MCT USE ONLY. STUDENT USE PROHIBITED Designing a Physical Architecture 4-37 Lesson 4 Mapping a Logical Architecture Design to a Physical Architecture Design There is a strong link between the logical architecture of SharePoint 2010 and the physical architecture of SharePoint 2010. Some of the design choices that you make for the logical architecture will have a direct impact on the physical architecture, such as the number of databases that you require or the number of servers that you need in the farm. This lesson maps some of the links between logical and physical architectures, and discusses supporting requirements for your farm topology. Objectives After completing this lesson, you will be able to: • Identify existing management requirements, and the impact on SharePoint. • Identify links between logical and physical architectures in SharePoint. MCT USE ONLY. STUDENT USE PROHIBITED 4-38 Designing a Microsoft® SharePoint® 2010 Infrastructure • Describe additional SharePoint topology requirements. • Document the physical design. MCT USE ONLY. STUDENT USE PROHIBITED Designing a Physical Architecture 4-39 Physical Design in a Business Context Key Points Typically, your SharePoint farm solution will not exist in isolation. There will usually be an existing network infrastructure with additional network services in place, which your SharePoint farm will supplement. This means that there will be existing elements that you must account for in your design. The following list contains some examples of existing support requirements or policies: • There may be existing security requirements or policies that govern how servers can transmit data, or there may be configuration requirements for Web servers in perimeter networks. • There may be existing authentication requirements that the SharePoint solution must also meet, such as two-factor authentication devices. • There may be firewall policies that can restrict placement of domain controllers in the perimeter network or prevent logon traffic from successfully passing. MCT USE ONLY. STUDENT USE PROHIBITED 4-40 Designing a Microsoft® SharePoint® 2010 Infrastructure • When you calculate network usage and bandwidth requirements, you must take account of other network usage on shared network segments. You must include this usage in your calculations and your performance testing. • Your organization may require that SQL Server DBAs administer the SharePoint database servers instead of SharePoint administrators. MCT USE ONLY. STUDENT USE PROHIBITED Designing a Physical Architecture 4-41 Mapping Logical Architecture Design to Physical Specifications Key Points After you have established a logical architecture design, you can decide on the physical farm, server specifications, and number of servers. Many of the logical architecture elements will have an impact on the physical specifications. The following table lists some examples of relationships between logical design and physical requirements. MCT USE ONLY. STUDENT USE PROHIBITED 4-42 Designing a Microsoft® SharePoint® 2010 Infrastructure Logical design requirements Impact on physical specifications Size of repository For large content collections (corpus over 40 million items) or multiple-farm scenarios, this repository may require a dedicated search farm. Number of Web applications The number of Web applications, and the number of users who connect to them, will have an impact on the number of WFE servers that you require. More WFE servers can offer dedicated hosting of individual Web applications. Quantity of content As content demand increases, you require additional databases to store content beyond 200 GB. Further demand may result in splitting service application databases, such as search, onto additional servers. You may also need to review the disk storage type (RAID configuration or SAS/SATA) Presence of Microsoft Office Web Apps Microsoft Office Web Apps place more demand on network bandwidth, in addition to WFE and application servers. Mappings for host headers and alternate access Host header and alternate access mapping use requires additional DNS record configuration. You may need to change internal DNS or Internet DNS or both. Management of digital assets Digital asset management requires additional content storage considerations, either for database storage or for remote BLOB storage (RBS). RBS requires compatible storage options. In addition, you should consider configuration of BLOB caching on WFE servers. MCT USE ONLY. STUDENT USE PROHIBITED Designing a Physical Architecture 4-43 Additional Topology Considerations Key Points In addition to designing the number of farms that you require and sizing the farm(s), you must consider farm placement. Network If users who will access the farm are solely on the internal network, you can place the farm in the internal network, and access requirements are satisfied. If the farm must be accessible from the Internet—to corporate users, business partners in an extranet scenario, or publicly—there are a number of options for deployment of the farm and Active Directory. The following table describes the server