Chapter 3. Workload optimization

This chapter focuses on day-to-day administrative tasks and architecture, as seen from the SharePoint administrator’s perspective. Understanding these concepts provides insight into the current farm configuration, the flow of daily operations, and forecasting for the future state of the farm as a whole.

Click here to view code image

<# Enable the Template for use with a Site Master #>
Enable-SPWebTemplateForSiteMaster -Template <TEMPLATENAME> -CompatibilityLevel 15
<# Create the new Site Master from the enabled Template #>
New-SPSiteMaster -ContentDatabase <CONTENTDB> -Template <TEMPLATENAME>

Click here to view code image

<# Create a new site collection using the Site Master #>
New-SPSite http://wingtiptoys/sites/<SITE> -Template <TEMPLATE> -ContentDatabase <CONTENTDB> -Compatibility Level 15 -CreateFromSiteMaster -OwnerAlias <OWNER>

Issue a unique IP address to each website.

Designate a nonstandard TCP port number (for instance, http://<website>:10800).

Create a host header.

Host headers allow Internet Information Services (IIS) to assign more than one fully qualified domain name (FQDN) on a server to a single IP address. In DNS, each of these FQDNs might be configured as an A record; requests going to each different FQDN would all route to the same IP address on a web server, requiring that the web server itself be configured to know which site is being referenced by each host header.

SharePoint 2016 has no issue with this arrangement, allowing you to build a single web application from Central Administration and then specify a single host header (FQDN) used by IIS to route user requests. These requests could come to the top-level site collection itself (http://sitename.com) or could use a managed path to specify a site collection further within the URL (http://sitename.com/sites/siteone).

Site collections created and arranged in this manner are known as path-based site collections, due to the fact that either exclusive or wildcard managed paths (/sites in the preceding path) are required to group more than one site collection beneath a host header URL.

In such a configuration, an application pool and site is created in IIS. A binding is assigned to the site that specifies the host header and the TCP port, as shown in Figure 3-1.

As it is recommended to minimize the number of web applications, both from a resourcing and administrative overhead standpoint, there has to be a better way, and there is. Within SharePoint, host header site collections can be created; this allows an administrator to build the application pool and site in IIS, but not specify the host header in the binding, choosing instead to allow this information to be stored within SharePoint itself (see Figure 3-2).

Only a few steps are required to configure a web application and the associated host header site collections:

1. Create the Host Header web application by using the New-SPWebApplication cmdlet, ensuring that you do not use the -HostHeader switch.

2. Do an IISRESET /noforce on each server in the farm.

3. Create an empty path-based root site collection in the web application.

4. This site collection is used for crawling content and must be present; it should never be assigned for use by users.

5. Create new host header site collections by using the New-SPSite cmdlet and the -HostHeaderWebApplication switch.

With this flexibility come questions surrounding the life cycle of a SharePoint site, from creation to eventual disposition. The ability to create new sites (and subsites, for that matter), often leads to rapid organic growth. Users, excited about the new tool set, create sites at will to match an expected structure; if the structure isn’t suitable, then these sites are just as quickly abandoned.

Fortunately, the options for self-service site creation governance in SharePoint 2016 are significant in scope. When enabled, these options can:

Be created in a specific managed path within a web application.

Have effective site quotas assigned, controlling growth metrics.

Allow for the use of a custom form (perhaps to control intradepartmental billing for resources).

Specify the required or optional use of site classification settings.

Require a secondary contact for the newly created site.

On the Self-Service Site Collection Management page, you can control five selections:

Web Application Allows you to select the appropriate web application.

Site Collections Allows you to enable or disable self-service site collection creation and select a site quota.

Start a Site Allows you to configure the Start A Site link.

Hide the link from users.

Prompt the users to create a team site under a particular URL.

Prompt users to create a site collection under any managed path.

Display a custom form (and provide a location for the form).

Site Classification Settings Choose whether to hide, make optional, or make required.

Require secondary contact Choose whether or not to enable a secondary contact for the site collection.

Viewing and changing the site collection administrators is done through the same interface in Application Management, as follows:

1. On the Application Management page in Central Administration, click the Change Site Collection Administrators link.

2. When the Site Collection Administrators page appears, ensure that you have the correct site collection selected and then assign the Primary Site Collection Administrator and Secondary Site Collection Administrator values (see Figure 3-5).

There are only two resources measured within a site quota:

The overall disk space consumed

The number of points consumed by sandboxed solutions with code

These templates would decide how much space is made available for a particular site collection, by default. For example, you might choose to have project sites with a maximum storage limit quota setting of 25 GB, whereas departmental portal sites might possess a maximum storage limit quota setting of 100 GB.

Site quotas are set from the Specify Quota Templates link within Application Management, Site Collections. On the Quota Templates page, you can control three items:

Template Name Specify a new template name (and optionally, an existing template from which to start).

Storage Limit Values This setting allows you to limit the overall site storage maximum limit as well as allowing you to send a warning email when a certain size threshold is reached. Note that both of these values are set in MB, not GB.

Sandboxed Solutions With Code Limits As solutions are developed and deployed to the site collection, they consume sandbox resources, which are a number representing memory and processing cycles. You can limit the maximum usage (on a daily basis) to a certain number of points and then set the warning email to be sent out as you pass a certain resource value.

The completed quota template can now be assigned to site collections (Figure 3-6).

1. On the Application Management page, in the Site Collections section, click Configure Quotas And Locks.

2. Select the appropriate site collection.

3. Choose the lock status for the site.

Not Locked Site collection is available for use.

