Business continuity management for Microsoft SharePoint Foundation 2010

Posted on 17 Dec 201217 Dec 2012 by escapebusinesssolutions in Uncategorized

Business continuity management for Microsoft SharePoint Foundation 2010

Microsoft Corporation

Published: April 2011

Author: Microsoft Office System and Servers Team (itspdocs@microsoft.com)
- Abstract
This book provides information about business continuity management, which consists of the business decisions, processes, and tools you put in place in advance to handle crises. Information includes features of Microsoft SharePoint Foundation 2010 that are likely to be part of your business continuity management strategy.

The content in this book is a copy of selected content in the SharePoint Foundation 2010 technical library (http://go.microsoft.com/fwlink/?LinkId=181463) as of the publication date. For the most current content, see the technical library on the Web.

This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

© 2011 Microsoft Corporation. All rights reserved.

Microsoft, Access, Active Directory, Backstage, Excel, Groove, Hotmail, InfoPath, Internet Explorer, Outlook, PerformancePoint, PowerPoint, SharePoint, Silverlight, Windows, Windows Live, Windows Mobile, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

Contents

Getting help    viii

Plan for business continuity management (SharePoint Foundation 2010)    1

Business continuity management capabilities    1

Service level agreements    2

Related content    3

Plan to protect content by using recycle bins and versioning (SharePoint Foundation 2010)    5

Protecting content by using recycle bins    5

Protecting content by using versioning    7

Plan for backup and recovery (SharePoint Foundation 2010)    8

Define business requirements    8

Choose what to protect and recover in your environment    9

Choose tools    12

Determine strategies    13

Plan for enhanced backup and recovery performance    15

Related content    16

Backup and recovery overview (SharePoint Foundation 2010)    17

Backup and recovery scenarios    17

Backup architecture    17

Recovery processes    24

Related content    27

Plan for availability (SharePoint Foundation 2010)    28

Availability overview    28

Choosing an availability strategy and level    30

Redundancy and failover between closely located data centers configured as a single farm (“stretched” farm)    35

Plan for disaster recovery (SharePoint Foundation 2010)    37

Disaster recovery overview    37

Choose a disaster recovery strategy    38

Planning for cold standby data centers    39

Planning for warm standby data centers    39

Planning for hot standby data centers    39

System requirements for disaster recovery    43

Backup (SharePoint Foundation 2010)    44

Back up all or part of a farm    44

Concepts    45

Back up a farm (SharePoint Foundation 2010)    46

Considerations when backing up a farm    46

Task requirements    47

Use Windows PowerShell to back up a farm    47

Use Central Administration to back up a farm    48

Use SQL Server tools to back up a farm    49

Related content    50

Back up a farm configuration (SharePoint Foundation 2010)    51

Task requirements    51

Use Windows PowerShell to back up a farm configuration    52

Use Central Administration to back up a farm configuration    53

Concepts    54

Back up a Web application (SharePoint Foundation 2010)    55

Considerations when backing up a Web application    55

Task requirements    56

Use Windows PowerShell to back up a Web application    56

Use Central Administration to back up a Web application    57

Use SQL Server tools to back up a Web application    58

Related content    59

Back up a service application (SharePoint Foundation 2010)    60

Task requirements    61

Use Windows PowerShell to back up a service application    61

Use Central Administration to back up a service application    62

Concepts    63

Back up a site collection (SharePoint Foundation 2010)    64

Task requirements    64

Use Windows PowerShell to back up a site collection    64

Use Central Administration to back up a site collection    66

Concepts    66

Back up customizations (SharePoint Foundation 2010)    67

Backing up solution packages    68

Backing up authored site elements    70

Backing up workflows    70

Backing up changes to the Web.config file    71

Backing up third-party products    71

Backing up changes made by direct editing    71

Backing up developed customizations that are not packaged as solutions    72

Related content    72

Back up a content database (SharePoint Foundation 2010)    73

Task requirements    73

Use Windows PowerShell to back up a content database    74

Use Central Administration to back up a content database    75

Use SQL Server tools to back up a content database    76

Concepts    76

Back up databases to snapshots (SharePoint Foundation 2010)    77

Task requirements    77

Use SQL Server tools to back up a database to a snapshot    77

Other Resources    78

Export a site, list, or document library (SharePoint Foundation 2010)    79

Task requirements    79

Use Windows PowerShell to export a site, list, or document library    79

Use Central Administration to export a site, list, or document library    80

Back up or archive logs (SharePoint Foundation 2010)    82

[Essential] Back up transaction logs    82

[Recommended] Collect usage data    83

[Recommended] Archive diagnostic logs    83

Configuring permissions for backup and recovery (SharePoint Foundation 2010)    86

Permissions for the SPTimerV4 timer service and SQL Server account    86

Group memberships required to run backup and restore operations in Central Administration    86

Setting permissions for running backup and restore operations by using Windows PowerShell    87

Configuring permissions for backup and recovery (SharePoint Server 2010)    89

Permissions for the SPTimerV4 timer service and SQL Server account    89

Group memberships required to run backup and restore operations in Central Administration    89

Setting permissions for running backup and restore operations by using Windows PowerShell    90

Recovery (SharePoint Foundation 2010)    92

Recover all or part of a farm    92

Concepts    93

Restore a farm (SharePoint Foundation 2010)    94

Considerations when recovering a farm    94

Use Windows PowerShell to restore a farm    96

Use Central Administration to restore a farm    97

Use SQL Server tools to restore a farm    98

Related content    100

Restore a farm configuration (SharePoint Foundation 2010)    101

Overview    101

Use Windows PowerShell to restore a farm’s configuration    101

Use Central Administration to restore a farm’s configuration    102

Use SQL Server to restore a farm’s configuration    103

Concepts    103

Document farm configuration settings (SharePoint Foundation 2010)    104

Example of using a cmdlet    107

Copy configuration settings from one farm to another (SharePoint Foundation 2010)    110

Back up and recover a farm without content databases to copy configuration settings    111

Back up and recover configuration settings only    112

Create a scripted deployment to copy configuration settings    112

Restore a Web application (SharePoint Foundation 2010)    113

Considerations when restoring a Web application    113

Use Windows PowerShell to restore a Web application    113

Use Central Administration to restore a Web application    114

Use SQL Server tools to restore databases associated with a Web application    115

Additional steps to restore a Web application that uses forms-based authentication    116

Additional steps to remove duplicate claims providers after restoring a Web application that uses claims-based authentication    117

Related content    117

Restore a service application (SharePoint Foundation 2010)    118

Use Windows PowerShell to restore a service application    119

Use Central Administration to restore a service application    120

Use SQL Server tools to restore the databases for a service application    121

Restore a site collection (SharePoint Foundation 2010)    122

Use Windows PowerShell to restore a site collection    122

Concepts    123

Restore customizations (SharePoint Foundation 2010)    124

Restoring solution packages    124

Restoring authored site elements    126

Restoring workflows    126

Restoring changes to the Web.config file    127

Recovering changes made by direct editing    127

Restoring developed customizations that are not packaged as solutions    128

Related content    128

Restore a content database (SharePoint Foundation 2010)    129

Use Windows PowerShell to restore a content database    129

Use Central Administration to restore a content database    130

Use SQL Server tools to restore a content database    131

Concepts    132

Attach and restore a read-only content database (SharePoint Foundation 2010)    133

Use Windows PowerShell to attach and restore a read-only content database    133

Concepts    134

Import a list or document library (SharePoint Foundation 2010)    135

Import a site, list or document library    135

Concepts    136

Availability configuration (SharePoint Foundation 2010)    137

Concepts    137

Configure availability by using SQL Server clustering (SharePoint Foundation 2010)    138

Configure availability by using SQL Server database mirroring (SharePoint Foundation 2010)    139

Before you begin    141

Configure high-availability database mirroring    143

Configure SharePoint 2010 Products to be aware of mirrored databases    143

User experience during a failover    144

Monitoring and troubleshooting mirroring    144

Other Resources    144

Sample script for configuring SQL Server mirroring (SharePoint Foundation 2010)    145

Configure database mirroring with certificates and full recovery    145

Set up a witness server    149

Transfer permissions to the mirror server    152

Removing mirroring from a server    152
Getting help

Every effort has been made to ensure the accuracy of this book. This content is also available online in the Office System TechNet Library, so if you run into problems you can check for updates at:

http://technet.microsoft.com/office

If you do not find your answer in our online content, you can send an e-mail message to the Microsoft Office System and Servers content team at:

itspdocs@microsoft.com

If your question is about Microsoft Office products, and not about the content of this book, please search the Microsoft Help and Support Center or the Microsoft Knowledge Base at:

http://support.microsoft.com

Plan for business continuity management (SharePoint Foundation 2010)

Published: May 12, 2010

Business continuity management consists of the business decisions, processes, and tools you put in place in advance to handle crises. A crisis might affect your business only, or be part of a local, regional, or national event.

Features of Microsoft SharePoint Foundation 2010 are likely to be part of your business continuity management strategy, but your overall plan should be much more comprehensive and include the following elements:

Clearly documented procedures.

Offsite storage of key business records.

Clearly designated contacts.

Ongoing staff training, including practices and drills.

Offsite recovery mechanisms.

In this article:

Business continuity management capabilities

Service level agreements
Business continuity management capabilities

Microsoft SharePoint Foundation 2010 includes the following capabilities that support business continuity management.
- Versioning Users can lose data by overwriting a document. With versioning, users can keep multiple versions of the same document in a document library. In the event of an unwanted change, an overwritten document, or document corruption, the previous version can easily be restored by the user. When versioning is enabled, users can recover their data themselves.
  
  For more information, see Plan to protect content by using recycle bins and versioning (SharePoint Foundation 2010).
- Recycle Bin SharePoint Foundation 2010 includes a two-stage Recycle Bin. Users who have the appropriate permissions can use the first-stage Recycle Bin to recover documents, list items, lists, and document libraries that have been deleted from a site. Site collection administrators can use the second-stage Recycle Bin, also called the Site Collection Recycle Bin, to recover items that have been deleted from the first-stage Recycle Bin. When the first-stage Recycle Bin is enabled, users can recover their data themselves.
  
  For more information, see Plan to protect content by using recycle bins and versioning (SharePoint Foundation 2010).
- Backup and recovery You can use Windows PowerShell cmdlets or the SharePoint Central Administration Web site to back up and recover farms, databases, Web applications, and site collections. There are also many external and third-party tools that you can use to back up and recover data. For more information, see Plan for backup and recovery (SharePoint Foundation 2010).
- Availability No single feature provides availability within a SharePoint Foundation 2010 environment. You can choose among many approaches to improve availability, including the following:
  - Fault tolerance of components and the network.
  - Redundancy of server roles and servers within a farm.
    
    For more information about availability, see Plan for availability (SharePoint Foundation 2010).
- Disaster recovery No single feature provides disaster recovery within a SharePoint Foundation 2010 environment. You can choose among many approaches to improve availability when a data center goes offline, including the following:
  - Offsite storage of backups, both within and outside your region.
  - Shipping images of servers to offsite locations.
  - Running multiple data centers, but serving data only through one, keeping the others available on standby.
    
    For more information about disaster recovery, see Plan for disaster recovery (SharePoint Foundation 2010).
Service level agreements

Business continuity management is a key area in which IT groups offer service level agreements (SLAs) to set expectations with customer groups. Many IT organizations offer various SLAs that are associated with different chargeback levels.

The following list describes common features of business continuity management SLAs:
- Backup and recovery
  
  Backup and recovery SLAs usually identify objects and services that can be backed up and recovered, and the recovery time objective, recovery point objective, and recovery level objective for each. The SLA may also identify the available backup window for each object. For more information about backup and recovery SLAs, see Plan for backup and recovery (SharePoint Foundation 2010).
  
  Recovery time objective (RTO) is the objective for the maximum time a data recovery process will take. It is determined by the amount of time the business can afford for the site or service to be unavailable.
  
  Recovery point objective (RPO) is the objective for the maximum amount of time between the last available backup and any potential failure point. It is determined by how much data the business can afford to lose in the event of a failure.
  
  Recovery level objective (RLO) is the objective that defines the granularity with which you must be able to recover data — whether you must be able to recover the entire farm, Web application, site collection, site, list or library, or item.
- Availability
  
  For each component within a farm that is covered by an availability plan, an availability SLA may identify availability as a percentage of uptime, often expressed as the number of nines — that is, the percentage of time that a given system is active and working. For example, a system with a 99.999 uptime percentage is said to have five nines of availability.
Note:

When calculating availability, most organizations specifically exempt or add hours for planned maintenance activities.

For more information, see Plan for availability (SharePoint Foundation 2010).
- Disaster recovery
  
  For each component within a farm that is covered by a disaster recovery plan, an SLA may identify the recovery point objective and recovery time objective. Different recovery time objectives are often set for different circumstances, for example a local emergency versus a regional emergency.
  
  For more information, see Plan for disaster recovery (SharePoint Foundation 2010).

Protecting content by using recycle bins

SharePoint Foundation 2010 supports two stages of recycle bins, the first-stage Recycle Bin and the Site Collection, or second-stage, Recycle Bin. The recycle bins are enabled and configured at the Web application level. The recycle bins collect deleted documents and list items. When a list item is deleted, any attachments to the item are also deleted and can be restored from the Recycle Bin.

The Recycle Bins can contain multiple copies of a document that each have the same file name and source. These documents cannot be restored over an existing copy of a document. The Recycle Bins cannot be used to recover previous versions or accidental overwrites of documents — you must use versioning to enable this functionality.

The following table describes how an item is deleted and recovered from the first-stage Recycle Bin and the second-stage Recycle Bin.

When a user does this	The item is	The item can be restored by
Deletes an item	Held in the first-stage Recycle Bin until the item is deleted from the Recycle Bin or the item has been in the Recycle Bin longer than the time limit configured for an item to be held in the Recycle Bin.	Users or site collection administrators
Deletes an item from the Recycle Bin	Held in the second-stage Recycle Bin	Site collection administrators

Turning off the Recycle Bin for a Web application empties all Recycle Bins and permanently deletes all items in them.

First-stage Recycle Bin

The first-stage Recycle Bin is located at the site level and is available to users who have Contribute, Design, or Full Control permissions on a site.When a user deletes an item from a Web site, the item is sent to the site’s first-stage Recycle Bin. Items located in the first-stage Recycle Bin count toward the site quota.Items remain in one of the first-stage Recycle Bins in the site until a specified time period has been reached (the default setting is 30 days).

When an item is deleted from the Recycle Bin, the item is sent to the second-stage Recycle Bin.

Note:

The time limit for the Recycle Bins applies to the total time after the item was first deleted — not the time spent in either Recycle Bin stage.

Second stage (Site Collection) Recycle Bin

The second-stage Recycle Bin is located at the site collection administrator level. The second-stage Recycle Bin is organized into two views: objects in the first-stage Recycle Bins of all sites in the site collection, and objects in the second-stage Recycle Bin. When an item is deleted from the first-stage Recycle Bin, it can be recovered only by a site collection administrator from the second-stage Recycle Bin.

Items remain in the second-stage Recycle Bin until a specified time period has been reached (the default setting is 30 days) or until the second-stage Recycle Bin reaches its size limit, at which time the oldest items are deleted. The time limit for the Recycle Bins applies to the total time after the item was initially deleted — not the time spent in either Recycle Bin stage.

When a second-stage Recycle Bin is enabled for a Web application, we recommend that you designate how much disk space is available to the second-stage Recycle Bin as a percentage of the quota allotted to the Web application. Items stored in the second-stage Recycle Bin do not count toward the site quota; however, the size that is specified for the second-stage Recycle Bin increases the total size of the site and the content database that hosts it. If no site quota has been set, there is no limit on the size of the second-stage Recycle Bin.

For example, if you have allotted 100 megabytes (MB) of space for the Web application, allotting a 50 percent quota for the second-stage Recycle Bin allots 50 MB for the second-stage Recycle Bin and 150 MB for the Web application as a whole. You can allot up to 100 percent for the second-stage Recycle Bin quota.

For more information about setting quotas, see

Plan for site maintenance and management (SharePoint Foundation 2010)
Create quota templates (SharePoint Foundation 2010)

For more information about how users can use the Recycle Bin in SharePoint Foundation 2010, see View, restore, or delete items in the Recycle Bin (http://go.microsoft.com/fwlink/?LinkId=90917&clcid=0x409)

For information about configuring the Recycle Bins, see Configure the Recycle Bin (SharePoint Foundation 2010).

Protecting content by using versioning

Versioning addresses the issue of losing data by overwriting a document. It allows the document library to keep multiple copies of the same document. In the event of an unwanted change, an overwrite, or a document corruption, the previous version can easily be restored by the user. Versioning can be enabled at the library or list level. Items and files can be versioned.

Before configuring versioning, be sure to read Plan for site maintenance and management (SharePoint Foundation 2010) .

For more information about configuring versioning, see Enable and configure versioning (SharePoint Foundation 2010) .

Administrators must closely manage versioning, because if sites have many versions of files and documents, the sites can become quite large. If you do not restrict the size of sites, your sites can surpass your storage capacity. Farm administrators can manage this issue by establishing service level agreements with site owners and by setting size quotas on sites. For more information about managing versioning, see Manage versioning by using quotas (SharePoint Foundation 2010).
Plan for backup and recovery (SharePoint Foundation 2010)

Updated: July 8, 2010

This article describes the stages involved in planning for backup and recovery, which include determining backup and recovery strategies for a Microsoft SharePoint Foundation environment and deciding which tools to use. The stages do not need to be done in the order listed, and the process may be iterative.

When you plan for how you will use backup and recovery for disaster recovery, consider common events, failures, and errors; local emergencies; and regional emergencies.

For detailed information about Microsoft SharePoint Foundation backup and recovery, see Backup and recovery overview (SharePoint Foundation 2010).

In this article:
Define business requirements
To define business requirements, determine the following for each farm and service in the environment:
- Recovery point objective (RPO) is the objective for the maximum amount of time between the last available backup and any potential failure point. It is determined by the amount of data that the business can afford to lose in the event of a failure.
- Recovery time objective (RTO) is the objective for the maximum time a data recovery process will take. It is determined by the amount of time the business can afford for the site or service to be unavailable.
- Recovery level objective (RLO) is the objective that defines the granularity with which you must be able to recover data — whether you must be able to recover the entire farm, Web application, site collection, site, list or library, or item.
Shorter RPO and RTO, and greater granularity of RLO, all tend to cost more.
A worksheet to help you plan your strategies for backup and recovery for your SharePoint Foundation 2010 environment can be downloaded from SharePoint 2010 Products backup and recovery planning workbook (http://go.microsoft.com/fwlink/?LinkID=184385).

Choose what to protect and recover in your environment

Your business requirements will help you determine which components of the environment you need to protect, and the granularity with which you need to be able to recover them.

The following table lists components of a SharePoint environment that you might decide to protect, and the tools that can be used to back up and recover each component.

Component	SharePoint backup	Microsoft SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2	System Center Data Protection Manager (DPM) 2010	File system backup
Farm	Yes		Yes6
Service applications	Yes
Web application	Yes
Content databases	Yes	Yes	Yes
Site collection	Yes1, 2	Yes1, 2	Yes1, 2
Site	Yes2	Yes2	Yes
Document library or list	Yes2	Yes2	Yes
List item or document			Yes
Content stored in remote BLOB stores	Yes3	Yes3	Yes3
Customizations deployed as solution packages	Yes7	Yes7	Yes6, 7
Changes to Web.config made by using Central Administration or an API	Yes	Yes	Yes4
Configuration settings (SharePoint)	Yes2, 8	Yes2, 8	Yes 2, 9
Customizations not deployed as solution packages			Yes. Files can be recovered if protected as files.4, 5	Yes
Changes to Web.config not made by using Central administration or an API			Yes4	Yes
IIS configurations not set through SharePoint			Yes5	Yes
SQL Server Reporting Services databases		Yes	Yes

1. Farm-level and database-level backup and restore can be used for site collection recovery if a single site collection is stored in a database.

2. Farm-level and database-level backups can be used with SharePoint Foundation unattached database recovery to restore site collections, sites, lists, and configurations.

3. Content stored in remote BLOB stores is backed up and restored with other content, as long as the Remote BLOB Storage (RBS) provider in use has this capability.

4. Changes to Web.config can be backed up by using file system backup from DPM 2010.

5. IIS configurations can be recovered by using a bare metal backup from DPM 2010.

6. DPM 2010 can recover this item by using a combination of a bare metal backup and SharePoint Foundation backup. It cannot be backed up and recovered as an object.

7. Fully-trusted solution packages are stored in the configuration database, and sandboxed solutions are stored in content databases. They can be recovered as part of farm or content database recovery.

8. Configuration settings can be recovered from farm-level backups. For more information, see Restore a farm (SharePoint Foundation 2010).

9. The Central Administration content database and the configuration database for a SharePoint Foundation 2010 farm can be recovered but only as part of a full-farm recovery to the same farm, with the same computers.

Note:

You can register SharePoint Foundation 2010 with Windows Server Backup by using the stsadm.exe -o -registerwsswriter operation to configure the Volume Shadow Copy Service (VSS) writer for SharePoint Foundation. Windows Server Backup then includes SharePoint Foundation 2010 in server-wide backups. When you restore from a Windows Server backup, you can select Microsoft SharePoint Foundation (no matter which version of SharePoint 2010 Products is installed), and all components reported by the VSS writer forSharePoint Foundation 2010 on that server at the time of the backup will be restored.

Windows Server Backup is recommended only for use with for single-server deployments.

Choose what to recover from within SharePoint content databases

From within a content database, you can recover site collections, sites, lists and libraries.

Backup and recovery tools provide different levels of recovery for content within a content database. Recovering an object from within a content database is always more complex than recovering an entire content database.

Protecting customizations

Customizations to SharePoint sites can include:

Master pages, page layouts and cascading style sheets. These objects are stored in the content database for a Web application.
Web Parts, site or list definitions, custom columns, new content types, custom fields, custom actions, coded workflows, or workflow activities and conditions.
Third-party solutions and their associated binary files and registry keys, such as IFilters.
Changes to standard XML files.
Custom site definitions (Webtemp.xml).
Changes to the Web.config file.

How customizations are deployed, and how changes are made to the Web.config file, have a significant effect on which tools can be used to back up and recover customizations. To provide the greatest opportunity for recovery, we recommend that you deploy customizations by using solution packages and make changes to the Web.config file by using Central Administration or the SharePoint APIs and object model.

Protecting workflows

Workflows are a special case of customizations that you can back up and recover. Make sure that your backup and recovery plan addresses any of the following scenarios that apply to your environment:

Declarative workflows, such as those created in Microsoft SharePoint Designer 2010, are stored in the content database for the site collection to which they are they are deployed. Backing up the content database protects these workflows.
Custom declarative workflow actions have components in the following three locations:

The Visual Studio assemblies for the Activities are stored in the global assembly catalog (GAC).
The XML definition files (.ACTIONS files) are stored in the 14\TEMPLATE\{LCID}\Workflow directory.
An XML entry to mark the activity as an authorized type is stored in the Web.config file for the Web applications in which it is used.

If your farm workflows use custom actions, you should use a file backup system to protect these files and XML entries. Similar to SharePoint Foundation features such as Web parts and event receivers, these files should be reapplied to the farm as needed after recovery.

Workflows that depend on custom code, such as those that are created by using Visual Studio, are stored in two locations. The Visual Studio assemblies for the workflow are stored in the global assembly catalog (GAC), and the XML definition files are stored in the Features directory. This is the same as other types of SharePoint Foundation features such as Web parts and event receivers. If the workflow was installed as part of a solution package, backing up the content database protects these workflows.
If you create a custom workflow that interacts with a site collection other than the one where the workflow is deployed, you must back up both site collections to protect the workflow. This includes workflows that write to a history list or other custom list in another site collection. Performing a farm backup is sufficient to back up all site collections in the farm and all workflows that are associated with them.
Workflows that are not yet deployed must be backed up and restored separately like any other data file. When you are developing a new workflow but have not yet deployed it to the SharePoint Foundation farm, make sure that you back up the folder where you store your workflow project files by using Windows Backup or another file system backup application.

Protecting service applications

Service applications in a SharePoint Foundation environment can be made up of both service settings and one or more databases, or just service settings. You cannot restore a complete service application by restoring the database only; however, you can restore the databases for a service application and then reprovision the service application. For more information, see Restore a service application (SharePoint Foundation 2010).

Protecting SQL Server Reporting Services databases

SharePoint Foundation backup and recovery does not include SQL Server Reporting Services databases. You must use SQL Server tools. For more information, see Backup and Restore Operations for a Reporting Services Installation (http://go.microsoft.com/fwlink/?LinkId=186642).

Choose tools

To choose the right tools for backup and recovery, you need to determine whether you can meet the continuity requirements you have set for your business within your budget for time and resources.

Key factors to consider when choosing tools include:

Speed of backup: Can the tool perform within the maintenance window for your databases? You should test any backup system to ensure that it meets your needs on your hardware.
Completeness of recovery.
Granularity of objects that can be recovered.
Backup type supported (full, differential, or incremental).
Complexity of managing the tool.

The following table compares the type of backup and size of farm that can be backed up in a six-hour window for backup and recovery tools available from Microsoft.

Tool	Backup type	Size of backup completed in six hours1
SharePoint farm backup and recovery	Full, differential	600 GB
SQL Server	Full, differential	600 GB
System Center Data Protection Manager	Incremental	Terabytes

1Backup size was determined by backing up a system that totals the specified size on the test hardware listed in the following section.

Note:

The SharePoint Foundation and SQL Server backups were performed with backup compression turned on.

Test hardware

The following table lists the hardware used in the tests that determined the size of backup that could be completed in a six-hour window.

Component	Description
Processor	64-bit dual processor, 3 GHz
RAM	8 GB
Disk	2 terabyte NTFS file system-formatted partition
Network	100 megabits per second (Mbps) or faster connection between client computers and server
Network share	Network share with 1.25 terabytes free space

Note:

The upper size limit for performing SharePoint Foundation 2010 site collection backups is 85 GB.

For detailed information about the backup and recovery systems that can be used with Microsoft SharePoint Foundation, see the following resources:

Determine strategies

Based on your business requirements, recovery needs, and the tools you have chosen, determine and document the backup and recovery strategies for your environment.

It is not uncommon for IT departments that support SharePoint Foundation environments to decide to use more than one tool to protect the environment, as they determine the strategies that they will use.

For example, in an environment with databases that are managed by DBAs, the strategies in the following list might be employed:

All databases are backed up by SQL Server. The backup interval that is set for each database is based on the following:
- The business impact of the content or service.
- The standard rate of change for the database.
- The effect on performance that the backup has on the environment.
Small, rapidly changing, very high-business-impact content databases are additionally protected by SQL Server database snapshots that are stored on a separate physical disk. Only one snapshot is stored per database, and snapshots are discarded regularly, so that the effect on performance is minimized. The snapshot interval that is set for each database is based on the following:
- The business impact of the content or service.
- The standard rate of change for the database.
- The effect on performance that the snapshot has on the environment.
- The amount of space required to store the snapshot.
  
  Recovering from a snapshot is faster than standard recovery because a snapshot, along with its underlying database, can be treated by SharePoint Foundation as an unattached database. However, the process of creating snapshots can decrease the performance of the underlying database. We recommend that the effect that snapshots have on the performance of your system be tested before they are implemented, and that snapshots be discarded regularly to reduce the space required.

Note:

If you are using RBS, and the RBS provider that you are using does not support snapshots, you cannot use snapshots for backup. For example, the SQL FILESTREAM provider does not support snapshots.

SharePoint Foundation backup is used to protect service applications. The backup interval is based on the following:
- The business impact of the service.
- The standard rate of change for the database.
- The effect on performance that the backup has on the database.
All restore operations are performed through SharePoint Foundation. The choice of which restore system to use is determined by the type of backup that is available and the object being restored.

Other tools should be part of your business continuity strategy. Consider how you will use Recycle Bins and versioning in site collections throughout the environment. For more information, see Plan for business continuity management (SharePoint Foundation 2010).

Plan for enhanced backup and recovery performance

As you plan your backup and recovery strategy, consider the following recommendations to help you decrease the effect of backup and recovery on system performance.

By design, most backup jobs consume as many I/O resources as they can to finish the job in the available time for maintenance; therefore, you might see disk queuing and you might see that all I/O requests come back more slowly than usual. This is typical and should not be considered a problem.

Follow recommendations for configuring SQL Server and storage

Follow the general recommendations for configuring SQL Server and storage for a SharePoint Foundation environment. For more information, see Plan for SQL Server, storage and BLOB configuration (SharePoint Foundation 2010) (http://technet.microsoft.com/library/dc219657-46b7-49fe-aa57-03e229ac9bc0(Office.14).aspx).

Minimize latency between SQL Server and the backup location

In general, it is best to use a local disk, not a network drive, for backups. If you are backing up multiple servers, you may want to have a directly connected computer that both servers can write to. Network drives that have 1 millisecond or less latency between them and the computers that are running SQL Server will perform well. If your farm has multiple servers in it (including the computer that is running SQL Server), you must use UNC network paths for the SharePoint farm backup location.

Avoid processing conflicts

Do not run backup jobs during times in which users require access to the system.

To avoid I/O bottlenecks, perform the main backup to a separate disk, and only then copy to tape.

Consider staggering backups so that not all databases are backed up at the same time.

SharePoint Foundation backups use SQL Server backups. When using compression with your backups, be mindful not to overwhelm SQL Server. For example, some third-party backup tools compress data during backup, which can disrupt SQL Server performance. There are tools available to throttle the compression processes and control the effect on SQL Server.

Follow SQL Server backup and restore optimization recommendations

If you are running SQL Server 2008 Enterprise, we recommend that you use backup compression. For more information, see Backup Compression (SQL Server) (http://go.microsoft.com/fwlink/?LinkId=179525).

If you are using SQL Server backups, use a combination of full, differential, and transaction log backups for the full recovery model to minimize recovery time.

Differential database backups are usually faster to create than full database backups, and they reduce the amount of transaction log required to recover the database.

If you are using the full recovery model in SQL Server 2008, we recommend that you use the truncate option during backup to avoid maintenance issues.

For detailed recommendations about how to optimize SQL Server backup and restore performance, see Optimizing Backup and Restore Performance in SQL Server (http://go.microsoft.com/fwlink/?LinkId=126630).

Ensure sufficient write performance on the backup drive

Carefully consider whether to use redundant array of independent disks (RAID) on your disk backup device. For example, RAID 5 has low write performance, approximately the same speed as for a single disk. (This is because RAID 5 maintains parity information.) Using RAID 10 for a backup device may provide faster backups. For more information about how to use RAID with backups, see Configure RAID for maximum SQL Server I/O throughput (http://go.microsoft.com/fwlink/?LinkId=126632).

Availability overview

Availability is the degree to which a SharePoint Foundation environment is perceived by users to be available. An available system is a system that is resilient — that is, incidents that affect service occur infrequently, and timely and effective action is taken when they do occur.

Availability is part of business continuity management (BCM), and is related to backup and recovery and disaster recovery. For more information about these related processes, see Plan for backup and recovery (SharePoint Foundation 2010) and Plan for disaster recovery (SharePoint Foundation 2010).

Note:

When calculating availability, most organizations specifically exempt or add hours for planned maintenance activities.

One of the most common measures of availability is percentage of uptime expressed as number of nines — that is, the percentage of time that a given system is active and working. For example, a system with a 99.999 uptime percentage is said to have five nines of availability.

The following table correlates uptime percentage with calendar time equivalents.

Acceptable uptime percentage	Downtime per day	Downtime per month	Downtime per year
95	72.00 minutes	36 hours	18.26 days
99 (two nines)	14.40 minutes	7 hours	3.65 days
99.9 (three nines)	86.40 seconds	43 minutes	8.77 hours
99.99 (four nines)	8.64 seconds	4 minutes	52.60 minutes
99.999 (five nines)	0.86 seconds	26 seconds	5.26 minutes

If you can make an educated guess about the number of total hours downtime you are likely to have per year, you can use the following formulas to calculate the uptime percentage for a year, a month, or a week:

% uptime/year = 100 – (8760 – number of total hours downtime per year)/8760

% uptime/month = 100 – ((24 × number of days in the month) – number of total hours downtime in that calendar month)/(24 × number of days in the month)

% uptime/week = 100 – (168 – number of total hours downtime in that week)/168

Costs of availability

Availability is one of the more expensive requirements for a system. The higher the level of availability and the more systems that you protect, the more complex and costly an availability solution is likely to be. When you invest in availability, costs include the following:

Additional hardware and software, which can increase the complexity of interactions among software applications and settings.
Additional operational complexity.

The costs of improving availability should be evaluated in conjunction with your business needs — not all solutions in an organization are likely to require the same level of availability. You can offer different levels of availability for different sites, different services, or different farms.

Availability is a key area in which information technology (IT) groups offer service level agreements (SLAs) to set expectations with customer groups. Many IT organizations offer various SLAs that are associated with different chargeback levels.

Determining availability requirements

To gauge your organization’s tolerance of downtime for a site, service, or farm, answer the following questions:

If the site, service, or farm becomes unavailable, will employees be unable to perform their expected job responsibilities?
If the site, service, or farm becomes unavailable, will business and customer transactions be stopped, leading to loss of business and customers?

If you answered yes to either of these questions, you should invest in an availability solution.

Choosing an availability strategy and level

You can choose among many approaches to improve availability in a SharePoint Foundation environment, including the following:

Improve the fault tolerance of server hardware components.
Increase the redundancy of server roles within a farm.

Hardware component fault tolerance

Hardware component fault tolerance is the redundancy of hardware components and infrastructure systems such as power supplies at the server level. When planning for hardware component fault tolerance, consider the following:

Complete redundancy of every component within a server may be impossible or impractical. Use additional servers for additional redundancy.
Ensure that servers have multiple power supplies connected to different power sources for maximum redundancy.

In any system, we recommend that you work with hardware vendors to obtain fault-tolerant hardware that is appropriate for the system, including redundant array of independent disks (RAID) arrays.

Redundancy within a farm

SharePoint Foundation 2010 supports running server roles on redundant computers (that is, scaling out) within a farm to increase capacity and to provide basic availability.

The capacity that you require determines both the number of servers and the size of the servers in a farm. After you have met your base capacity requirements, you may want to add more servers to increase overall availability. The following illustration shows how you can provide redundancy for each server role.

Availability within a server farm

The following table describes the server roles in a SharePoint Foundation 2010 environment and the redundancy strategies that can be used for each within a farm.