placement options and corresponding considerations. MCT USE ONLY. STUDENT USE PROHIBITED 4-44 Designing a Microsoft® SharePoint® 2010 Infrastructure Farm placement Active Directory placement Considerations Internal network Internal network HTTP (or HTTPS) traffic must pass from the Internet to the WFE servers in the internal network. For improved security, use an application-layer firewall, such as Microsoft Threat Management Gateway. Perimeter network Internal network Authentication traffic must pass back from the WFE servers to the domain controllers in the internal network. Split – WFE and application servers in the perimeter network, computers running SQL Server in the internal network Split – domain controllers for internal domain in both internal and perimeter network Requires careful configuration of firewall to securely pass both Active Directory traffic between domain controllers and traffic from WFE and application servers back to computers running SQL Server. Perimeter network Perimeter network (separate forest) This configuration provides Active Directory in the perimeter network, but as a separate forest. Typically, this prevents single sign-on (SSO) for corporate users, because a separate account is required for authentication in the perimeter forest (although you can establish a trust relationship). Note: You should choose an Active Directory and farm placement configuration that best meets your organization’s security and authentication requirements. Antivirus You must also consider how to protect SharePoint content against viruses and malware. You should consider integration with your corporate antivirus strategy, or you may require dedicated SharePoint antivirus software if your current antivirus software does not provide integration with SharePoint 2010. High Availability You must also consider high-availability requirements—additional servers may be necessary to support extended uptime requirements. For high-availability requirements, you must consider the three farm tiers separately: MCT USE ONLY. STUDENT USE PROHIBITED Designing a Physical Architecture 4-45 • To implement high availability for WFE servers, you require at least two WFE servers that host the same Web application, with load balancing. The load balancing element may be a hardware load balancer or the network load balancing (NLB) feature in Windows Server 2008. NLB is available in Windows Server 2008 Web, Standard, Enterprise, and Datacenter editions. • To implement high availability for service applications, you can implement multiple application servers that host the same services. • To implement high availability for databases, you require at least two computers running SQL Server. You can configure these for database mirroring (which requires duplicate storage), or you can configure them as part of a SQL Server failover cluster (which requires shared storage). Note: You may also be able to achieve high availability when you virtualize SharePoint servers. Depending on the virtualization platform requirements, a single virtual WFE, application, or database server can be highly available across multiple virtual host servers. Question: You decide to implement two computers running SQL Server in a mirrored configuration for high availability. Will this configuration also improve performance? Explain your reasons for your answer. Additional Reading For more information about how to plan for availability in SharePoint 2010, see http://go.microsoft.com/fwlink/?LinkID=200875&clcid=0x409. MCT USE ONLY. STUDENT USE PROHIBITED 4-46 Designing a Microsoft® SharePoint® 2010 Infrastructure Documenting the Physical Design Key Points After you have designed your physical server requirements and farm topology, it is important to document your design and record all of the required elements ready for deployment. This design document will also help when you deploy the farm, because you can identify dependencies, create a work sequence to follow, and ensure that you do not forget any requirements during deployment. You should create a worksheet to describe the server requirements, including the server hardware configuration, network settings, domain membership, and which servers will host service applications in the farm. After you create the server planning worksheet, you can create a network diagram of your farm topology. This diagram can detail: • The number and type of servers. • Additional requirements, such as domain controllers or firewalls. • The type of storage that servers will use, such as DAS or SAN. . two WFE servers that host the same Web application, with load balancing. The load balancing element may be a hardware load balancer or the network load balancing (NLB) feature in Windows Server. SharePoint 2 010 and the physical architecture of SharePoint 2 010 . Some of the design choices that you make for the logical architecture will have a direct impact on the physical architecture, such as. servers. Mappings for host headers and alternate access Host header and alternate access mapping use requires additional DNS record configuration. You may need to change internal DNS or Internet