Adding Content Prevented Site collection cannot have any new content uploaded.

Read-Only Site collection cannot have any content changed or added; either the site collection administrator or the Farm Administrator can control this lock.

No Access No one can access content in this site collection.

4. Site Quota Information allows you to either select an existing quota template (also displays these values) or specify bespoke limits for this site collection.

Once these values are accepted, the site collection to which they are assigned now has some level of control for resources allotted (Figure 3-7).

The subsite was created along an organization structure that no longer applies.

The subsite was created for a discontinued project and was abandoned along with the project.

The subsite was left in place, but now hosts information that is out of date and no longer of value.

Any way you cut it, a site that is not in use or is not useful as an archive should eventually be removed. This trimming effort is made possible by the use of site policies. These policies are set within the confines of a site collection.

A closed site is marked for eventual deletion, but its users can still modify the site and its content. A site that is in closed status no longer appears in locations that aggregate sites such as Outlook. If a site is closed, but the owner wants it to remain in use, he or she can go into the site settings menu and reopen the site.

Creating a new site policy is done within the bounds of a site collection, specifically from within the Site Policies menu of Site Collection Administration. Once there, clicking the Create link allows the SCA to configure the settings of the policy:

Name And Description Specify the name of the policy and describe its purpose.

Site Closure And Deletion Describes what happens to the site (and its subsites) as a result of this policy. The options available are as follows:

Do not close or delete site automatically.

Delete sites automatically, specifying the deletion event date.

Close and delete sites automatically.

Site Collection Closure In addition to the options available for deleting sites, applying this policy to the root site in the site collection sets the site collection to closed, making the root site and all subsites read only.

From an IT perspective, this arrangement is optimal because the newly created mailbox resides in Exchange rather than being hosted inside SharePoint. SharePoint uses a site feature (appropriately named Site Mailbox) to provision the necessary components.

User Profile Synchronization must be enabled in the farm.

The App Management Service Application must be configured in the farm.

SSL must be configured on the SharePoint servers hosting the default zone of web applications configured for server-to-server authentication and app authentication.

The administrator performing the configuration must be part of the SharePoint and Exchange Server administrator groups; additionally, the Exchange server must be configured and providing mailboxes for users.

Once the prerequisites are in place, only a few more steps remain for the configuration to be complete:

The Exchange Web Services API must be installed (SharePoint web-tier servers).

IIS must be reset (SharePoint web-tier servers).

OAuth Trust and Service Permissions must be set (SharePoint Server farm).

OAuth Trust and Service Permissions must be set (Exchange Server farm).

In a hybrid environment, this information is promoted to an individual’s SharePoint tile (also called the Sites tile in some tenancies). This page shows four groupings of sites (shown in Figure 3-10):

Promoted Sites

Followed Sites

Recent Sites

Recommended Sites

Once a user has followed a site, it appears in the Followed Sites area of the SharePoint/Sites page. If the user follows several different sites, then the list of sites might be a bit hard to navigate, especially when visiting followed sites that are regularly in use. These sites can be “pinned” to the top of the Followed Sites section by selecting a site’s ellipsis and then selecting Pin To Top (Figure 3-11).

From an administrative standpoint, it is possible to alter the sites that are viewed by all in the organization within the Promoted Sites section of the SharePoint/Sites page. Selecting Manage in the Manage The Promoted Sites Below dialog box causes the tiles to change appearance, showing a new tile, Add A Promoted Site (Figure 3-12).

Selecting Add A Promoted Site allows you to specify the Title, Link Location, Description, and Background Image Location for the newly promoted site (Figure 3-13).

Compare this topology to that found in a MinRole-compliant farm, and you will quickly see that the configuration becomes more distributed, with front-end, application (batch), distributed cache, and search servers replacing those found in a traditional topology. This configuration is built around the notion of minimizing network traffic between servers in the farm while maximizing the system resources of the individual server hardware and processing requests from the individual server. Such a configuration is called a streamlined topology.

Add in the number of SQL servers required at the database level to provide high availability by using an AlwaysOn Cluster or AlwaysOn Availability Groups (2), and then the number of servers in the farm quickly escalates to a minimum of 15.

In smaller environments, you might find that the licensing, infrastructure, and maintenance costs for such an installation are prohibitive. If this indeed turns out to be the case, then a clearer understanding of what services each MinRole provides is in order.

In general, you would choose the most logical MinRole and apply it first to the farm, specifying that the other servers in the farm become Custom role servers. For instance, if you had four servers total, you might choose to have two of the servers be Front-end MinRole compliant (to efficiently serve pages) and have the other two servers use the Custom role, hosting all other necessary services.

In such a configuration, it becomes paramount that you closely monitor the performance of servers that are using the Custom role because they could become overcommitted depending on user load. Prior to configuring the Custom role servers in this farm, you should have a solid understanding of which services are required on these servers.

Front-end

Application

Distributed cache

Search (optional)

Scaling services in a MinRole-compliant farm, then, just requires that you create the required MinRole servers at the appropriate level. For instance, if you require resiliency for the Front-end, Application, or Search components of your farm, you would just add a server with the appropriate MinRole at the appropriate level in the farm. If the Distributed cache role needed to be expanded, then you would add two additional servers to enable full resiliency.

This configuration is described as a stretched farm implementation, and only has two requirements from a SharePoint standpoint to be fully supported:

Connections within the SharePoint farm between servers (in particular, the Front-end and Database servers) must exhibit a latency of less than 1 ms, 99.9 percent of the time over a period of 10 minutes.

The bandwidth connecting these two SharePoint installations must be maintained at a speed of at least 1 gigabit per second (Gbps).