Server role	Preferred redundancy strategy within a farm
Front-end Web server	Deploy multiple front-end Web servers within a farm, and use Network Load Balancing (NLB).
Application server	Deploy multiple application servers within a farm.
Database server	Deploy database servers by using clustering or high-availability database mirroring.

Database availability strategies

You can use Microsoft SQL Server failover clustering or SQL Server high-availability database mirroring to support availability of databases in a SharePoint Foundation environment.

SQL Server failover clustering

Failover clustering can provide availability support for an instance of SQL Server. A failover cluster is a combination of one or more nodes or servers, and two or more shared disks. A failover cluster instance appears as a single computer, but has functionality that provides failover from one node to another if the current node becomes unavailable. SharePoint Foundation can run on any combination of active and passive nodes in a cluster that is supported by SQL Server.

SharePoint Foundation references the cluster as a whole; therefore, failover is automatic and seamless from the perspective of SharePoint Foundation.

For detailed information about failover clustering, see Getting Started with SQL Server 2008 Failover Clustering (http://go.microsoft.com/fwlink/?LinkID=102837&clcid=0x409) and Configure availability by using SQL Server clustering (SharePoint Foundation 2010).

SQL Server high-availability mirroring

Database mirroring is a SQL Server technology that can deliver database redundancy on a per-database basis. In database mirroring, transactions are sent directly from a principal database and server to a mirror database and server when the transaction log buffer of the principal database is written to disk. This technique can keep the mirror database almost up to date with the principal database. SQL Server Enterprise Edition provides additional functionality that improves database mirroring performance.

For mirroring within a SharePoint Foundation farm, you must use high-availability mirroring, also known as high-safety mode with automatic failover. High-availability database mirroring involves three server instances: a principal, a mirror, and a witness. The witness server enables SQL Server to automatically fail over from the principal server to the mirror server. Failover from the principal database to the mirror database typically takes several seconds.

A change from previous versions is that SharePoint Foundation is mirroring-aware. After you have configured a database mirror instance of SQL Server, you then use SharePoint Central Administration or Windows PowerShell cmdlets to identify the failover (mirror) database server location for a configuration database, content database, or service application database. Setting a failover database location adds a parameter to the connection string that SharePoint Foundation uses to connect to SQL Server. In the event of a SQL Server time-out event, the following occurs:

The witness server that is configured for SQL Server mirroring automatically swaps the roles of the primary and mirror databases.
SharePoint Foundation automatically attempts to contact the server that is specified as the failover database.

For information about how to configure database mirroring, see Configure availability by using SQL Server database mirroring (SharePoint Foundation 2010).

For general information about database mirroring, see Database Mirroring (http://go.microsoft.com/fwlink/?LinkID=180597).

Note:

Databases that have been configured to use the SQL Server FILESTREAM remote BLOB store provider cannot be mirrored.

Comparison of database availability strategies for a single farm: SQL Server failover clustering vs. SQL Server high-availability mirroring

The following table compares failover clustering to synchronous SQL Server high-availability mirroring.

	SQL Server failover clustering	SQL Server high-availability mirroring
Time to failover	Cluster member takes over immediately upon failure.	Mirror takes over immediately upon failure.
Transactional consistency?	Yes	Yes
Transactional concurrency?	Yes	Yes
Time to recovery	Shorter time to recovery (milliseconds)	Slightly longer time to recovery (milliseconds).
Steps required for failover?	Failure is automatically detected by database nodes; SharePoint Foundation 2010 references the cluster so that failover is seamless and automatic.	Failure is automatically detected by the database; SharePoint Foundation 2010 is aware of the mirror location, if it has been configured correctly, so that failover is automatic.
Protection against failed storage?	Does not protect against failed storage, because storage is shared between nodes in the cluster.	Protects against failed storage because both the principal and mirror database servers write to local disks.
Storage types supported	Shared storage (more expensive).	Can use less-expensive direct-attached storage (DAS).
Location requirements	Members of the cluster must be on the same subnet.	Principal, mirror, and witness servers must be on the same LAN (up to 1 millisecond latency roundtrip).
Recovery model	SQL Server full recovery model recommended. You can use the SQL Server simple recovery model, but the only available recovery point if the cluster is lost will be the last full backup.	Requires SQL Server full recovery model.
Performance overhead	Some decrease in performance may occur while a failover is occurring.	High-availability mirroring introduces transactional latency because it is synchronous. It also requires additional memory and processor overhead.
Operational burden	Set up and maintained at the server level.	The operational burden is larger than clustering. Must be set up and maintained for all databases. Reconfiguring after failover is manual.

Service application redundancy strategies

The redundancy strategy you follow for protecting service applications that run in a farm varies, depending on where the service application stores data.

Service applications that store data in databases

To help protect service applications that store data in databases, you must follow these steps:

Install the service on multiple application servers to provide redundancy within the environment.

Configure SQL Server clustering or mirroring to protect the data.

The following service applications store data in databases:

Business Data Connectivity service application
Application Registry service application

We do not recommend mirroring the Application Registry database, because it is only used when upgrading Windows SharePoint Services 3.0 Business Data Catolog information to SharePoint Foundation 2010.
Usage and Health Data Collection service application

Note:

We recommend that you do not mirror the Usage and Health Data Collection service application Logging database.

Microsoft SharePoint Foundation Subscription Settings service

Redundancy and failover between closely located data centers configured as a single farm (“stretched” farm)

Some enterprises have data centers that are located close to one another with high-bandwidth connections so that they can be configured as a single farm. This is called a “stretched” farm. For a stretched farm to work, there must be less than 1 millisecond latency between SQL Server and the front-end Web servers in one direction, and at least 1 gigabit per second bandwidth.

In this scenario, you can provide fault tolerance by following the standard guidance for making databases and service applications redundant. The following illustration shows a stretched farm.

Stretched farm

Plan for disaster recovery (SharePoint Foundation 2010)

Updated: March 3, 2011

This article describes key decisions in choosing disaster recovery strategies for a Microsoft SharePoint Foundation 2010 environment.

In this article:
Disaster recovery overview

For the purposes of this article, we define disaster recovery as the ability to recover from a situation in which a data center that hosts SharePoint Foundation becomes unavailable.

The disaster recovery strategy that you use for SharePoint Foundation must be coordinated with the disaster recovery strategy for the related infrastructure, including Active Directory domains, Exchange Server, and Microsoft SQL Server. Work with the administrators of the infrastructure that you rely on to design a coordinated disaster recovery strategy and plan.

The time and immediate effort to get another farm up and running in a different location is often referred to as a hot, warm, or cold standby. Our definitions for these terms are as follows:

Hot standby A second data center that can provide availability within seconds or minutes.

Warm standby A second data center that can provide availability within minutes or hours.

Cold standby A second data center that can provide availability within hours or days.

Disaster recovery can be one of the more expensive requirements for a system. The shorter the interval between failure and availability and the more systems you protect, the more complex and costly a disaster recovery solution is likely to be.

When you invest in hot or warm standby data centers, costs include:
- Additional hardware and software, which often increase the complexity of operations between software applications, such as custom scripts for failover and recovery.
- Additional operational complexity.
The costs of maintaining hot or warm standby data centers should be evaluated based on your business needs. Not all solutions within an organization are likely to require the same level of availability after a disaster. You can offer different levels of disaster recovery for different content, services, or farms — for example, content that has high impact on your business, or search services, or an Internet publishing farm.

Disaster recovery is a key area in which information technology (IT) groups offer service level agreements (SLAs) to set expectations with customer groups. Many IT organizations offer a variety of SLAs that are associated with different chargeback levels.

When you implement failover between server farms, we recommend that you first deploy and tune the core solution within a farm, and then implement and test disaster recovery.
Choose a disaster recovery strategy

You can choose among many approaches to provide disaster recovery for a SharePoint Foundation environment, depending on your business needs. The following examples show why companies might choose cold, warm, or hot standby disaster recovery strategies.
- Cold standby disaster recovery strategy: A business ships backups to support bare metal recovery to local and regional offsite storage on a regular basis, and has contracts in place for emergency server rentals in another region.
  
  Pros:
  - Often the cheapest option to maintain, operationally.
  - Often an expensive option to recover, because it requires that physical servers be configured correctly after a disaster has occurred.
    
    Cons: The slowest option to recover.
- Warm standby disaster recovery strategy: A business ships virtual server images to local and regional disaster recovery farms.
  
  Pros: Often relatively inexpensive to recover, because a virtual server farm can require little configuration upon recovery.
  
  Cons: Can be very expensive and time consuming to maintain.
- Hot standby disaster recovery strategy: A business runs multiple data centers, but serves content and services through only one data center.
  
  Pros: Often relatively fast to recover.
  
  Cons: Can be quite expensive to configure and maintain.
Important:

No matter which disaster recovery solution you decide to implement for your environment, you are likely to incur some data loss.
Planning for cold standby data centers

In a cold standby disaster recovery scenario, you can recover by setting up a new farm in a new location, (preferably by using a scripted deployment), and restoring backups. Or, you can recover by restoring a farm from a backup solution such as Microsoft System Center Data Protection Manager 2007 that protects your data at the computer level and lets you restore each server individually. This article does not contain detailed instructions for how to create and recover in cold standby scenarios. For more information, see:
- Restore a farm (SharePoint Foundation 2010)
- Restore customizations (SharePoint Foundation 2010)
Planning for warm standby data centers

In a warm standby disaster recovery scenario, you can create a warm standby solution by making sure that you consistently and frequently create virtual images of the servers in your farm that you ship to a secondary location. At the secondary location, you must have an environment available in which you can easily configure and connect the images to re-create your farm environment.

This article does not contain detailed instructions for creating warm standby solutions. For more information about how to plan to deploy farms by using virtual solutions, see Plan for virtualization (SharePoint Foundation 2010) (http://technet.microsoft.com/library/4cf78c3a-d466-4a69-a067-af03ae069749(Office.14).aspx).

Planning for hot standby data centers

In a hot standby disaster recovery scenario, you can set up a failover farm to provide disaster recovery in a separate data center from the primary farm. An environment that has a separate failover farm has the following characteristics:

A separate configuration database and Central Administration content database must be maintained on the failover farm.
All customizations must be deployed on both farms.

Note:

We recommend that you use scripted deployment to create the primary and failover farm by using the same configuration settings and customizations.

Updates must be applied to both farms, individually.
SharePoint Foundation content databases can be successfully asynchronously mirrored or log-shipped to the failover farm.

Note:

SQL Server mirroring can only be used to copy databases to a single mirror server, but you can log-ship to multiple secondary servers.

Service applications vary in whether they can be log-shipped to a farm. For more information, see Service application redundancy across data centers later in this article.

This topology can be repeated across many data centers, if you configure SQL Server log shipping to one or more additional data centers.

Consult with your SAN vendor to determine whether you can use SAN replication or another supported mechanism to provide availability across data centers. The following illustration shows primary and failover farms before failover.

Primary and failover farms before failover

Service application redundancy across data centers

To provide availability across data centers for service applications, we recommend that for the services that can be run cross-farm, you run a separate services farm that can be accessed from both the primary and the secondary data centers.

For services that cannot be run cross-farm, and to provide availability for the services farm itself, the strategy for providing redundancy across data centers for a service application varies. The strategy employed depends on whether:

There is business value in running the service application in the disaster recovery farm when it is not in use.
The databases associated with the service application can be log-shipped or asynchronously mirrored.
The service application can run against read-only databases.

The following sections describe the disaster recovery strategies that we recommend for each service application. The service applications are grouped by strategy.

Databases that can be log-shipped or asynchronously mirrored

After a service application has been initially deployed on a secondary farm, the databases that support the following service applications can be asynchronously mirrored or log-shipped across farms:

Application Registry service application

Databases: Application Registry service
Usage and Health Data Collection service application

Databases: Logging

Note:

It is possible to log-ship or mirror the Logging database. However, we recommend that you do not run the Usage and Health Data Collection service on the disaster recovery farm, and that you do not mirror nor log-ship the Logging database.

Service applications and databases that cannot be log-shipped or asynchronously mirrored

The following service applications must be deployed on both the primary and failover farms, and cannot be log-shipped or asynchronously mirrored. For most of these service applications, we recommend that you deploy them and then verify that the failover farm has the same configuration settings as the primary farm. If configuration changes that affect the service are made on the primary farm, you must update the failover farm.

Business Data Connectivity service application

Databases: Business Data Connectivity
Microsoft SharePoint Foundation Subscription Settings service application

Database: Subscription Settings

Note:

Log-shipping the Subscription Settings database is not supported.

System requirements for disaster recovery

In an ideal scenario, the failover components and systems match the primary components and systems in all ways: platform, hardware, and number of servers. At a minimum, the failover environment must be able to handle the traffic that you expect during a failover. Keep in mind that only a subset of users may be served by the failover site. The systems must match in at least the following:
- Operating system version and all updates
- SQL Server versions and all updates
- SharePoint 2010 Products versions and all updates
Although this article primarily discusses the availability of SharePoint 2010 Products, the system uptime will also be affected by the other components in the system. In particular, make sure that you do the following:
- Ensure that infrastructure dependencies such as power, cooling, network, directory, and SMTP are fully redundant.
- Choose a switching mechanism, whether DNS or hardware load balancing, that meets your needs.

Backup (SharePoint Foundation 2010)
Published: May 12, 2010

The articles in this section are written to meet the requirements of information technology (IT) professionals who are responsible for the planning, design, deployment, and operations of backup and recovery solutions. These solutions might be in enterprise, corporate, or branch office environments. The IT professionals who are responsible for backup and recovery solutions are expected to have an understanding of the technical details that are contained in this section.

A backup is a copy of data that is used to restore and recover that data after a system failure. Backups allow you to restore data after a failure. If you make the appropriate backups, you can recover from many system failures, including the following:
- Media failure
- User errors (such as deleting a file by mistake)
- Hardware failures (such as a damaged hard disk or permanent loss of a server)
- Natural disasters
Additionally, it is useful to keep backups of data for routine purposes. Those purposes include copying a database from one server to another, setting up database mirroring, and archiving to comply with regulatory requirements.

Back up all or part of a farm

The following tasks for backup and recovery are performed on the entire farm, farm databases, sites, subsites, or files:

Back up a farm (SharePoint Foundation 2010)

This article describes the procedures that you can use to back up the entire farm.

Back up a farm configuration (SharePoint Foundation 2010)

This article describes the procedures that you can use to back up farm configuration settings.

Copy configuration settings from one farm to another (SharePoint Foundation 2010)

This article describes the procedures that you can use to copy configuration settings from one farm to another, including how to back up and recover a farm without the content databases, how to back up and recover configurations only, and how to create a deployment script.

Back up a Web application (SharePoint Foundation 2010)

This article describes the procedures that you can use to back up a Web application that is associated with the farm, including configuration and content databases.

Back up a service application (SharePoint Foundation 2010)

This article describes the procedures that you can use to back up a service application that is associated with the farm, including configuration and content databases.

Back up a site collection (SharePoint Foundation 2010)

This article describes the procedures that you can use to back up a site collection that is associated with the farm.

Back up a content database (SharePoint Foundation 2010)

This article describes the procedures that you can use to back up a content database that is associated with the farm.

Back up databases to snapshots (SharePoint Foundation 2010)

This article describes the procedures that you can use to back up a content database that is associated with the farm by saving the database to a snapshot.

Back up customizations (SharePoint Foundation 2010)

This article describes the procedures that you can use to back up customizations that are associated with the farm.

Export a site, list, or document library (SharePoint Foundation 2010)

This article describes the procedures that you can use to export a list, site, or document library that is associated with the farm. You can then import the items into another farm or move them to another place in this farm.

Back up or archive logs (SharePoint Foundation 2010)

This article describes the procedures that you can use to back up or archive log files that are associated with the farm.
Concepts

Recovery (SharePoint Foundation 2010)
Back up a farm (SharePoint Foundation 2010)

Updated: September 16, 2010

This topic describes how to back up a whole server farm.

Procedures in this task:
For information about which tool to use for backups, see Plan for backup and recovery (SharePoint Foundation 2010).

We recommend that you regularly back up the complete farm by backing up both the configuration and content. Regularly backing up the farm reduces the possibility of data losses that might occur from hardware failures, power outages, or other problems. It is a simple process and helps to ensure that all the farm data and configurations are available for recovery, if that is required.
Considerations when backing up a farm

Consider the following when you prepare to back up a farm:
- Performing a backup does not affect the state of the farm. However, it does require resources and might slightly affect farm performance when the backup is running. You can avoid performance issues by backing up the farm during hours when farm use is lowest, such as outside office hours.
- The farm backup process does not back up any certificates that you used to form trust relationships. Endure that you have copies of these certificates before you back up the farm. You must re-establish these trust relationships after restoring the farm.
- Backing up the farm backs up the configuration and Central Administration content databases, but these cannot be restored using Microsoft SharePoint Foundation 2010 tools. For more information about backing up and restoring all the farm databases, see Move all databases (SharePoint Foundation 2010) (http://technet.microsoft.com/library/0aaf3261-f06b-4f4f-96d0-96fecdf78bc6(Office.14).aspx).
- When you back up a farm that contains a Web application that is configured to use forms-based authentication, you must also use a file backup system to protect the Web.config files because the Web.config files have been updated manually to register the membership and role providers, and manual changes to the Web.config files are not backed up. Similarly, Web.config files are not restored when you restore a Web application. After recovery, you must update the Web.config files and redeploy the providers. For more information, see Plan authentication methods (SharePoint Foundation 2010) (http://technet.microsoft.com/library/b6bc8fec-c11c-4ed7-a78d-3ad61c7ef6c0(Office.14).aspx) and Configure claims authentication (SharePoint Foundation 2010) (http://technet.microsoft.com/library/ef8c3024-26de-4d06-9204-3c6bbb95fb14(Office.14).aspx).
- SharePoint Foundation 2010 backup backs up the Business Data Connectivity service external content type definitions but does not back up the data source itself. To protect the data, you should back up the data source when you back up the Business Data Connectivity service or the farm.
  
  If you restore the Business Data Connectivity service or the farm and then restore the data service to a different location, you must change the location information in the external content type definition. If you do not, the Business Data Connectivity service might not be able to locate the data source.
- SharePoint Foundation 2010 backup backs up remote Binary Large Object (BLOB) stores but only if you are using the FILESTREAM remote BLOB store provider to put data in remote BLOB stores.
  
  If you are using another provider, you must manually back up the remote BLOB stores.
- If you are using SQL Server with Transparent Data Encryption (TDE), and you are backing up your environment by using either SharePoint tools or SQL Server tools, the TDE encryption key in not backed up or restored. You must back up the key manually. When restoring, you must manually restore the key before restoring the data. For more information, see Understanding Transparent Data Encryption (TDE) (http://go.microsoft.com/fwlink/?LinkID=196394).
Task requirements

Before you begin, you must create a folder on the local computer or the network in which to store the backups. For better performance, we recommend that you back up to the local computer and then move the backup files to a network folder. For more information about how to create a backup folder, see Prepare to back up and recover (SharePoint Foundation 2010) (http://technet.microsoft.com/library/cca219c4-4930-454b-9d6e-3ce1ad4799f5(Office.14).aspx).
Use Windows PowerShell to back up a farm

You can use Windows PowerShell to back up the farm manually or as part of a script that can be run at scheduled intervals.

To back up a farm by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Backup-SPFarm -Directory <BackupFolder> -BackupMethod {Full | Differential} [-Verbose]

Where <BackUpFolder> is the path of a folder on the local computer or the network in which you want to store the backups.

Note:

If you are backing up the farm for the first time, you must use the Full

option. You must perform a full backup before you can perform a differential backup.

For more information, see Backup-SPFarm (http://technet.microsoft.com/library/c37704b5-5361-4090-a84d-fcdd17bbe345(Office.14).aspx).

Note:

We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

Use Central Administration to back up a farm

You can use Central Administration to back up the farm.

To back up a farm by using Central Administration

To perform this procedure, you must be a member of the Farm Administrators group on the computer that is running Central Administration.
In Central Administration, on the Home page, in the Backup and Restore section, click Perform a backup.
On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, select the farm from the list of components, and then click Next.
On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either Full or Differential.

Note:

If you are backing up the farm for the first time, you must use the Full option. You must perform a full backup before you can perform a differential backup.

In the Back Up Only Configuration Settings section, click Back up content and configuration settings.
In the Backup File Location section, type the UNC path of the backup folder, and then click Start Backup.
You can view the general status of all backup jobs at the top of the Backup and Restore Status page in the Readiness section. You can view the status for the current backup job in the lower part of the page in the Backup section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified in step 6.

Use SQL Server tools to back up a farm

If you want to back up the complete farm, you must use either Windows PowerShell or Central Administration. You cannot back up the complete farm by using the SQL Server tools because you cannot use the tools to back up the farm’s configuration. However, you can back up all the databases that are associated with the farm.

To back up the databases associated with a farm by using SQL Server tools

To use SQL Server tools to back up SharePoint Foundation 2010 databases, the account that is used to back up the databases must be a member of the SQL Server db_backupoperator fixed database role on the database server where each database is stored.
Open SQL Server Management Studio and connect to the database server.
In Object Explorer, expand Databases.
Right-click the database that you want to back up, point to Tasks, and then click Back Up.
In the Back Up Database dialog box, in the Source area, select the kind of backup that you want to perform from the Backup type list. For more information about which backup type to use, see Overview of Recovery Models (http://go.microsoft.com/fwlink/?LinkId=114396).
In the Backup component area, click Database.
Either use the default name provided or specify a name for the backup set in the Name text box.
Specify the expiration date for the backup set. This date determines how long, or when, the backup set can be overwritten by any later backups that have the same name. By default, the backup set is set to never expire (0 days).
In the Destination area, specify where you want to store the backup.
Click OK to back up the database.
Repeat steps 1-10 for each farm database.

Task requirements

Before you begin, you must create a folder on the local computer or the network in which to store the backups. For better performance, we recommend that you back up to the local computer and then move the backup files to a network folder. For more information about how to create a backup folder, see Prepare to back up and restore (SharePoint Foundation) (http://technet.microsoft.com/library/cca219c4-4930-454b-9d6e-3ce1ad4799f5(Office.14).aspx).

Important:

Backing up the farm configuration will not back up the information you have to have to restore service applications. If you want to restore a service application, you must perform a configuration and content backup of the farm. For more information about backing up service applications, see Back up a service application (SharePoint Foundation 2010).

Use Windows PowerShell to back up a farm configuration

You can use Windows PowerShell to back up the configuration from any configuration database on the current farm, on another farm, or from a configuration database that is not associated with any farm. You can back up a farm configuration manually or as part of a script that can be run at scheduled intervals.

To back up the configuration from any configuration database by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Backup-SPConfigurationDatabase -Directory <BackupFolder> -DatabaseServer <DatabaseServerName> -DatabaseName <DatabaseName> -DatabaseCredentials <WindowsPowerShellCredentialObject> [-Verbose]

Where:

<BackupFolder> is the path to the folder with the correct backup files.
<DatabaseServerName> is the name of the database server for the farm that you are backing up.
<DatabaseName> is the name of the farm configuration database.
If you are not logged on with an account with db_backupoperator fixed database role on the database server where the configuration database is stored, you must specify the value for DatabaseCredentials

parameter.

For more information, see Backup-SPConfigurationDatabase (http://technet.microsoft.com/library/28ddc176-1b7f-47dd-868f-39b7c403a900(Office.14).aspx).

Note:

Use Central Administration to back up a farm configuration

You can use Central Administration to back up the configuration of the farm that Central Administration is running on. To back up the configuration of a remote farm, you must use the Central Administration Web site that is running on the remote farm. You cannot use Central Administration to back up an unattached configuration database.

To back up a farm configuration by using Central Administration

Verify that the user account performing this procedure is a member of the Farm Administrators group.
On the Central Administration Home page, in the Backup and Restore section, click Perform a backup.
On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, select the farm from the list of components, and then click Next.

Note:

You can back up the configuration for any service or application. However, common practice is to back up configuration at the farm level.

On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select Full.
In the Backup Only Configuration Settings section, select the Backup only configuration settings option.
In the Backup File Location section, type the Universal Naming Convention (UNC) path of the backup folder, and then click Start Backup.
You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current backup job in the lower part of the page in the Backup section. The status page updates every 30 seconds automatically. You can manually refresh the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified in step 5.

Concepts

Restore a farm configuration (SharePoint Foundation 2010)
Back up a Web application (SharePoint Foundation 2010)

Updated: September 16, 2010

This article describes how to back up a Web application. Regularly backing up a Web application reduces the possibility of data losses that might occur from hardware failures, power outages, or other problems. It is a simple process that can help to ensure that all the Web application-related data and configurations are available for recovery, if that is required. We recommend that Web application backups be created in addition to regular backups at the farm level.

This topic describes how to back up a single Web application.

In this topic:
Considerations when backing up a Web application

Consider the following when you prepare to back up a Web application.
- You can back up only one Web application at a time by using the procedures in this article. However, you can simultaneously back up all Web applications by backing up the entire farm.
- Backing up a Web application does not affect the state of the farm. However, it does require resources and might slightly affect farm performance when the backup is running. You can avoid performance issues by backing up the Web application during hours when farm use is lowest, such as outside office hours.
- If the Web application uses the object cache, you must manually configure two special user accounts for the Web application after you restore the Web application. For more information about the object cache and how to configure these user accounts, see Configure object cache user accounts (http://technet.microsoft.com/library/cd646bb3-28c6-4040-866c-7d7936837ade(Office.14).aspx).
- When you back up a Web application, the Internet Information Services (IIS) settings and all content databases that are associated with the Web application are also backed up.
- When you back up a Web application that is configured to use forms-based authentication, you must also use a file backup system to protect the Web.config files because the Web.config files have been updated manually to register the membership and role providers, and manual changes to the Web.config files are not backed up. Similarly, Web.config files are not restored when you restore a Web application. After recovery, you must update the Web.config files and redeploy the providers. For more information, see Plan authentication methods (SharePoint Foundation 2010) (http://technet.microsoft.com/library/b6bc8fec-c11c-4ed7-a78d-3ad61c7ef6c0(Office.14).aspx) and Configure claims authentication (SharePoint Foundation 2010) (http://technet.microsoft.com/library/ef8c3024-26de-4d06-9204-3c6bbb95fb14(Office.14).aspx).
Task requirements

Before you begin, you must create a network folder in which to store the backups. Both the Windows SharePoint Services Timer V4 service account and the server farm user account must have Full Control permissions to this folder. For more information about how to create a backup folder, see Prepare to backup and recover (SharePoint Foundation) (http://technet.microsoft.com/library/cca219c4-4930-454b-9d6e-3ce1ad4799f5(Office.14).aspx).
Use Windows PowerShell to back up a Web application

You can use Windows PowerShell to back up a Web application manually or as part of a script that can be run at scheduled intervals.

To back up a Web application by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin. Additionally, the user account performing this procedure must be a member of the SQL Server db_backupoperator fixed database role on the database server where each database is stored.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Backup-SPFarm -Directory <BackupFolder> -BackupMethod {Full | Differential} -Item <WebApplicationName> [-Verbose]

Where:

<BackupFolder> is the path of the folder you use for storing backup files.
<WebApplicationName> is the name of the Web application.

Note:

If you are backing up the Web application for the first time, you must use the Full

option. You must perform a full backup before you can perform a differential backup.

For more information, see Backup-SPFarm (http://technet.microsoft.com/library/c37704b5-5361-4090-a84d-fcdd17bbe345(Office.14).aspx).

Note:

Use Central Administration to back up a Web application

You can use Central Administration to back up a Web application.

To back up a Web application by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
In Central Administration, on the Home page, in the Backup and Restore section, click Perform a backup.
On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, select the Web application from the list of components, and then click Next.

Note:

The Web application might consist of several components. You must select the top-level component.

On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either Full or Differential.

Note:

If you are backing up the Web application for the first time, you must use the Full option. You must perform a full backup before you can perform a differential backup.

In the Back Up Only Configuration Settings section, click Back up content and configuration settings.
In the Backup File Location section, type the Universal Naming Convention (UNC) path of the backup folder, and then click Start Backup.
You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current backup job in the lower part of the page in the Backup section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified in step 6.

Use SQL Server tools to back up a Web application

You cannot back up the complete Web application by using SQL Server tools. However, you can back up all the databases that are associated with the Web application. To back up the complete Web application, use either Windows PowerShell or Central Administration.

To back up a Web application by using SQL Server tools

Verify that the user account that is used to back up the databases is a member of the SQL Server db_backupoperator fixed database role on the database server where each database is stored. Additionally, verify that the user account has Full Control permissions on the backup folder.
Open SQL Server Management Studio and connect to the database server.
In Object Explorer, expand Databases.
Right-click the database that you want to back up, point to Tasks, and then click Back Up.
In the Back Up Database dialog box, in the Source area, select the kind of backup that you want to perform from the Backup type list. For more information about which backup type to use, see Overview of Recovery Models (http://go.microsoft.com/fwlink/?LinkId=114396).
In the Backup component area, click Database.
Either use the default name provided or specify a name for the backup set in the Name text box.
Specify the expiration date for the backup set. This date determines how long, or when, the backup set can be overwritten by any later backups that have the same name. By default, the backup set is set to never expire (0 days).
In the Destination area, specify where you want to store the backup.
Click OK to back up the database.
Repeat steps 1-10 for each database that is associated with the Web application.

Back up a service application (SharePoint Foundation 2010)

Published: May 12, 2010

We recommend that you regularly back up at the farm level. However, business or IT requirements might require that you back up a service application. Regularly backing up a service application reduces the possibility of data losses that might occur from hardware failures, power outages, or other problems. It is a simple process that helps to ensure that all the service application-related data and configurations are available for recovery, if that is required. You can back up one service application at a time, or you can back up all service applications at once.

For information about what to back up and which tools to use, see Plan for backup and recovery (SharePoint Foundation 2010). For more information, see Back up a farm (SharePoint Foundation 2010).

Backing up a service application does not affect the state of the farm. However, it does require resources. Therefore, backing up a service application might affect farm performance while the backup is running. You can avoid performance issues by backing up the service application during hours when farm use is lowest.

Note:

SharePoint Foundation 2010 backup backs up remote Binary Large Object (BLOB) stores but only if you are using the FILESTREAM remote BLOB store provider to put data in remote BLOB stores.

If you are using another provider, you must manually back up the remote BLOB stores.

Procedures in this topic:

Use Windows PowerShell to back up a service application
Use Central Administration to back up a service application

Note:

You cannot use SQL Server tools or Data Protection Manager to back up a service application.

Task requirements

Before you begin, you must create a folder on the local computer or the network in which to store the backups. For better performance, we recommend that you back up to the local computer and then move the backup files to a network folder. For more information about how to create a backup folder, see Prepare to backup and recover (SharePoint Foundation) (http://technet.microsoft.com/library/cca219c4-4930-454b-9d6e-3ce1ad4799f5(Office.14).aspx).

Note:

Microsoft SharePoint Foundation 2010 backup backs up the Business Data Connectivity service external content type definitions but does not back up the data source itself. To protect the data, you should back up the data source when you back up the Business Data Connectivity service or the farm.

If you back up the Business Data Connectivity service or the farm and then restore the data source to a different location, you must change the location information in the external content type definition. If you do not, the Business Data Connectivity service might not be able to locate the data source.

Use Windows PowerShell to back up a service application

You can use Windows PowerShell to back up one or more service applications manually or as part of a script that can be run at scheduled intervals.

To back up a service application by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Backup-SPFarm -Directory <BackupFolder> -BackupMethod {Full | Differential} -Item <ServiceApplicationName> [-Verbose]

Where:

<BackupFolder> is the path of a folder on the local computer or on the network in which you want to store the backups.
<ServiceApplicationName> is the name of the service application that you want to back up.

Note:

To back up all the service applications, at the Windows PowerShell command prompt, type the following command:

Backup-SPFarm -Directory <BackupFolder> -BackupMethod {Full | Differential} -Item “Farm\Shared Service Applications” [-Verbose]

Note:

If you are backing up the service application for the first time, you must use the Full

option. You must perform a full backup before you can perform a differential backup.

Some service applications always require a full backup. For these service applications, even if you select the Differential

option, the system performs a full backup.

For more information, see Backup-SPFarm (http://technet.microsoft.com/library/c37704b5-5361-4090-a84d-fcdd17bbe345(Office.14).aspx).

Note:

Use Central Administration to back up a service application

You can use Central Administration to back up a service application.

To back up a service application by using Central Administration

Verify that the user account that performs this procedure is a member of the Farm Administrators group.
In Central Administration, on the Home page, in the Backup and Restore section, click Perform a backup.
On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, select the service application from the list of components, and then click Next. To back up all the service applications, select the Shared Service Applications node.

Note:

The service application might consist of several components. You must select the top-level component.

On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either Full or Differential.

Note:

If you are backing up the service application for the first time, you must use the Full option. You must perform a full backup before you can perform a differential backup.

Some service applications always require a full backup. For these service applications, the system performs a full backup even if you select the Differential option.

In the Backup File Location section, in the Backup location box, type the path of the backup folder, and then click Start Backup.
You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current backup job in the lower part of the page in the Backup section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified in step 5.

Concepts

Restore a service application (SharePoint Foundation 2010)

Back up a site collection (SharePoint Foundation 2010)

Published: May 12, 2010

This article describes how to back up an individual site collection. We recommend that you regularly back up the complete farm. However, IT practices might require that you also back up a site collection. For more information about what to back up, see Plan for backup and recovery (SharePoint Foundation 2010).

Note:

If the site collection’s Lock status is set to Not locked or Adding content prevented, Microsoft SharePoint Foundation 2010 temporarily sets the site to Read-Only while the backup operation is occurring. SharePoint Foundation 2010 does this to reduce the possibilities of users changing the site collection while it is being backed up. After the backup is finished, the setting is changed back its normal status.

Performing a site collection backup might require resources and might slightly affect farm performance when the backup is running. You can help avoid performance issues by backing up the farm during hours when farm use is lowest, such as outside office hours.

Procedures in this task:

Use Windows PowerShell to back up a site collection
Use Central Administration to back up a site collection

Task requirements

Before you begin, you must create a folder on the local computer or the network in which to store the backups. For better performance, we recommend that you back up to the local computer and then move the backup files to a network folder.

For more information about how to create a backup folder, see Prepare to backup and recover (SharePoint Foundation) (http://technet.microsoft.com/library/cca219c4-4930-454b-9d6e-3ce1ad4799f5(Office.14).aspx).
Use Windows PowerShell to back up a site collection

You can use Windows PowerShell to back up a site collection manually or as part of a script that can be run at scheduled intervals.

