http://team

Team 2 Team 3

Collaboration farm

Web application—My Sites Web application—Team Sites

Application pool

Access Services

PowerPoint Word Viewing

Visio Graphics Service

Word Automation Services

Usage and Health Data Collection

InfoPath

Search Secure Store Service

Mix of local and remote services

I I S Web Site—“SharePoint Web Services”

I I S Web Site—“SharePoint Web Services”

Excel Services

Default group

Default group

Business Data Connectivity

No Services

Application pool

My Site farm

Default group

No Services

http://my/personal/<user>

http://my

Web application—My Sites

Application pool

http://department

Departmental farm

Web application—Specialized Department Sites

Application pool

PowerPoint Word Viewing

Visio Graphics Service

Usage and Health Data Collection

Managed Metadata

Default group

Deployment of services for a specialized department farm

I I S Web Site—“SharePoint Web Services”

Excel Services

Physical TopologyMy Site

Profile TaxonomyWeb AnalyticsProfile

1x2 SQL cluster

1x2 SQL cluster

Central AdminPPT BroadcastPTC (offline)

Web AnalyticsBCS

Usage

Index Target

Usage & Health

1x2 SQL cluster

TaxonomyBCS

(Profile, Taxonomy, BCS) (Web Analytics, Usage)

Central AdminExcel Services

PTC

Central AdminExcel Services

WAC

Central AdminWAC

PPT Broadcast

Usage & Health Usage & Health

Published Content

1x2 SQL cluster

Index Target

Usage & Health Usage & Health Usage & Health

Collaboration

1x2 SQL cluster

Index Target

Usage & Health

Central AdminExcel Services

Access ServicesVisio Services

SSRS

Central AdminWAC

Usage & Health Usage & Health

Central AdminExcel Services

Access ServicesVisio Services

SSRS

1x2 SQL cluster 1x2 SQL cluster

Enterprise Services Farm

Web Servers Web Servers Web Servers

Departmental Farm

1x2 SQL cluster

Index Target

Usage & Health

Excel ServicesAccess ServicesVisio Services

Usage & Health

SSRSWAC

PPT Broadcast

Excel ServicesAccess ServicesVisio Services

SSRSWAC

PPT Broadcast

Web Servers

Large Enterprise – Salient Points

Enterprise Services owned and published by Central ITManaging Growth

Additional departments can be incorporated as New site collectionsNew Web Apps in existing farms New Farms

Depending on service agreementScale out through adding WFEs and App Servers

Geo-distribution through multiple service farmsDisaster Recovery and High Availability considerations

Other Scenarios

Internet PublishingMulti-tenant hostingAnd many more…

Summary

SharePoint 2010 services architectureSupports topologies to suit your organizational needsScales further and more flexibly than ever beforeSupports upgrade from MOSS 2007

2010 Resources today

The best site on the net about SharePoint upgrade on the Internethttp://www.sharepointupgrade.com

Experiencing the Microsoft SharePoint 2010 User Interface (E-learning) http://www.microsoft.com/learning/_silverlight/learningsnacks/SP10/snack02/Default.html

Managing and Troubleshooting with Microsoft SharePoint 2010 (E-learning) http://www.microsoft.com/learning/_silverlight/learningsnacks/SP10/snack03/Default.html

Series of videos on 2010 features by MVPs http://technet.microsoft.com/en-us/sharepoint/ee518660.aspx

IT Pro Reviewers guidehttp://technet.microsoft.com/en-us/library/cc262881(office.14).aspx

Awesome topologies and services diagramshttp://technet.microsoft.com/en-us/library/cc263199(office.14).aspx

Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.