Cold Standby Recovery This environment type is the slowest to recover, and requires that backups of servers from the production datacenter be restored to physically different servers in the DR datacenter.

Warm Standby Recovery This environment type is faster to recover, and involves regular restores of full and incremental backups from the production datacenter to physically different servers in the disaster recovery datacenter.

Hot Standby Recovery This environment type is by far the quickest to recover, often requiring seconds to minutes for the recovery to take place.

This last option, Hot Standby Recovery, requires further explanation. In such a configuration, a complete SharePoint farm is installed at the Primary (production) and Secondary (disaster recovery) locations. Each farm maintains its own separate Configuration database and Central Administration website content database.

Each of these farms must receive all customizations and updates in a synchronous fashion (deployment and maintenance scripts are recommended for consistency). Finally, from a back-end standpoint, content databases must be replicated from the primary to secondary farms on a regular basis by using one of three supported technologies:

SQL Log Shipping A mechanism that allows for the automatic transmission of transaction log backups from a primary database instance to a secondary server instance.

Asynchronous AlwaysOn Mirroring A mechanism that replicates changes from a per-database standpoint from a primary database instance to a secondary server instance. This configuration is known as High-Performance Mode, and it implies that transactions do not have to synchronously commit on the primary and secondary instances.

Asynchronous AlwaysOn Availability Groups A mechanism that replicates changes in a grouping of SQL content databases, from the primary instance to the secondary instance.

Regardless of which of these replication strategies is used, it’s important to note that they can occur over hundreds or thousands of miles, without affecting the primary farm.

Any SharePoint high availability design must be able to ensure that a network failure cannot single-handedly take down the farm. For instance, a connectivity break between cache hosts for the distributed cache service in the farm could result in a failure of the built-in cache cluster.

Factors that can affect network resiliency include the following:

Power blackouts and brownouts Easily addressed via backup generators and multiple power distribution unit (PDU) connections.

NIC failures on member servers Most modern servers provide redundant network interface cards (NICs), which may each be connected to a separate virtual local area network (VLAN; an isolated or partitioned section of your local area network).

Router and switch failures Maintaining redundant VLANs is usually accomplished across multiple routers, preventing a network failure due to the loss of a single router in the datacenter.

Network services failures Most enterprises have multiple Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) servers, specifically created to provide resiliency.

Upstream provider failures A disaster recovery environment is only as good as the network that connects it. Selecting redundant routes (or perhaps, redundant providers) allows you to ensure wide area network (WAN) connectivity to your disaster recovery environment.

There are two useful mechanisms for load balancing a SharePoint farm:

Using the Network Load Balancing feature This feature in Windows Server allows for two or more servers to be assigned as a virtual cluster. If one server fails, inbound requests can automatically be directed to the remaining nodes.

Using a hardware load balancer Dedicated load balancers are often quite sophisticated, and capable of not only performing basic load balancing, but also assessing the health of servers in a server pool. For instance, if a network card failed on a server pool, the load balancer would simply reassign requests to the remaining servers in the pool.

From both an operational and disaster recovery standpoint, this can be less than optimal. What happens if the SQL server fails or is irreparably damaged? How quickly would you be able to set up a replacement server and then restore SharePoint services?

SQL Server aliases are a mechanism that allows you to quickly disconnect one SQL back-end server instance and replace it with another. This is done by assigning an alias name by using a tool called the SQL Server Client Network Utility, or CLICONFG. CLICONFG (note the spelling; there is no second “i”) is found on every Windows server, and is fairly straightforward to configure.

Next, click the Alias tab and click Add to configure the alias itself. Specify three things: the network library (TCP/IP), the server alias (Northwind, in this example), and the server name (16SQL, in this example). Optionally, you can choose to either dynamically determine the TCP port used by SQL, or select a particular port (the default is 1433). Figure 3-16 shows the alias being configured.

Click OK in the Add Network Library Configuration dialog box and then click OK in the SQL Server Client Network Utility dialog box to enable the newly created SQL alias.

An SQL Server Failover Cluster Instance (FCI) is a single instance of SQL Server that is installed across multiple nodes. In more recent editions, this functionality has been expanded to allow the FCI to exist on nodes that occupy multiple subnets, allowing for network resiliency in the cluster.

Multiple nodes in the SQL FCI present themselves to the network as a single SQL instance. Failover between these nodes is transparent to the user, and generally takes seconds to accomplish.

Implementing SQL Server AlwaysOn Availability Groups is a process similar to the deployment of SQL Server clustering with one notable exception: SQL itself does not have to be clustered. Instead, individual SQL instances can be installed on cluster nodes and then configured to present what looks like a SQL instance to network clients.

This configuration is particularly useful in a full high availability and disaster recovery configuration. Multiple Windows servers can be configured with clustering at both the primary (production/high availability) and secondary (disaster recovery) environments. The servers clustered in each of these environments do not necessarily have to be part of the same cluster. You could have one high availability cluster in the primary environment and a single-server disaster recovery cluster in the secondary environment.

Even though these two environments are not related from a cluster standpoint, the primary environment can maintain an AlwaysOn synchronous-commit availability group configuration for the high availability production environment, replicating databases by using an AlwaysOn asynchronous-commit availability group for the disaster recovery environment. At this site, a separate SharePoint environment could be configured (different Configuration database, different Central Administration database, and other different configuration items) to use the replicated data in a read-only fashion.