To back up a site collection by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt type the following command:

Backup-SPSite -Identity <Site collection name> -Path <backup file> [-Force] [-NoSiteLock] [-UseSqlSnapshot] [-Verbose]

If you want to overwrite a previously used backup file, use the Force

parameter. You can use the NoSiteLock

parameter to keep the read-only lock from being set on the site collection while it is being backed up. However, using this parameter can allow users to change the site collection while it is being backed up and might lead to possible data corruption during backup.

If the database server is running an Enterprise Edition of Microsoft SQL Server, we recommend that you also use the UseSqlSnapshot

parameter for more consistent backups. You can also export sites or lists from these snapshots.

Important:

When you perform a backup that uses the UseSqlSnapshot

parameter, a backup will be completed successfully. However, you will see an error similar to the following:

Backup-SPSite : Operation is not valid due to the current state of the object.

At line:1 char:14

+ Backup-SPSite <<<< http://site -Path + CategoryInfo : NotSpecified: (:) [Backup-SPSite], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.SharePoint.PowerShell.SPCmdletBackupSite\\yourpath

Note:

If the RBS provider that you are using does not support snapshots, you cannot use snapshots for content deployment or backup. For example, the SQL FILESTREAM provider does not support snapshots.

For more information about using SQL snapshots, see Back up databases to snapshots (SharePoint Foundation 2010).

For more information, see Backup-SPSite (http://technet.microsoft.com/library/d4c31a1a-82a7-425f-b1bb-22e70bedd338(Office.14).aspx).

Note:

Use Central Administration to back up a site collection

You can use Central Administration to back up a site collection.

To back up a site collection by using Central Administration

Verify that the user account performing this procedure is a member of the Farm Administrators group. Additionally, verify that the Windows SharePoint Services Timer V4 service has Full Control permissions on the backup folder.
In Central Administration, on the Home page, in the Backup and Restore section, click Perform a site collection backup.
On the Site collection backup page, select the site collection from the Site Collection list.
Type the local path of the backup file in the Filename box.

Note:

If you want to reuse a file, select the Overwrite existing file check box.

Click Start Backup.
You can view the general status of all backup jobs at the top of the Granular Backup Job Status page in the Readiness section. You can view the status for the current backup job in the lower part of the page in the Site Collection Backup section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

If you receive any errors, you can review them in the Failure Message column of the Granular Backup Job Status page.

Concepts

Restore a site collection (SharePoint Foundation 2010)
Back up customizations (SharePoint Foundation 2010)
Updated: August 12, 2010

This article describes how to back up customizations that have been made to Microsoft SharePoint Foundation 2010 sites.

The following kinds of customizations can be made to sites:
- Customizations packaged as solutions (.wsp files). Solutions contain developed site elements, and are typically created by developers. Developed site elements include the following:
  - Web Parts
  - Workflows
  - Site and list definitions
  - Document converters
  - Event receivers
  - Timer jobs
  - Assemblies
- Authored site elements, which are typically created by Web designers, are not explicitly compiled and reside in a content database. Authored site elements include the following:
  - Master pages
  - Cascading style sheets
  - Forms
  - Layout pages
- Changes to the Web.config file
- Third-party solutions and their associated binary files and registry keys, such as IFilters
- Changes to sites created by direct editing through the browser
- Developed customizations that are not packaged as solutions
Each of these kinds of customizations requires a different type of backup.

In this article:
Backing up solution packages

Solution packages can be created by using Microsoft SharePoint Designer 2010 or Microsoft Visual Studio 2010. We strongly recommend that all customizations be deployed as solution packages.

A solution package is a deployable, reusable file that can contain a set of Features, site definitions, and assemblies that apply to sites, and that you can enable or disable individually. Solution packages can include Web Parts, site or list definitions, custom columns, new content types, custom fields, custom actions, coded workflows, or workflow activities and conditions.

The method that you use to back up solution packages is determined by whether the customizations are deployed as trusted solutions or sandboxed solutions.

Trusted solutions are solution packages that farm administrators deploy. Trusted solutions are deployed to the entire farm and can be used on any site within the farm. Trusted solutions are stored in the configuration database. Trusted solutions are backed up when a farm is backed up by using SharePoint Foundation 2010 backup, and are included in configuration-only backups. You can also back up trusted solutions as a group or individually. Trusted solutions are visible in the backup hierarchy.

Sandboxed solutions are solution packages that site collection administrators can deploy to a single site collection. Sandboxed solutions are stored in the content database that is associated with the site collection to which the solution packages are deployed. They are included in SharePoint Foundation 2010 farm, Web application, content database, and site collection backups, but are not visible in the backup hierarchy and cannot be selected or backed up individually.

We recommend that you keep a backup of the original .wsp file as well as the source code used to build the .wsp file for both trusted solutions and sandboxed solutions.

To back up trusted solutions by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
In Central Administration, on the Home page, in the Backup and Restore section, click Perform a backup.
On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, select Solutions, and then click Next.

You can also select an individual solution, if you only want to back up a single solution.
On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either Full or Differential.

Note:

If you are backing up the solution for the first time, you must use the Full option. You must perform a full backup before you can perform a differential backup.

In the Backup File Location section, type the Universal Naming Convention (UNC) path of the backup folder, and then click Start Backup.
You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status of the current backup job in the lower part of the page in the Backup section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

If you receive any errors, review the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified in step 4.

To back up trusted solutions by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command to back up all of the solutions in the farm. To back up a single solution, add the name of the solution to the item path “farm\solutions”.

Backup-SPFarm -backupmethod full -directory <UNC location> -item “farm\solutions”

Where:

<UNC location> is UNC location of the directory that you want to back up to.

For more information, see Backup-SPFarm (http://technet.microsoft.com/library/c37704b5-5361-4090-a84d-fcdd17bbe345(Office.14).aspx).

Note:

Backing up sandboxed solutions

You cannot back up only sandboxed solutions. Instead, you must back up the farm, Web application, or content database with which the sandboxed solution is associated. For more information about these methods of backing up, see Related content.

Backing up authored site elements

You cannot back up only authored site elements. Instead, you must back up the farm, Web application, or content database with which the authored site element is associated. For more information about these methods of backing up, see Related content.
Backing up workflows
Workflows are a special case of customizations that you can back up. Make sure that your backup and recovery plan addresses any of the following scenarios that apply to your environment:
- Declarative workflows, such as those created in Microsoft SharePoint Designer 2010, are stored in the content database for the site collection to which they are they are deployed. Backing up the content database protects these workflows.
- Custom declarative workflow actions have components in the following three locations:

The Visual Studio 2010 assemblies for the actions are stored in the global assembly cache (GAC).
The XML definition files (.ACTIONS files) are stored in the 14\TEMPLATE\<LCID>\Workflow directory.
An XML entry to mark the action as an authorized type is stored in the Web.config file for the Web applications in which it is used.

If the farm workflows use custom actions, you should use a file backup system to protect these files and XML entries. Similar to SharePoint Foundation features such as Web Parts and event receivers, these files should be reapplied to the farm as needed after recovery.

Workflows that depend on custom code, such as those that are created by using Visual Studio 2010, are stored in two locations. The Visual Studio 2010 assemblies for the workflow are stored in the GAC, and the XML definition files are stored in the Features directory. This is the same as other types of SharePoint Foundation features such as Web Parts and event receivers. If the workflow was installed as part of a solution package, backing up the farm, Web application, content database, or site collection protects these workflows.
If you create a custom workflow that interacts with a site collection other than the one where the workflow is deployed, you must back up both site collections to protect the workflow. This includes workflows that write to a history list or other custom list in another site collection. Performing a farm backup is sufficient to back up all site collections in the farm and all workflows that are associated with them.
Workflows that are not yet deployed must be backed up and restored separately. When you are developing a new workflow but have not yet deployed it to the SharePoint Foundation farm, make sure that you back up the folder where you store the workflow project files by a file system backup application.

Backing up changes to the Web.config file

A common customization to SharePoint Foundation 2010 is to change the Web.config file. We strongly recommend that you make changes to the Web.config file by using Central Administration or the SharePoint Foundation 2010 APIs and object model. Because these changes are stored in the configuration database, they can be recovered from a farm or configuration-only backup.

Changes to the Web.config file that are not made by using Central Administration or the SharePoint Foundation 2010 APIs and object model should be protected by using a file system backup.

Note:

If you are using forms-based authentication, provider registration in the Web.config file is manual, and is not protected by SharePoint Foundation 2010 backup. In this case, be sure to back up the Web.config file by using a file system backup.

Backing up third-party products

If third-party products are deployed as solution packages, they are protected by SharePoint Foundation 2010 backup. We recommend that you keep all the original files, distribution media, documentation, and the license and product keys that are required for installation.

Backing up changes made by direct editing

Changes made directly to a site by directly editing through the browser can be difficult to back up. The following table describes backup strategies for specific objects.

Edited object	Backup strategy
List	Use SharePoint Designer 2010 and save as a template. For more information, see Save a SharePoint site as a template (http://go.microsoft.com/fwlink/?LinkId=199515).
Site	Use SharePoint Designer 2010 and save as a template. For more information, see Save a SharePoint site as a template (http://go.microsoft.com/fwlink/?LinkId=199515).
Site collection	Use site collection backup. For more information, see Back up a site collection (SharePoint Foundation 2010).

Backing up developed customizations that are not packaged as solutions

Backing up developed customizations that are not deployed as solution packages can be a complex process because the customization file locations might not be stored in standardized places and SharePoint Foundation 2010 does not automatically back them up.

Consult with the development team or customization vendor to determine whether the customizations involve additional add-in software or files in other locations. We recommend that you back up these directories with a file system backup solution. The following table lists locations where developed customizations are typically stored on Web servers.

Location	Description
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14	Commonly updated files, custom assemblies, custom templates, custom site definitions
Inetpub	Location of IIS virtual directories
%WINDIR%\Assembly	Global assembly cache (GAC): a protected operating system location where the Microsoft .NET Framework code assemblies are installed to provide full system access

Task requirements

Note:

SharePoint Foundation 2010 backup backs up remote Binary Large Objects (BLOB) stores but only if you are using the SQL Filestream remote BLOB store provider to place data in remote BLOB stores.

If you are using another provider you must manually back up these remote BLOB stores.

Important:

If you are using SQL Server with Transparent Data Encryption (TDE), and you are backing up your environment by using either SharePoint tools or SQL Server tools, the TDE encryption key in not backed up or restored. You must backup the key manually. When restoring, you must manually restore the key before restoring the data. For more information, see Understanding Transparent Data Encryption (TDE) (http://technet.microsoft.com/en-us/library/bb934049.aspx)

Use Windows PowerShell to back up a content database

You can use Windows PowerShell to back up a content database manually or as part of a script that can be run at scheduled intervals.

To back up a content database by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Backup-SPFarm -Directory <Backup folder> -BackupMethod {Full | Differential} -Item <Content database name> [-Verbose]

Note:

If you are backing up the content database for the first time, you must use the Full

option. You must perform a full backup before you can perform a differential backup.

For more information, see Backup-SPFarm (http://technet.microsoft.com/library/c37704b5-5361-4090-a84d-fcdd17bbe345(Office.14).aspx)

Note:

Use Central Administration to back up a content database

You can use Central Administration to back up a content database.

To back up a content database by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
In Central Administration, on the Home page, in the Backup and Restore section, click Perform a backup.
On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, select the content database that you want to back up from the list of components, and then click Next.

Note:

Not all content databases can be selected in the list. If a database is not selectable, you must use Windows PowerShell to back up the content database.

On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select either Full or Differential.

Note:

If you are backing up the content database for the first time, you must use the Full option. You must perform a full backup before you can perform a differential backup.

In the Backup File Location section, type the Universal Naming Convention (UNC) path of the backup folder, and then click Start Backup.
You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status of the current backup job in the lower part of the page in the Backup section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

If you receive any errors, review the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified in step 4.

Use SQL Server tools to back up a content database

You can use SQL Server tools to back up a content database.

To back up a content database by using SQL Server tools

Verify that the user account that is performing this procedure is a member of the SQL Server db_backupoperator fixed database role on the database server where each database is stored.
Open SQL Server Management Studio and connect to the database server.
In Object Explorer, expand Databases.
Right-click the database that you want to back up, point to Tasks, and then click Back Up.
In the Back Up Database dialog box, in the Source area, select the kind of backup that you want to perform from the Backup type list. For more information about which backup type to use, see Overview of Recovery Models (http://go.microsoft.com/fwlink/?LinkId=114396) in SQL Server Books Online.
In the Backup component area, click Database.
Either use the default name provided or specify a name for the backup set in the Name text box.
Specify the expiration date for the backup set. This date determines how long, or when, the backup set can be overwritten by any later backups that have the same name. By default, the backup set is set to never expire (0 days).
In the Destination area, specify where you want to store the backup.
Click OK to back up the database.
Repeat steps 1-9 for each content database that you want to back up.

Concepts

Restore a content database (SharePoint Foundation 2010)
Back up databases to snapshots (SharePoint Foundation 2010)

Published: May 12, 2010

This topic describes how to back up a farm database to a snapshot.

You can only use SQL Server tools to back up a farm database to a snapshot.

Important:

You must be running Microsoft SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2 Enterprise Edition to take database snapshots.

We recommend that you regularly back up the complete farm. Regularly backing up the farm reduces data losses that might occur from hardware failures, power outages, or other problems. It is a simple process and helps to ensure that that all the farm data and configurations are available for recovery, if that is required. For more information, see Back up a farm (SharePoint Foundation 2010). However, IT requirements might require that you backup databases to snapshots. Although you can back up any farm database to a snapshot, you typically back up content databases.

A database snapshot provides a read-only, static view of a source database as it existed at snapshot creation, minus any uncommitted transactions. Uncommitted transactions are rolled back in a newly created database snapshot because the Database Engine runs recovery after the snapshot has been created (transactions in the database are not affected). For more information about database snapshots, see Database Snapshots (http://go.microsoft.com/fwlink/?LinkId=163950).
Task requirements

Before you begin, you must create a folder on the database server. If you want to store the snapshots at another location, you can move the backup files to a backup folder on the network after the operation is finished.
Use SQL Server tools to back up a database to a snapshot

If you want to back up databases to snapshots, you must use SQL Server tools. The databases that are associated with the farm are determined by the features that you have installed on the farm.

To back up a database to a snapshot by using SQL Server tools

Verify that the account that is used to back up the databases is a member of the SQL Server db_owner fixed database role.
Open SQL Server Management Studio and connect to the database server.
In Object Explorer, expand Databases.
Select the database that you want to back up, and then click New Query.
Copy the following text, and then paste it to the query pane.

CREATE DATABASE <snapshot name>
ON
(
NAME=<logical name of the database file>,
FILENAME = ‘c:\WSS_Backup1.ss’)
AS SNAPSHOT OF <database name>;

Other Resources

Database Snapshots (http://go.microsoft.com/fwlink/?LinkId=163950)
Export a site, list, or document library (SharePoint Foundation 2010)

Published: May 12, 2010

We recommend that you regularly back up the complete farm. However, business or IT requirements might require that you export a site, list, or document library. Regularly exporting sites, lists, and document libraries reduces data losses that might occur from hardware failures, power outages, or other problems. It is a simple process and helps to ensure that data is available for recovery, if that is required. You can only export one site, list, or document library at a time.

For information about what to back up and which tools to use, see Plan for backup and recovery (SharePoint Foundation 2010).

Procedures in this task:
- Use Windows PowerShell to export a site, list, or document library
- Use Central Administration to export a site, list, or document library
Note:

You cannot use SQL Server tools or Data Protection Manager to export a site, list or document library.
Task requirements

Before you begin, you must create a folder on the local computer or the network in which to store the export file. For better performance, we recommend that you export to the local computer and then move the export file to a network folder.
Use Windows PowerShell to export a site, list, or document library

You can use Windows PowerShell to export a site, list, or document library manually or as part of a script that can be run at scheduled intervals.

To export a site, list or document library by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Export-SPWeb -Identity <Site URL> -Path <Path and file name> [-ItemUrl <URL of site, list, or library>] [-IncludeUserSecurity] [-IncludeVersions] [-NoFileCompression] [-GradualDelete] [-Verbose]

If you are exporting a large site, list, or document library, you can use the GradualDelete

parameter. When this parameter is used, the site collection is marked as deleted, which immediately prevents any further access to its content. The data in the deleted site collection is then deleted gradually over time by a timer job instead of all at once, which reduces its impact on the performance of farm servers and SQL Server.

To specify which version of the site, list, or document library to include, use the IncludeVersions

parameter and specify “LastMajor” (default), “CurrentVersion”, “LastMajorandMinor”, or “All”. To include the user security settings with the list or document library, use the IncludeUserSecurity

parameter. If you want to overwrite the file that you specified, use the Force

parameter. To view the progress of the backup operation, use the Verbose

parameter.

The NoFileCompression

parameter lets you specify that no file compression is performed during the export process. Using this parameter can lower resource usage up to 30% during the export process. Using this parameter will result in a backup folder being created instead of a compressed file. If you use the NoFileCompression

parameter in the Export-SPWeb

command, you must also use it when you import the content by using the Import-SPWeb

command.

For more information, see Export-SPWeb (http://technet.microsoft.com/library/cd85bf19-6f24-4f13-bd9c-37bbf279ea2b(Office.14).aspx)

Note:

Use Central Administration to export a site, list, or document library

You can use Central Administration to export a site, list, or document library. You can only export one site, list, or document library at a time.

To export a site, list, or document library by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
In Central Administration, on the Home page, click Backup and Restore.
On the Backup and Restore page, in the Granular Backup section, click Export a site or list.
On the Site or List Export page, in the Site Collection section, select the site collection from the Site Collection list, and then select the site from the Site list.
If you are exporting a site, skip this step, Select the list or document library from the List list.
In the File Location section, in the Filename box, type the UNC path of the shared folder and the file to which you want to export the list or document library. The file name must use the .cmp extension.
If the file already exists and you want to use this file, select the Overwrite existing files check box. Otherwise, specify a different file name.
If you want to export all the security and permissions settings with the list or library, in the Export Full Security section, select the Export full security check box.
If you want to specify which version of the list or library to export, select one of the following versions from the Export versions list:

All Versions
Last Major
Current Version
Last Major and Last Minor

When you have specified the settings that you want, click Start Export.
You can view the status of all backup jobs at the top of the Granular Backup Job Status page. You can view the status of the current backup job in the Content Export section of the page. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the <file name>.export.log file at the UNC path that you specified in step 6.

Back up or archive logs (SharePoint Foundation 2010)
Published: May 12, 2010

A system-wide strategy for data protection should include backing up or archiving the logs in which data related to Microsoft SharePoint Foundation 2010 is recorded. This data can be useful for performance analysis, troubleshooting, monitoring compliance with service level agreements, and legal, regulatory, or business reasons. Therefore, protect this data as part of the routine maintenance by backing up or archiving the logs.

The following sections are labeled in the following manner to indicate how important it is to back up or archive this kind of log:
- [Essential] means that the log contains data that is essential to the environment. The data would be lost if a disk failure or other problem occurred.
- [Recommended] means that the log contains data that is useful in most environments for troubleshooting, operational, legal, or other needs.
In this article:
[Essential] Back up transaction logs

Microsoft SQL Server 2008 R2, SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2, and SQL Server 2005 with SP3 and Cumulative Update 3 transaction logs record all changes that were made to a database since the last checkpoint or full backup. These logs contain required data for restoring the farm.

We recommend that you back up these logs every 5–10 minutes. When you back up these logs, they are automatically truncated. You can use the Microsoft SQL Server 2008 R2, SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2, and SQL Server 2005 with SP3 and Cumulative Update 3 tools to back up the transaction log. For more information, see Creating Transaction Log Backups (http://go.microsoft.com/fwlink/?LinkId=124881) in the Microsoft SQL Server 2008 R2, SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2, and SQL Server 2005 with SP3 and Cumulative Update 3 documentation.

Transaction logs are also automatically backed up when you back up the farm, Web application, or databases by using either the SharePoint Central Administration Web site or the Windows PowerShell. For more information, see Back up a farm (SharePoint Foundation 2010).

How transaction log size affects farm backup times

When you back up SharePoint Foundation 2010, the size of the transaction log can affect how long the backup operation takes. Because the transaction log records all changes to a database since the last checkpoint or full backup, the log can grow very large over time. If the transaction log has grown very large, backups might take a very long time. For more information, see How to stop the transaction log of a SQL Server database from growing unexpectedly (http://go.microsoft.com/fwlink/?LinkID=111458).

The recommended way to truncate the transaction log if you are using a full recovery model is to back up the log. Microsoft SQL Server 2008 R2, SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2, and SQL Server 2005 with SP3 and Cumulative Update 3 automatically truncates the inactive parts of the transaction log when you back up the log. We also recommend that you pre-grow the transaction log to avoid auto-growing the log. For more information, see Managing the Size of the Transaction Log File (http://go.microsoft.com/fwlink/?LinkId=124882). For more information about using a full recovery model, see Backup Under the Full Recovery Model (http://go.microsoft.com/fwlink/?LinkId=127985). For more information about using a simple recovery model, see Backup Under the Simple Recovery Model (http://go.microsoft.com/fwlink/?LinkId=127987).

We do not recommend that you manually shrink the transaction log size or manually truncate the log by using the Truncate method.
[Recommended] Collect usage data

Usage analysis enables you to track how Web sites are being used. Log files are created daily to track usage. You can configure the setting for the collection of usage data. One of the most important settings is the location of the log files. By default, the log folder is configured to be on the same drive partition where SharePoint Foundation 2010 is installed. To make sure that the log files to not fill up that drive, you should change the log folder to be on a separate drive.

The location of the log directory is a farm-level setting, and the directory that is specified in this setting must exist on all servers in the farm. These logs are automatically backed up when you back up the farm.

For most environments, the default settings are adequate. For more information about configuring usage data collection settings, see Configure usage and health data collection (SharePoint Foundation 2010) (http://technet.microsoft.com/library/5c97fd40-008a-4fbc-8b3a-98244d8f0016(Office.14).aspx).
[Recommended] Archive diagnostic logs

Diagnostic logs provide detailed information about the operation of the farm. You can configure the level of detail that is logged. We recommend that you archive these logs when you archive the farm. You can archive the logs for the whole farm or a specific server. You can archive these files by manually copying them to a shared folder, or by using the Windows PowerShell Merge-SPlogFile cmdlet. You can use the Merge-SPLogFIle cmdlet to archive the log files on all of the farm servers at once.

You can use the Windows PowerShell Copy-Item cmdlet to archive log files from a single server. The Copy-Item cmdlet does not provide filtering and you must copy the entire log file.

For more information about how to configure diagnostic logging, see Configure diagnostic logging (SharePoint Foundation 2010) (http://technet.microsoft.com/library/a5641210-8224-4e11-9d93-4f96fa4c327c(Office.14).aspx)

To archive diagnostic logs from all farm servers by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Merge-SPLogFile -Path “<path to merged log file>.log” -Overwrite

For example, Merge-SPLogFile -Path “C:\Logs\MergedFiles\AllFarm_merged_12.20.2009.log” -Overwrite

Important:

Merging all log entries for all farm servers can take a long time and use resources. We recommend filtering the entries to match a specific set of criteria before merging.

To merge log entries that match a specific set of criteria, type the following command:

Merge-SPLogFile -Path “<path to merged log file>.log” -Area “<Area>” -Category “<Category>”

You can filter by one or more of the following:

Area (one or more, wildcard)
Category (one or more, wildcard)
Level
Correlation (one or more)
EventID (one or more, wildcard)
Message (wildcard)
StartTime
EndTime
Process (one or more, wildcard)
ThreadID (one or more)

Tip:

You can name the merged log file however you want. We recommend that you use a naming convention that makes it easy to determine what the log file contains, such as “<date merged>_<farm name>_<filtering criteria>. For example, to signify all the farm server log entries forSharePoint Foundation 2010 that involve the database category and are marked as “High” use, “Dec_2009_ContosoInternet_Foundation_Database_High.log”.

For more information, see Merge-SPLogFile (http://technet.microsoft.com/library/759702d7-bda2-4302-9345-abb43b609ad4(Office.14).aspx)

To archive diagnostic logs for a specific server by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Copy-Item <Log folder path> -Destination <Archive folder path> -Recurse

For more information, type Get-Help Copy-Item -Full

Note:

Configuring permissions for backup and recovery (SharePoint Foundation 2010)

Published: May 12, 2010

Before backing up or restoring Microsoft SharePoint Foundation 2010, you must ensure that the timer service account, SQL Server service account, and users running the backup or restore operations have the correct permissions or are members of the correct Windows security groups or SharePoint groups.

These permissions and group memberships must be configured initially. Subsequently, they must be updated when new farm components are added to the environment and if you want to add users who will perform backup and restore operations.

In this topic:
Permissions for the SPTimerV4 timer service and SQL Server account

The Windows SharePoint Services Timer V4 (SPTimerV4) and the SQL Server service account in SharePoint Foundation 2010 perform backup and restore operations on behalf of the user. These service accounts require Full Control permissions on any backup folders.

Group memberships required to run backup and restore operations in Central Administration

You must ensure that all user accounts that will be backing up or restoring your farm and farm components by using Central Administration have the group memberships that are described in the following table.

Required group memberships

Farm component	Member of Administrators group on the local computer	Member of Farm Administrators SharePoint group
Farm	Yes	No
Content Database	Yes	No
Site Collection	No	Yes
Site, list, document library	No	Yes

Setting permissions for running backup and restore operations by using Windows PowerShell

You must ensure that all user accounts that will be backing up or restoring your farm and farm components by using Windows PowerShell are added to the SharePoint_Shell_Access role for a specified database and have the permissions described in the table later in this section.

You can run the Add-SPShellAdmin

cmdlet to add a user account to this role. You must run the command for each user account. Moreover, you must run the command for all databases to which you want to grant access.

Note:

You only need to grant a user account access to back up and restore a specific farm component one time. You will have to perform this task again only when new farm components are added to your environment or when you want to add users to perform backup and restore operations.

To add a user to or remove a user from the SharePoint_Shell_Access role by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Add-SPShellAdmin -Username <User account> -Database <Database ID>

To add a user account to all the databases in the farm, type the following command, and then press ENTER:

ForEach ($db in Get-SPDatabase) {Add-SPShellAdmin -Username <User account> -Database $db}

To remove a user account from all the databases in the farm, type the following command, and then press ENTER:

ForEach ($db in Get-SPDatabase) {Remove-SPShellAdmin -Username <User account> -Database $db}

To view the user accounts currently added to the databases in the farm, type the following command, and then press ENTER:

ForEach ($db in Get-SPDatabase) {Get-SPShellAdmin -Database $db}

For more information, see Add-SPShellAdmin (http://technet.microsoft.com/library/2ddfad84-7ca8-409e-878b-d09cb35ed4aa(Office.14).aspx)

You might also have to grant additional permissions to the users running the backup or restore operation by using Windows PowerShell. The following table shows the permissions that are required.

Required permissions for Windows PowerShell

Farm component	Member of Administrators group on the local computer	Member of Farm Administrators SharePoint group	Full Control on backup folder
Farm	Yes	No	Yes
Content database	Yes	No	Yes
Site collection	No	Yes	Yes
Site, list, document library	Yes	No	Yes

Configuring permissions for backup and recovery (SharePoint Server 2010)

Published: May 12, 2010

Before backing up or restoring Microsoft SharePoint Foundation 2010, you must ensure that the timer service account, SQL Server service account, and users running the backup or restore operations have the correct permissions or are members of the correct Windows security groups or SharePoint groups.

These permissions and group memberships must be configured initially. Subsequently, they must be updated when new farm components are added to the environment and if you want to add users who will perform backup and restore operations.

In this topic:
Permissions for the SPTimerV4 timer service and SQL Server account

The Windows SharePoint Services Timer V4 (SPTimerV4) and the SQL Server service account in SharePoint Foundation 2010 perform backup and restore operations on behalf of the user. These service accounts require Full Control permissions on any backup folders.

Group memberships required to run backup and restore operations in Central Administration

Required group memberships

Farm component	Member of Administrators group on the local computer	Member of Farm Administrators SharePoint group
Farm	Yes	No
Service Application	Yes	No
Content Database	Yes	No
Site Collection	No	Yes
Site, list, document library	No	Yes

Setting permissions for running backup and restore operations by using Windows PowerShell

You can run the Add-SPShellAdmin

cmdlet to add a user account to this role. You must run the command for each user account. Moreover, you must run the command for all databases to which you want to grant access.

Note:

To add a user to or remove a user from the SharePoint_Shell_Access role by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Add-SPShellAdmin -Username <User account> -Database <Database ID>

To add a user account to all the databases in the farm, type the following command, and then press ENTER:

ForEach ($db in Get-SPDatabase) {Add-SPShellAdmin -Username <User account> -Database $db}

To remove a user account from all the databases in the farm, type the following command, and then press ENTER:

ForEach ($db in Get-SPDatabase) {Remove-SPShellAdmin -Username <User account> -Database $db}

To view the user accounts currently added to the databases in the farm, type the following command, and then press ENTER:

ForEach ($db in Get-SPDatabase) {Get-SPShellAdmin -Database $db}

For more information, see Add-SPShellAdmin (http://technet.microsoft.com/library/2ddfad84-7ca8-409e-878b-d09cb35ed4aa(Office.14).aspx)

You might also have to grant additional permissions to the users running the backup or restore operation by using Windows PowerShell. The following table shows the permissions that are required.

Required permissions for Windows PowerShell

Farm component	Member of Administrators group on the local computer	Member of Farm Administrators SharePoint group	Full Control on backup folder
Farm	Yes	No	Yes
Service application	Yes	No	Yes
Content database	Yes	No	Yes
Site collection	No	Yes	Yes
Site, list, document library	Yes	No	Yes

Recovery (SharePoint Foundation 2010)
Published: May 12, 2010

The articles in this section are written to meet the requirements of information technology (IT) professionals who are responsible for the planning, design, deployment, and operations of backup and recovery solutions. These solutions might be in enterprise, corporate, or branch office environments.

The IT professionals who are responsible for backup and recovery solutions are expected to have an understanding of the technical details that are contained in this section. However, service-level expertise is not needed to understand the enterprise-level discussions and decisions.

Before you restore a farm, ensure that the following requirements are met:
- To restore a farm by using the SharePoint Central Administration Web site, you must be a member of the Farm Administrators group.
- To restore a farm by using Windows PowerShell, you must meet the following minimum requirements: See Add-SPShellAdmin.
- The database server’s SQL Server account, the Timer service account, and the Central Administration application pool account must have Read permissions to the backup locations. (The Timer service account and the Central Administration application pool account are usually the same.) The database server’s SQL Server account must be a member of the sysadmin fixed server role.
- Your login account must have Read permissions to the backup locations.
- Ensure that the SharePoint Foundation Administration service is started on all farm servers. By default, this service is not started on stand-alone installations.
Consider the following before you restore a farm:
- Restoring from one version of SharePoint Products and Technologies to a different version is not supported.
- After recovery, search might take as long as 15 minutes to be available again. It can take longer than 15 minutes if the search system has to crawl all the content again. If you back up and restore the complete service, the system does not have to perform a full crawl.
- You can only perform one recovery or one backup operation at a time.

Recover all or part of a farm

The following tasks for recovery are performed on the entire farm, farm databases, sites, subsites, or lists:

Restore a farm (SharePoint Foundation 2010)

This article describes the procedures that you can use to restore the entire farm from a backup.

Restore a farm configuration (SharePoint Foundation 2010)

This article describes the procedures that you can use to restore the farm configuration to the same farm from a backup.

Document farm configuration settings (SharePoint Foundation 2010)

This article describes how to use Windows PowerShell to document the configuration settings for your farm. Documenting configuration settings is important both so that you can create scripted deployments for your environment, and so that you can quickly re-create a set of configurations in the event of a failure.

Copy configuration settings from one farm to another (SharePoint Foundation 2010)

This article describes the procedures that you can use to copy configuration settings from one farm to another, including how to back up and recover a farm without the content databases, how to back up and recover configurations only, and how to create a deployment script.

Restore a Web application (SharePoint Foundation 2010)

This article describes the procedures that you can use to restore a Web application that is associated with the farm, including configuration and content databases, from a backup.

Restore a service application (SharePoint Foundation 2010)

This article describes the procedures that you can use to restore a service application that is associated with the farm, including configuration and content databases, from a backup.

Restore a content database (SharePoint Foundation 2010)

This article describes the procedures that you can use to restore a content database from a backup.

Restore a site collection (SharePoint Foundation 2010)

This article describes the procedures that you can use to restore a site collection from a backup.

Restore customizations (SharePoint Foundation 2010)

This article describes the procedures that you can use to restore customizations that are associated with the farm from backups.

Attach and restore a read-only content database (SharePoint Foundation 2010)

This article describes the procedures that you can use to attach a read-only content database to the farm.

Import a list or document library (SharePoint Foundation 2010)

This article describes the procedures that you can use to restore a site, list, or document library from a backup.
Concepts

Backup (SharePoint Foundation 2010)
Restore a farm (SharePoint Foundation 2010)

Updated: September 16, 2010

This article describes how to restore a Microsoft SharePoint Foundation 2010 farm. Farm-level recovery is usually performed only after a failure that involves the complete farm, or where partial recovery of part of the farm is not possible. If you only have to restore part of the farm, a specific database, a service application, a list, or document library, or a specific document, use another recovery method. For more information about alternate forms of recovery, see Related content.

Farm recovery is usually performed for any of the following reasons:
- Restoring a farm after a fire, disaster, equipment failure, or other data-loss event.
- Restoring farm configuration settings and data to a specific previous time and date.
- Moving a SharePoint Foundation 2010 deployment from one farm to another farm.
In this article:
Considerations when recovering a farm

When you prepare to recover a farm, be aware of the following issues:
- Backing up the farm will back up the configuration and Central Administration content databases, but these cannot be restored using Microsoft SharePoint Foundation 2010 tools. For more information about backing up and restoring all the farm databases, see Move all databases (SharePoint Foundation 2010) (http://technet.microsoft.com/library/0aaf3261-f06b-4f4f-96d0-96fecdf78bc6(Office.14).aspx)
- When you restore the farm by using Microsoft SharePoint Foundation 2010, the restore process will not automatically start all of the service applications. You must manually start them by using Central Administration or Windows PowerShell. Do not use SharePoint Products Configuration Wizard to start the services because doing so will also re-provision the services and service proxies.
- The identifier (ID) of each content database is retained when you restore or reattach a database by using built-in tools. Default change log retention behavior when using built-in tools is as follows:

The change logs for all databases are retained when you restore a farm.
The change log for content databases is retained when you reattach or restore a database.

