80 CHAPTER 3 architectUre aNd caPacity PlaNNiNg CONTROLLING DEPLOYMENTS SharePoint 2010 ships with more than a handful of tools that will help you to keep it under control — from tools that block and/or discover rogue deployments to built-in throttling capabilities that will help to prevent lost data and oversized lists from destroying your farm. Blocking Rogue Deployments SharePoint, especially Foundation, is sneaking into more and more enterprises. Business units who don’t want to go through the proper channels have been caught standing up their own SharePoint servers in alarming numbers. That wouldn’t be so horrible, but these rogue servers often house business- critical data but have no backups and no redundancy. IT generally doesn’t find out about them until it is too late and someone has already lost critical data. To help prevent this SharePoint 2010 has implemented a new registry key: HKLM\Software\policies\microsoft\SharePoint\14.0\blocksharepointinstall If you set the dword blocksharepointinstall equal to 1, the installation of SharePoint is blocked. The key challenge is getting this registry key added to all of the machines in your farm in time, as it is not there by default. It will not affect servers that already have SharePoint installed. Also, you need to keep this key a secret between you and this page. If a user knows to look for it they can remove it from the registry and then install SharePoint anyway. If you are considering using this key it is probably easiest to create a group policy object that adds it to all the machines in your domain. Registering SharePoint Servers in Active Directory Rogue SharePoint servers have become an issue in many large enterprises, but sometimes block- ing them as described in the previous section is considered too drastic. Wouldn’t it be great if you could keep track of every server in your Active Directory that someone installed SharePoint on, so you could find the culprits and smack them on the hand with a ruler? With a little AD work you can. When a SharePoint farm first comes online it will attempt to register itself through an Active Directory Service Connection Point, also referred to as an AD Marker. The challenge is this container is not in AD by default; you must create and configure it before SharePoint is deployed. If you do it after the fact, existing farms will not be registered. To configure this you must be a domain administrator and have access to a domain controller. Then you will need to follow the steps documented here: http://blogs.msdn.com/opal/archive/ 2010/04/18/ track-sharepoint-2010-installations-by-service-connection-point-ad-marker.aspx . HTTP Throttling A potential challenge SharePoint administrators have faced in the past and are certain to see again is lack of resources and the odd behaviors it produces. One scenario is an overworked WFE server. As a WFE is processing requests, it might reach a point where it is not immediately responding to a request due to a lack of resources. It will then begin to queue requests, but it has a limited capacity for storing requests also. If the queue fills up, then it will just start indiscriminately dropping requests until it catches up. While this is not a big deal for a typical GET request, what if you are a user who Controlling Deployments 81 has just spent an hour taking a survey or fi lling out an application? If that PUT request is dropped, your hour was spent in vain and you will have no option but to start over. To avoid this issue, Microsoft has introduced HTTP Throttling to protect a server during peak load. By default, this feature monitors the available memory in megabytes and the ASP.NET requests in queue. As it monitors these counters, it generates a health score for the server on a scale from 0 to 9, with 0 being the best. The monitor checks every fi ve seconds by default. If the score is 9 for three con- secutive tests, then the server will enter a throttled state. In this throttled state, SharePoint will return a 503 server busy message to all GET requests, including the crawler if you happen to be indexing. In addition, all timer jobs will be paused, which enables the server to concentrate on fi nishing existing requests and hopefully makes room for anyone doing a PUT request, like that user who just spent an hour fi lling out a form. The monitoring continues every fi ve seconds, and throttling is disabled after one occurrence of a score below 9. This feature can be confi gured using Central Administration, to be enabled or disabled per web application. Using Windows PowerShell, you can go a step further and view and edit the thresholds using the following cmdlets: Get-SPWebApplicationHttpThrottlingMonitor Set-SPWebApplicationHttpThrottlingMonitor You can introduce your own counters, but that requires object model code, a topic outside the scope of this book. The health score is exposed to all HTTP requests. If you use a tool like Fiddler (www.fiddler2.com) that enables you to inspect your web traffi c, you will see in the header under Miscellaneous the value X-SharePointHealthScore. The place this truly comes into play is with the Offi ce clients. The Offi ce 2010 client programs are aware of the score and can use it to adjust their behavior. For example, if you are using the PowerPoint Broadcast feature (covered in Chapter 18), it knows to watch the health score and to adjust the frequency of its updates based on the score. Large List Throttling SharePoint 2010 will support lists up to 50 million items; so much for that horrible rumor that SharePoint only supports up to 2,000 items in a list. That rumor is a case of people not getting their facts straight. Previous versions of SharePoint did have a recommendation to not exceed more than 2,000 items in a list view because of the performance strain it caused your farm. Think about what happened behind the scenes when a user tried to view 3,000 items in a list. First, the SQL Server had to generate a query to return all 3,000 items at once. Next, that information had to be sent to the WFE server and added to the page. Finally, the user had to download the page with its 3,000 items and wait on Internet Explorer to render all of that content. It could literally take minutes to return the page. Sadly, there was nothing to stop users from doing this or even to monitor that activity until now. SharePoint 2010 vastly improves this scenario. 