From a functional point of view, SQL Server Log Shipping is a simple process:

1. The Transaction Log is backed up at the primary server instance.

2. The Transaction Log file is then copied (“shipped”) from the primary to the secondary server instance.

3. The Transaction Log file is restored at the secondary server instance.

Failover for such a configuration is always a manual proposition, and data copied from the source is usually current to within a matter of minutes (compared with seconds in an AlwaysOn Availability Groups configuration). This environment can optionally be created with a Monitor server, which looks at the Transaction Logs being shipped and can provide information about the process and generate alerts as required.

The only way, then, to provide redundancy in the media itself is to increase the number of individual storage devices. Doing so statistically decreases the overall effect on the storage subsystem by way of RAID technology. Redundant array of inexpensive or independent disks (RAID) is a mechanism whereby a failure of one or more member storage devices can be covered by the remaining devices in the array.

RAID has several standard levels (0–6), with RAID 0 (Striping), RAID 1 (Mirroring), and RAID 5 (Block Level Striping with Distributed Parity) being the most common. On modern storage subsystems, nested or hybrid RAID solutions are generally in use, either RAID 0+1 (a mirror set composed of two striped sets) or RAID 1+0 (a stripe set composed of two mirrored sets).

There are a couple of ways to handle this requirement:

If you happen to know the user names and passwords for the accounts accessing SQL, then you can re-create the credentials within SQL at the secondary site (manual solution).

You can create a script to replicate these credentials between environments by using a stored procedure (semiautomatic solution).

You can create an SQL Server Integration Services (SSIS) job that transfers logins between instances of SQL Server (fully automatic solution).

Farm-level backups Can include both content and configuration data.

Web application Can back up an individual web application configuration (including IIS settings) and one or more content databases.

Services and service applications (not shared) Can back up both the settings and any associated databases.

Proxies for service applications (not shared) Backed up separately from their associated service applications.

Shared services Can back up both the service application and the service application proxy.

Backups created in Central Administration require a location for the completed backups to be stored. This location must be a network share on a file server and shared with Full Control permissions to the SQL service account, Timer service account, and the Central Administration application pool identity account.

The ability to back up the configuration of a particular SharePoint farm has several applications:

This configuration can be applied across multiple farms for the purposes of standardization.

Configurations can be replicated from production to a development or staging environment.

Testing updates you want to add to your production farm.

Evaluating third-party tool sets, such as administration, backup, antivirus, and others.

Performing backup and restoration tests.

If desired, you can completely segregate these environments from production altogether, placing them in their own environment from an Active Directory, SQL, and Exchange standpoint. This is an effective way to virtualize development environments to fully test code interactions with external infrastructure systems.

Restoring a farm configuration backup only overwrites from values present in the backup itself. If the destination farm has a configuration value defined (say, the name of an email server) and the backup being restored does not have the same value defined, it will leave the previous value unchanged.

If you need to recover a farm configuration from a backup and overwrite the existing farm configuration, this action should happen only during a system outage window because the farm will be unavailable until the configuration has been completely restored. Never stop, pause, or restart a farm configuration restore operation because this action will likely cause the farm to become damaged or unstable.

When recovering a service application, the service application type can affect the steps required for restoration from a backup. These restorations can be implemented via Central Administration, PowerShell, or partially (for databases only) by using SQL Server tools:

Shared service application Only requires the restoration of a single service application.

Nonshared service application Could include either the restoration of the service application or the restoration of both a service application proxy and the related service application.

User Profile service application Will restore the entire configuration, including the associated User Profile service databases.

Search service application Might require the restoration of a separately backed up thesaurus file (not included in a farm backup). The restoration of the Search application itself restores the entire configuration, including the associated Search databases, but requires that the Search application be started after the restoration has completed because the service is restored in a “paused” state.

Secure Store service Will restore the entire configuration. Once the restoration is complete, the passphrase will need to be refreshed by using the Update-SPSecureStoreApplicationKey cmdlet.

The good news here is that SharePoint content can be restored in a remarkably granular fashion in at least three different ways:

Recovering a SharePoint content database.

Recovering content from an unattached SharePoint content database.

Recovering content from an attached, read-only content database.

In the case of a farm that has an existing content database that will be overwritten, access to the database will need to be released before the restoration can take place. Content databases being restored by using either the Restore-SPFarm cmdlet or Central Administration automatically causes SharePoint to free up access to the content database before the restoration takes place. Content databases being restored from SQL Server tools have to follow a different restoration path, with the following requirements:

The account doing the restoration should have the sysadmin fixed server role.

The Windows SharePoint Services Timer service should be stopped on all SharePoint servers, allowing the running stored procedures to finish. This will take several minutes to complete.

All full, differential, and transaction logs should be applied. As you are restoring the database, don’t forget to select the Overwrite The Existing Database option.

Once the database backups and logs have been restored, the Windows SharePoint Services Timer service can be started on all SharePoint servers.

Fortunately, this situation has changed greatly. SharePoint site collections, sites, and even lists can be restored by using either PowerShell cmdlets or Central Administration. If the latter is used, you have the ability to browse content in the unattached content database, which can be selected for one of two partial actions:

Back up a site collection.

Export site or list (don’t forget to select Export Full Security and select the correct version).

For this restoration to take place, the person executing the restoration should have:

The Securityadmin fixed server role on the SQL Server instance

The db_owner fixed database role on all databases that will be updated

Membership in the Administrators group on the SharePoint server where the PowerShell cmdlets will be performed

As is the case with standard disaster recovery sites, three recovery environments can be created by using Azure Infrastructure Services:

Hot standby recovery A fully configured farm is provisioned, updating, and running in standby mode (read only).