When a database ID and change log are retained, the search system continues crawling based on the regular schedule that is defined by crawl rules.

When you restore an existing database and do not use the overwrite option, a new ID is assigned to the restored database, and the database change log is not preserved. The next crawl of the database will add data from the content database to the index.

If a restore is performed and the ID in the backup package is already being used in the farm, a new ID is assigned to the restored database and a warning is added to the restore log. The ability to perform an incremental crawl instead of a full crawl depends on the content database ID being the same as before and the change log token that is used by the search system being valid for the current change log in the content database. If the change log is not preserved, the token is not valid and the search system has to perform a full crawl.

SharePoint Foundation 2010 backup backs up the Business Data Connectivity service external content type definitions but does not back up the data source itself. To protect the data, you should back up the data source when you back up the Business Data Connectivity service or the farm.

If you restore the Business Data Connectivity service or the farm and then restore the data source to a different location, you must change the location information in the external content type definition. If you do not, the Business Data Connectivity service might be unable to locate the data source.
SharePoint Foundation 2010 restores remote Binary Large Objects (BLOB) stores only if you are using the FILESTREAM remote BLOB store provider to put data in remote BLOB stores.

If you are using another provider, you must manually restore the remote BLOB stores.
If a user has taken copies of content for off-line editing in Microsoft SharePoint Workspace 2010 and the content is restored from a backup on the server, when the user re-connects, the server automatically synchronizes the off-line content with the restored content. This might result in data loss on the user’s copies of the content.
If you are sharing service applications across farms, be aware that trust certificates that have been exchanged are not included in farm backups. You must back up your certificate store separately or retain the certificates in a separate location. When you restore a farm that shares a service application, you must import and redeploy the certificates, and then re-establish any inter-farm trusts.

For more information, see Exchange trust certificates between farms (SharePoint Foundation 2010) (http://technet.microsoft.com/library/679d334b-913d-49b3-b086-66a60093b261(Office.14).aspx)
After a Web application that is configured to use claims-based authentication has been restored, duplicate or additional claims providers are often visible. If duplicates appear, you must then manually save each Web application zone to remove them. For more information, see Restore a Web application (SharePoint Foundation 2010).
Additional steps are required when you restore a farm that contains a Web application that is configured to use forms-based authentication. For more information, see Restore a Web application (SharePoint Foundation 2010).

Use Windows PowerShell to restore a farm

You can use Windows PowerShell to restore a farm.

To restore a farm by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Restore-SPFarm -Directory <BackupFolder> -RestoreMethod Overwrite [-BackupId <GUID>]

Where:

<BackupFolder> is the path of the folder you use for storing backup files.
<GUID> is the identifier of the backup to restore from.

Note:

If you are not logged on as the Farm account, you are prompted for the Farm account’s credentials.

If you do not specify the BackupId

, the most recent backup will be used. To view the backups for the farm, type the following command:

Get-SPBackupHistory -Directory <BackupFolder> -ShowBackup [-Verbose]

Where:

<BackupFolder> is the path of the folder you use for storing backup files.

You cannot use a configuration-only backup to restore content databases together with the configuration.

To restart a service application, type the following command:

Start-SPServiceInstance -Identity <ServiceApplicationID>

Where:

<ServiceApplicationID> is the GUID of the service application.

Start-SPServiceInstance

For more information about restarting service applications by using Windows PowerShell, see Start-SPServiceInstance (http://technet.microsoft.com/library/fcb4a4f8-a95f-468e-918b-d9a2d736cd2d(Office.14).aspx)

For more information about restoring the farm by using Windows PowerShell, see Restore-SPFarm (http://technet.microsoft.com/library/8e18ea80-0830-4ffa-b6b6-ad18a5a7ab3e(Office.14).aspx)

Note:

Use Central Administration to restore a farm

You can use the Central Administration Web site to restore a farm.

To restore a farm by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
In Central Administration, on the Home page, in the Backup and Restore section, click Restore from a backup.
On the Restore from Backup — Step 1 of 3: Select Backup to Restore page, from the list of backups, select the backup job that contains the farm backup, and then click Next. You can view more details about each backup by clicking the (+) next to the backup.

Note:

If the correct backup job does not appear, in the Backup Directory Location text box, type the Universal Naming Convention (UNC) path of the correct backup folder, and then click Refresh.

You cannot use a configuration-only backup to restore the farm.

On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is next to the farm, and then click Next.
On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component section, ensure that Farm appears in the Restore the following component list.

In the Restore Only Configuration Settings section, ensure that the Restore content and configuration settings option is selected.

In the Restore Options section, under Type of Restore, select the Same configuration option. A dialog box will appear that asks you to confirm the operation. Click OK.

Note:

If the Restore Only Configuration Settings section does not appear, the backup that you selected is a configuration-only backup. You must select another backup.

Click Start Restore.

You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current recovery job in the lower part of the page in the Restore section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the recovery to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified in step 3.
When the restore process has completed, you may need to restart one or more service applications. In Central Administration, on the Home page, in the Application Management section, click Manage services on server.
On the Services on Server page, start any services related to service applications that you want to run by clicking Start in the Actions column next to the service application.
Re-establish any trust relationships. For more information, see Exchange trust certificates between farms (SharePoint Foundation 2010) (http://technet.microsoft.com/library/679d334b-913d-49b3-b086-66a60093b261(Office.14).aspx).

Use SQL Server tools to restore a farm

Although you cannot restore the complete farm by using SQL Server tools, you can restore most of the farm databases. If you restore the databases by using SQL Server tools, you must restore the farm configuration by using Central Administration or Windows PowerShell. For more information about how to restore the farm’s configuration settings, see Restore a farm configuration (SharePoint Foundation 2010).

Note:

The search index is not stored in SQL Server. If you use SQL Server tools to back up and restore search, you must perform a full crawl after you restore the content database.

Before you restore SharePoint Foundation 2010, we recommend that you configure a recovery farm for site and item recovery.

Restore the databases by following these steps:

If possible, back up the live transaction log of the current database to protect any changes that were made after the last full backup.
Restore the last full database backup.
Restore the most recent differential database backup that occurred after the most recent full database backup.
Restore all transaction log backups that occurred after the most recent full or differential database backup.

To restore a farm by using SQL Server tools

Verify that the user account that is performing this procedure is a member of the sysadmin fixed server role.
If the Windows SharePoint Services Timer service is running, stop the service and wait for several minutes for any currently running stored procedures to finish. Do not restart the service until after you restore all the databases that you have to restore.
Start SQL Server Management Studio and connect to the database server.
In Object Explorer, expand Databases.
Right-click the database that you want to restore, point to Tasks, point to Restore, and then click Database.

The database is automatically taken offline during the recovery operation and cannot be accessed by other processes.
In the Restore Database dialog box, specify the destination and the source, and then select the backup set or sets that you want to restore.

The default values for destination and source are appropriate for most recovery scenarios.
In the Select a page pane, click Options.
In the Restore options section, select only Overwrite the existing database. Unless your environment or policies require otherwise, do not select the other options in this section.
In the Recovery state section:

If you have included all the transaction logs that you must restore, select RECOVER WITH RECOVERY.
If you must restore additional transaction logs, select RECOVER WITH NORECOVERY.
The third option, RECOVER WITH STANDBY is not used in this scenario.

Note:

For more information about these recovery options, see Restore Database (Options Page) (http://go.microsoft.com/fwlink/?LinkId=114420).

Click OK to complete the recovery operation.
Except for the configuration database, repeat steps 4 through 9 for each database that you are restoring.

To restore the configuration settings, you must use the existing configuration database or manually create a new database and restore the configuration to that database. For more information about restoring the farm configuration, see Restore a farm configuration (SharePoint Foundation 2010).
Start the Windows SharePoint Services Timer service.

Restore a farm configuration (SharePoint Foundation 2010)

Published: May 12, 2010

This topic describes how to a restore the configuration of a farm.

Note:

In previous versions of Microsoft SharePoint Foundation 2010, you could not restore the configuration database and, therefore, you could not restore the configuration of a farm. In this version of SharePoint Foundation 2010, you do not have to restore the configuration database because you can restore the farm configuration directly.

Procedures in this task:

Use Windows PowerShell to restore a farm’s configuration
Use Central Administration to restore a farm’s configuration

Overview

Farm-level configuration recovery is performed only after a failure that involves the configuration database but does not involve other farm data, such as a content database or Web application. If restoring the farm configuration does not solve the problems, you must restore the complete farm.

For more information about restoring the complete farm, see Restore a farm (SharePoint Foundation 2010).

You can restore the configuration from a farm backup that used either the Backup content and configuration settings option or the Backup only configuration settings option.
Use Windows PowerShell to restore a farm’s configuration

You can use Windows PowerShell to restore a farm’s configuration.

To restore a farm’s configuration by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
From the Windows PowerShell command prompt (that is, PS C:\>), type the following command and press ENTER:

Restore-SPFarm -Directory <RestoreShare> -RestoreMethod Overwrite -ConfigurationOnly

You must use the ConfigurationOnly

parameter. To view the progress of the operation, use the Verbose

parameter.

For more information, see Restore-SPFarm (http://technet.microsoft.com/library/8e18ea80-0830-4ffa-b6b6-ad18a5a7ab3e(Office.14).aspx)

Note:

Use Central Administration to restore a farm’s configuration

You can use Central Administration to restore a farm’s configuration.

To restore a farm’s configuration by using Central Administration

Ensure that you are a member of the Farm Administrators SharePoint group on the computer that is running Central Administration and a member of the sysadmin fixed server role on the database server where each database is stored.
In Central Administration, on the Home page, in the Backup and Restore section, click Restore from a backup.
On the Restore from Backup — Step 1 of 3: Select Backup to Restore page, select the backup job that contains the farm backup from the list of backups, and then click Next.

Note:

You can view additional information about the backups by expanding the row that contains the backup.

Note:

If the correct backup job does not appear, in the Backup Directory Location text box, enter the UNC path of the correct backup folder, and then click Refresh.

On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is next to the farm, and then click Next.
On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component section, ensure that “Farm” appears in the Restore the following content list.

In the Restore Only Configuration Settings section, ensure that the Restore content and configuration settings option is selected.

In the Restore Options section, select the Type of Restore option. Use the Same configuration setting. A dialog box will appear that asks you to confirm the operation. Click OK.

Note:

If the Restore Only Configuration Settings section does not appear, then the backup that you selected is a configuration-only backup.

Click Start Restore.

You can view the general status of all recovery jobs at the top of the Backup and Restore Status page in the Readiness section. You can view the status of the current recovery job in the lower part of the page in the Restore section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the recovery to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified in step 2.

Use SQL Server to restore a farm’s configuration

You cannot restore a farm’s configuration by using SQL Server tools.
Concepts

Back up a farm configuration (SharePoint Foundation 2010)
Document farm configuration settings (SharePoint Foundation 2010)

Published: May 12, 2010

This article describes how to use Windows PowerShell 2.0 to document the configuration settings for your farm. Documenting configuration settings is important both so that you can create scripted deployments for your environment, and so that you can quickly re-create a set of configurations in the event of a failure.

To document configuration settings by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
Using Notepad, create a text file and then copy and paste the following script into the file. The commands in the example create XML files that document the configurations of the Web applications and service applications in the current farm. Choose only those commands that are relevant to your environment.

##
## Common SharePoint configuration settings
##
#Retrieve Web Application information. The default depth of 2 does not return much detail–we recommend that you use a depth of 4 for this cmdlet.
Get-SPWebApplication | Export-Clixml .\ WebAppFilename.xml -depth 4

To run the script, in the Windows PowerShell console, at the command prompt (that is, PS C:\>), type the following command and press ENTER:C:\<path>\<filename>.ps1

For more information, see Export-Clixml (http://technet.microsoft.com/en-us/library/dd347657.aspx) Get-SPWebApplication (http://technet.microsoft.com/library/11d6521f-f99c-433e-9ab5-7cf9e953457a(Office.14).aspx), Get-SPServiceApplication (http://technet.microsoft.com/library/71a467dc-3b95-4b65-af93-0d0d6ebb8326(Office.14).aspx).

Example of using a cmdlet

This section provides an example of ways that you can use one of the recommended cmdlets.

The Get-SPAlternateURL cmdlet provides information about alternate access mapping. Piping the cmdlet to the Export-Clixml cmdlet writes the information to an XML file.

Get-SPAlternateURL | Export-Clixml .\Get-SPAlternateURL.xml

The following section lists the content of the Get-SPAlternateURL.xml file. Some sections are collapsed.

– <Objs Version=”1.1.0.1″ xmlns=”http://schemas.microsoft.com/powershell/2004/04″>
+ <Obj RefId=”0″>
– <Obj RefId=”7″>
<TNRef RefId=”0″ />
<ToString>Microsoft.SharePoint.Administration.SPAlternateUrl</ToString>
– <Props>
<S N=”IncomingUrl”>http://servername</S>
<URI N=”Uri”>http://servername/</URI>
+ <Obj N=”UrlZone” RefId=”8″>
– <Obj N=”Collection” RefId=”9″>
<TNRef RefId=”2″ />
– <IE>
– <Obj RefId=”10″>
<TNRef RefId=”0″ />
<ToString>Microsoft.SharePoint.Administration.SPAlternateUrl</ToString>
+ <Props>
– <MS>
<S N=”Zone”>Default</S>
<S N=”PublicUrl”>http://servername</S>
</MS>
</Obj>
</IE>
– <Props>
<I32 N=”Count”>1</I32>
<B N=”IsReadOnly”>false</B>
<S N=”TypeName”>Alternate Access Mapping Collection</S>
<S N=”DisplayName”>SharePoint – 80</S>
<U64 N=”DiskSizeRequired”>0</U64>
<B N=”CanSelectForBackup”>false</B>
<B N=”CanRenameOnRestore”>false</B>
<B N=”CanSelectForRestore”>false</B>
<S N=”Name”>SharePoint – 80</S>
<G N=”Id”>5b65a69a-222d-4fe0-904b-0fb928bc7a89</G>
<S N=”Status”>Online</S>
<S N=”Parent”>SPFarm Name=SERVERNAME_SharePoint_Configuration_Database</S>
<I64 N=”Version”>3661</I64>
+ <Obj N=”Properties” RefId=”12″>
<TNRef RefId=”3″ />
<DCT />
</Obj>
<S N=”Farm”>SPFarm Name=SERVERNAME_SharePoint_Configuration_Database</S>
<Ref N=”UpgradedPersistedProperties” RefId=”11″ />
</Props>
</Obj>
<Ref N=”UpgradedPersistedProperties” RefId=”11″ />
</Props>
+ <MS>
+ <Obj N=”Zone” RefId=”13″>
<TNRef RefId=”1″ />
<ToString>Default</ToString>
<I32>0</I32>
</Obj>
<S N=”PublicUrl”>http://servername</S>
</MS>
</Obj>
</Objs>

This example imports the output from the XML file, so that you can see its contents more easily.

Import-Clixml .\Get-SPAlternateURL.xml

Once an XML file is imported, you can use the objects in the pipeline as though they were real objects of the given type.

Import-Clixml .\Get-SPAlternateURL.xml | %{$_.Uri}

You can also pipe the objects as part of the cmdlet, and view all of the expected properties, methods, and TypeNames. The following example pipes URIs.

Import-Clixml .\Get-SPAlternateURL.xml | %{$_.Uri | Get-Member}

For more information, see Export-Clixml (http://technet.microsoft.com/en-us/library/dd347657.aspx), Import-Clixml (http://technet.microsoft.com/en-us/library/dd315355.aspx), Get-SPAlternateURL (http://technet.microsoft.com/library/ea38119d-a535-48a3-b498-9daa443399fb(Office.14).aspx), ForEach-Object (http://technet.microsoft.com/en-us/library/dd347608.aspx), Get-Member (http://technet.microsoft.com/en-us/library/dd315351.aspx).

Copy configuration settings from one farm to another (SharePoint Foundation 2010)

Published: May 12, 2010

This article describes how to copy configuration settings from one Microsoft SharePoint Foundation 2010 farm to another SharePoint Foundation 2010 farm. Copying the configuration settings of one farm to another can be useful in the following circumstances:

Setting up similar development, test, and production environments.
Establishing an organization standard for farm configuration settings.
Setting up a disaster recovery environment.

In this article:

Back up and recover a farm without content databases to copy configuration settings
Back up and recover configuration settings only
Create a scripted deployment to copy configuration settings

There are many ways in which you can copy configurations from one farm to another. Determine which method to use based on the configuration settings that you want to copy and how often you need to copy them.

Back up and recover a farm without the content databases attached. This method provides you with farm settings and Web application settings, in addition to the settings for any service applications that you select.
Back up and recover configurations only. This method provides you with the core SharePoint Foundation 2010 settings only.

Note:

This method does not include Web application or service application settings. If Web application settings are required in the recovered farm, use one of the other methods.

Create a deployment script, based on your documented configuration. This method may be more work initially, but is easy to use to maintain standardization.

Back up and recover a farm without content databases to copy configuration settings

To copy configuration settings by using a farm backup, we recommend that you first detach the content databases from the farm. This is not a step that we recommend that you take with a live production farm.

Note:

Creating a farm backup without content databases does back up the service applications.

To back up and recover a farm without content databases by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command to document the current Web application URLs and content database mappings.

Get-SPWebApplication | %{$_.Name;$_.Url;%{$_.ContentDatabases|%{$_.Name};Write-Host “”}}

Either dismount all content databases, as in the following example:

Get-SPContentDatabase | Dismount-SPContentDatabase

Or dismount a specific content database, as in the following example:

Get-SPContentDatabase WSS_Content | Dismount-SPContentDatabase

Back up the farm.

Backup-SPFarm -Directory \\servername\share -BackupMethod Full

Note:

You can view the progress of the backup by looking at the \\servername\share\spbr####\spbackup.log file.

After the backup is complete, re-mount the content databases. Replace <WSS_Content> and <http://servername> with each of the mappings documented in step 5).

Mount-SPContentDatabase -Name <WSS_Content> -WebApplication <http://servername>

Back up and recover configuration settings only

As part of farm backup, you can choose to back up only configuration settings. A configuration-only backup extracts and backs up many, but not all, configuration settings from a configuration database. By using built-in tools, you can back up the configuration of any configuration database, whether it is currently attached to a farm or not. For detailed information about how to back up a configuration, see Back up a farm configuration (SharePoint Foundation 2010) .A configuration backup can be restored to the same — or any other — server farm. When a configuration is restored, it will overwrite any settings present in the farm that have values that are set within the configuration backup. If any settings present in the farm are not contained in the configuration backup, they will not be overwritten. For detailed information about how to restore a farm configuration, see Restore a farm configuration (SharePoint Foundation 2010).
Create a scripted deployment to copy configuration settings

When you create a scripted deployment of SharePoint Foundation 2010, you are creating copies of configuration settings.
Restore a Web application (SharePoint Foundation 2010)

Updated: January 20, 2011

This article describes how to restore a Web application. When you restore a Web application, you also restore the Internet Information Services (IIS) settings and all content databases that are associated with the Web application.

In this article:
Considerations when restoring a Web application

Consider the following information as you prepare to restore a Web application:
- You can only restore one Web application at a time by using the procedures in this article. However, you can simultaneously restore all the Web applications in the farm by restoring the complete farm.
- You cannot use SQL Server tools to restore a Web application.
- When you restore a Web application that is configured to use claims-based authentication, there are additional steps that you must follow after restoring the Web application to restore claims-based authentication.
Use Windows PowerShell to restore a Web application

You can use Windows PowerShell to restore a Web application manually or as part of a script that can be run at scheduled intervals.

To restore a Web application by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Restore-SPFarm -Directory <BackupFolderName> -RestoreMethod Overwrite -Item <WebApplicationName> [-BackupId <GUID>] [-Verbose]

Where:

<BackupFolderName> is the full path to the folder you use for backup files.
<WebApplicationName> is the name of the Web application that was backed up.
<GUID> is the identifier of the back up to use for the restore operation.

If you do not specify the value of the BackupID

parameter, the most recent backup will be used. You cannot restore a Web application by using a configuration-only backup. You can view the backups for the farm by typing the following:

Get-SPBackupHistory -Directory <BackupFolderName> -ShowBackup

For more information, see Restore-SPFarm (http://technet.microsoft.com/library/8e18ea80-0830-4ffa-b6b6-ad18a5a7ab3e(Office.14).aspx).

Note:

Use Central Administration to restore a Web application

You can use Central Administration to restore a Web application.

To restore a Web application by using Central Administration

Verify that the user account performing this procedure is a member of the Farm Administrators group. Additionally, verify that the Windows SharePoint Services Timer V4 service and the Farm Database Access account have Full Control permissions on the backup folder.
In Central Administration, on the Home page, in the Backup and Restore section, click Restore from a backup.
On the Restore from Backup — Step 1 of 3: Select Backup to Restore page, from the list of backups, select the backup job that contains the farm or Web application backup, and then click Next. You can view more details about each backup by clicking the (+) next to the backup.

Note:

If the correct backup job does not appear, in the Current Directory Location text box, type the Universal Naming Convention (UNC) path of the correct backup folder, and then click Refresh.

You cannot use a configuration-only backup to restore the Web application.

On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is next to the Web application, and then click Next.
On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component section, make sure that Farm\<Web application> appears in the Restore the following content list.

In the Restore Only Configuration Settings section, make sure that the Restore content and configuration settings option is selected.

In the Restore Options section, under Type of Restore, select the Same configuration option. A dialog box appears that asks you to confirm the operation. Click OK.

Note:

If the Restore Only Configuration Settings section does not appear, the backup that you selected is a configuration-only backup. You must select another backup.

Click Start Restore.

You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current recovery job in the lower part of the page in the Restore section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the recovery to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified.

Use SQL Server tools to restore databases associated with a Web application

You cannot restore the complete Web application by using SQL Server tools. However, you can restore all the databases that are associated with the Web application. To restore the complete Web application, use either Windows PowerShell or Central Administration.

To restore databases associated with a Web application by using SQL Server tools

Verify that the user account performing this procedure is a member of the sysadmin fixed server role.
If the Windows SharePoint Services Timer service is running, stop the service and wait for several minutes for any currently running stored procedures to finish. Do not restart the service until after you restore the databases.
Start SQL Server Management Studio and connect to the database server.
In Object Explorer, expand Databases.
Right-click the database that you want to restore, point to Tasks, point to Restore, and then click Database.

The database is automatically taken offline during the recovery operation and cannot be accessed by other processes.
In the Restore Database dialog box, specify the destination and the source, and then select the backup set or sets that you want to restore.

The default values for destination and source are appropriate for most recovery scenarios.
In the Select a page pane, click Options.
In the Restore options section, select only Overwrite the existing database. Unless the environment or policies require otherwise, do not select the other options in this section.
In the Recovery state section:

If you have included all the transaction logs that you must restore, select RECOVER WITH RECOVERY.
If you must restore additional transaction logs, select RECOVER WITH NORECOVERY.
The third option, RECOVER WITH STANDBY is not used in this scenario.

Note:

For more information about these recovery options, see Restore Database (Options Page) (http://go.microsoft.com/fwlink/?LinkId=114420).

Click OK to complete the recovery operation.
Repeat steps 4 through 10 for each database that you are restoring.
Start the Windows SharePoint Services Timer service.

Additional steps to restore a Web application that uses forms-based authentication

After you restore a Web application that uses forms-based authentication, you must perform the following steps to reconfigure the Web application to use forms-based authentication.

Re-register the membership and role providers in the Web.config file.
Redeploy the providers.

For more information, see Configure forms-based authentication for a claims-based Web application (SharePoint Foundation 2010) (http://technet.microsoft.com/library/f7b57d4b-87d7-41e6-9e55-350d6ad41894(Office.14).aspx).

Additional steps to remove duplicate claims providers after restoring a Web application that uses claims-based authentication

After a Web application that is configured to use claims-based authentication has been restored, duplicate or additional claims providers are often visible. You must use the following process to remove the duplicate providers:

In Central Administration, click Manage Web application, select a Web application that uses claims-based authentication, and then click Authentication Providers.
Select a zone that the Web application is associated with to open the Edit Authentication page, and then click Save.
Repeat for each zone, and then for each Web application that uses claims-based authentication.

Restore a service application (SharePoint Foundation 2010)

Updated: July 8, 2010

There are situations in which you might have to restore a specific service application instead of restoring the complete farm. Some service applications — for example, the Business Data Connectivity service application — provide data to other services and sites. As a result, users might experience some service interruption until the recovery process is finished.

For information about how to simultaneously restore all the service applications in a farm, see Restore a farm (SharePoint Foundation 2010).

Important:

You cannot back up from one version of Microsoft SharePoint Foundation and restore to another version of SharePoint Foundation.

Note:

SharePoint Foundation 2010 backs up the Business Data Connectivity Service metadata store, which includes external content types, external systems, and BDC models. For more information, see Business Data Connectivity service administration (SharePoint Foundation 2010) (http://technet.microsoft.com/library/203a1cbd-49d9-49cb-be83-598753e8b07e(Office.14).aspx). Note that this does not back up the external data sources. To protect the data, the external data sources must be backed up.

If you restore the service application or the farm and then restore the data source to a different location, you must change the location information in the external content type definition. If you do not, the Business Data Connectivity Service might not be able to locate the data source.

Note:

SharePoint Foundation 2010 restores remote Binary Large Object (BLOB) stores but only if you are using the FILESTREAM provider to put data in remote BLOB stores.

If you are using another provider, you must manually restore remote BLOB stores.

Procedures in this article:

Use Windows PowerShell to restore a service application
Use Central Administration to restore a service application
Use SQL Server tools to restore the databases for a service application

Note:

You cannot restore the complete service application but you can restore the databases associated with the service application.

Use Windows PowerShell to restore a service application

You can use Windows PowerShell to restore a service application.

To restore a service application by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Restore-SPFarm -Directory <BackupFolder> -Item <ServiceApplicationName> -RecoveryMethod Overwrite [-BackupId <GUID>] [-Verbose]

To specify which backup to use, use the BackupId

parameter. You can view the backups for the farm by typing the following: Get-SPBackupHistory -Directory <Backup folder> -ShowBackup

. If you do not specify the BackupId

, the most recent backup will be used. You cannot restore a service application from a configuration-only backup.

For more information, see Restore-SPFarm (http://technet.microsoft.com/library/8e18ea80-0830-4ffa-b6b6-ad18a5a7ab3e(Office.14).aspx).

Note:

Use Central Administration to restore a service application

Use the following procedure to restore a service application by using the SharePoint Central Administration Web site.

To restore a service application by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
In Central Administration, on the Home page, in the Backup and Restore section, click Restore from a backup.
On the Restore from Backup — Step 1 of 3: Select Backup to Restore page, select the backup job that contains the service application backup, or a farm-level backup, from the list of backups, and then click Next. You can view more details about each backup by clicking the (+) next to the backup.

Note:

If the correct backup job does not appear, in the Backup Directory Location text box, type the path of the correct backup folder, and then click Refresh.

You cannot use a configuration-only backup to restore the farm.

On the Restore from Backup — Step 2 of 3: Select Component to Restore page, expand Shared Services Applications, select the check box that is next to the service application, and then click Next.
On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component section, make sure that Farm\Shared Services Applications\<Service application> appears in the Restore the following component list.

In the Restore Options section, under Type of restore, select the Same configuration option. A dialog box will appear that asks you to confirm the operation. Click OK.

Click Start Restore.
You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current recovery job in the lower part of the page in the Restore section. The status page updates every 30 seconds automatically.

You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take a several seconds for the recovery to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified in step 3.

Use SQL Server tools to restore the databases for a service application

You cannot restore the complete service application by using SQL Server tools. However, you can use SQL Server tools to restore the databases that are associated with the service application. To restore the complete service application, use either Windows PowerShell or Central Administration.

To restore the databases for a service application by using SQL Server tools

Verify that the user account that you are using to restore the databases is a member of the SQL Server sysadmin fixed server role on the database server where each database is stored.
Open SQL Server Management Studio and connect to the database server.
In Object Explorer, expand Databases.
Right-click the database that you want to restore, point to Tasks, point to Restore, and then click Database.
In the Restore Database dialog box, on the General page, select the database to restore to from the To database drop-down list.
Select the restore source from the From database drop-down list.
In the Select the backup sets to restore section area, select the check box next to the database.
On the Options tab, select the recovery state from the Recover state section.

For more information about which recovery type to use, see Overview of Recovery Models (http://go.microsoft.com/fwlink/?LinkId=114396) in SQL Server Books Online.
Click OK to restore the database.
Repeat steps 1-9 for each database that is associated with the service application.

Restore a site collection (SharePoint Foundation 2010)

Updated: June 24, 2010

You can use only Windows PowerShell to restore a site collection.

Use Windows PowerShell to restore a site collection

You can use Windows PowerShell to restore a site collection manually or as part of a script that can be run at scheduled intervals.

Note:

If a user has taken copies of content for off-line editing in Microsoft SharePoint Workspace 2010 and the content is restored from a backup on the server, when the user re-connects, the server automatically synchronizes the off-line content with the restored content. This might result in data loss on the user’s copies of the content.

To restore a site collection by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin. Additionally, verify that the user account performing this procedure has read permissions to the backup folder and is a member of the db_owner fixed database role on both the farm configuration database and the content database where the site collection is being restored.
On the Start menu, click Administrative Tools.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Restore-SPSite -Identity <Site collection URL> -Path <Backup file> [-DatabaseServer <Database server name>] [-DatabaseName <Content database name>] [-HostHeader <Host header>] [-Force] [-GradualDelete] [-Verbose]

If you want to restore the site collection to a specific content database, use the DatabaseServer

and DatabaseName

parameters to specify the content database. If you do not specify a content database, the site collection will be restored to a content database chosen by Microsoft SharePoint Foundation 2010.

If you are restoring a host-named site collection, use the Identity

parameter to specify the URL of the host-named site collection and use the HostHeader

parameter to specify the URL of the Web application that will hold the host-named site collection.

If you want to overwrite an existing site collection, use the Force

parameter.

Note:

If the site collection that you are restoring is 1 gigabyte or larger, you can use the GradualDelete

parameter for better performance during the restore process. When this parameter is used, the site collection that is overwritten is marked as deleted, which immediately prevents any additional access to its content. The data in the marked site collection is then deleted gradually over time by a timer job instead of all at the same time, which reduces the impact on server performance.

For more information, see Restore-SPSite (http://technet.microsoft.com/library/90f19a58-0455-470c-a8ee-3129fc341f62(Office.14).aspx).

Note:

Concepts

Back up a site collection (SharePoint Foundation 2010)
Restore customizations (SharePoint Foundation 2010)

Updated: August 12, 2010

This article describes how to restore customizations that have been made to sites in a Microsoft SharePoint Foundation farm.

This article assumes that you are familiar with the concepts and procedures in Back up customizations (SharePoint Foundation 2010).

In this article:
Restoring solution packages

The method that you use to restore solution packages is determined by whether the customizations were deployed as trusted solutions or sandboxed solutions.

Trusted solutions are solutions that farm administrators deploy. They are deployed to the entire farm, and can be used on any site within the farm. Trusted solutions are stored in the configuration database. Trusted solutions are backed up when a farm is backed up by using SharePoint Foundation 2010 backup, and are included in configuration-only backups, and can also be backed up as a group, or individually. They are visible in the restore hierarchy.

Sandboxed solutions are solutions that site collection administrators can deploy to a single site collection. Sandboxed solutions are stored in the content database associated with the site collection that they are deployed to. They are included in SharePoint Foundation 2010 farm, Web application, content database, and site collection backups, but are not visible in the restore hierarchy, and cannot be selected or restored individually.

We recommend that you keep a backup of the original .wsp file as well as the source code used to build the .wsp file for both trusted and sandboxed solutions.

To restore a trusted solution by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
In Central Administration, on the Home page, in the Backup and Restore section, click Restore from a backup.
On the Restore from Backup — Step 1 of 3: Select Backup to Restore page, from the list of backups, select the backup job that contains the solution package, and then click Next. You can view more details about each backup by clicking the (+) next to the backup.

Note:

If the correct backup job does not appear, in the Backup Directory Location text box, type the Universal Naming Convention (UNC) path of the correct backup folder, and then click Refresh.

On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is next to the solution, and then click Next.
On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Component section, ensure that Solution appears in the Restore the following component list.

In the Restore Only Configuration Settings section, ensure that the Restore content and configuration settings option is selected.

In the Restore Options section, under Type of Restore, select the Same configuration option. A dialog box appears that asks you to confirm the operation. Click OK.

Click Start Restore.
You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current recovery job in the lower part of the page in the Restore section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the recovery to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified in step 3.

To restore a trusted solution by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.

At the Windows PowerShell command prompt, type the following command:

Restore-SPFarm -Directory <BackupFolder> -RestoreMethod Overwrite -BackupId <GUID> -Item <SolutionPath>

Where:

<BackupFolder> is the UNC location of the directory that you want to restore from.
<GUID> is the GUID of the backup ID that you want to restore from. If you do not specify a backup, the most recent one is used.
<SolutionPath> is the path of the solution within the backup tree (usually farm\solutions\SolutionName).

For more information, see Restore-SPFarm (http://technet.microsoft.com/library/8e18ea80-0830-4ffa-b6b6-ad18a5a7ab3e(Office.14).aspx).

Note:

Restoring a sandboxed solution

You cannot restore only customizations that were deployed as sandboxed solutions. Instead, you must restore the farm, Web application, content database, or site collection with which the customization is associated. For more information about these methods of restoring, see Related content later in this article.

Restoring authored site elements

You cannot restore only authored site elements. Instead, you must restore the farm, Web application, or content database with which the authored site element is associated. For more information about these methods of backing up, see Related content.
Restoring workflows

Workflows are a special case of customizations that you can restore. Make sure that the backup and recovery plan includes any of the following scenarios that apply to the environment:
- Declarative workflows, such as those created in Microsoft SharePoint Designer 2010, are stored in the content database for the site collection to which they are they are deployed. Restoring the content database or site collection restores these workflows.
- Custom declarative workflow actions have components in the following three locations:

The Microsoft Visual Studio 2010 assemblies for the actions are stored in the global assembly cache (GAC).
The XML definition files (.actions files) are stored in the 14\TEMPLATE\<LCID>\Workflow directory.
An XML entry to mark the action as an authorized type is stored in the Web.config file for the Web applications in which it is used.

If the farm workflows use custom actions, you should use a file restore system to restore these files and XML entries. You can reapply the files as needed after recovery.