82 CHAPTER 3 architectUre aNd caPacity PlaNNiNg With SharePoint 2010, we have controls that we can con- figure to prevent these types of activities. Figure 3-7 shows the Resource Throttling screen in Central Administration. You can access this screen by navigating to Application Management Manage web applications. Then select your web application, click the drop-down for General Settings, and select Resource Throttling. All default settings are shown. The List View Threshold, which is set to 5000 by default, represents the maximum number of items a standard user can return in a view. As users approach the limit, they will see the screen shown in Figure 3-8, which tells them how many items they have and where the throttling limit is set. The following relevant settings are available: Object Model Override — This setting specifies whether a developer can override the throttling through the object model code to allow their code to run. List View Threshold for Auditors and Administrators — This setting is used to grant special power users a larger threshold. You can set a user up as an auditor through the Manage web applications screen. You first add a Permission Policy and enable the Site Collection Auditor permission policy level. Then, using User Policy, also on the Manage web applications Ribbon, select the new permission level you created. List View Lookup Threshold — This setting is used to control the number of lookups that can be specified. Daily Time Window for Large Queries — This setting is also referred to as “happy hour.” It allows you to set a time of day when throttling is disabled and views are unrestricted. List Unique Permissions Threshold — This set- ting limits the number of unique permissions a given list can have. This is a good idea, as you can run into performance problems if a list has too many unique permissions coupled with too many items. Security trimming is a great but expensive feature at times. FIGURE 37 Summary 83 The remaining settings are not part of the list throttling feature. When users exceed this limit, they will see a warning message in the browser stating “Displaying only the newest results below. To view all results, narrow your query by adding a filter.” This will show the last 1,000 modified items. FIGURE 38 SUMMARY In this chapter you reviewed the plethora of SharePoint 2010 SKUs that are available and how each one may be applicable to your situation, except for that cloud business. With that knowledge, key considerations of the other infrastructure pieces in the farm were discussed. Don’t ever overlook these boxes, as they are the key to your success. Remember: No one calls to say your Windows box isn’t working; they only call to complain SharePoint is broken. In the section on terminology, you learned a bit about SharePoint’s vocabulary, including how evil the word “site” is and why you should avoid it like the plague. Finally, you were introduced to SharePoint’s out-of-the-box tools, which can help you manage its sometimes overwhelming collaboration and content management features. Installing and Confi guring SharePoint 2010 WHAT’S IN THIS CHAPTER? Running prerequisiteinstaller.exe and setup.exe Avoiding standalone installation Running the Confi g Wizard Running the Central Administration Wizard Handling post-setup confi guration Installing SharePoint 2010 Please read this chapter! It has become commonplace for IT professionals and consultants to just “wing” the installation and confi guration of software, fi guring if there are any issues along the way a quick trip to Bing will get them squared away. While this may be true, it is hardly considered best practice. This chapter walks you through all of the steps necessary to get your users a SharePoint site they can access. Starting with installing the software and then working through running the two confi guration wizards, you will be on your way. Once you are done with the wizards, you will make some additional changes to Central Administration. With all of the knobs turned and the buttons pressed, you will then create a web application and site collection. At that point you are ready to turn over SharePoint to the users. Then there is nothing to do except cross your fi ngers and hope for the very best. Or if you are the proactive type you can check out Chapter 15 where monitoring is covered. audits—essentially, walking through the install and confi guration steps performed to build out a server farm and discovering and correcting the errors found with the initial 4 . To help prevent this SharePoint 2010 has implemented a new registry key: HKLMSoftwarepoliciesmicrosoft SharePoint 14. 0locksharepointinstall If you set the dword blocksharepointinstall equal. http://blogs.msdn.com/opal/archive/ 2010/ 04/18/ track -sharepoint- 2010- installations-by-service-connection-point-ad-marker.aspx . HTTP Throttling A potential challenge SharePoint administrators have. even to monitor that activity until now. SharePoint 2010 vastly improves this scenario. 82 CHAPTER 3 architectUre aNd caPacity PlaNNiNg With SharePoint 2010, we have controls that we can con- figure