Warm standby recovery A farm has been created, but might require additional effort such as scaling and content database and service application configuration.

Cold standby recovery A farm has been created, but all the relevant virtual machines are in a stopped state.

The selected recovery configuration will meet two pertinent metrics: recovery objectives and operational costs. The environment that you select will have to meet both the recovery point and recovery time objectives as defined by the business; conversely, the environment selected will also need to meet operation cost forecasts.

Costs for recovery environments in Azure are based on memory, processor, and storage usage. As you move across the options from hot to cold standby recovery, the costs tend to reduce dramatically, but need to be weighed fairly against the costs of maintaining an offsite disaster recovery location.

Community types can vary based on the membership of the community and the desired visibility of the community within the enterprise:

Private communities These communities are the least discoverable in a SharePoint farm and are purposely shared with only a limited number of members who contribute content.

Closed communities These communities are viewable to everyone in the SharePoint installation, but only approved members can contribute content. Visitors can request access, but not join the site automatically.

Open communities (with explicit membership) These communities are viewable to everyone in the SharePoint installation, and a visitor can automatically join as a member to contribute content.

Open communities These communities are viewable by everyone in the SharePoint installation, and all users can contribute by default.

User Profile service Integrates with community sites by updating mentioned users and hash tags in users’ activity feeds on their My Site.

Managed metadata Allows users to include hash tags in their discussions and replies. Users can also create new tags and add them to the term store, helping to generate a corporate taxonomy.

Search service Allows users to search within discussions and community sites; it also populates the Community Portal page with links to community sites.

My Sites are the result of several distinct configuration efforts, and consist of the underlying web application hosting both the My Site host site collection (used to generate individual My Sites) and requiring the use of several SharePoint service applications such as Managed metadata, Search, and the User Profile service application.

Enabling individual sites for users in the enterprise can be a contentious discussion with management and with entities such as human resources and legal departments. At first glance, it seems that this is a waste of resources, and could potentially cause a governance headache; nothing could be further from the truth.

By default, My Sites have site quotas to control the overall size of the individual’s storage space. They also have a built-in workflow that defines the disposition of the individual’s site collection, should the individual leave the company.

Without My Sites, two major functions are completely lost:

People search Enterprises continuously struggle with keeping contact information for individuals up to date, but My Sites allow for users to update their own information. The selection of fields to be updated is entirely under the control of the SharePoint administrator and any governance or regulation that applies to the enterprise. The resulting system allows for an easy mechanism to locate a user, see their free and busy schedule for meetings, send emails, and have conversations via phone or Skype for Business.

Expertise search Enterprises also struggle with keeping an individual’s skills and certifications up to date. Having this information available in a searchable index allows the organization to easily and quickly locate people of a certain expertise level or skill set.

Permissions As is the case for on-premises OneDrive for Business users, hybrid OneDrive for Business users requires two permissions to be enabled in the User Profile service application:

Create Personal Site, which is required for personal storage, newsfeeds, and followed content

Follow People and Edit Profile

Audiencing (optional) You might want to phase in the availability of OneDrive for Business in a hybrid configuration. Adding a selection of users to an audience allows you to grant access to only those users while potentially allowing others to access OneDrive for Business on premises. This configuration is made in the Configure Hybrid OneDrive And Sites Features menu within Office 365 in Central Administration.

Configuration of hybrid OneDrive and Sites features In Central Administration, you can specify a My Site URL present in your Office 365 tenancy, select an audience as required, and then choose to enable OneDrive only.

Three types of social permissions exist in the User Profile service:

Create Personal Site Enables users to create personal sites to store documents, newsfeeds, and followed content.

Follow People and Edit Profile Enables users to follow people from OneDrive for Business and edit their personal profile.

Use Tags and Notes Enables users to use the Tags and Notes feature from earlier versions of SharePoint. This setting is enabled by default.

An example of this might be a user’s contact information within a company. Each user has an associated name, address, phone number, email, manager, job title, and other information within their distinct user profile. This user profile can be populated manually, but it’s often better to import these properties from an external system, such as Active Directory; this function is profile synchronization, and is controlled from Central Administration.

Customers

Products

Sales leads

Expertise

Certifications

Hobbies

Granted, some of this information might seem trivial (and perhaps unnecessary); after all, what does an individual’s interest in a particular hobby have to do with the business? Individual information often forms the basis of community, and this community comprises the workforce. As understanding improves between individuals, barriers fall, and users collaborate more freely.

Whether a property is included in user profiles

Whether the property is required

Whether users can change the privacy setting on an individual property

Who in the organization can view the property (role based)

A microblog allows a user to post messages that can include text, URLs, pictures, and videos. A post is limited to a maximum of 512 characters; once posted, it is immediately seen in a feed. Hash tags (#Tag) and mentions (@Mention) are a way to capture the attention of users, who can then follow (and potentially “like”) the conversation.

If you’ve used the Yammer online functionality present in Office 365, it’s likely that this feature might seem redundant. The reason for this apparent redundancy is that activity feeds are available solely in an on-premises installation, replaced in a hybrid installation by Yammer.

SharePoint 2016 supports Active Directory Import without the need for any external functionality, but has limitations such as the inability to support more than one forest, import user photos, or export attributes back to Active Directory. If the required directory service integration cannot support these limitations, then an external MIM server can be configured.

By using MIM, connections to external, non-Active Directory systems can be configured to import data to user profiles. This technology also eclipses the OOB sync tool, allowing bidirectional flow of profile properties and attributes, the use of multiple Active Directory forests, and the automatic import of user profile photos.