Workflows that depend on custom code, such as those that are created by using Visual Studio 2010, are stored in two locations. The Visual Studio 2010 assemblies for the workflow are stored in the GAC, and the XML definition files are stored in the Features directory. This is the same as other types of SharePoint Foundation features such as Web Parts and event receivers. If the workflow was installed as part of a solution package, follow the instructions for restoring solution packages.
If you create a custom workflow that interacts with a site collection other than the one where the workflow is deployed, you must restore both site collections to recover the workflow. Restoring a farm is sufficient to recover all site collections in the farm and all workflows that are associated with them.
Workflows that have not been deployed must be restored separately by using a file system backup application.

Restoring changes to the Web.config file

You can recover changes to the Web.config file made by using Central Administration or the SharePoint Foundation 2010 APIs and object model by performing a farm or configuration-only restore. You should use a file system backup to protect changes to the Web.config file that are not made by using Central Administration or the SharePoint APIs and object model. You can recover the backup by using a file system restore.

Recovering changes made by direct editing

Changes made directly to a site by directly editing through the browser can be difficult to recover. The following table describes recovery strategies for specific objects.

Edited object	Backup strategy
List	If you have used SharePoint Designer 2010 to save as a template, you can deploy and activate the template. For more information, see Save a SharePoint site as a template (http://go.microsoft.com/fwlink/?LinkID=199515).
Site	If you have used SharePoint Designer 2010 to save as a template, you can deploy and activate the template. For more information, see Save a SharePoint site as a template (http://go.microsoft.com/fwlink/?LinkID=199515).
Site collection	Use site collection recovery. For more information, see Restore a site collection (SharePoint Foundation 2010).

Restoring developed customizations that are not packaged as solutions

Restoring developed customizations that are not packaged as solutions can be a complex process because the customization file locations are not standardized.

Consult with the development team or customization vendor to determine whether the customizations involve additional add-in software or files in other locations. We recommend that you restore directories with a file system restore solution. The following table lists locations where customizations are typically stored on Web servers.

Location	Description
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14	Commonly updated files, custom assemblies, custom templates, custom site definitions
Inetpub	Location of IIS virtual directories
%WINDIR%\Assembly	Global assembly cache (GAC): a protected operating system location where the Microsoft .NET Framework code assemblies are installed to provide full system access

Restore a content database (SharePoint Foundation 2010)

Updated: June 24, 2010

You can restore any content database or several content databases, one at a time. For information about how to back up all the content databases in a farm at the same time, see Back up a farm (SharePoint Foundation 2010).

Note:

SharePoint Foundation 2010 restores up remote Binary Large Objects (BLOB) stores but only if you are using the SQL Filestream remote BLOB store provider to place data in remote BLOB stores.

If you are using another provider you must manually restore these remote BLOB stores.

Note:

Procedures in this task:

Use Windows PowerShell to restore a content database
Use Central Administration to restore a content database
Use SQL Server tools to restore a content database

Use Windows PowerShell to restore a content database

You can use Windows PowerShell to restore a content database.

To restore a content database by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Restore-SPFarm -Directory <Backup folder name> -RestoreMethod Overwrite -Item <Content database name> [-BackupId <GUID>] [-Verbose]

Note:

If you are not logged on as the Farm account, you are prompted for the Farm account’s credentials.

If you do not use the BackupId

parameter, the most recent backup will be used. To view a list of the backups, including their Backup IDs, type the following command, and then press ENTER:

Get-SPBackupHistory -Directory <Backup folder>

For more information, see Restore-SPFarm (http://technet.microsoft.com/library/8e18ea80-0830-4ffa-b6b6-ad18a5a7ab3e(Office.14).aspx).

Note:

Use Central Administration to restore a content database

You can use Central Administration to restore a farm or components of a farm.

To restore a content database by using Central Administration

Verify that you are logged on as a member of the Farm Administrators group.
In Central Administration, on the Home page, in the Backup and Restore section, click Restore from a backup.
On the Restore from Backup — Step 1 of 3: Select Backup to Restore page, from the list of backups, select the backup job that contains the content database backup, and then click Next.

Note:

If the correct backup job does not appear, in the Current Directory Location text box, enter the path of the correct backup folder, and then click Refresh.

On the Restore from Backup — Step 2 of 3: Select Component to Restore page, select the check box that is next to the content database, and then click Next.

Note:

If the content database is not selectable, you must use Windows PowerShell or SQL Server tools to restore the content database.

On the Restore from Backup — Step 3 of 3: Select Restore Options page, in the Restore Options section, under Type of Restore, click the Same configuration option. A dialog box appears that asks you to confirm the operation. Click OK.

Click Start Restore.
You can view the general status of all recovery jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current recovery job in the lower part of the page in the Restore section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the recovery to start.

If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Sprestore.log file at the UNC path that you specified in step 2.

Use SQL Server tools to restore a content database

You can use SQL Server tools to restore a content database by following these steps:

If possible, back up the live transaction log of the content database to protect any changes that were made after the last full backup.
Restore the last full database backup.
Restore the most recent differential database backup that occurred after the most recent full database backup.
Restore all transaction log backups that occurred after the most recent full or differential database backup.

To restore a content database by using SQL Server tools

Verify that the user account performing this procedure is a member of the sysadmin fixed server role.
If the Windows SharePoint Services Timer service is running, stop the service and wait for several minutes for any currently running stored procedures to finish. Do not restart the service until after you restore the content databases.
Start SQL Server Management Studio and connect to the database server.
In Object Explorer, expand Databases.
Right-click the database that you want to restore, point to Tasks, point to Restore, and then click Database.

The database is automatically taken offline during the recovery operation and cannot be accessed by other processes.
In the Restore Database dialog box, specify the destination and the source, and then select the backup set or sets that you want to restore.

The default values for destination and source are appropriate for most recovery scenarios.
In the Select a page pane, click Options.
In the Restore options section, select only Overwrite the existing database. Unless the environment or policies require otherwise, do not select the other options in this section.
In the Recovery state section:

If you have included all the transaction logs that you must restore, select RECOVER WITH RECOVERY.
If you must restore additional transaction logs, select RECOVER WITH NORECOVERY.
The third option, RECOVER WITH STANDBY is not used in this scenario.

Note:

For more information about these recovery options, see Restore Database (Options Page) (http://go.microsoft.com/fwlink/?LinkId=114420).

Click OK to complete the recovery operation.
Repeat steps 4 through 10 for each database that you are restoring.
Start the Windows SharePoint Services Timer service.

Concepts

Back up a content database (SharePoint Foundation 2010)
Attach and restore a read-only content database (SharePoint Foundation 2010)

Published: May 12, 2010

A Microsoft SharePoint Foundation 2010 farm in which content databases have been set to be read-only can be part of a failure recovery environment that runs against mirrored or log-shipped content databases or part of a highly available maintenance or patching environment that provides user access when another version of the farm is being updated. When you re-attach the read-only databases, they become read-write.

For more information about how to use read-only databases, see Run a farm that uses read-only content databases (Windows SharePoint Services “14”) (http://technet.microsoft.com/library/db27f4ab-af50-4400-ad9a-5092868a5398(Office.14).aspx).
Use Windows PowerShell to attach and restore a read-only content database

You can use only Windows PowerShell to attach and restore a read-only content database.

To attach and restore a read-only content database by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Mount-SPContentDatabase -Name <Database name> -WebApplication <Web application ID> [-Verbose]

Note:

Attaching a content database by using the Mount-SPContentDatabase

cmdlet differs from attaching a database in SQL Server by using SQL Server tools. Mount-SPContentDatabase

associates the content database with a Web application so that the contents can be read.

For more information, see Mount-SPContentDatabase (http://technet.microsoft.com/library/20d1bc07-805c-44d3-a278-e2793370e237(Office.14).aspx).

Note:

Concepts

Recovery (SharePoint Foundation 2010)
Import a list or document library (SharePoint Foundation 2010)

Published: May 12, 2010

Although you can use either Windows PowerShell or Central Administration to export a site, list, or document library, you can use only Windows PowerShell to import a site, list, or document library. For information about how to export lists or libraries, see Export a site, list, or document library (SharePoint Foundation 2010).

You can use importing as a method of restoring the items, or as a method of moving or copying the items from one farm to another farm. You can import a site, list, or document library from a backup of the current farm, from a backup of another farm, or from a read-only content database. To import from a read-only content database, you must first attach the read-only database. For more information, see Attach and restore a read-only content database (SharePoint Foundation 2010).

Important:

You cannot import a site, list or document library exported from one version of Microsoft SharePoint Foundation to another version of SharePoint Foundation.
Import a site, list or document library

You can use Windows PowerShell to manually import a site, list, or document library or as part of a script that can be run at regular intervals.

To import a site, list or document library by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt (that is, PS C:\>), type the following command, and then press ENTER:

Import-SPWeb -Identity <Site URL> -Path <Export file name> [-Force] [-NoFileCompression] [-Verbose]

Important:

The site or subsite that you are importing must have a template that matches the template of the site specified by Identity

You can also use the Get-SPWeb

cmdlet and pass the ID to Import-SPWeb

by using the Windows PowerShell pipeline. The value of the Path

parameter specifies the path and file name of the file from which to import the list or library. To include the user security settings with the list or document library, use the IncludeUserSecurity

parameter. To overwrite the list or library that you specified, use the Force

parameter. You can use the UpdateVersions

parameter to specify how versioning conflicts will be handled. To view the progress of the operation, use the Verbose

parameter.

The NoFileCompression

parameter lets you specify that no file compression is performed during the import process. Using this parameter can lower resource usage up to 30% during the export and import process. If you are importing a site, list, or document library that you exported from Central Administration, or if you exported a site, list, or document library by using Windows PowerShell and you did not use the NoFileCompression

parameter in the Export-SPWeb

cmdlet, you cannot use this parameter in the Import-SPWeb

cmdlet.

Note:

There is no facility in the Import-SPWeb

cmdlet import a subset of the items in the export file. Therefore, the import operation will import everything from the file.

For more information, see Import-SPWeb (http://technet.microsoft.com/library/2ecc5b6e-1b23-4367-a966-b7bd3377db3a(Office.14).aspx).

Note:

Concepts

Export a site, list, or document library (SharePoint Foundation 2010)
Availability configuration (SharePoint Foundation 2010)

Published: May 12, 2010

This section describes how to configure availability for Microsoft SharePoint Foundation 2010. The articles assume that you are familiar with the concepts and terms presented in Plan for availability (SharePoint Foundation 2010).

In this section:
- Configure availability by using SQL Server clustering (SharePoint Foundation 2010)
  
  This article describes how to use SQL Server clustering with SharePoint Foundation 2010.
- Configure availability by using SQL Server database mirroring (SharePoint Foundation 2010)
  
  This article describes how to configure SQL Server database mirroring for use with SharePoint Foundation 2010.
- Sample script for configuring SQL Server mirroring (SharePoint Foundation 2010)
  
  This article provides a script to use in configuring SQL Server database mirroring for use with SharePoint Foundation 2010 in a test environment. In a production environment, we recommend that a database professional configure mirroring.
Concepts

Plan for availability (SharePoint Foundation 2010)
Configure availability by using SQL Server clustering (SharePoint Foundation 2010)

Published: May 12, 2010

Microsoft SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2 failover clustering can be used to configure availability within a farm for Microsoft SharePoint Foundation 2010. This article assumes that you are familiar with the concepts and terms presented in Plan for availability (SharePoint Foundation 2010).

Failover clustering provides availability support for an instance of SQL Server 2008 with SP1 and Cumulative Update 2. A failover cluster is a combination of one or more nodes or servers and two or more shared disks. A failover cluster instance appears as a single computer, but has functionality that provides failover from one node to another if the current node becomes unavailable.

SharePoint Foundation 2010 references the cluster as a whole; therefore, failover is automatic and seamless from the perspective of SharePoint Foundation 2010.

For detailed information about failover clustering, see Getting Started with SQL Server 2008 Failover Clustering (http://go.microsoft.com/fwlink/?LinkID=102837&clcid=0x409).

There are no instructions specific to setting up clustering for SharePoint Foundation 2010. For instructions on how to set up failover clustering, see Installing a SQL Server 2008 Failover Cluster (http://go.microsoft.com/fwlink/?LinkId=132112&clcid=0x409).
Configure availability by using SQL Server database mirroring (SharePoint Foundation 2010)

Published: May 12, 2010

This article describes how to use high-availability database mirroring to configure availability within a farm for Microsoft SharePoint Foundation 2010. The article assumes that you are familiar with the concepts and terms presented in Plan for availability (SharePoint Foundation 2010).

Microsoft SQL Server database mirroring provides availability support by sending transactions directly from a principal database and server to a mirror database and server when the transaction log buffer for the principal database is written to disk. For availability within a Microsoft SharePoint Foundation 2010 farm, you use high-availability database mirroring, also known as high-safety mode with automatic failover. High-availability database mirroring involves three server instances: a principal, a mirror, and a witness. The witness server enables SQL Server to automatically fail over from the principal server to the mirror server. Failover from the principal database to the mirror database typically takes several seconds.

Within a SharePoint Foundation 2010 farm, mirroring can provide redundancy for the content and configuration databases, and for many service databases. Even if your databases are mirrored to the same server, each database fails over individually. The following figure shows how mirroring is configured to provide availability within a SharePoint Foundation 2010 farm.

SharePoint Foundation 2010 is mirroring-aware. To use mirroring in your environment, first configure mirroring, and then set the failover database value in SharePoint Foundation.

In this article:

Before you begin

Before you begin to configure mirroring, make sure that your database administrator is aware of the following requirements and supported topologies.

Database mirroring requirements

Become familiar with the recommendations in the following list, and ensure that your databases and system meet any requirements before you configure database mirroring for a SharePoint Foundation environment:

We recommend that your system have latency no more than 1 millisecond.
System bandwidth should preferably be 1 gigabyte (GB) per second.
Logs are copied in real time between the principal and the mirror servers, and copying can affect performance. Make sure that you have sufficient memory and bandwidth on both the principal and mirror server.
The principal server and mirror server must run the same version and edition of SQL Server, and they must run in the same language. Database mirroring is available only in the Standard, Developer, and Enterprise editions. The witness server can run any version of SQL Server, including SQL Server 2008 Express.
Mirroring works only with databases that use the full recovery model.

By default, SharePoint Foundation 2010 databases are configured to use the simple recovery model. To configure database mirroring, the recovery model of the database must be set to Full. For information about how to set the recovery model for a database, see How to: View or Change the Recovery Model of a Database (SQL Server Management Studio) (http://go.microsoft.com/fwlink/?LinkId=132075&clcid=0x409).
If you plan to mirror databases, consider that the size of the transaction logs for these databases may become very large. To work around this, you can establish a recovery plan that truncates transaction logs as necessary. For more information, see the following article in the Microsoft Knowledge Base: How to stop the transaction log of a SQL Server database from growing unexpectedly (http://go.microsoft.com/fwlink/?LinkId=111458&clcid=0x409).
Every database mirroring session creates at least two threads for each database. Ensure that your database server has enough threads to allocate for mirroring all the supported databases. If you have insufficient threads, performance can decrease as more databases are added to a session.

For more information about performance for database mirroring, see Database mirroring best practices and performance considerations (http://go.microsoft.com/fwlink/?LinkId=185119).

Security associated with database mirroring

Database mirroring uses TCP sessions to transport the transaction log from one server to another and to monitor the current health of the system for automatic failovers. Authentication is performed at the session level when a port is opened for connection. Database mirroring supports both Windows authentication (NTLM or Kerberos) and certificates.

Unless the network is secure, the data transmitted during the session should be encrypted. Database mirroring supports both Advanced Encryption Standard (AES) and RC4 encryption algorithms. For more information about the security associated with database mirroring, see Database Mirroring Transport Security (http://go.microsoft.com/fwlink/?LinkId=83569&clcid=0x409).

SharePoint 2010 Products security and mirrored servers

When you set up a mirrored database, the SQL Server logins and permissions for the database to be used with a SharePoint farm are not automatically configured in the master and msdb databases on the mirror server. Instead, you must configure the permissions for the required logins. These include, but are not limited to, the following:

The Central Administration application pool account should be a member of the dbcreator and securityadmin fixed server roles.
All application pool accounts, the default content access accounts, and any accounts required for service applications should have SQL Server logins, although they should not be assigned to SQL Server fixed server or fixed database roles.
Members of the Farm Administrators SharePoint group should also have SQL Server logins and should be members of the same SQL Server roles as the Central Administration application pool account.

We recommend that you transfer your logins and permissions from the principal server to the mirror server by running a script. An example script is available in Knowledge Base article 918992 How to transfer the logins and the passwords between instances of SQL Server 2005 (http://go.microsoft.com/fwlink/?LinkId=122053&clcid=0x409). For more information about how to transfer SQL Server metadata between instances, see the SQL Server Books Online article Managing Metadata When Making a Database Available on Another Server Instance (http://go.microsoft.com/fwlink/?LinkId=122055&clcid=0x409).

Supported topologies

We recommend that you maintain a one-to-one mapping of principal server and database instance to mirror server and database instance to ensure compatibility with SharePoint Foundation 2010.

The supported topologies include mirroring all content databases, the configuration database, the Central Administration content database, and the service application databases except for the Web Analytics Staging database and the User Profile Synchronization database.

Note:

We do not recommend that you mirror the Usage and Health Data Collection Logging database. A SharePoint environment can continue to run if this database fails, and this data can be quickly regenerated.

Avoid topologies that do not have matching principal server and database instances and mirror server and database instances. Also, keep the configuration database and the administration content database on the same server.

Configure high-availability database mirroring

We recommend that a SQL Server database administrator configure high-availability mirroring for a production environment. For a test environment, we have provided Transact-SQL scripts that you can use to configure your environment. For more information, see Sample script for configuring SQL Server mirroring (SharePoint Foundation 2010).

Configure SharePoint 2010 Products to be aware of mirrored databases

To make SharePoint Foundation 2010 aware that failover mirrored databases exist, perform the following procedure for all configuration and content databases.

Note:

We recommend that you use Windows PowerShell cmdlets to set failover database values. Although you can use the Central Administration Web site to set some failover database values, you cannot use it for all databases.

To configure SharePoint 2010 Products to be aware of mirrored databases by using Windows PowerShell

Verify that you meet the following minimum requirements: See Add-SPShellAdmin.
On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following commands, and then press ENTER:

$db = get-spdatabase | where {$_.Name -eq “database name“}

$db.AddFailoverServiceInstance(“mirrored database name“)

$db.Update()

For more information, see Get-SPDatabase (http://technet.microsoft.com/library/c9802bf8-5216-4ade-b559-7ee25fcfa666(Office.14).aspx).

User experience during a failover

While SQL Server is switching to using a mirrored database, users of a SharePoint site that runs against the database may experience brief connectivity issues and data loss.
Monitoring and troubleshooting mirroring

To monitor the status and performance of mirroring within a farm, database administrators can use the Database Mirroring Monitor. Monitoring enables you to determine whether and how well data is flowing in the database mirroring session. Database Mirroring Monitor is also useful for troubleshooting the cause of reduced data flow. For more information, see Database Mirroring Monitor Overview (http://go.microsoft.com/fwlink/?LinkId=185068). Another resource to use in troubleshooting is the SQL Server Books Online article Troubleshooting Database Mirroring Setup (http://go.microsoft.com/fwlink/?LinkId=185069).
Other Resources

Database Mirroring (http://go.microsoft.com/fwlink/?LinkID=180597)
Sample script for configuring SQL Server mirroring (SharePoint Foundation 2010)

Published: May 12, 2010

This article contains a series of sample scripts that you can use to set up Microsoft SQL Server mirroring for a test Microsoft SharePoint Foundation 2010 environment. We recommend that a SQL Server database administrator configure mirroring for a production environment.

To set up database mirroring with SharePoint Foundation 2010, you must work individually with each database that you want to mirror.

In this article:
The steps in the following section apply to the following server farm topology:
- One or more front-end Web servers
- Three servers that are running SQL Server 2008: principal server, mirror server, and witness server
- One configuration database
- Multiple content databases
- One or more service application databases
Configure database mirroring with certificates and full recovery

Each step lists the server on which it should be performed. Use Transact-SQL to send these commands to SQL Server. Placeholder information is denoted by angle brackets (<>); replace this with information that is specific to your deployment.

To set up the principal server for outbound connections

On the principal server, create a certificate and open a port for mirroring.

–On the master database, create the database master key, if needed
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘<test1234->’;
GO
— Make a certificate for this server instance.
USE master;
CREATE CERTIFICATE <MASTER_HostA_cert>
WITH SUBJECT = ‘<Master_HostA certificate>’;
GO
–Create a mirroring endpoint for server instance by using the certificate
CREATE ENDPOINT Endpoint_Mirroring
STATE = STARTED
AS TCP (
LISTENER_PORT=5024
, LISTENER_IP = ALL
)
FOR DATABASE_MIRRORING (
AUTHENTICATION = CERTIFICATE <MASTER_HostA_cert>
, ENCRYPTION = REQUIRED ALGORITHM RC4
, ROLE = ALL
);
GO

On the principal server, back up the certificate.

–Back up the HOST_A certificate.
BACKUP CERTIFICATE MASTER_HostA_cert TO FILE = ‘<c:\MASTER_HostA_cert.cer>’;
GO

On the principal server, back up the database. This example uses the configuration database. Repeat for all databases.

USE master;
–Ensure that SharePoint_Config uses the full recovery model.
ALTER DATABASE SharePoint_Config
SET RECOVERY FULL;
GO
USE SharePoint_Config
BACKUP DATABASE SharePoint_Config
TO DISK = ‘<c:\SharePoint_Config.bak>’
WITH FORMAT
GO
BACKUP Log SharePoint_Config
TO DISK = ‘<c:\SharePoint_Config_log.bak>’
WITH FORMAT
GO

Copy the backup file to the mirror server. Repeat for all databases.
By using any secure copy method, copy the backup certificate file (C:\HOST_HostA_cert.cer, for example) to the mirror server.
On the principal server, create a login and user for the mirror server, associate the certificate with the user, and grant the login connect permissions for the partnership.

–Create a login on HOST_A for HOST_B
USE master;
CREATE LOGIN <HOST_HostB_login> WITH PASSWORD = ‘<1234-test>’;
GO
–Create a user for that login.
CREATE USER <HOST_HostB_user> FOR LOGIN <HOST_HostB_login>;
GO
–Associate the certificate with the user
CREATE CERTIFICATE <HOST_HostB_cert>
AUTHORIZATION <HOST_HostB_user>
FROM FILE = ‘<c:\HOST_HostB_cert.cer>’ –do not use a network path, SQL Server will give an error about the key not being valid
GO
–Grant CONNECT permission on the login for the remote mirroring endpoint.
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [<HOST_HostB_login>];
GO

To set up the mirror server for outbound connections

On the mirror server, create a certificate and open a port for mirroring.

–On the master database, create the database master key, if needed.
USE master;
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘<1234-test>’;
GO
— Make a certificate on the HOST_B server instance.
CREATE CERTIFICATE <HOST_HostB>
WITH SUBJECT = ‘<HOST_HostB certificate for database mirroring>’;
GO
–Create a mirroring endpoint for the server instance on HOST_B.
CREATE ENDPOINT Endpoint_Mirroring
STATE = STARTED
AS TCP (
LISTENER_PORT=5024
, LISTENER_IP = ALL
)
FOR DATABASE_MIRRORING (
AUTHENTICATION = CERTIFICATE <HOST_HostB>
, ENCRYPTION = REQUIRED ALGORITHM RC4
, ROLE = ALL
);
GO

On the mirror server, back up the certificate.

–Back up the HOST_B certificate.
BACKUP CERTIFICATE <HOST_HostB> TO FILE = ‘<C:\HOST_HostB_cert.cer>’;
GO

By using any secure copy method, copy the backup certificate file (C:\HOST_HostB_cert.cer, for example) to the principal server.
On the mirror server, restore the database from the backup files. This example uses the configuration database. Repeat for all databases.

RESTORE DATABASE SharePoint_Config
FROM DISK = ‘<c:\SharePoint_Config.bak>’
WITH NORECOVERY
GO
RESTORE log SharePoint_Config
FROM DISK = ‘<c:\SharePoint_Config_log.bak>’
WITH NORECOVERY
GO

To set up the mirror server for inbound connections

On the mirror server, create a login and user for the principal server, associate the certificate with the user, and grant the login connect permissions for the partnership.

–Create a login on HOST_B for HOST_A
USE master;
CREATE LOGIN <MASTER_HostA_login> WITH PASSWORD = ‘<test1234->’;
GO
–Create a user for that login.
CREATE USER <MASTER_HostA_user> FOR LOGIN <MASTER_HostA_login>;
GO
–Associate the certificate with the user
CREATE CERTIFICATE <MASTER_HostA_cert>
AUTHORIZATION <MASTER_HostA_user>
FROM FILE = ‘<c:\MASTER_HostA_cert.cer>’ –do not use a network path, SQL Server will give an error about the key not being valid
GO
–Grant CONNECT permission on the login for the remote mirroring endpoint.
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [<MASTER_HostA_login>];
GO

To set up the principal server for inbound connections

On the principal server, create a login and user for the mirror server, associate the certificate with the user, and grant the login connect permissions for the partnership.

To set up the mirroring partners

On the principal server, set up the mirroring partnership. This example uses the configuration database. Repeat for all databases.

–At HOST_A, set the server instance on HOST_B as a partner (mirror server).
ALTER DATABASE SharePoint_Config
SET PARTNER = ‘<TCP://databasemirror.adatum.com:5024>’;
GO

On the mirror server, set up the mirroring partnership. This example uses the configuration database. Repeat for all databases.

–At HOST_B, set the server instance on HOST_A as a partner (principal server):
ALTER DATABASE SharePoint_Config
SET PARTNER = ‘<TCP://databasemaster.adatum.com:5024>’;
GO

Set up a witness server

Each step lists the server on which it should be performed. Use Transact-SQL to send these commands to SQL Server. Placeholder information is denoted by angle brackets (<>); replace this with information that is specific to your deployment.

On the witness server, set up the certificate and open the port.

–On the master database, create the database master key, if needed
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘<1234test->’;
GO
— Make a certificate for this server instance.
USE master;
CREATE CERTIFICATE <WITNESS_HostC_cert>
WITH SUBJECT = ‘<Witness_HostC certificate>’;
GO
–Create a mirroring endpoint for server instance by using the certificate
CREATE ENDPOINT Endpoint_Mirroring
STATE = STARTED
AS TCP (
LISTENER_PORT=5024
, LISTENER_IP = ALL
)
FOR DATABASE_MIRRORING (
AUTHENTICATION = CERTIFICATE <WITNESS_HostC_cert
, ENCRYPTION = REQUIRED ALGORITHM RC4
, ROLE = ALL
);
GO

On the witness server, back up the certificate.

–Back up the HOST_C certificate
BACKUP CERTIFICATE <WITNESS_HostC_cert> TO FILE = ‘<c:\ WITNESS_HostC_cert.cer>’;
GO

By using any secure copy method, copy the backup certificate file (C:\WITNESS_HOSTC_cert.cer, for example) to the principal server and the mirror server.
On the witness server, create logins and users for the principal and mirror servers, associate the certificates with the users, and grant the logins connect permissions for the partnership.

–Create a login on witness HOST_C for principal HOST_A
USE master;
CREATE LOGIN <MASTER_HostA_login> WITH PASSWORD = ‘<test1234->’;
GO
–Create a user for that login.
CREATE USER <MASTER_HostA_user> FOR LOGIN <MASTER_HostA_login>;
GO
–Associate the certificate with the user
CREATE CERTIFICATE <MASTER_HostA_cert>
AUTHORIZATION <MASTER_HostA_user>
FROM FILE = ‘<c:\MASTER_HostA_cert.cer>’ –do not use a network path, SQL Server will give an error about the key not being valid
GO
–Grant CONNECT permission on the login for the remote mirroring endpoint.
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [<MASTER_HostA_login>];
GO
–Create a login for the mirror Host_B
CREATE LOGIN <HOST_HostB_login> WITH PASSWORD = ‘<1234-test>’;
GO
–Create a user for that login.
CREATE USER <HOST_HostB_user> FOR LOGIN <HOST_HostB_login>;
GO
–Associate the certificate with the user
CREATE CERTIFICATE <HOST_HostB_cert>
AUTHORIZATION <HOST_HostB_user>
FROM FILE = ‘<c:\HOST_HostB_cert.cer>’ –do not use a network path, SQL Server will give an error about the key not being valid
GO
–Grant CONNECT permission on the login for the remote mirroring endpoint.
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [<HOST_HostB_login>];
GO

On the principal server, create a login and user for the witness server, associate the certificate with the user, and grant the login connect permissions for the partnership. Repeat for the mirror server.

–Create a login on master HostA for witness HostC
USE master;
CREATE LOGIN <WITNESS_HostC_login> WITH PASSWORD = ‘<1234test->’;
GO
–Create a user for that login.
CREATE USER <WITNESS_HostC_user> FOR LOGIN <WITNESS_HostC_login>;
GO
–Associate the certificate with the user
CREATE CERTIFICATE <WITNESS_HostC_cert>
AUTHORIZATION <WITNESS_HostC_user>
FROM FILE = ‘<c:\WITNESS_HostC_cert.cer>’ –do not use a network path, SQL Server will give an error about the key not being valid
GO
–Grant CONNECT permission on the login for the remote mirroring endpoint.
GRANT CONNECT ON ENDPOINT::Endpoint_Mirroring TO [<WITNESS_HostC_login>];
GO

On the principal server, attach the witness server. This example uses the configuration database. Repeat for all databases.

–Set up the witness server
ALTER DATABASE SharePoint_Config
SET WITNESS =
‘<TCP://databasewitness.adatum.com:5024>’
GO

Transfer permissions to the mirror server

When you set up a mirrored database, the SQL Server logins and permissions for the database that will be used with a SharePoint farm are not automatically configured in the master and msdb databases on the mirror server. Instead, you must configure the permissions for the required logins.

We recommend that you transfer your logins and permissions from the principal server to the mirror server by running a script. The script that we recommend that you use is available in Knowledge Base article 918992: How to transfer the logins and the passwords between instances of SQL Server 2005 (http://go.microsoft.com/fwlink/?LinkId=122053&clcid=0x409).
Removing mirroring from a server

To remove mirroring from a server, see How to: Remove Database Mirroring (Transact-SQL) (http://go.microsoft.com/fwlink/?LinkId=185070).

Posted on 17 Dec 201217 Dec 2012 by escapebusinesssolutions in Uncategorized

Planning guide for
Microsoft SharePoint Foundation 2010

Microsoft Corporation

Published: November 2010

Author: Microsoft Office System and Servers Team (itspdocs@microsoft.com)
- Abstract
This book provides information and guidelines to lead a team through the steps of planning the deployment of a solution based on Microsoft SharePoint Foundation 2010. The audiences for this book are business application specialists, line-of-business specialists, information architects, IT generalists, program managers, and infrastructure specialists who are planning a solution based on SharePoint Foundation 2010.

The content in this book is a copy of selected content in the SharePoint Foundation 2010 technical library (http://go.microsoft.com/fwlink/?LinkId=181463) as of the publication date. For the most current content, see the technical library on the Web.

This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

© 2010 Microsoft Corporation. All rights reserved.