AAD Connect A mechanism for allowing users to use their Active Directory Domain Services (AD DS) credentials with Yammer by synchronizing their on-premises accounts to the cloud.

Single-sign on A mechanism for allowing users to use their AD DS credentials with Yammer via a federated identity provider.

These mechanisms should seem familiar by now because these are also the mechanisms for establishing a hybrid connection between SharePoint on premises and other Office 365 functionality (such as OneDrive and My Sites).

Once the connection mechanism is in place, connecting the SharePoint environment to Yammer is pretty straightforward, requiring only that you click a button in Central Administration, Office 365, Configure Yammer (Figure 3-18).

Yammer Embed allows you to display one of several feeds on your SharePoint site:

My Feed Shows each user their personal feed with relevant items

Group Feed Shows the latest conversations in a specific Yammer group

Topic Feed Shows all posts having to do with a specific topic

User Feed Shows all posts participated in by a particular user

Open Graph Feed Allows you to start a discussion about an object (for example, a webpage)

These feeds are displayed by cutting and pasting an HTML script from Yammer into a SharePoint Script Editor Web Part.

SharePoint 2016 (and previous versions) can be configured to change the response (and thus the amount of downloaded data) depending on the type of device requesting the web content; this functionality is called design channels.

Design channels tailor the response by using multiple sets of master pages and CSS, each designed specifically for the device making the request. One response type can be created for smartphones (with 4- to 5-inch screens) and another is created for tablets with larger screens (8 to 10 inches). A total of 10 device channels can be created in an on-premises installation of SharePoint 2016.

The act of configuring a device channel is not terribly complex (although the generation of appropriate master pages and CSS definitely can be). To configure a device channel, you must specify the following settings:

Name (required) The name used to identify the channel being created

Alias (required) A unique name that can be used in code to refer to the channel

Description An optional description of the channel

Device Inclusion Rules (required) One or more user agent substrings (how SharePoint identifies a particular device type) that determine the devices that will use this channel

Active A check box that activates this channel for use

A newly created product catalog site guides you through the process and steps necessary to fully configure the site and its catalogs. These steps are broken down into five major activities, as shown in Figure 3-19:

Create Site Columns Columns with descriptive metadata that can be reused and describe the products in a catalog.

Manage Site Content Types Adding the newly created site columns to a content type (such as Product).

Manage Item Hierarchy In Term Store Adds individual terms to the product hierarchy term set, representing how items from the product catalog are categorized.

Add Catalog Items Allows individual items to be added to the Products list.

Modify Search Properties Used to modify managed properties settings so that cross-site publishing can query for and refine on properties in the catalog.

There are two distinct types of topic pages:

Category pages A category page displays a single term that describes individual items.

Catalog item pages A catalog item page displays individual terms beneath the category term.

An example of these topic pages might be having a category called tools and catalog item pages for items such as screwdriver, saw, drill, and lathe.

HTML files (which will be converted to SharePoint Master Pages)

CSS files

JavaScript files

Site images

After the HTML file is automatically converted to a Master Page, a relationship is established between the HTML file and Master Page. Further revisions should not be applied to the Master Page, but to the HTML file itself; SharePoint will automatically update the Master Page.

Step 4 of the overall Design Manager process calls for you to edit Master Pages; this is the point at which an HTML file will be converted to a Master Page. Selecting a Master Page (only its HTML, really) opens the Master Page in a separate browser window. At the top right corner of this window, you will see the Snippets link (Figure 3-20).

Clicking Snippets opens a series of menu items specific to SharePoint functionality. Selecting an item (such as Top Navigation) causes the HTML for that tag to be shown. This HTML can be applied at the correct location in your HTML file, and it will automatically be added to the resulting Master Page.

If you are updating a content deployment solution based on the Content Deployment Source feature, then you have three options for content deployment:

Author in place or use cross-site publishing by using the built-in security model.

Use a disaster recovery solution such as SQL Server Log Shipping or Availability Groups to replicate content between source and destination farms.

Make a backup copy of the site, restore it to a separate content database, and then work on the site. Once the site is ready for use, change the alternate access mappings URL to point at the new site.

Each display template is made up of two distinct components:

An HTML version of the display template

A .js file

These files are combined in a Search Web Part to produce the expected functionality.

1. Map and open a connection to the Master Page gallery. This location can be found in Step 3 of Design Manager, Upload Design Files, and in general is the URL of the site collection you are working on, appended with /_catalogs/masterpages.

2. Open the Display Templates folder.

3. Copy the HTML file for an existing display template that is similar to the template you want to create.

4. Modify the HTML for your copy in an editor.

If you had a SharePoint site at https://home.wingtiptoys.com and wanted to enable these three variations, users visiting this site would be routed to the appropriate variation:

https://home.wingtiptoys.com/EN for English

https://home.wingtiptoys.com/FR for French

https://home.wingtiptoys.com/DE for German

As each of these variations is created, a navigation term set is created for its variation label. The term set for the source variation label is named Variations Navigation; this is further expanded when a variations label is created for the language, appending the variations label to the source variation label, such as Variations Navigation (en-us) for U.S. English.

The ability to quickly locate and place holds on content

The ability to create both scheduled and ad hoc searches for sensitive content in the enterprise

This pressure results in a need for users in these departments to easily and reliably search for content across three distinct systems of record: SharePoint Server, Exchange Server, and Skype for Business Server. There are three major activities involved in connecting these systems of record: Connecting Skype for Business to Exchange, Configuring Skype for Business Server to use Exchange Server archiving, and Connecting Exchange to SharePoint.