Microsoft, Access, Active Directory, Backstage, Excel, Groove, Hotmail, InfoPath, Internet Explorer, Outlook, PerformancePoint, PowerPoint, SharePoint, Silverlight, Windows, Windows Live, Windows Mobile, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

Contents

Getting help    xiv

Planning and architecture for SharePoint Foundation 2010    1

Downloadable resources    1

Planning articles    1

Technical diagrams (SharePoint Foundation 2010)    2

Models    2

Tips for printing posters    6

Site and solution planning (SharePoint Foundation 2010)    7

Fundamental site planning (SharePoint Foundation 2010)    8

Sites and site collections overview (SharePoint Foundation 2010)    9

Site collections overview    9

Sites overview    9

Site templates included in SharePoint Foundation 2010    10

Plan sites and site collections (SharePoint Foundation 2010)    14

About planning sites and site collections    14

Determine types of sites    14

Plan sites by organizational hierarchy    15

Plan application sites    15

Plan Internet presence sites    16

Plan other sites    16

Determine site collections    16

Site planning data worksheet    17

Site navigation overview (SharePoint Foundation 2010)    18

Navigation controls overview    18

Navigation controls on master pages    19

Top link bar navigation    19

Quick Launch navigation    19

Breadcrumb navigation    20

Tree view navigation    20

Plan site navigation (SharePoint Foundation 2010)    21

Create a site navigation diagram    21

Understanding inherited navigation    22

Determine which sites inherit the top link bar    23

Determine which additional links to add manually to the top link bar    24

Determine other site navigation options    24

Site planning data worksheet    24

Themes overview (SharePoint Foundation 2010)    25

About using themes    25

Ways to use themes    26

Using a preinstalled theme    26

Uploading your own custom themes to the theme gallery    26

Plan for using themes (SharePoint Foundation 2010)    27

About planning for using themes    27

Decide whether to use themes    27

Determine how many themes are needed    28

Decide who makes the themes    28

Site planning data worksheet    29

Plan for multilingual sites (SharePoint Foundation 2010)    30

About planning multilingual sites    30

Determine language and locale requirements    31

Determine language pack requirements    31

Determine requirements for word breakers and stemmers    33

Multilingual user interface overview (SharePoint Foundation 2010)    35

Use and benefits of the multilingual user interface    35

How the multilingual user interface works    36

What is supported by the multilingual user interface    37

Adding and modifying application content    38

Exporting and importing translated content    39

Limitations of the multilingual user interface    39

Plan for the multilingual user interface (SharePoint Foundation 2010)    40

Determine language requirements for your sites    40

Plan for translating content    40

Plan for installing service packs    41

Security planning for sites and content (SharePoint Foundation 2010)    42

Plan site permissions (SharePoint Foundation 2010)    43

Introduction    43

About site permissions    43

About assigning permissions    44

About permission inheritance    45

Permission inheritance and fine-grained permissions    45

Permission inheritance and subsites    45

About effective permissions    46

Choose permission levels    46

Plan for permission inheritance    47

Determine permission levels and groups (SharePoint Foundation)    49

Review available default groups    49

Review available permission levels    50

Determine whether you need additional permission levels or groups    51

Do you need custom groups?    51

Do you need custom permission levels?    51

Choose security groups (SharePoint Foundation 2010)    53

Introduction    53

Determine which Windows security groups and accounts to use for granting access to sites    53

Decide whether to allow access for all authenticated users    54

Decide whether to allow access for anonymous users    54

Choose administrators and owners for the administration hierarchy (SharePoint Foundation 2010)    56

Introduction    56

Levels of administration    56

Best practices for using fine-grained permissions (white paper) (SharePoint Foundation 2010)    58

Sandboxed solutions planning (SharePoint Foundation 2010)    59

In this section    59

Sandboxed solutions overview (SharePoint Foundation 2010)    60

Deploying and running a sandboxed solution    60

Isolating sandboxed solutions    62

What a sandboxed solution cannot contain    62

Comparison of sandboxed and farm solutions    63

Benefits of using sandboxed solutions    64

Planning sandboxed solutions (SharePoint Foundation 2010)    65

Determine when to use sandboxed solutions    65

Plan to load balance sandboxed solution code    66

Determine where to deploy sandboxed solutions    66

Determine who can deploy sandboxed solutions    67

Determine which site collections will run sandboxed solutions using quotas    67

Plan resource usage quotas for sandboxed solutions    67

Plan sandboxed solutions governance    69

Plan for collaboration sites (SharePoint Foundation 2010)    70

Determine number of collaboration sites    70

Specific paths    70

Additional paths    71

Integration with Microsoft SharePoint Workspace 2010    71

Document management planning (SharePoint Foundation 2010)    72

Document library planning (SharePoint Foundation 2010)    73

Plan document libraries    73

Content types planning (SharePoint Foundation 2010)    75

Plan content types    75

What are content types?    75

Versioning, content approval, and checkout planning (SharePoint Foundation 2010)    78

About versioning, content approval, and check-outs    78

Plan versioning    78

Plan content approval    79

Plan check-out and check-in    80

Co-authoring overview (SharePoint Foundation 2010)    82

Co-authoring functionality in SharePoint Foundation 2010    82

Understanding the end-user experience    83

Important considerations    84

OneNote Notebooks    85

Software Version Requirements    85

Co-authoring in a mixed Office environment    85

Mixed environment that has Microsoft Office PowerPoint and Word 2007    85

Mixed environment that has Microsoft Office OneNote 2007    86

Performance and scalability    86

Business data and processes planning (SharePoint Foundation)    87

Plan for Business Connectivity Services (SharePoint Foundation 2010)    88

Business Connectivity Services overview (SharePoint Foundation 2010)    89

Typical solutions based on Business Connectivity Services    89

Business Connectivity Services security overview (SharePoint Foundation 2010)    91

About this article    91

Business Connectivity Services security architecture    91

Accessing external data    91

Business Connectivity Services authentication overview    93

Configuring Business Connectivity Services for credentials authentication    93

Configuring Business Connectivity Services for claims-based authentication    97

Business Connectivity Service permissions overview    99

What can permissions be set on?    99

Special permissions on the Business Data Connectivity service    103

Common tasks and their related permissions    104

Securing Business Connectivity Services    105

Service account    105

Server to server communication    105

Applications that use FileBackedMetadataCatalog    105

Diagnostic logging in Business Connectivity Services overview (SharePoint Foundation 2010)    106

Diagnostic logging in Business Connectivity Services    106

About Activity IDs    108

Diagnostic logging on servers    109

Example: using diagnostic logging    109

Plan workflows (SharePoint Foundation 2010)    111

Workflows overview (SharePoint Foundation 2010)    112

Workflow overview    112

Benefits of using workflows    113

Automating business processes    113

Workflows improve collaboration    114

Predefined workflows    114

Sample workflow scenario    115

Workflow types: Declarative and compiled    116

Workflow templates    117

Workflow associations    117

Choose a workflow authoring tool (SharePoint Foundation)    119

Authoring workflows with Visual Studio 2010 and WF Workflow Designer    120

Authoring workflows with Microsoft SharePoint Designer 2010    122

Authoring tool comparison    125

Plan for workflow security and user management (SharePoint Foundation 2010)    127

List manager, administrator, and developer roles and responsibilities    127

Workflow developers    127

Site administrators    128

List administrators (anyone with Manage List or Web Designer permissions)    128

Running workflows as an administrator    128

Workflow configuration settings    128

Required permissions to start a workflow    129

Central Administration settings    129

Information disclosure in task and workflow history lists    130

Spoofing and tampering attacks in the task and workflow history lists    131

Security issues in the workflow history list    131

User-Impersonation Step type for declarative workflows    132

Approval Workflow: A Scenario (SharePoint Foundation 2010)    134

Authoring a workflow    134

Associating a workflow    134

Associating a workflow with a site    135

Starting a workflow    135

Interacting with a workflow    136

Summarizing the process    137

Plan site creation and maintenance (SharePoint Foundation 2010)    138

Plan process for creating sites (SharePoint Foundation 2010)    139

Determine who can create sites and a method for site creation    139

Plan for Self-Service Site Management    140

Plan for custom site creation processes    141

Worksheet    141

Plan site maintenance and management (SharePoint Foundation 2010)    142

Plan for site maintenance    142

Plan for managing site collections    143

Plan site collection quotas    143

Plan site use confirmation and deletion    144

Worksheet    144

Plan quota management (SharePoint Foundation 2010)    145

About planning quota management    145

Determine quota template settings    146

Determine recycle bin settings    146

Delete unused Web sites    147

Plan e-mail integration (SharePoint Foundation 2010)    148

Plan incoming e-mail (SharePoint Foundation 2010)    149

About incoming e-mail    149

Key decisions for planning incoming e-mail    149

Using a basic scenario    149

Using an advanced scenario    150

Configuration options and settings modes    154

Plan incoming e-mail worksheet    154

Plan outgoing e-mail (SharePoint Foundation 2010)    156

About outgoing e-mail    156

Key planning phases of outgoing e-mail    157

Outbound SMPT server    157

From and Reply-to addresses    157

Character set    158

Server farm and environment planning (SharePoint Foundation 2010)    159

System requirements (SharePoint Foundation 2010)    160

Hardware and software requirements (SharePoint Foundation 2010)    161

Overview    161

Hardware requirements—Web servers, application servers, and single server installations    161

Hardware requirements—Database servers    162

Software requirements    163

Minimum requirements    163

Optional software    166

Access to applicable software    166

Plan browser support (SharePoint Foundation 2010)    170

About planning browser support    170

Key planning phase of browser support    170

Browser support levels    170

Browser support matrix    171

Browser details    172

ActiveX controls    183

URL path length restrictions (SharePoint Foundation 2010)    184

Understanding URL and path lengths    184

SharePoint URL composition    184

URL Encoding    185

URL parameters    185

URL path length limitations    186

SharePoint URL path length limitations    186

Internet Explorer URL length limitations    187

Resolving URL length problems    187

IP support (SharePoint Foundation 2010)    188

Logical architecture planning    190

Services architecture planning (SharePoint Foundation 2010)    191

About service applications    191

Services infrastructure and design principles    192

Deploying services    192

More granular configuration of services    192

Service application groups    193

Logical architecture    194

Connections for service applications    195

Service application administration    195

Plan for host-named site collections (SharePoint Foundation 2010)    196

About host-named site collections    196

About host headers    197

Create a host-named site collection    198

Programmatically create a host-named site collection    198

Use managed paths with host-named site collections    199

Expose host-named sites over HTTP or SSL    199

Configure SSL for host-named site collections    200

Use host-named site collections with off-box SSL termination    200

Plan authentication (SharePoint Foundation 2010)    201

Plan authentication methods (SharePoint Foundation 2010)    202

Supported authentication methods    202

Authentication modes — classic or claims-based    203

Implementing Windows authentication    205

Implementing forms-based authentication    207

Implementing SAML token-based authentication    208

Choosing authentication for LDAP environments    210

Planning zones for Web applications    210

Architecture for SAML token-based providers    213

Plan security hardening (SharePoint Foundation 2010)    217

Secure server snapshots    217

Web server and application server roles    217

Database server role    219

Specific port, protocol, and service guidance    219

Blocking the standard SQL Server ports    220

Service application communication    221

File and Printer Sharing service requirements    221

Service requirements for e-mail integration    222

SharePoint 2010 Products services    223

Web.config file    223

Plan automatic password change (SharePoint Foundation 2010)    225

Configuring managed accounts    225

Resetting passwords automatically on a schedule    225

Detecting password expiration    226

Resetting the account password immediately    226

Synchronizing SharePoint Foundation account passwords with Active Directory Domain Services    226

Resetting all passwords immediately    226

Credential change process    226

SQL Server and storage (SharePoint Foundation 2010)    228

Overview of SQL Server in a SharePoint environment (SharePoint Foundation 2010)    229

SharePoint 2010 Products and the SQL Server database engine    229

Working with the SQL Server databases that support SharePoint 2010 Products    230

SQL Server as a data platform for business intelligence in SharePoint 2010 Products    230

SQL Server database engine    230

SQL Server Analysis Services (SSAS): multi-dimensional data    230

SQL Server Analysis Services: data mining    231

SQL Server Reporting Services (SSRS)    231

SQL Server Integration Services (SSIS)    231

Business Intelligence Development Studio (BIDS)    232

PowerPivot for Excel and PowerPivot for SharePoint    232

Master Data Services    232

StreamInsight and complex event processing    232

Related content    233

Overview of Remote BLOB Storage (SharePoint Foundation 2010)    234

Introduction to RBS    234

Using RBS together with SharePoint 2010 Products    235

Plan for remote BLOB storage (RBS) (SharePoint Foundation 2010)    237

Review the environment    237

Content database sizes    238

Content type and usage    239

Evaluate provider options    239

Plan for business continuity management (SharePoint Foundation 2010)    241

Business continuity management capabilities    241

Service level agreements    242

Related content    243

Plan to protect content by using recycle bins and versioning (SharePoint Foundation 2010)    245

Protecting content by using recycle bins    245

First-stage Recycle Bin    246

Second stage (Site Collection) Recycle Bin    246

Protecting content by using versioning    247

Plan for backup and recovery (SharePoint Foundation 2010)    248

Define business requirements    248

Choose what to protect and recover in your environment    249

Choose what to recover from within SharePoint content databases    251

Protecting customizations    251

Protecting workflows    251

Protecting service applications    252

Protecting SQL Server Reporting Services databases    253

Choose tools    253

Test hardware    254

Determine strategies    254

Plan for enhanced backup and recovery performance    255

Follow recommendations for configuring SQL Server and storage    256

Minimize latency between SQL Server and the backup location    256

Avoid processing conflicts    256

Follow SQL Server backup and restore optimization recommendations    256

Ensure sufficient write performance on the backup drive    257

Related content    257

Backup and recovery overview (SharePoint Foundation 2010)    258

Backup and recovery scenarios    258

Backup architecture    258

Farm backup architecture    258

Granular backup and export architecture    263

Recovery processes    264

Restoring from a farm backup    265

Restoring from a site collection backup    266

Recovering from an unattached content database    266

Related content    267

Plan for availability (SharePoint Foundation 2010)    268

Availability overview    268

Costs of availability    269

Determining availability requirements    269

Choosing an availability strategy and level    270

Hardware component fault tolerance    270

Redundancy within a farm    270

Redundancy and failover between closely located data centers configured as a single farm (“stretched” farm)    275

Plan for disaster recovery (SharePoint Foundation 2010)    277

Disaster recovery overview    277

Choose a disaster recovery strategy    278

Planning for cold standby data centers    278

Planning for warm standby data centers    279

Planning for hot standby data centers    279

Service application redundancy across data centers    281

System requirements for disaster recovery    282

Virtualization planning (SharePoint Foundation 2010)    283

Virtualization support and licensing (SharePoint Foundation 2010)    284

SharePoint 2010 Products support for virtualization    284

Server virtualization using Hyper-V technology    284

Operating system environment (OSE) licensing    284

SharePoint 2010 Products licensing    285

Hyper-V virtualization requirements (SharePoint Foundation 2010)    286

Hardware    286

Software    286

Plan for virtualization (SharePoint Foundation 2010)    288

Create a plan for deploying SharePoint Foundation 2010 in a virtual environment    288

Performance and capacity test results and recommendations (SharePoint Foundation 2010)    293

Planning worksheets for SharePoint Foundation 2010    294

Planning worksheets by task    294

Planning worksheets by title    296
Getting help

Every effort has been made to ensure the accuracy of this book. This content is also available online in the Office System TechNet Library, so if you run into problems you can check for updates at:

http://technet.microsoft.com/office

If you do not find your answer in our online content, you can send an e-mail message to the Microsoft Office System and Servers content team at:

itspdocs@microsoft.com

If your question is about Microsoft Office products, and not about the content of this book, please search the Microsoft Help and Support Center or the Microsoft Knowledge Base at:

http://support.microsoft.com
Planning and architecture for SharePoint Foundation 2010

IT pros can use the content in the planning and architecture guides to develop conceptual, logical, and physical designs for configuring Microsoft SharePoint Foundation 2010 features, servers, and topologies. This section also provides recommendations for system designs based on customer scenarios and includes information to help IT pros design a highly reliable, consistently available, and scalable system.
Downloadable resources

 Technical diagrams

 Planning worksheets

Planning articles

Site and solution planning

Server and farm environment planning

 Fundamental site components

 Security for sites and content

 Sandboxed solutions

 Collaboration sites

 Document management

 Business data and processes

 Quota management

 System requirements

 Authentication

 Security hardening

 Automatic password change

 Business continuity management

 Virtualization

Technical diagrams (SharePoint Foundation 2010)

Many of these resources are visual representations of recommended solutions. They include poster-sized documents available in formats including Microsoft Office Visio 2007 or Microsoft Visio 2010 files (.vsd), PDF files, and XPS files. You might need extra software to view these files. See the following table for information about opening these files.

File type	Software
.vsd	Office Visio 2007, Microsoft Visio 2010, or the free Visio viewer (http://go.microsoft.com/fwlink/?LinkId=118761&clcid=0x409) If you use the Visio viewer, right-click the VSD link, click Save Target As, save the file to your computer, and then open the file from your computer.
.pdf	Any PDF viewer, such as Adobe Reader (http://go.microsoft.com/fwlink/?LinkId=134751&clcid=0x409)
.xps	Windows 7, Windows Vista, Windows XP with .NET Framework 3.0, or XPS Essentials Pack (http://go.microsoft.com/fwlink/?LinkId=134750&clcid=0x409)

Models

Models are 34-by-44-inch posters that detail a specific technical area. These models are intended to be used with corresponding articles on TechNet. These models are created by using Office Visio 2007. You can modify the Visio files to illustrate how you plan to incorporate Microsoft SharePoint 2010 Products in your own environment.

Title	Description
SharePoint 2010 Products Deployment Visio (http://go.microsoft.com/fwlink/?LinkId=183024) PDF (http://go.microsoft.com/fwlink/?LinkId=183025) XPS (http://go.microsoft.com/fwlink/?LinkId=183026)	Presents such deployment-related information as the different deployment stages and environments, plus a flowchart that illustrates the steps for installing and configuring SharePoint 2010 Products.
Services in SharePoint 2010 Products Visio (http://go.microsoft.com/fwlink/?LinkID=167090) PDF (http://go.microsoft.com/fwlink/?LinkID=167092) XPS (http://go.microsoft.com/fwlink/?LinkID=167091)	Describes and illustrates the services architecture, including and common ways to deploy services in your overall solution design.
Extranet Topologies for SharePoint 2010 Products Visio (http://go.microsoft.com/fwlink/?LinkId=187987) PDF (http://go.microsoft.com/fwlink/?LinkId=187988) XPS (http://go.microsoft.com/fwlink/?LinkId=187986)	Illustrates the specific extranet topologies that have been tested with SharePoint 2010 Products. Provides a comparison of ISA Server, Forefront TMG, Forefront UAG when used as a firewall or gateway product with SharePoint 2010 Products.
Hosting Environments in SharePoint 2010 Products Visio (http://go.microsoft.com/fwlink/?LinkID=167084) PDF (http://go.microsoft.com/fwlink/?LinkID=167086) XPS (http://go.microsoft.com/fwlink/?LinkID=167085)	Summarizes the support for hosting environments and illustrates common hosting architectures.
Search Technologies for SharePoint 2010 Products Visio (http://go.microsoft.com/fwlink/?LinkID=167731) PDF (http://go.microsoft.com/fwlink/?LinkID=167733) XPS (http://go.microsoft.com/fwlink/?LinkID=167732)	Compares and contrasts the search technologies that work with SharePoint Products 2010:  SharePoint Foundation 2010  Search Server 2010 Express  Search Server 2010  SharePoint Server 2010  FAST Search Server 2010 for SharePoint
Databases That Support SharePoint 2010 Products Visio (http://go.microsoft.com/fwlink/?LinkId=187970) PDF (http://go.microsoft.com/fwlink/?LinkId=187969) XPS (http://go.microsoft.com/fwlink/?LinkId=187971)	Describes the Microsoft SQL Server databases on which SharePoint Foundation 2010 runs.
SharePoint 2010 Products: Virtualization Process Visio (http://go.microsoft.com/fwlink/?LinkId=195021) PDF (http://go.microsoft.com/fwlink/?LinkId=195022) XPS (http://go.microsoft.com/fwlink/?LinkId=195023)	Provides guidance related to virtualization and the various stages of deployment, as well as requirements and examples.

Tips for printing posters

If you have a plotter, you can print these posters in their full size. If you don’t have plotter, use the following steps to print on smaller paper.

Print posters on smaller paper

1. Open the poster in Visio.

2. On the File menu, click Page Setup.

3. On the Print Setup tab, in the Printer paper section, select the size of paper you want to print on.

4. On the Print Setup tab, in the Print zoom section, click Fit to, and then enter 1 sheet across by 1 sheet down.

5. On the Page Size tab, click Size to fit drawing contents, and then click OK.

6. On the File menu, click Print.

Site and solution planning (SharePoint Foundation 2010)

This section describes how to plan your site and solution components in a Microsoft SharePoint Foundation 2010 environment.

    Plan for collaboration sites (SharePoint Foundation 2010)

    Plan for Business Connectivity Services (SharePoint Foundation 2010)

    Security planning for sites and content (SharePoint Foundation 2010)

    Fundamental site planning (SharePoint Foundation 2010)

    Choose a workflow authoring tool (SharePoint Foundation)

    Approval Workflow: A Scenario (SharePoint Foundation 2010)

    Sandboxed solutions planning (SharePoint Foundation 2010)

    Sandboxed solutions overview (SharePoint Foundation 2010)

Fundamental site planning (SharePoint Foundation 2010)

This section provides information that helps IT pros plan sites that use Microsoft SharePoint Foundation 2010 features.

The effectiveness of a site or a group of sites depends on many factors, but one of the most important factors is the ability to predictably locate the site and the content that you need within the site. The structure of a site or a group of sites and the navigation inside and among sites are important for helping users find and share information and work together.

In this section:

    Sites and site collections overview (SharePoint Foundation 2010) describes site collections and sites, and it contains information about the site templates that are used to create sites in SharePoint Foundation 2010.

    Plan sites and site collections (SharePoint Foundation 2010) describes the process and important considerations for planning SharePoint Foundation 2010 sites and site collections.

    Site navigation overview (SharePoint Foundation 2010) provides an overview of the types of navigation that are available in a site.

    Plan site navigation (SharePoint Foundation 2010) helps you design the navigation for your site.

    Themes overview (SharePoint Foundation 2010) provides an overview of themes and how they work.

    Plan for using themes (SharePoint Foundation 2010) discusses how to plan for using themes across your sites, and it includes important steps to plan how to use themes for your sites.

    Plan for multilingual sites (SharePoint Foundation 2010) discusses how to plan for multilingual SharePoint Foundation 2010 sites.

    Multilingual user interface overview (SharePoint Foundation 2010) describes the multilingual user interface in SharePoint Foundation 2010.

    Plan for the multilingual user interface (SharePoint Foundation 2010) describes how to plan for using the multilingual user interface in your SharePoint Foundation 2010 site solution.

Sites and site collections overview (SharePoint Foundation 2010)

A Microsoft SharePoint Foundation 2010 site collection is a hierarchical site structure that is made up of one top-level site and any sites below it. This article describes site collections and sites and contains information about the site templates that are used to create sites in SharePoint Foundation 2010.

In this article:

    Site collections overview

    Sites overview

    Site templates included in SharePoint Foundation 2010

Site collections overview

The sites in a site collection have shared administration settings, common navigation, and other common features and elements. Each site collection contains a top-level site and (usually) one or more sites below it in a hierarchical structure.

You must group your site’s content and features into a site collection. This provides the following benefits:

    For site designers, a site collection’s galleries and libraries (such as the master page gallery or the site collection images library) provide a means for creating a unified, branded user experience across all sites in the site collection.

    For site collection administrators, a site collection provides a unified mechanism and scope for administration. For example, security, policies, and features can be managed for a whole site collection; Site Collection Web Analytics Reports, audit log reports, and other data can help administrators track site collection security and performance.

    For farm administrators, site collections provide scalability for growth based on how much content is stored. Because each site collection can use a unique content database, administrators can easily move them to separate servers.

    For site authors, a site collection’s shared site columns, content types, Web Parts, authoring resources, workflows, and other features provide a consistent authoring environment.

    For site users, a site collection’s unified navigation, branding, and search tools provide a unified Web site experience.

Sites overview

A site collection consists of a top-level site and one or more sites below it. Each top-level site and any sites below it in the site structure are based on a site template and can have other unique settings and unique content. Partition your site collection content into separate sites to obtain finer control of the appearance, content, and features of the various pages in your site collection. The following list includes site features that you can configure uniquely:

    Templates   You can make each site have a unique template. For more information, see Site templates included in SharePoint Foundation 2010.

    Language   If language packs have been installed on the Web server, you can select a language-specific site template when you create a new site. Text that appears on the site is displayed in the site template’s language. For more information, see Deploy language packs (SharePoint Foundation 2010) (http://technet.microsoft.com/library/bd2a9863-954a-4e44-bafc-af8c9599cb47(Office.14).aspx).

    Security   You can define unique user groups and permissions for each site.

    Navigation   You can fine-tune your site’s navigation experience by configuring unique navigation links in each part of your site’s hierarchy. Site navigation reflects the relationships among the sites in a site collection. Therefore, planning navigation and planning sites structures are closely related activities. For more information, see Site navigation overview (SharePoint Foundation 2010).

    Web pages   You can make each site have a unique welcome page and other pages.

    Site layouts   You can make unique layouts or master pages available in a site.

    Themes   You can change colors and fonts on a site. For more information, see Plan for using themes (SharePoint Foundation 2010).

    Regional settings   You can change the regional settings, such as locale, time zone, sort order, time format and calendar type.

    Search   You can make each site have unique search settings. For example, you can specify that a particular site never appears in search results.

    Content types   You can make each site have unique content types and site columns.

    Workflows   You can make each site have unique workflows. For more information, see Plan workflows (SharePoint Foundation 2010).

Site templates included in SharePoint Foundation 2010

The following section contains information about the site templates that are included in SharePoint Foundation 2010. Although you can use a site template with its default configuration, you can also change the site’s default settings by using the site administration pages, and then saving the site as a new template. In addition, you can modify a template’s design and features by using Microsoft SharePoint Designer 2010 or Microsoft Visual Studio 2010.

The following table lists every site template, describes the purpose of each, and indicates whether the template is available at the site collection level, site level, or both. The category that is used to group the templates might be different, depending on the level at which a site is created.

Template	Purpose	Category in Site Collection	Category in Site
< Select template later>	An empty site for which you can select a template later.	Custom	N/A
Basic Meeting Workspace	A site on which you can plan, organize, and capture the results of a meeting. It provides lists for managing the agenda, meeting attendees, and documents.	Meetings	Meetings
Blank Meeting Workspace	A blank meeting site that you can customize based on your requirements.	Meetings	Meetings
Blank Site	A blank site that you can customize based on your requirements.	Collaboration	Blank & Custom
Blog	A site on which a person or team can post ideas, observations, and expertise that site visitors can comment on.	Collaboration	Content
Decision Meeting Workspace	A site on which you can track status or make decisions at meetings. It provides lists to create tasks, store documents, and record decisions.	Meetings	Meetings
Document Workspace	A site on which colleagues can work together on a document. It provides a document library for storing the primary document and supporting files, a tasks list for assigning to-do items, and a links list to point to resources that are related to the document.	Collaboration	Collaboration, Content
Group Work Site	This template provides a groupware solution that teams can use to create, organize, and share information. It includes the Group Calendar, Circulation, Phone-Call Memo, the document library and the other basic lists.	Collaboration	Collaboration
Multipage Meeting Workspace	A site on which you can plan a meeting and capture the meeting’s decisions and other results. It provides lists for managing the agenda and meeting attendees. It also provides two blank pages that you can customize based on your requirements.	Meetings	Meetings
Social Meeting Workspace	A site on which you can plan social occasions. It provides lists for tracking attendees, providing directions, and storing pictures of the event.	Meetings	Meetings
Team Site	A site on which a team can organize, author, and share information. It provides a document library, and lists for managing announcements, calendar items, tasks, and discussions.	Collaboration	Collaboration

See Also

Plan sites and site collections (SharePoint Foundation 2010)

Site navigation overview (SharePoint Foundation 2010)

Plan site navigation (SharePoint Foundation 2010)

Plan sites and site collections (SharePoint Foundation 2010)

Microsoft SharePoint Foundation 2010 sites are made up of a site collection, which is a hierarchical structure that includes one top-level site and any sites below it. This article describes the process and important considerations for planning SharePoint Foundation 2010 sites and site collections, and it recommends a method for recording your site structure decisions. For information about sites and site collections, and the site templates that are used to create sites in SharePoint Foundation 2010, see Sites and site collections overview (SharePoint Foundation 2010).

In this article:

    About planning sites and site collections

    Determine types of sites

    Plan sites by organizational hierarchy

    Plan application sites

    Plan Internet presence sites

    Plan other sites

    Determine site collections

    Site planning data worksheet

About planning sites and site collections

In general, you plan your sites and site collections in the following order:

 Determine the number and types of top-level sites and any sites below them in the hierarchy that are needed.

 Determine the number and types of site collections into which the sites will be organized.

Determine types of sites

The first step in planning a solution that is based on SharePoint Foundation 2010 is to determine the types of sites your organization and its customers need. Determining the types of sites affects later planning decisions, such as where the sites will be implemented in your server topology, what features to plan for each site, how processes that span multiple sites are implemented, and how information is made available across one or more sites. This section contains information about how to plan different kinds of sites.
- Plan sites by organizational hierarchy
Plan the basic sites that you need based on the scale and structure of your organization. Each of these sites can contain information that is needed for a project or division within your larger organization, and each will link to collaboration sites that are relevant to that project or division. Some sites for larger divisions or projects will also aggregate information that is found on all the smaller sites that are devoted to smaller divisions or projects.

Use the following guidelines when you plan sites that are based on your organizational structure:

Divisional or team sites Plan to create one site for a small organization or one site for every division or project of 50–100 people in a medium to large organization. In large organizations, there might be several levels of sites, with each site focusing on the content that is created and managed at its level of the organization.

You can design a site for members of your organization to collaborate on content related to your business or organizational goals. These can be self-contained or they can work with other sites as part of a publishing process. Often, these sites will have a mixture of collaborative content that is used internally and content that is intended for publication to an audience.

Rollup sites A rollup site contains general cross-organization content. It makes it possible for users across divisions to find information, experts, and access to organization-wide processes. It often contains sites that are related to the overall organizational information architecture and that are usually mapped to the structure of the divisional or project sites. For each organization, plan to create a centralized rollup site that uses an aggregated view of all related sites.
- Plan application sites
An application site organizes team processes and provides mechanisms for running them. Application sites often include digital dashboards and other features to view and manipulate data that is related to the site’s purpose. The information that is presented in an application site usually comes from diverse sources, such as databases or other SharePoint sites.

For example, the human resources organization in an organization could design an application site to provide employees with:

    Access to general information, such as employee handbooks and career opportunities.

    Ways to do common tasks, such as submitting timecards and expense reports.

    Dashboards to view personalized information, such as an employee’s salary and benefits history.

As another example, the internal technical support group in an organization could design a Help Desk application site to provide technical support to members of the organization. Features of the application site could include the following:

    Access to a knowledge base of past support incidents and best-practices documentation.

    Ways to do common tasks, such as starting a support incident or reviewing the status of an ongoing incident.

    Integration with communications features that support online meetings and discussions.

    Personalized views of data. For example, support managers could view dashboards that provide views of their team members’ productivity and customer satisfaction ratings. Support engineers could view their current unresolved incidents.
- Plan Internet presence sites
Internet presence sites are customer-facing sites. They are usually branded and are characterized by consistent stylistic elements, such as colors, fonts, and logos in addition to structural elements such as navigation features and the structure of site pages. Although the appearance of an Internet presence site is tightly controlled, the content of the site can be dynamic and can frequently change.

For example, a corporate Internet presence site communicates important company information to customers, partners, investors, and potential employees. This includes descriptions of products and services, company news, annual reports, public filings, and job openings. As another example, an online news Internet site provides frequently updated information, together with interactive features such as stock tickers and blogs.
- Plan other sites
You can make it possible for team members to create other sites, such as Document Workspace sites, when they collaborate on documents and other projects. Similarly, you can give users of an Internet site access to collaboration sites as part of a Web-based service. For example, you can give them permissions to create Meeting Workspace sites and participate in online meetings as part of their experience of using your site.

For information about the kinds of sites you can create, see Sites and site collections overview (SharePoint Foundation 2010).
Determine site collections

After you determine what types of sites your solution requires, the next step is to plan how these sites are implemented across site collections. A site collection is a hierarchical set of sites that can be managed together. Sites in a site collection have common features, such as shared permissions, galleries for templates, content types, and Web Parts, and they often share a common navigation. A site is often implemented as a site collection with the top-level site as the home page of the site collection.

In general, when you plan a solution that is based on SharePoint Foundation 2010, put the following kinds of sites in separate site collections:

    Internet sites (staging)

    Internet sites (production)

    All team sites related to a divisional site or Internet site

All sites in a site collection are stored together in the same SQL database. This can potentially affect site and server performance, depending on how your site collections and sites are structured, and depending on the purpose of the sites. Be aware of the following limits when you plan how to allocate your content across one or more site collections:

    Keep extremely active sites in separate site collections. For example, a knowledge base site on the Internet that allows anonymous browsing could generate lots of database activity. If other sites use the same database, their performance could be affected. By putting the knowledge base site in a separate site collection with its own database, you can make resources available for other sites that no longer have to compete with it for database resources.

    Because all content in a site collection is stored in the same content database, the performance of database operations — such as backing up and restoring content — will depend on the amount of content across the site collection; the size of the database; the speed of the servers hosting the database; and other factors. Depending on the amount of content and the configuration of the database, you might have to divide a site collection into multiple site collections to meet service-level agreements for backing up and restoring, throughput, or other requirements. It is beyond the scope of this article to provide prescriptive guidance about how to manage the size and performance of databases.

    Creating too many sites below a top-level site in a site collection might affect performance and usability. Limit the number of sites of any top-level site to a maximum of 2,000.

Site planning data worksheet

Download an Excel version of the Site planning data worksheet (http://go.microsoft.com/fwlink/?LinkID=167838&clcid=0x409). Use this worksheet to record your site structure.
- See Also
Sites and site collections overview (SharePoint Foundation 2010)

Site navigation overview (SharePoint Foundation 2010)

Plan site navigation (SharePoint Foundation 2010)
Site navigation overview (SharePoint Foundation 2010)

Site navigation provides the primary interface for site users to move around on the sites and pages on your site. Microsoft SharePoint Foundation 2010 includes a set of customizable and extensible navigation features that help orient users of your site so they can move around on its sites and pages. This article describes the navigation controls that are available in SharePoint Foundation 2010. It does not explain how to add navigation controls to Web pages, how to configure navigation controls, or how to create custom navigation controls.

In this article:

    Navigation controls overview

    Navigation controls on master pages

    Top link bar navigation

    Quick Launch navigation

    Breadcrumb navigation

    Tree view navigation

Navigation controls overview

Navigation controls can be displayed on master pages, and—by using Web Part zones—directly in a page’s content.

SharePoint Foundation 2010 bases its navigation model on the hierarchical structure of the site collection. By using the navigation features, you can link to the following:

    Sites below the current site

    A site’s peer sites

    Sites higher in the site structure

    Web pages in a site

Additionally, you can create links to arbitrary locations, such as to an external Web site.

Navigation links in SharePoint Foundation 2010 are security-sensitive. If a site user does not have permissions to a SharePoint Foundation 2010 site or page that is linked from the site navigation, the user cannot see the link. Other content which has had links manually added to the navigation are still visible to users.

SharePoint Foundation 2010 navigation is based on the ASP.NET features in the .NET Framework version 3.5, which you can use to customize the following:

    The site map provider.

    The data source, which anchors and filters the structure that is provided by the site map provider.

    The menus, which control the visual appearance of the navigation elements and how deep a hierarchy to display.

Navigation controls on master pages

A master page defines the outer frame of the Web pages in a site. Master pages contain the elements that you want all pages in your site to share, such as branding information; common commands, such as Search; and navigation elements that you want to be available throughout the site. This includes top link bar navigation, and Quick Launch navigation.

Master pages also provide the menu style of the navigation controls. You can configure master-page menu style by using Microsoft SharePoint Designer 2010 or Microsoft Visual Studio 2010.
- Top link bar navigation
The top link bar is a navigation menu which typically links to the sites that are one level below the current site in a site hierarchy. It is common for the top link bar to appear at the top of each page in a site. By default, all sites that are one level below the current site are added to the top link bar, and each site has its own unique top link bar for navigation. Site administrators can customize the navigation for a specific site by removing a site from the top link bar. They can also configure the top link bar so that only the home page link is shown and no other sites in the site hierarchy are displayed.

Site administrators can choose to inherit the top link bar from the parent site. This approach allows users to switch from one site to another from anywhere within the site collection, by allowing the top link bar to stay the same in all the sites in the site collection. For example, an Internet site that is used to market an organization’s products could have a site for each line of its products. By displaying each product’s site in the top link bar of each site, site designers can make it possible for users to easily switch from one site to another without having to return to the site home page.

Other top link bar configuration features include the following:

    Linking to specified external sites.

    Linking to specified sites or pages that are anywhere in the site.

    Manually sorting the items on the top link bar.

All top link bar features, such as linking to external, can be defined uniquely for each site.

By using SharePoint Designer 2010 or Visual Studio 2010, you can additionally customize the appearance and functionality of the top link bar. For example, you can do the following:

    Customize the cascading style sheets to change the appearance of the top link bar.

    Modify the data source, for example to decrease the number of sites that are displayed in the top link bar.
- Quick Launch navigation
The Quick Launch navigation typically highlights the important content in the current site, such as lists and libraries. It is common for Quick Launch navigation to appear on the left of each page in a site.

Quick Launch navigation configuration features include the following:

    Linking to specific external sites or to pages in the current site.