Skype for Business to Exchange Requires that the appropriate server certificates be installed; then the use of the Configure-EnterprisePartnerApplication.ps1 PowerShell script will establish connectivity.

Exchange to Skype for Business Requires that the appropriate server certificates be installed; then the use of the New-CSPartnerApplication PowerShell cmdlet will establish connectivity.

1. Enable Exchange archiving by modifying your Skype for Business Server archiving configuration settings (required for all deployments).

2. Enable archiving for internal communications, external communications, or both for your users (required for all deployments).

3. Configure the ExchangeArchivingPolicy property for each user (only required if Skype for Business Server and Exchange are located in different forests).

Once the eDiscovery site has been created (its creation is no different than that of any other site), you can create a site for your first case:

1. Click Create New Case.

2. Enter a Title and Description for your new site.

3. Enter a name for the new site in the Website Address section.

4. Under the Template Selection, select eDiscovery Case.

5. At this point, you can choose to Use The Same Permissions As The Parent Site or to create and Use Unique Permissions.

6. Finally, you can choose whether you want this site on the Quick Launch of the eDiscovery site, and whether you want the case site to use the Top Link bar from the eDiscovery site.

It is possible in SharePoint to permission a document library so that the user can do a “blind drop” or “mail slot” document upload (where they cannot see the document they just uploaded); this is an improvement but still doesn’t allow the person receiving the content to make much use of it without establishing a workflow to route the document from library to library.

Route documents to different libraries or folders Content Organizer can route an uploaded document to a library or folder, based on a series of rules. This includes the ability to route documents to a different document library altogether.

Upload all documents to a Drop Off Library Content Organizer can be used to place all uploaded documents in a Drop Off Library, where metadata can be entered and a submission process completed.

Manage folder size Content Organizer can be used to monitor the number of items in a folder and ensure that no folder contains more than a specified number of items (2,500 by default). When this number is exceeded, a new folder is created.

Manage duplicate submissions When the same document is uploaded twice, Content Organizer can be used to either configure versioning or change the file name by adding unique characters.

Maintain audit logs Content Organizer can maintain audit logs about a document stored with the document after it is routed.

To enable the use of Content Organizer, just activate the Content Organizer site feature in the site you are using. Once this is complete, you will need to create new Content Organizer rules and then configure the appropriate Content Organizer settings. Both of these options are found within the Site Administration section of Site Settings.

A document is emailed to other users, asking for their input; the author then has to take this information and transfer it back from the altered copies to the original document.

A document could be uploaded to SharePoint; then by using check-in and check-out, could be altered in an orderly fashion.

It’s fairly obvious that neither of these solutions is perfect for a document that is heavily edited by multiple users; the email solution is just not workable, and the SharePoint check-in and check-out solution works great until someone leaves the document checked out and goes on vacation.

Fortunately, there’s something better: co-authoring. This functionality within SharePoint allows for multiple users to simultaneously edit a document. Editing a document in this fashion requires a certain amount of training from a user standpoint, but is fairly straightforward to learn.

Permissions Users participating in co-authoring should have Edit rights in the appropriate document library.

Versioning Either major or major and minor versioning can be used.

Versions retained Retaining a large number of versions can become unwieldy over time, resulting in increased storage requirements. Consider restricting the number of major and minor versions in a library.

Versioning period This period is specifically for use with co-authoring and specifies how often a version of a document being co-authored should be captured.

Check out The Require Check Out feature should never be activated for libraries that host co-authored documents.

Minor versioning Absolutely, positively, do not enable minor versioning in a document library that hosts OneNote notebooks. Minor versioning will cause the OneNote notebook to stop allowing co-authoring and could result in corruption.

Versions retained OneNote is a famously chatty application, regularly committing data to its notebooks. It is recommended that the number of versions retained be specified at a reasonable level, to ensure that the supporting document library does not become too large.

When a user selects a document link, SharePoint Server 2016 looks up the file by Resource ID and then opens it in Office Online Server.

Records in an enterprise are often held for a period of several years based on the type of document they are. For instance, the priority and life span of a legal contract or other enterprise document might far exceed that of a budget workbook or memorandum (even if these documents were placed on hold for a legal case).

Disposition and retention of documents often has to do with a number of deciding questions:

What is the legal responsibility of the enterprise to retain or destroy a document?

What is the physical capacity of the system that stores the data?

How capable is the Search subsystem of capturing large amounts of data and retaining them in an index? Would it make sense to maintain these long-lived records in a different index?

SharePoint 2016 has the ability to not only provide for the disposition of individual documents, but also to control the life span and eventual disposition of an entire site (and all its associated data and libraries).

A site policy captures three sets of data (Figure 3-22):

The Name And Description of the newly created site policy

What happens from a Site Closure and Deletion standpoint when the policy has been activated:

Do Not Close Or Delete Site Automatically.

Delete Sites Automatically.

Close And Delete Sites Automatically.

What happens at a Site Collection Closure (whether or not the site collection will be set to read-only status)

Guidance from Microsoft on TechNet (see https://technet.microsoft.com/library/hh395916(v=office.14).aspx) defines a set of tests to determine the proper configuration of your farm (particularly the SQL back end) for large document repositories:

Document upload test

Document upload and route test

Document download

Access document library

Access home page with Content Search Web Parts

Managed metadata fallback query (return more than 5,000 results)

Managed metadata selective query (return fewer than 5,000 results)

Content type fallback query (return more than 5,000 results, filtering by content type)

Unstructured document library An unstructured library (hundreds of documents) has no document manager, and allows for high read transactions, with balanced adds and updates.

Collaborative large list or library A large list or library (thousands of documents) might have some subject owners, and allows for high read transactions with more updates than adds.

Structured large repository A structured large repository (tens of thousands of documents) should have an assigned content steward, and allows for very high read transaction numbers with fewer adds and significantly fewer updates.

Large-scale archive A large-scale archive (millions of documents) should have an assigned team of content stewards, and allows for very high adds with very few reads and updates.

To this end, Microsoft provides guidance based on performance testing that’s been done with SharePoint 2016. This guidance comes in the form of software boundaries and limits, including:

Boundaries Static limits that cannot be exceeded by design.

Thresholds Configurable limits that may be exceeded to accommodate specific requirements.

Supported limits Configurable limits that have been set by default to a tested value.

Four doors (a boundary)

A maximum weight recommendation (occupants and cargo) of 1,000 pounds (a threshold)

A maximum number of engine rotations per minute (RPM) limitation as given by the tachometer (a limit)

The number of doors that the car possesses is a value that cannot be changed without significantly altering the car’s design. Exceeding the weight recommendation probably won’t cause the car to stop functioning, but will significantly affect both its performance and economy. Finally, exceeding the maximum RPM limitation is entirely possible, but the engine could fail and would surely not be warranted by the manufacturer.

Two sets of limits exist for a SharePoint farm: hierarchy limits and feature limits.

Two different mechanisms exist for locating and managing content in a SharePoint farm: DLP queries from an eDiscovery Center and automated DLP policies, found in a Compliance Policy Center.

The query being run allows you to specify a name for the query, start and end dates for the query, who the author or sender might be (remember, this can search Exchange and Skype content as well), and possible sources. You can also use Export to create an Electronic Data Reference Model file, used in accordance with industry standards (visit www.edrm.net for details).

Five options exist in the Compliance Policy Center:

Deletion Policies Allow for creation of different deletion policies.

Policy Assignments For Templates Allow for the assignment of deletion policies to different site templates.

Policy Assignments For Site Collections Allow for the assignment of deletion policies to specific site collections. These assignments override any template assignment previously given.

DLP Policy Management Allows for the creation of DLP policies, sending incident reports to the compliance manager. Optionally, users can be notified with a policy tip warning them not to use sensitive information types. Content can also be blocked if desired.

DLP Policy Assignments For Site Collections Allows for the assignment of DLP policies to different site collections in the enterprise.

Users of the document are not necessarily made aware of the hold, and can continue to interact with the document; this is done by creating a copy of the content, which is retained in the original location.

Two types of hold exist: eDiscovery in-place holds, and time-based in-place holds. eDiscovery in-place holds are generally used by the legal team to fulfill requests by the court for document evidence, whereas time-based in-place holds are crafted to meet with retention standards put in place by a content management team.

Holds can be created and managed from the In-Place Hold Policy Center. This site must be created (Figure 3-25), just as you already created the Compliance Policy Center and the eDiscovery center.

Once a document is no longer on hold, a timer job cleans up a hidden preservation hold library on the site, deleting the previously retained content.

Host header site collections allow for the creation of multiple, host-named site collections within a single web application, and do not require a host headentry from an IIS standpoint.

Site policies allow the SharePoint site owner or site collection administrator to generate policies that govern the instantiation and deletion of site collections and subsites; these policies can be made available for use across site collections by a content type hub.

Team mailboxes are a way of capturing emails and attached documents concerning a project without storing them in the SharePoint site; they are maintained within an Exchange mailbox tailored to the SharePoint site.

Service distribution in a SharePoint farm can follow either a traditional or a streamlined topology; SharePoint 2016 supports the latter via the use of MinRoles.

SQL Server AlwaysOn Availability Groups can provide both high availability and disaster recovery services.

SQL Login Replication can be provided either manually, via T-SQL script, or via SSIS.

Cold, warm, and hot standby recovery can be performed from SQL databases in Azure just as they can be by using standard colocation services.

Communities provide collaboration between large groups of people in a SharePoint 2016 on-premises installation.

Connections provided to User Profiles can come from both Directory Services and Business Services; full connectivity to a Directory Service (Microsoft or otherwise) is available with MIM.

Display templates are used to format and present content from a Search standpoint.

Document routing by using Content Organizer is an effective way of performing routing by using a series of rules, versus having to generate workflows for the task.

Durable links are a mechanism for retaining a resource URL to a document that changes location, and is dependent on Office Online Server to function.

Software boundaries support boundaries (limits that cannot be exceeded), thresholds (configurable limits that can be exceeded if necessary), and supported limits (set to a default by a tested value).

Data loss prevention allows users maintaining sensitive content to locate content that might not belong in certain SharePoint sites by using a DLP query.

You are designing a large-scale document management system in SharePoint 2016, particularly used by representatives of the legal and compliance teams.

1. What site templates might you find yourself using to meet the needs of DLP, compliance, and document and site management?

2. What guidance might you seek from Microsoft regarding the proper configuration of your SharePoint farm’s resources and limitations?

3. Rather than keep all documents in a single location, what might you propose as an alternative solution?

1. It’s likely that you will need at least three distinct sites for your legal and compliance teams: an eDiscovery Center (for ad hoc DLP searches and management of holds), a Compliance Policy Center (for generating formal DLP queries and enforcement), and an In-Place Hold Policy Center.

2. You might consider evaluating the boundaries, thresholds, and limits documentation available from Microsoft to vet your proposed solution from a supportability standpoint.

3. Depending on the scale and function of the solution, you might also consider document routing by using the built-in SharePoint Content Organizer feature.