    Organizing links under headings.

    Manually sorting the items in the Quick Launch navigation.

Just as you customize the top link bar, you can also customize the appearance and functionality of Quick Launch navigation by using SharePoint Designer 2010 or Visual Studio 2010.
- Breadcrumb navigation
Breadcrumb navigation displays a dynamically generated set of links at the top of Web pages, to show users their current position in the site hierarchy. By using SharePoint Designer 2010 or Visual Studio 2010, you can configure the breadcrumb navigation control. For example, you can specify a custom navigation provider.
- Tree view navigation
Tree view navigation displays site content, such as lists, libraries, and sites that are below the current site, in a hierarchical structure. It is common for tree view navigation to appear on the left of each page in a site.

By default, tree view navigation is turned off. Site administrators can add tree view navigation to a site by using the Tree View page.
- See Also
Plan site navigation (SharePoint Foundation 2010)

Sites and site collections overview (SharePoint Foundation 2010)

Plan sites and site collections (SharePoint Foundation 2010)
Plan site navigation (SharePoint Foundation 2010)

Site navigation provides the primary interface for site users to move around the sites and pages in your site. Microsoft SharePoint Foundation 2010 includes a set of navigation features that can be customized and extended to help orient the users of your site so they can move around its sites and pages. This article contains general guidance about how to plan site navigation for your SharePoint Foundation 2010 sites. This article does not describe the types of navigation controls that are available in SharePoint Foundation 2010, nor does it explain how to add navigation controls to Web pages, how to configure navigation controls, or how to create custom navigation controls. For more information about site navigation controls, see Site navigation overview (SharePoint Foundation 2010).

In this article:

    Create a site navigation diagram

    Understanding inherited navigation

    Determine which sites inherit the top link bar

    Determine which additional links to add manually to the top link bar

    Determine other site navigation options

    Site planning data worksheet

Create a site navigation diagram

Make a diagram of the sites that you want to create. For example, the following diagram is for a small travel company named Margie’s Travel. The company has a set of internal sites to help them organize their core business, which is planning conventions.

Your diagram might include a single site collection, such as the example for Margie’s Travel, or it might have multiple site collections if you have a more complex set of sites. Be sure to include all top-level Web sites, sites, Meeting Workspace or Document Workspace sites, and other sites that you plan to create, and leave room for future expansion.

You might also want to include the lists and libraries for each site, especially if you are deciding whether to create a site for document storage or one or more document libraries.

Understanding inherited navigation

The global navigation, or top link bar, appears at the top of all pages in the site, below the site title. By default, each site uses its own, unique top link bar, or you can decide to allow sites to inherit the top link bar from the parent site.

The top link bar can display two levels of sites in a site collection. For example, the top link bar for the Margie’s Travel site collection might contain links for Margie’s Travel Home, Office Management, Convention Planning, and Sales and Marketing. In this example, the top link bar looks like the following:

Home | Office Management | Convention Planning | Sales and Marketing

Note:

Although the top link bar can display two levels of sites, this does not mean that all sites at the second level have to be displayed on the top link bar. You can determine whether a site appears on the top link bar when you create it, or you can configure the navigation later in Site Settings.

However, by default, sites at a third level in the hierarchy do not appear on the top link bar for the top-level site, even if they inherit the navigation. For example, the Reports site would not be displayed on the top link bar of Margie’s Travel Home because it is a site that is below the Convention Planning site. If you want this site to be displayed, you can manually add it to the top link bar or create it at the second level in the site hierarchy (as a site below Margie’s Travel Home, instead of as a site below the Convention Planning site).

The top link bar cannot be shared between sites in different site collections. However, you can always manually add a link to a site in a different site collection.

Determine which sites inherit the top link bar

If you want the Home tab of a site to open that site’s home page instead of the inherited navigation site’s home page, then you should use unique navigation. Otherwise, you should use inherited navigation. For example, the Margie’s Travel site collection could inherit the top links among all of the second-level sites so that all sites have the same navigation:

Home | Office Management | Convention Planning | Sales and Marketing

This works for a small team, such as in Margie’s Travel, where all the users in the organization work with all the sites. Each user in the site collection uses each site so an inherited top link bar is useful. However, if the Convention Planning and Sales and Marketing teams work fairly independently and do not need access to each other’s sites, then the navigation for Margie’s Travel could be customized to be inherited at the second level, instead of the top level, as in the following:

Margie’s Travel Home site: Home | Office Management

Convention Planning site: Convention Planning | Reports

Sales and Marketing site: Sales and Marketing

Remember that the global breadcrumb navigation always contains a link back to the top-level site in the site collection. Therefore, even though users of the Convention Planning site cannot visit Margie’s Travel Home from the top link bar, they can visit it directly from the global breadcrumb navigation.

Note:

Although the choice of whether to inherit a navigation bar is made during site creation, you can change this option later. You might have to manually create links if you change your mind, but you can do so easily by using the Top Link Bar page in Site Settings for the affected sites.

Determine which additional links to add manually to the top link bar

Whether or not you decide to inherit the top link bar, you can customize the top link bar to include links to any other URL that you need. Depending on the extent of customization that you need, you can choose between the following methods to customize the top link bar:

 If you want to add, remove, or rearrange the links in a top link bar, use the Top Link Bar page in Site Settings for the site.

 If you want to create a completely customized top link bar and apply it to all sites in a site collection or to sites in a different site collection, use Microsoft SharePoint Designer 2010 or Microsoft Visual Studio 2010.

Determine other site navigation options

Other site navigation options that you can configure include Quick Launch and the tree view. The Quick Launch navigation typically highlights the important content in the current site.

You can customize the items that are displayed in the Quick Launch by adding new links, adding or changing headings, and changing the order in which links are displayed. To configure the Quick Launch navigation, use the Quick Launch page in Site Settings for the site.

Tree view navigation displays site content such as lists, libraries, and sites below the current site in a hierarchical manner. It is common for tree view navigation to appear on the left of each page in a site. By default, tree view navigation is turned off.

If you want to display your site content in a hierarchical way, you can display the tree view for users of your site. To enable the tree view for a site, use the Tree view page in Site Settings for the site.

Site planning data worksheet

Download an Excel version of the Site planning data worksheet (http://go.microsoft.com/fwlink/?LinkID=167838&clcid=0x409). Use this worksheet to help record your decisions about site navigation.
- See Also
Site navigation overview (SharePoint Foundation 2010)

Sites and site collections overview (SharePoint Foundation 2010)

Plan sites and site collections (SharePoint Foundation 2010)

Themes overview (SharePoint Foundation 2010)

Plan for using themes (SharePoint Foundation 2010)
Themes overview (SharePoint Foundation 2010)

Themes provide a quick and easy way to apply colors and fonts to sites in Microsoft SharePoint Foundation 2010. When a theme is applied to a site, the color of most page elements — such as background images, text, and hyperlinks — changes. The fonts used for some page elements, such as titles, also change. Themes can be used with the standard SharePoint Foundation 2010 site templates, or with custom master pages, and then themes can be created that site owners can apply to their sites. This article includes an overview of themes and how they work. This article does not describe how to create custom themes by using Microsoft Office 2010 applications, or how to upload and manage themes in a theme library. It also does not discuss how to plan for the overall branding of sites by using master pages or cascading style sheets. For more information, see Building Block: Pages and User Interface (http://go.microsoft.com/fwlink/?LinkID=201009&clcid=0x409).

In this article:

 About using themes

 Ways to use themes

About using themes

Themes enable lightweight branding of a SharePoint Foundation 2010 site by allowing a site owner or a user with designer rights to make changes to the colors and fonts of user interface elements of a site. Themes are applied directly in the user interface, and do not require knowledge of cascading style sheets or master pages.

Note:

If you apply a theme to a SharePoint Foundation 2010 site, anonymous users who browse the site will see only the default theme. To make the selected theme appear for all users, you must add a link in the master page to the generated CSS file.

An advantage of using themes is that developer resources are not needed for site owners and users with designer rights to make basic changes to a site. Themes are a simple method of branding a site; they do not affect the layout of a site.

Note:

Themes in SharePoint Foundation 2010 have been redesigned to simplify the process of generating themes. Themes created in Windows SharePoint Services 3.0 are not compatible with SharePoint Foundation 2010. If you are upgrading from Windows SharePoint Services 3.0 to SharePoint Foundation 2010, you can use Visual Upgrade to continue to use sites in the old user interface. However, we recommend that you use the new user interface in SharePoint Foundation 2010 to create themes and apply them to your sites.

Ways to use themes

There are two ways to use themes on a site:

 Use a preinstalled theme.

 Upload a custom theme to the theme library.
- Using a preinstalled theme
SharePoint Foundation 2010 comes with preinstalled themes, including the default SharePoint theme. When a new site is created, it will use the default SharePoint theme.
- Uploading your own custom themes to the theme gallery
You can create custom themes by modifying styles in an Office 2010 application, such as Microsoft PowerPoint 2010, and saving the theme. This creates a .thmx file that you can upload to the theme gallery for a site collection. Customized themes in the theme gallery are available to all sites in that site collection.
- See Also
Plan for using themes (SharePoint Foundation 2010)
Plan for using themes (SharePoint Foundation 2010)

Themes provide a quick and easy way to apply colors and fonts to sites in Microsoft SharePoint Foundation 2010. When a theme is applied to a site, the color of most page elements — such as background images, text, and hyperlinks — changes. The fonts used for some page elements, such as titles, also change. Themes can be used with the standard SharePoint Foundation 2010 site templates, or with custom master pages, and then themes can be created that site owners can apply to their sites. For more information, see Themes overview (SharePoint Foundation 2010).

This article discusses how to plan for using themes across your SharePoint Foundation 2010 sites, and includes key steps in planning to use themes for your sites. This article does not describe how to create custom themes by using Microsoft Office 2010 applications, or how to upload and manage themes in a theme library. It also does not discuss how to plan for the overall branding of sites by using master pages or cascading style sheets. For more information, see Building Block: Pages and User Interface (http://go.microsoft.com/fwlink/?LinkID=201009&clcid=0x409).

Before reading this article, be sure to read the article Plan sites and site collections (SharePoint Foundation 2010).

In this article:

    About planning for using themes

    Decide whether to use themes

    Determine how many themes are needed

    Decide who makes the themes

    Site planning data worksheet

About planning for using themes

There are three primary decisions to make as you plan to use themes:

    Decide whether or not to use themes.

    If you are going to use themes, determine how many themes are needed.

    Decide who will make the custom themes.

The remainder of this article will explain these decisions and describe additional planning considerations.

Decide whether to use themes

The first step to planning for using themes is to decide whether or not themes are the appropriate option for your scenario. Other options for customizing a site include using an alternate CSS file and creating custom master pages. These options require the skills of either a designer or a developer to implement, and so they may not be appropriate for your scenario.

To decide whether or not to use themes, determine how much change to the existing look and feel is needed for your sites, and then choose the option that most closely fits what you want to do. You can use a combination of one or more of these options, depending on the customization that you want to do for your sites. The following table describes different levels of customization and recommends the option best suited for each level.

If you want to	Then use
Allow site owners to change colors and fonts	Themes
Make changes to other design elements such as font size and spacing	Cascading style sheets
Completely change the page structure and design	Master Pages

Note:

If you apply a theme to a SharePoint Foundation 2010 site, anonymous users who browse the site will see only the default theme. To make the selected theme appear for all users, you must add a link in the master page to the generated CSS file.

If you decide to use themes, continue reading the rest of this article.

Determine how many themes are needed

After deciding to use themes, you must determine how many themes are needed for your sites. Consider whether the themes that are installed with SharePoint Foundation 2010 are sufficient for your purposes, or if you will need to create custom themes to be used across sites. If you will be creating custom themes, you must also determine how many themes will be needed and decide which sites will use which themes.

Use the site planning data worksheet to record which sites should use a theme, and to determine how many unique themes are needed.

Decide who makes the themes

If you will be using custom themes, you must determine who will be responsible for creating the *.thmx files. Because custom themes are created in an Office 2010 application such as PowerPoint, you do not need a graphic designer to make a theme; however, you may want to include a graphic designer during the planning phase to provide guidance on color values and font styles that will be used in the themes.

You must also decide who will be responsible for uploading the themes to the theme gallery. Will the person who creates the themes also be responsible for uploading the *.thmx files to the theme gallery, or will they save the theme files to a directory for a site collection administrator to upload? A user must have either administrator or designer privileges for the site collection that contains the theme gallery in order to upload *.thmx files to the gallery.

Site planning data worksheet

Download an Excel version of the Site planning data worksheet (http://go.microsoft.com/fwlink/?LinkID=167838&clcid=0x409). Use this worksheet to help record your decisions about themes.
- See Also
Themes overview (SharePoint Foundation 2010)

Sites and site collections overview (SharePoint Foundation 2010)

Plan sites and site collections (SharePoint Foundation 2010)
Plan for multilingual sites (SharePoint Foundation 2010)

Microsoft SharePoint Foundation 2010 has several features that enable you to support users in different regions or users who speak different languages. You can use these features to create Web sites in different languages.

This article discusses how to plan for multilingual SharePoint Foundation 2010 sites. This article does not describe how to create multilingual sites or how to install language packs. For information about creating multilingual sites, see Create sites in different languages from the default language (http://go.microsoft.com/fwlink/?LinkID=198972&clcid=0x409). For information about language packs, see Deploy language packs (SharePoint Foundation 2010) (http://technet.microsoft.com/library/bd2a9863-954a-4e44-bafc-af8c9599cb47(Office.14).aspx).

In this article:

    About planning multilingual sites

    Determine language and locale requirements

    Determine language pack requirements

    Determine requirements for word breakers and stemmers

About planning multilingual sites

If your organization has to support users in different regions or users who speak different languages, you must determine what your multilingual requirements are and plan for multilingual site deployment when you plan your overall site structure and navigation.

To determine your multilingual requirements, you must:

    Determine the languages and locales that you have to support.

To plan for multilingual site deployment, you must determine which language features and components to install or configure on your servers. These can include:

    Language packs.

    Word breaker support.

Note:

Although Windows SharePoint Services 3.0 supported internationalized domain names (IDNs), SharePoint Foundation 2010 does not. If you currently use IDNs with Windows SharePoint Services 3.0 and you plan to upgrade or migrate to SharePoint Foundation 2010, you must stop using IDNs, delete any IDN settings, and set up a non-IDN environment before you upgrade or migrate to SharePoint Foundation 2010.

Determine language and locale requirements

You might have to create sites in multiple languages for any of the following reasons:

 You want to provide Web site content to users in different regions.

 You are required by government regulation or organizational policy to provide Web site content in more than one language.

Be sure to consult all potential site owners when you determine your language requirements, and be sure to list all languages that you might have to support in the future. It is easier to install language support during initial deployment instead of waiting to install language support when your servers are running in a full production environment. After a site has been created for a specific language, the default language of the site cannot be changed. However, a user who is logged on to the site can use the multilingual user interface to select an alternative language in which to display the site. This changes the way the site user interface is displayed to the user, but it does not change the site content. For example, if the site was provisioned in French, and the Spanish language pack has also been installed on the server, a site user can change the language to Spanish so that when they view the site, the user interface will be in Spanish. This changes the user interface for that user only and does not affect how the site is displayed to other users. Also, any content that was created in French will still be displayed in French. For more information about the multilingual user interface, see Multilingual user interface overview (SharePoint Foundation 2010).

Note:

If a user changes their personal site settings to display the site in an alternative language, some site elements, such as column names, might still be displayed in the default site language.

Do not assume that you have to create a Web site or a site collection in multiple languages only because a document library contains documents in multiple languages. A document library can contain documents in multiple languages without requiring you to create Web sites or site collections in multiple languages. For example, the document library for an English site collection can contain documents that are written in French and documents that are written in Japanese.

When you are planning multilingual sites, you should also consider what locales are necessary to support your sites. Locale is a regional setting that specifies the way numbers, dates and times are displayed on a site. However, locale does not change the language in which the site is displayed. For example, selecting the Thai locale changes the default sort order of list items and uses the Buddhist calendar instead of the default calendar. The locale is a setting that is configured independently of the language specified when a site is created, but unlike the language, the locale can be changed at any time. For more information about translation of the user interface, see Determine language pack requirements.
Determine language pack requirements

Based on the language requirements of your Web site, determine the language packs that have to be installed on your front-end Web servers. Language packs enable you to create sites and site collections in multiple languages without requiring separate installations of SharePoint Foundation 2010. Language packs are installed on the front-end Web servers in your server farm and contain language-specific site templates. When you create a site or a site collection that is based on a language-specific site template, the user interface text that appears on the site or the site collection is displayed in the language of the specified site template. For example, when you decide to create a site in French, the toolbars, navigation bars, lists, and column headings for that site will appear in French. Likewise, if you decide to create a site in Arabic, the toolbars, navigation bars, lists, and column headings for that site will appear in Arabic, and the default left-to-right orientation of the site changes to a right-to-left orientation to properly display Arabic text.

If your site will have users who cannot work in the default language that you plan to use for the site, you should also install language packs that will enable users to work in their chosen language by using the multilingual user interface. If you do not provide support for additional languages, users might find it difficult to use site features in their non-native language. Language packs provide language-specific translation of user interface elements such as the following:

    Ribbon elements

    List and site column headers

    Site settings interface

    Templates for new lists, document libraries, and sites

    Relevant search indexing of content that is not in the default language of the site.

Note:

Language packs provide translation only of the user interface. They do not translate content that is created and displayed in content pages or Web Parts.

The list of available languages that you can use to create a site or site collection, and which users can select in the multilingual user interface, is generated by the language packs that are installed on the front-end Web servers of your server farm. By default, sites and site collections are created in the language in which SharePoint Foundation 2010 was installed. For example, if you install the Spanish version of SharePoint Foundation 2010, the default language for sites, site collections, and Web pages is Spanish. If you have to create sites, site collections, or Web pages in a language other than the default SharePoint Foundation 2010 language, you must first install the language pack for that other language on the front-end Web servers before you can select another language in which to create a site. For example, if you are information about how to deploy language packs, see Deploy language packs (SharePoint Foundation 2010) (http://technet.microsoft.com/library/bd2a9863-954a-4e44-bafc-af8c9599cb47(Office.14).aspx).

Even though you specify a language for a site, some user interface elements such as error messages, notifications, or dialog boxes might not appear in the language that you choose. This is because SharePoint Foundation 2010 relies on several supporting technologies — such as the .NET Framework, Microsoft Windows Workflow Foundation, ASP.NET, and Microsoft SQL Server — and some of these supporting technologies are localized into only a limited number of languages. If a user interface element is generated by one of the supporting technologies, and if the supporting technology is not localized into the language that the site administrator specified for the site, the user interface element appears in English.

In addition, some text might originate from the original installation language, which can create a mixed-language experience. This type of mixed-language experience is typically seen only by content creators or site administrators and is not seen by site users.running the French version of SharePoint Foundation 2010 and you want to create sites in French, English, and Spanish, then you must install the English and Spanish language packs on the front-end Web servers before you can create the English and Spanish sites.

Language packs for SharePoint Foundation 2010 are not bundled or grouped into multilingual installation packages: you must install a specific language pack for each language that you want to support. Also, language packs must be installed on every front-end Web server in the server farm to ensure that each Web server can render content in the specified language. For information about what language packs are available, see Language packs (SharePoint Foundation 2010) (http://technet.microsoft.com/library/3d599354-863e-4528-9fe8-867df5f45658(Office.14).aspx).

Note:

Error logs that SharePoint Foundation 2010 stores on the server are always in English.

For more information about installing language packs, see Deploy language packs (SharePoint Foundation 2010) (http://technet.microsoft.com/library/bd2a9863-954a-4e44-bafc-af8c9599cb47(Office.14).aspx).
Determine requirements for word breakers and stemmers

Word breakers and stemmers are components that are part of the indexing and querying processes. A word breaker is a component that is used to break strings of text into individual words during the indexing and querying processes. A stemmer is a component that finds the root word of a term and can also generate variations of that term. The rules for word breaking and stemming differ for different languages, and you can specify different rules for different languages. Word breakers for each language enable the resulting terms to be more accurate for that language. Where there is a word breaker for a language family, but not for a specific sub-language, the major language is used. For example, the French word breaker is used to handle text that is French Canadian. If no word breaker is available for a particular language, the neutral word breaker is used. With the neutral word breaker, words are broken at neutral characters such as spaces and punctuation marks.

If you install any language packs or supplemental language support, we recommend that you install the appropriate word breaker and stemmer for each of the languages that you have to support. Word breakers and stemmers must be installed on all servers that are running the Search service. For a list of the languages for which SharePoint Foundation 2010 provides word breakers and stemmers, see Languages for word breakers and stemmers (SharePoint Foundation 2010) (http://technet.microsoft.com/library/bd2a9863-954a-4e44-bafc-af8c9599cb47(Office.14).aspx).
- See Also
Multilingual user interface overview (SharePoint Foundation 2010)

Plan for the multilingual user interface (SharePoint Foundation 2010)
Multilingual user interface overview (SharePoint Foundation 2010)

This article discusses the new multilingual user interface feature in Microsoft SharePoint Foundation 2010. Previously, in Windows SharePoint Services 3.0, when you created a site collection or site, if language packs were installed on the server, you could also choose the language in which to display the site user interface. However, after the language for a site had been set, it could not be changed. The multilingual user interface feature introduces the concept of secondary languages that users can select. This feature is used to display the site user interface in a secondary language that the user selects and that is different from the primary language that was chosen when the site was created.

This article describes the multilingual user interface in SharePoint Foundation 2010. This article does not describe how to deploy the language packs that are required to use the multilingual user interface or how to configure site settings to enable users to set their preferred language. It also does not discuss how to plan for using the multilingual user interface in your site solution. For information about how to let individual users change the language that is used to display their site’s user interface, see Make multiple languages available for your site’s user interface (http://go.microsoft.com/fwlink/?LinkID=198970&clcid=0x409). For more information about planning to use the multilingual user interface, see Plan for the multilingual user interface (SharePoint Foundation 2010).

In this article:

    Use and benefits of the multilingual user interface

    How the multilingual user interface works

    What is supported by the multilingual user interface

    Adding and modifying application content

    Exporting and importing translated content

    Limitations of the multilingual user interface

Use and benefits of the multilingual user interface

The multilingual user interface enables users to collaborate in a single site by using their selected secondary language, regardless of which language was selected when the site was created. When you create a new site, if language packs have been installed on the server, you can specify the primary language for the site. The site will use that primary language to display the site user interface, such as site navigation and administrative pages. If you want site users to be able to view the site user interface in a secondary language, you can specify which languages are available to users by using the Language Settings page. A user who is logged on to the site can use the Select Display Language option on the user menu to select a secondary language in which to display the site user interface. After the user selects a language, all sites within that domain name are displayed in their preferred language. However, this does not change the default, primary language of the site. Other users who view the site still see the site user interface displayed in the primary language. The site user interface is changed only for those users who have selected a different, secondary language in which to display the site.

By using the multilingual user interface, team members can work on documents and projects in a shared, common language, while they are viewing the site and performing tasks in their preferred language. In addition to team collaboration, the multilingual user interface enables farm and site administrators to perform administrative tasks in their preferred language. For example, farm administrators can change the primary language of the Central Administration Web site so that the administrative links and instructions are displayed in their preferred language.

Note:

The multilingual user interface displays only site user interface elements in another language. It does not translate or display content such as documents or list items in another language.

In addition to letting users change the primary language for a site, the multilingual user interface also enables users to make changes to new and existing application content, such as list or library titles and descriptions, and it enables users to have those changes be reflected in the user interface for other users of other languages. For example, a team member who uses English as the preferred language creates a new document library named “Team Reports.” Another team member who has the preferred language set to German, logs on to the site and changes the library title to “Mannschaftsberichte.” The next time that a user, who has the preferred language set to German, logs on to the site, the name of the document library is displayed as “Mannschaftsberichte.” However, a user who has the preferred language set to English still sees the document library name displayed as “Team Reports.”

SharePoint Foundation 2010 provides three methods that you can use to translate certain application content, such as list or library titles and descriptions: by using the user interface, by exporting and importing translations for a site, and by using the object model.

How the multilingual user interface works

By default, when a new site is created, it is created in the default language of the SharePoint Foundation 2010 installation on the server. A farm administrator must install language packs on the server before sites can be created in languages other than the default language. For more information, see Deploy language packs (SharePoint Foundation 2010) (http://technet.microsoft.com/library/bd2a9863-954a-4e44-bafc-af8c9599cb47(Office.14).aspx).

After language packs have been installed on the server, the Language Settings link is added to the Site Settings page. Site administrators use the Language Settings page to specify which secondary languages the site will support. After the site administrator has enabled secondary languages for a site, users can log on to the site and use the Select Display Language option on the user menu to change the display language when they browse to any page in the site collection. When a user changes the display language of a page, the new display language becomes the user’s preferred language for the whole site collection.

SharePoint Foundation 2010 selects the language in which to display pages of a site collection by using the first of the following rules that applies:

1.    Does the user have a preferred language for this site collection on this computer? If so, use the user’s preferred language.

2.    Is the language preference that is specified in the Web browser one of the supported languages for the page? If so, use the preferred language of the browser.

3.    Otherwise, use the default language for the site collection.

SharePoint Foundation 2010 provides three methods that you can use to modify certain application content, such as list or library titles and descriptions: by using the user interface, by exporting and importing translations for a site, and by using the SPUserResource class in the Microsoft.SharePoint namespace. Not all user interface elements can be changed directly in the user interface. For example, user actions and commands can be changed only by using the SPUserResource class. For more information, see SPUserResource class (http://go.microsoft.com/fwlink/?LinkID=193203&clcid=0x409).
What is supported by the multilingual user interface

When a user views a site in a secondary language, certain elements of the user interface are provided in the preferred language. The following list includes examples of items that are supported by the multilingual user interface:

    Settings pages, such as those in the _layouts and the _admin virtual directories.

    Help.

    Application content, such as menus, controls, site actions, site title and description, list or library titles and descriptions, top link bar links, Quick Launch links, local breadcrumbs, site and list content types, and site and list columns.

    Developer content, such as features, and solutions.

However, not all user interface elements are translated. The following list includes examples of items that are not supported by the multilingual user interface:

    Web Parts (except those that are linked to lists or libraries).

    Global breadcrumbs.

    User created content, such as list item data, documents and Web pages in libraries, permissions levels, groups, views, and Web Parts.

Although most site templates are supported by the multilingual user interface, the following site templates are not supported:

    The Blog template.

    Any of the meeting workspace templates.

    Any of the Web database templates.

Adding and modifying application content

A user can add or modify application content, such as list titles or column names and descriptions, in one of two ways: by adding or modifying content in the primary language or by adding or modifying content in one or more secondary languages.

When a user views a site by using the primary language of the site, any new application content that is created is displayed in the primary language, even when the site is viewed in a secondary language. For example, if the primary language for a site is English, when a user views the site in the primary language and creates a new document library called “Team Documents”, the library title is still displayed as “Team Documents” when a user views the site in any secondary language. To translate new user interface strings into a secondary language, a user must change the user preferences to display the site in a secondary language and then make the change to the user interface element.

When a user views a site by using a secondary language, any new application content that is created is displayed in that language even when the site is viewed in the primary language or in any other secondary language. For example, if the primary language for a site is English, and a user views the site in German and adds a document library called “Mannschaftsdokumente”, the library title is displayed as “Mannschaftsdokumente” even when the site is viewed in English. To translate new user interface strings into the primary language or to other secondary languages, the user must change the user preferences to display the site in the required language and then make the change to the user interface. The Language Settings page contains an Overwrite Translations option that affects how changes to existing application content are made to other languages for the site. If the Overwrite Translations option is enabled, any changes that are made to the user interface in the primary language overwrite any changes that have been made to user interface elements in secondary languages.

By default, when a user views a site by using the primary language of the site, any changes that are made to existing application content are changed for that language only. The strings that are associated with that user interface element in the secondary languages remain unchanged. However, if the Overwrite Translations option is enabled, the strings that are associated with that user interface element for every language are replaced with the new primary language string. For example, if the primary language for a site is English, and a user changes the title of the “Shared Documents” library to “Team Documents”, by default, the title is changed only for the primary language of the site. However, if the Overwrite Translations option is enabled, the title is changed to “Team Documents” for every secondary language, and it must be retranslated.

When a user views a site by using a secondary language, any changes that are made to existing application content are changed for that language only. The strings that are associated with that user interface element in the primary language and other secondary languages remain unchanged. To translate user interface strings into the primary language, or to other secondary languages, the user must change the user preferences to display the site in the required language and then make the change to the user interface.

Exporting and importing translated content

The multilingual user interface feature lets you export and import application content for bulk translation. Instead of translating application content one item at a time, you can export the strings for any new or modified application content in the primary language or in one of the secondary languages. To export content, you use the Export Translations link on the Site Settings page. When you export application content for a secondary language, you can decide to export all content or only content that has not been translated.

When the application content is exported, it is saved as a .resx file, which can be opened by using a text editor or any third-party tool that can open resource files. For more information, see Resources in .Resx File Format (http://go.microsoft.com/fwlink/?LinkID=193206&clcid=0x409). After the resource strings have been translated, you use the Import Translations link on the Site Settings page to import the .resx file.
Limitations of the multilingual user interface
As mentioned previously, not all user interface elements are supported by the multilingual user interface. The following list describes additional limitations that apply when you use the multilingual user interface:

 Search Search indexes content in the default language of the SharePoint installation. Even if content is provided in secondary languages, that content is only searchable by using the default language of the site. For example, if your preferred language is German, but the primary language for the site is English, a search for “Freigegebene Dokumente” does not return any search results. However, a search for “Shared Documents” does return search results.

 Web Parts Web Part titles and descriptions do not change in the user interface, unless a Web Part is a list-based Web Part. For example, the title and description for Web Parts that display list and library data, such as Announcements and Shared Documents, are displayed in a user’s preferred language, whereas the title and description for other Web Parts, such as the Content Editor and the Content Query Web Parts, are displayed only in the primary site language.
- See Also
Plan for the multilingual user interface (SharePoint Foundation 2010)

Plan for multilingual sites (SharePoint Foundation 2010)
Plan for the multilingual user interface (SharePoint Foundation 2010)

The new multilingual user interface feature in Microsoft SharePoint Foundation 2010 introduces the concept of a secondary language that the user can select. This feature displays the site user interface in a secondary language that the user selects and that is different from the primary language that was chosen when the site was created.

This article describes how to plan for using the multilingual user interface in your SharePoint Foundation 2010 site solution. This article does not describe how to deploy the language packs that are required to use the multilingual user interface or how to configure site settings to enable users to set their preferred language. For information about how to let individual users change the language that is used to display their site’s user interface, see Make multiple languages available for your site’s user interface (http://go.microsoft.com/fwlink/?LinkID=198970&clcid=0x409). For more information about the multilingual user interface, see Multilingual user interface overview (SharePoint Foundation 2010).

In this article:

    Determine language requirements for your sites

    Plan for translating content

    Plan for installing service packs

Determine language requirements for your sites

Before you can use the multilingual user interface in your SharePoint sites, the farm administrator must deploy language packs to the server so that they are available for use on sites. Decide which language packs are needed and when they will be deployed to the server. Site administrators must configure the language settings for individual sites to make specific languages available to site users. You should decide which languages are needed for each site and plan to have the site administrators enable specific languages for the sites they manage. For information about planning multilingual sites, see Plan for multilingual sites (SharePoint Foundation 2010). For information about deploying language packs, see Deploy language packs (SharePoint Foundation 2010) (http://technet.microsoft.com/library/bd2a9863-954a-4e44-bafc-af8c9599cb47(Office.14).aspx).
Plan for translating content

If you will enable the multilingual user interface on your site to provide users a way to collaborate while they are using their preferred language, you must decide whether using the default multilingual user interface will be sufficient or whether application content will have to be translated. If you have application content that has to be translated, you should consider the following questions:

    How will new and existing application content be translated?   Will individual team members translate application content directly in the user interface as it becomes necessary, or will you export resource files in the languages that are needed for the site and have them all translated at once? If users create new application content in a secondary language, you must plan for who will translate that content into the primary language of the site and for the other secondary languages. If you plan to create complex pages, such as new menu pages, or develop custom solutions, such as features that create lists, you must plan to use the object model to provide translations in secondary languages.

    Who will translate the application content?   Will the translation of resource files be done by someone within your organization, or will you need to have a third-party translate them for you?

    How will updates to the application content be handled?   Will changes to the user interface be translated as changes are made, or will changes be made on a periodic schedule? This might depend on the size and scale of the sites and the content that is included.

    How should translation overwrites be handled?   Do you want changes in the primary language to overwrite string values in secondary languages? If so, then you must enable the Overwrite Translations option on the Language Settings page.

    What column names must be changed?   What column names must be translated, and for which languages? Will the column names be at the list level or at the site level?

Plan for installing service packs
If language packs are updated as part of a service pack release for SharePoint, you must update the language packs on the server when the service pack is installed. You should plan to coordinate with the farm administrator to monitor the release of service packs and any associated language packs so that you are aware of updated language packs that need to be installed for your users.
- See Also
Multilingual user interface overview (SharePoint Foundation 2010)

Plan for multilingual sites (SharePoint Foundation 2010)
Security planning for sites and content (SharePoint Foundation 2010)

Some of the sites in your enterprise probably contain content that should not be available to all users. For example, proprietary technical information should be accessible only on a need-to-know basis. An intranet portal for employee benefits should be available only to full-time employees, whereas the home page of an Internet Web site is accessible by anonymous clients.

Permissions control access to your sites and site content. You can manage permissions by using Microsoft SharePoint Foundation 2010 groups, which control membership, and fine-grained permissions, which help to secure content at the item and document level. This section describes permissions for sites and site content and provides considerations for choosing permissions.

In this section:

    Plan site permissions (SharePoint Foundation 2010) helps you understand how permissions are assigned and helps you choose the appropriate permissions to use in your site collection or subsite.

    Determine permission levels and groups (SharePoint Foundation) reviews the available permission levels and groups, and helps you determine whether you need additional permission levels or groups.

    Choose security groups (SharePoint Foundation 2010) helps you determine which Microsoft Windows security groups and user accounts to use to grant access to sites, decide whether to use the Authenticated Users group, and decide whether to allow anonymous access.

    Choose administrators and owners for the administration hierarchy (SharePoint Foundation 2010) defines the levels of administration from the server level to the subsite level and helps you choose administrators for each level.

    Best practices for using fine-grained permissions (white paper) (SharePoint Foundation 2010) provides guidance for using fine-grained permissions in SharePoint 2010 Products.

Plan site permissions (SharePoint Foundation 2010)

This article helps you plan access control at the site collection, site, and subsite levels. This article also describes permission inheritance and fine-grained permissions, and explains how to determine effective permissions for users and groups at different scopes within a site collection hierarchy.

In this article:

    About site permissions

    About assigning permissions

    Permission inheritance and fine-grained permissions

    Permission inheritance and subsites

    About effective permissions

    Choose permission levels

    Plan for permission inheritance

Introduction

Site and content access is controlled by giving users and groups a set of permissions for a specific site, list or library, folder, document, or item. When you develop your plan for site and content access, you should consider the following issues:

 How tightly you want to control permissions for the site or site content. For example, you might want to control access at the site level, or you might need more restrictive security settings for a specific list, folder, or item.

 How to use groups to categorize and manage your users. Groups have no permissions until they are assigned a permission level for a specific site or for specific site content. When you assign permission levels to SharePoint groups at the site collection level, by default, all sites and site content inherit those permission levels. For more information about categorizing users into groups, see “Choose security groups”.

This article describes site permissions and helps you determine which sites or site content will require unique permissions. This article does not address planning the security of your entire server or server farm.

About site permissions

You should understand the following concepts before you configure access to sites and site content:

    Individual user permissions   Individual permissions grant a user the ability to perform specific actions. For example, the View Items permission grants the user the ability to view items in a list or folder, but not to add or remove items. For information about available permissions, see User permissions and permission levels (SharePoint Foundation 2010) (http://technet.microsoft.com/library/7238eb84-12d3-4323-a65c-277016f8bc4d(Office.14).aspx).

    Permission level   This set of permissions grants users permission to perform a set of related tasks. For example, the Read permission level includes the View Items, Open Items, View Pages, and View Versions permissions (and others), all of which are needed to read documents, items, and pages of a SharePoint site. Individual permissions can be included in more than one permission level. Permission levels can be customized by anyone assigned to a permission level that includes the Manage Permissions permission. The default permission levels are Limited Access, Read, Contribute, Design, and Full Control. For information about default permission levels and the permissions included in each level, see User permissions and permission levels (SharePoint Foundation 2010) (http://technet.microsoft.com/library/7238eb84-12d3-4323-a65c-277016f8bc4d(Office.14).aspx).

    Group   A group can be either a Windows security group or a group, such as Site Owners, Site Members, or Site Visitors. Groups are created and managed at the site collection level. Each SharePoint group is assigned a default permission level, but the permission level for any group can be customized. Anyone assigned to a permission level that includes the Create Groups permission, which is included in the Full Control permission level by default, can create custom SharePoint groups.

    User   A user is a person with a user account that can be authenticated by the same authentication method that was used for the server. We recommend that you assign permissions to groups instead of users, although you can directly give individual users permissions to a site or specific site content or directly assign a permission level to a user. Because it is inefficient to maintain individual user accounts, you should assign permissions on a per-user basis only as an exception. For more information about user account types, see User permissions and permission levels (SharePoint Foundation 2010) (http://technet.microsoft.com/library/7238eb84-12d3-4323-a65c-277016f8bc4d(Office.14).aspx).

    Securable object   A securable object is a site, list, library, folder, document, or item for which permission levels can be assigned to users or groups. By default, all lists and libraries within a site inherit permissions from the site. You can use list-level, folder-level, and item-level permissions to additionally control which users can view or interact with site content. For example, if a permission level for a specific securable object includes the Manage Permissions permission, anyone who is assigned that permission level can change the permissions for that securable object. You can resume inheriting permissions from a parent list, the site as a whole, or a parent site at any time.
About assigning permissions

You can assign a user or group a permission level for a specific securable object. Individual users or groups can have different permission levels for different securable objects.

About permission inheritance

Permissions on securable objects within a site are inherited from the site itself by default. You can use fine-grained permissions — unique permissions on the list or library, folder, or item or document level — to gain more control of the actions users can take on your site.

Permission inheritance and fine-grained permissions

You can break permission inheritance for any securable object at a lower level in the site hierarchy by creating a fine-grained permission on that securable object. For example, you can edit the permissions for a document library, which breaks the inheritance from the site. However, the inheritance is broken only for the specific securable object for which you changed permissions; the rest of the site’s permissions are unchanged. You can resume inheriting permissions from the parent list or site at any time.

Tip:

If you are using fine-grained permissions, you should use groups to avoid having to track individual user accounts. For example, because people move in and out of teams and change responsibilities frequently, tracking those changes and updating the permissions for uniquely secured objects would be time-consuming and error-prone.

The following securable objects can accept fine-grained permission assignments:

    Site: Controls access to the site as a whole.

    List or library: Controls access to a specific list or library.

    Folder: Controls access to folder properties (such as the name of the folder).

    Item or document: Controls access to a specific list item or document.

Permission inheritance and subsites

Inheriting permissions is the default behavior and is the easiest way to manage a group of Web sites. However, if a subsite inherits permissions from its parent, that set of permissions is shared with the parent. If the subsite’s owners edit its permissions, the site’s permissions will also change, which could compromise security or prevent users from accessing content.

If you want to change permissions for the subsite only, you must first stop inheriting permissions from the site and then create fine-grained permissions on the subsite. For example, if specific lists, libraries, folders, items, or documents contain sensitive data that requires an increased level of protection, you can create fine-grained permissions for a specific group or individual user who requires access.

Creating unique permissions copies the groups, users, and permission levels from the parent site to the subsite and then breaks the inheritance. If you restore inherited permissions, the subsite will inherit its users, groups, and permission levels from the parent site again, and you will lose any users, groups, or permission levels that were unique to the subsite.

Note:

As a best practice, you should arrange sites and subsites so they can share most of their permissions, and do the same for lists and libraries. Place any sensitive data into separate lists, libraries, or subsites.

About effective permissions

Configuring security settings or performing bulk operations requires accurate information about user and group permissions on site resources. For example, many SharePoint sites give all authenticated users (the NTAUTHORITY\AUTHENTICATED USERS domain group) access to at least some site content. If you want to additionally restrict access, you must determine exactly which permissions authenticated users have, and on which site content.

Tracing inherited permissions and areas where inheritance is broken complicates the process of determining the correct permissions. Microsoft SharePoint Foundation 2010 uses effective permissions to determine a user or group’s permissions on all resources within a site collection. You can now find both the user’s directly assigned permissions and the permissions assigned to any groups of which the user is a member.

Important:

Effective permissions make it easier to find permissions in a site collection. However, they should never be used as a substitute for a carefully planned permissions structure.

Choose permission levels

When you create permissions, you must balance ease of administration and performance against the need to control access to individual items. If you use fine-grained permissions extensively, you will spend more time managing the permissions, and users may experience slower performance when they try to access site content.

Use the following guidelines to configure site permissions:

    Follow the principle of least privilege: Users should have only the permission levels or individual permissions they need to perform their assigned tasks.

    Use standard groups (such as Members, Visitors, and Owners) and control permissions at the site level.

    Make most users members of the Members or Visitors groups. By default, users in the Members group can contribute to the site by adding or removing items or documents, but cannot change the structure, site settings, or appearance of the site. The Visitors group has read-only access to the site, which means that they can see pages and items, and open items and documents, but cannot add or remove pages, items, or documents.

    Limit the number of people in the Owners group. Only those users you trust to change the structure, settings, or appearance of the site should be in the Owners group.

You can create additional SharePoint groups and permission levels if you need more control over the actions that your users can take. For example, if you do not want the Read permission level on a specific subsite to include the Create Alerts permission, break the inheritance and customize the Read permission level for that subsite.

Plan for permission inheritance

It is much easier to manage permissions when there is a clear hierarchy of permissions and inherited permissions. It becomes more difficult when some lists within a site have fine-grained permissions applied, and when some sites have subsites with unique permissions and others with inherited permissions.

For example, it is much easier to manage a site that has permission inheritance, as shown in the following table.

Securable object	Description	Unique or inherited permissions
SiteA	Group home page	Unique
SiteA/SubsiteA	Sensitive group	Unique
SiteA/SubsiteA/ListA	Sensitive data	Unique
SiteA/SubsiteA/LibraryA	Sensitive documents	Unique
SiteA/SubsiteB	Group shared project information	Inherited
SiteA/SubsiteB/ListB	Non-sensitive data	Inherited
SiteA/SubsiteB/LibraryB	Non-sensitive documents	Inherited

However, it is not as easy to manage a site that has permission inheritance, as shown in the following table.

Securable object	Description	Unique or inherited permissions
SiteA	Group home page	Unique
SiteA/SubsiteA	Sensitive group	Unique
SiteA/SubsiteA/ListA	Non-sensitive data	Unique, but same permissions as SiteA
SiteA/SubsiteA/LibraryA	Non-sensitive documents, but with one or two sensitive documents	Inherited, with unique permissions at the document level
SiteA/SubsiteB	Group shared project information	Inherited
SiteA/SubsiteB/ListB	Non-sensitive data, but with one or two sensitive items	Inherited, with unique permissions at the item level
SiteA/SubsiteB/LibraryB	Non-sensitive documents, but with a special folder that contains sensitive documents	Inherited, with unique permissions at the folder and document level

Determine permission levels and groups (SharePoint Foundation)

This article reviews the default groups and permission levels and helps you decide whether to use them, customize them, or add new groups and permission levels to promote security.

In this article:

    Review available default groups

    Review available permission levels

    Determine whether you need additional permission levels or groups

The most important decision about your site and content security in Microsoft SharePoint Foundation 2010 is to decide how to categorize your users and what permission levels to assign.

There are several default SharePoint groups that are intended to help you categorize your users based on the kinds of actions they need to perform, but you might have unique requirements or other ways of looking at sets of users. Likewise, there are default permission levels, but they might not always align exactly with the tasks that your groups need to perform.

In this article, you review the default groups and permission levels and decide whether to use them as they are, customize them, or create different groups and permission levels.

Review available default groups

With SharePoint groups, you manage sets of users instead of individual users. SharePoint groups can be composed of many individual users, can hold a single Windows security group, or can be some combination of the two. SharePoint groups confer no specific rights to the site; they are merely a way to contain a set of users. You can organize users into any number of groups, depending on the size and complexity of your organization or Web site.

The following table shows the default groups that are created for sites in SharePoint Foundation 2010.

Group name

Default permission level

<Site name> Visitors

Read

<Site name> Members

Contribute

<Site name> Owners

Full Control

In addition, the following special users and groups are available for higher-level administration tasks:

    Site collection administrators   You can designate one or more users as primary and secondary site collection administrators. These users are recorded in the database as the contacts for the site collection, have full control of all sites within the site collection, can audit all site content, and receive any administrative alerts (such as verifying whether the site is still being used). Generally, you designate site collection administrators when you create the site, but you can change them as needed by using the Central Administration site or Site Settings pages.

    Farm administrators   Controls which users can manage server and server farm settings. The Farm Administrators group replaces the need for adding users to the Administrators group for the server. Farm administrators have no access to site content by default; they must take ownership of the site to view any content. They do this by adding themselves as site collection administrators, which action is recorded in the audit logs. The Farm Administrators group is used in Central Administration only, and is not available for any sites.

    Administrators   Members of the Administrators group on the local server can perform all farm administrator actions and more, including the following:

    Installing new products or applications.

    Deploying Web Parts and new features to the global assembly cache.

    Creating new Web applications and new IIS Web sites.

    Starting services.

Like the Farm Administrators group, members of the Administrators group on the local server have no access to site content, by default.

After you determine the groups you need, determine the permission levels to assign to each group on your site.

Review available permission levels

The ability to view, change, or manage a particular site is determined by the permission level that you assign to a user or group. This permission level controls all permissions for the site and for any subsites, lists, document libraries, folders, and items or documents that inherit the site’s permissions. Without the appropriate permission levels, your users might be unable to perform their tasks, or they might be able to perform tasks that you did not intend them to perform.

By default, the following permission levels are available:

    Limited Access   Includes permissions that enable users to view specific lists, document libraries, list items, folders, or documents when granted permissions.

    Read   Includes permissions that enable users to view items on the site pages.

    Contribute   Includes permissions that enable users to add or change items on the site pages or in lists and document libraries.

    Design   Includes permissions that enable users to change the layout of site pages by using the browser or Microsoft Office SharePoint Designer 2007.

    Full Control   Includes all permissions.

Determine whether you need additional permission levels or groups

The default groups and permission levels provide a general framework for permissions, covering many different organization types and roles within those organizations. However, they might not map exactly to how your users are organized or to the many different tasks that your users perform on your sites. If the default groups and permission levels do not suit your organization, you can create custom groups, change the permissions included in specific permission levels, or create custom permission levels.

Do you need custom groups?

The decision to create custom groups is fairly straightforward and has little effect on your site’s security. Essentially, you should create custom groups instead of using the default groups if any of the following applies:

 You have more (or fewer) user roles within your organization than are apparent in the default groups. For example, if in addition to Designers, you have a set of people who are tasked with publishing content to the site, you might want to create a Publishers group.

 There are well-known names for unique roles within your organization that perform very different tasks in the sites. For example, if you are creating a public site to sell your organization’s products, you might want to create a Customers group that replaces Visitors or Viewers.

 You want to preserve a one-to-one relationship between Windows security groups and the SharePoint groups. (For example, your organization has a security group for Web Site Managers, and you want to use that name as a group name for easy identification when managing the site).

 You prefer other group names.

Do you need custom permission levels?

The decision to customize permission levels is less straightforward than the decision to customize SharePoint groups. If you customize the permissions assigned to a permission level, you must keep track of that change, verify that it works for all groups and sites affected by that change, and ensure that the change does not negatively affect your security or your server capacity or performance.

For example, regarding security, if you customize the Contribute permission level to include the Create Subsites permission that is typically part of the Full Control permission level, Contributors can create and own subsites, potentially inviting malicious users to their subsites or posting unapproved content. Or, regarding capacity, if you change the Read permission level to include the Create Alerts permission that is typically part of the Contribute permission level, all members of the Visitors group can create alerts, which might overload your servers.

You should customize the default permission levels if either of the following situations applies:

 A default permission level includes all permissions except one that your users need to do their jobs, and you want to add that permission.

 A default permission level includes a permission that your users do not need.

Note:

You should not customize the default permission levels if your organization has security or other concerns about a particular permission and wants to make that permission unavailable for all users assigned to the permission level or levels that include that permission. In this case, you should turn off this permission for all Web applications in your server farm, rather than change all of the permission levels.

If you need to make several changes to a particular permission level, it is better to create a custom permission level that includes all of the permissions you need.

You might want to create additional permission levels if either of the following situations applies:

 You want to exclude several permissions from a particular permission level.

 You want to define a unique set of permissions for a new permission level.

To create a permission level, you can copy an existing permission level and then make changes, or you can create a permission level and then select the permissions that you want to include.

Note:

Some permissions depend on other permissions. If you clear a permission that another permission depends on, the other permission is also cleared.

Choose security groups (SharePoint Foundation 2010)

This article describes the security and distribution groups that are included in Active Directory Domain Services (AD°DS). This article also provides recommendations for using those groups to organize the users of your SharePoint sites.

In this article:

    Determine which Windows security groups and accounts to use for granting access to sites

    Decide whether to allow access for all authenticated users

    Decide whether to allow access for anonymous users

Introduction

Managing users of SharePoint sites is easier if you assign site permissions to groups instead of to individual users. In AD°DS, the following groups are typically used to organize users:

 Distribution group A group that is used only for e-mail distribution and that is not security-enabled. Distribution groups cannot be listed in discretionary access control lists (DACLs), which are used to define permissions on resources and objects.

 Security group A group that can be listed in DACLs. A security group can also be used as an e-mail entity.

You can use security groups to control permissions for your site by directly adding the security group to the site and granting permissions to the entire group. You cannot directly add distribution groups, but you can expand a distribution group and add the individual members to a SharePoint group. If you use this method, you must manually keep the SharePoint group synchronized with the distribution group. If you use security groups, you do not need to manage the individual users in the SharePoint application. Because you included the security group itself and not the individual members of the group, AD°DS manages the users for you.

Note

 Security groups that contain the following items may be more difficult to manage:

Determine which Windows security groups and accounts to use for granting access to sites

Each organization sets up its Windows security groups differently. For easier permission management, security groups should be:

 Large and stable enough that you are not continually adding groups to your SharePoint sites.

 Small enough that you can assign appropriate permissions.

For example, a security group called “all users in building 2” is probably not small enough to assign permissions, unless all users in building 2 have the same job function, such as accounts receivable clerks. This is rarely the case, so you should look for a smaller, more specific set of users, such as “Accounts Receivable.”

Decide whether to allow access for all authenticated users

If you want all users within your domain to be able to view content on your site, consider granting access to all authenticated users (the Domain Users Windows security group). This special group enables all members of your domain to access a Web site (at the permission level that you choose), without your having to enable anonymous access.

Decide whether to allow access for anonymous users

You can enable anonymous access to let users view pages anonymously. Most Internet Web sites allow for anonymous viewing of a site, but might ask for authentication when someone wants to edit the site or buy an item on a shopping site. Anonymous access must be granted at the Web application level at the time that the Web application is created.

If anonymous access is enabled for the Web application, site administrators can decide whether to:

    Grant anonymous access to a site.

    Grant anonymous access only to lists and libraries.

    Block anonymous access to a site completely.

Anonymous access relies on the anonymous user account on the Web server. This account is created and maintained by Internet Information Services (IIS), not by your SharePoint site. By default in IIS, the anonymous user account is IUSR. When you enable anonymous access, you are in effect granting that account access to the SharePoint site. Allowing access to a site, or to lists and libraries, grants the View Items permission to the anonymous user account. However, even with the View Items permission, there are restrictions to what anonymous users can do. Anonymous users cannot:

    Open sites for editing in Microsoft SharePoint Designer 2010; in other words, they cannot use remote procedure call (RPC).

    View sites in My Network Places; in other words, they cannot use Web Distributed Authoring and Versioning (WebDAV), the Web Folders protocol in Windows.

    Upload or edit documents in document libraries, including wiki libraries.

Important:

To improve security for sites, lists, or libraries, do not enable anonymous access. Enabling anonymous access lets users contribute to lists, discussions, and surveys, possibly using up server disk space and other resources. Anonymous access also allows for anonymous users to discover site information, including user e-mail addresses and any content posted to lists, and libraries, and discussions.

You can set permission policies for the anonymous user for different zones (Internet, Extranet, Intranet, Other) if you have the same Web application serving content in those different zones. The policies are described in the following list:

    None   No policy. This is the default option. No additional permission restrictions or additions are applied to site anonymous users.

    Read   Anonymous users can read content, unless the site administrator turns off anonymous access.

    Deny Write   Anonymous users cannot write content, even if the site administrator specifically attempts to grant the anonymous user account that permission.

    Deny All   Anonymous users cannot have any access, even if site administrators specifically attempt to grant the anonymous user account access to their sites.

Choose administrators and owners for the administration hierarchy (SharePoint Foundation 2010)

This article describes the administrator roles that correspond to the Microsoft SharePoint Foundation 2010 server and site hierarchy. Many people can be involved in managing SharePoint Foundation 2010. Administration of SharePoint Foundation 2010 occurs at the following levels:

    Server farm

    Shared services

    Sites

    Document library or list

    Individual items

In this article:

    Levels of administration

Introduction

Most levels of the server and site hierarchy have a corresponding administration group. The Web application level does not have a unique administrator group, but farm administrators control the Web applications within their scope. Members of the Farm Administrators group and members of the Administrators group on the local server can define a policy to grant individual users permissions at the Web application level.

Levels of administration

The following groups of users have administrative permissions at different levels of the administration hierarchy:

    Server or server farm level

    Farm Administrators group   Members of the Farm Administrators group have permissions to and responsibility for all servers in the server farm. Members can perform all administrative tasks in Central Administration for the server or server farm. Members of this group can also use Windows PowerShell to create and manage configuration database objects. They can assign administrators to manage service applications, which are instances of shared services. This group does not have access to individual sites or their content.

    Administrators group   Members of the Administrators group on the local server can perform all farm administrator actions. Administrators on the local server can perform additional tasks, such as installing new products or applications, deploying Web Parts and new features to the global assembly cache, creating new Web applications and new Internet Information Services (IIS) Web sites, and starting services. Like farm administrators, members of this group on the local server have no access to site content, by default.

Note:

Farm administrators and local administrators can take ownership of specific site collections, if it is necessary. For example, if a site administrator leaves the organization and a new administrator must be added, the farm administrator or a member of the local Administrators group can take ownership of the site collection to make the change.

    Shared services level

    Service application administrators   These administrators are delegated by the farm administrator. They can configure settings for a specific service application within a farm. However, these administrators cannot create service applications, access any other service applications in the farm, or perform any farm-level operations, including topology changes. For example, the service application administrator for a Search service application in a farm can configure settings for that Search service application only.

    Feature administrators   A feature administrator is associated with a specific feature or features of a service application. These administrators can manage a subset of service application settings, but not the entire service application. For example, a Feature administrator might manage the Audiences feature of the User Profile service application.

    Site level

    Site collection administrators   These administrators have the Full Control permission level on all Web sites within a site collection. They have access to content in all sites in that site collection, even if they do not have explicit permissions on that site.

    Site owners   By default, members of the Owners group for a site have the Full Control permission level on that site. They can perform administration tasks for the site, and for any list or library within that site. They receive e-mail notifications for events, such as the pending automatic deletion of inactive sites and requests for site access.

Best practices for using fine-grained permissions (white paper) (SharePoint Foundation 2010)

This white paper describes best practices for fine-grained permissions (FGP) and how to use them within your organization when implementing Microsoft SharePoint Foundation 2010.

Download the white paper from the following link: http://go.microsoft.com/fwlink/?LinkId=201596 (http://go.microsoft.com/fwlink/?LinkId=201596)
Sandboxed solutions planning (SharePoint Foundation 2010)

Sandboxed solutions restrict access to network and local resources to provide greater security and stability. You can use sandboxed solutions for load balancing solutions, for solutions that have not been fully tested, and for deploying user solutions in a hosted environment. Sandboxed solutions run in a separate worker thread so that they cannot access resources that belong to other solutions, and they have limited access to local and network resources.
In this section

 Sandboxed solutions overview (SharePoint Foundation 2010)

 Planning sandboxed solutions (SharePoint Foundation 2010)

Sandboxed solutions overview (SharePoint Foundation 2010)

You can deploy a Microsoft SharePoint Foundation 2010 solution directly onto your SharePoint Foundation farm, or you can deploy the solution into a sandbox. A sandbox is a restricted execution environment that enables programs to access only certain resources, and that keeps problems that occur in the sandbox from affecting the rest of the server environment.

Solutions that you deploy into a sandbox, which are known as sandboxed solutions, cannot use certain computer and network resources, and cannot access content outside the site collection they are deployed in. For more information about the restrictions on sandboxed solutions, see What a sandboxed solution cannot contain.

Because sandboxed solutions cannot affect the whole server farm, they do not have to be deployed by a farm administrator. Sandboxed solutions can be deployed by a site collection administrator or, in certain situations, by a user who has full control at the root of the site collection. Only a farm administrator can promote a sandboxed solution to run directly on the farm, outside its sandbox.

It is especially appropriate to use sandboxed solutions in two scenarios:

    When an organization want to run code for employees on a production SharePoint Foundation site, and that code has not been stringently code reviewed and tested.

    When a hoster wants to let the owners of hosted SharePoint Foundation sites upload and run custom code.

This article introduces the concepts that are related to sandboxed solutions, explains the differences between sandboxed solutions and solutions that are deployed on the farm, and summarizes how sandboxed solutions are deployed and run. This article does not contain detailed procedures for configuring sandboxing or for deploying sandboxed solutions.

In this article:

    Deploying and running a sandboxed solution

    Isolating sandboxed solutions

    What a sandboxed solution cannot contain

    Comparison of sandboxed and farm solutions

    Benefits of using sandboxed solutions

Deploying and running a sandboxed solution

Any page of a SharePoint Foundation application can contain components that run in a sandbox in addition to components that run directly on the farm. The components that are deployed to the farm run in the Internet Information Services (IIS) worker process. The components that are deployed to the sandbox run in a sandboxed process.

The following list identifies several of the components that you might deploy in a sandbox:

    Web Parts

    Event receivers

    Feature receivers

    Custom Microsoft SharePoint Designer workflow activities

    Microsoft InfoPath business logic

The following steps describe how to deploy a sandboxed solution:

1.    A farm administrator performs the following tasks. These have to be done only one time.

    A farm administrator enables sandboxing and starts the sandboxing service on each server that will run sandboxed solutions.

    A farm administrator determines which load balancing scheme to use. The load balancing scheme applies to all sandboxed solutions in all site collections on the farm.

    A farm administrator sets resource quotas that the combination of all sandboxed solutions in a site collection cannot exceed.

2.    A site collection administrator or a user who has full control at the root of the site collection uploads a solution the site collection’s solution gallery.

3.    A site collection administrator activates the solution. If the solution does not contain an assembly, a user who has full control at the root of the site collection can also activate the solution. Validation tools run against the solution. If the solution fails validation, it is not activated.

When a request to run a sandboxed solution is processed, the following activities occur:

1.    Based on load balancing scheme, SharePoint Foundation determines which server to run the solution on. If load balancing is local, the solution runs on the same server that is servicing the request. If load balancing is remote, the server that the solution runs on is selected based on solution affinity. In both cases, the server must be running the sandboxing service.

2.    SharePoint Foundation selects a sandbox worker process to run the solution in; loads a “shim” dynamic-link library (dll) into the process; and then loads the solution assembly into the process.

3.    As the solution runs, its code passes through the shim before it is executed by SharePoint Foundation. If the solution code attempts to use APIs that sandboxed solutions are restricted from using, the shim signals an exception instead of letting the code pass through and run.

4.    SharePoint Foundation monitors the resources that sandboxed solutions use. If the sandboxed solution exceeds a hard limit (for example, if it uses more than a predefined amount of CPU time,) SharePoint Foundation terminates the sandbox worker process. If the combination of all sandboxed solutions in the site collection exceeds the site collection’s resource quota, SharePoint Foundation turns off all sandboxed solutions in the site collection for the rest of the day.

5.    A site collection administrator can monitor the resources that sandboxed solutions use, and can deactivate solutions in the site collection.

If necessary, a farm administrator can block a solution from running on the farm. Optionally, a farm administrator can also remove the requirement that a solution be run in a sandbox. If the requirement to run in a sandbox is removed, when the solution runs in any site collection in the farm, it will no longer run in a sandbox.

Isolating sandboxed solutions

You can isolate sandboxed solutions to various degrees. Each additional level of isolation increases your ability to protect the main part of your SharePoint Foundation site from code that might consume too many resources. At the first level, sandboxed code runs in a rights-restricted, isolated process. Code Access Security (CAS) limits the operations that the code can perform. You can increase isolation by using remote load balancing and by running the sandboxing service on only specific servers. In a production environment, we recommend that you use remote load balancing and dedicate a separate server to running sandboxed solutions.

What a sandboxed solution cannot contain

A SharePoint Foundation solution must contain the configuration file that is named manifest.xml, and may also contain additional configuration files and assemblies. If the solution will run in a sandbox, the assembly and configuration files are limited in what they can contain.

The following list identifies the most common things that an assembly that will run in a sandbox cannot do.

    Connect to resources that are not located on the local server.

    Access a database.

    Change the threading model.

    Call unmanaged code.

    Write to disk.

    Access resources in a different site collection.

The manifest.xml file refers to feature files; feature files refer to element files; and element files contain feature elements. The only feature elements that are permitted in a sandboxed solution are:

    ContentType

    Field

    CustomAction

    Module

    ListInstance

    ListTemplate

    Receivers

    WebTemplate

    WorkflowAssociation

    PropertyBag

    WorkflowActions

Comparison of sandboxed and farm solutions

The following table compares aspects of solutions that run in a farm to solutions that run in a sandbox.

Aspect	Farm	Sandbox
Deployment process	Add the solution, and then deploy it to the farm.	Upload the solution to a site collection, and then activate it in the site collection.
Who can deploy	Farm administrator.	If the solution contains an assembly, only a site collection administrator can deploy it. If the solution does not contain an assembly, a user who has full control at the root of the site collection can deploy it.
Data access	Unrestricted.	The solution can only access content from the site collection in which it was deployed.
Process the solution runs in	Unrestricted IIS worker process, or whichever process the solution is deployed into.	Separate worker process that has restricted rights.
Code access security	The solution developer can set the code access security policy when packaging the solution.	Restricted. For more information, see Deploying a sandboxed solution (http://go.microsoft.com/fwlink/?LinkId=177369&clcid=0x409).
Monitoring	Not monitored.	Monitored, and limited by quotas set by the farm administrator.
Load balancing	Varies, based on the kind of solution.	Configurable separately from non-sandboxed solutions.
Solution functionality	Unrestricted.	Restricted, as described in What a sandboxed solution cannot contain.

Benefits of using sandboxed solutions
The main benefits of using sandboxed solutions are as follows:

    Solutions can be added to a production SharePoint Foundation environment without the risk of affecting processes outside the sandbox.

    Site collection administrators can deploy sandboxed solutions, freeing farm administrators from this task.

    Scalability and flexibility are increased because sandboxes run in separate process that can be restricted by quotas, and their effect on the farm can be monitored.

    A solution does not have to be modified or recompiled if it is moved from a sandbox to running directly on the farm.
- See Also
Sandboxed solutions administration (SharePoint Foundation 2010) (http://technet.microsoft.com/library/9202709d-2854-4663-989f-6e2f0d3d930b(Office.14).aspx)

Sandboxed solutions planning (SharePoint Foundation 2010)

Sandboxed solutions architecture (http://go.microsoft.com/fwlink/?LinkId=177368&clcid=0x409)

Deploying a sandboxed solution (http://go.microsoft.com/fwlink/?LinkId=177369&clcid=0x409)
Planning sandboxed solutions (SharePoint Foundation 2010)

Sandboxed solutions restrict access to network and local resources to provide greater security and stability. You can use sandboxed solutions for load balancing solutions, for solutions that have not been fully tested, and for deploying user solutions in a hosted environment. Sandboxed solutions run in a separate worker thread so that they cannot access resources that belong to other solutions, and they have limited access to local and network resources.

When you plan sandboxed solutions, decide first whether to use sandboxed solutions at all. You should determine whether your primary consideration is performance or security. A farm that uses sandboxed solutions generates more worker and proxy processes than a farm that does not use sandboxed solutions. Using sandboxed solutions provides more process isolation, which enhances the security of your farm.

For more information about sandboxed solutions, see Sandboxed solutions overview (SharePoint Foundation 2010).

In this article:

    Determine when to use sandboxed solutions

    Plan to load balance sandboxed solution code

    Determine where to deploy sandboxed solutions

    Determine who can deploy sandboxed solutions

    Determine which site collections will run sandboxed solutions

    Plan resource usage quotas for sandboxed solutions

    Plan sandboxed solutions governance

Determine when to use sandboxed solutions

Using sandboxed solutions is appropriate in scenarios where you want to load balance solutions across multiple servers, or where you want to provide the ability to run code that has not been fully tested or that your organization does not support. Sandboxed solutions can play a valuable part of a scaled deployment path for developers in your organization, from their test environment to a sandboxed solution in the production environment. Sandboxed solutions can later be changed to full trust status by a farm administrator when the solution is shown to be safe for full deployment.

It is especially appropriate to use sandboxed solutions in the following scenarios:

    When you want to load balance solutions between multiple SharePoint Foundation servers.

    When an organization wants to run code for employees on a production SharePoint Foundation site, and that code has not been stringently code reviewed and tested.

    When an Internet hosting provider wants to let the owners of hosted SharePoint Foundation sites upload and run custom code.

When you use sandboxed solutions, you must activate the SharePoint 2010 User Code Host service on each server on which you want to run the sandboxed solutions.

Plan to load balance sandboxed solution code

You can select one of two load balancing schemes for sandboxed solutions. Based on the load balancing scheme, Microsoft SharePoint Foundation 2010 determines which server to run the solution on. In local load balancing, the solution runs on the same server that received the request. If you choose remote load balancing, the server that the solution runs on is selected based on solution affinity, and the sandboxed solution is run on a server where it is already loaded and has already been run. This saves time in servicing the request for the solution. In both cases, each server must be running the SharePoint Foundation Sandboxed Code Service.

Your load balancing choice determines the model that is used by the entire SharePoint Foundation farm. You cannot use a mixture of local and remote load balancing, but instead you must choose to implement one or the other. When you are deciding which mode to implement consider the following:

 Local mode requires less administration, but its scalability is limited by the resources of the local server.

 Remote mode is more scalable than local mode, but it requires administrative tasks to be performed on more servers.

You obtain better performance by using the remote load balancing model in a SharePoint Foundation farm where there are multiple servers on which to run sandboxed solutions. If you are using sandboxed solutions as part of a development process, and you want to keep them restricted to the server from which they are called, use the local mode load balancing.

For more information, see Sandboxed solutions overview (SharePoint Foundation 2010).
Determine where to deploy sandboxed solutions

Sandboxed solutions are deployed at the root of a site collection. Anyone who is a site collection administrator can deploy a sandboxed solution. When it is deployed in a site collection, the sandboxed solution can be used anywhere within that site collection.

You can choose to run sandboxed solutions only on certain servers within your SharePoint Foundation farm or to all servers. To enable sandboxed solutions on a server, you must enable the SharePoint Foundation Sandboxed Code Service. This service must be enabled on every server on which you want to run sandboxed solutions.

Determine who can deploy sandboxed solutions

When you plan for the user roles that are involved in deploying sandboxed solutions, you must determine who will be authorized to deploy the solutions and who will be authorized to administer the solutions. Members of the site collection administrators group can deploy sandboxed solutions.

You must be a member of the farm administrators group to perform administrative tasks such as enabling or disabling the SharePoint Foundation Sandboxed Code Service, blocking or unblocking a solution, and adjusting or resetting quotas.

Note:

It is not enough to be a site collection owner, to deploy and activate a sandboxed solution you must be a site collection administrator for the site collection where you are deploying the sandboxed solution.

Because farm administrators can change sandboxed solutions to fully trusted solutions that can be deployed anywhere on the farm, you should be careful to limit the membership of the farm administrators group to appropriate users. The same consideration applies to adding users to the site collection administrators group if there is any concern over the security of the sandboxed solutions being deployed.

Determine which site collections will run sandboxed solutions using quotas

Sandboxed solutions can be enabled or disabled on specific site collections by adjusting their quotas. If you set the quota for sandboxed solutions to 0 on a specific site collection, sandboxed solutions will not run on that site collection. In this way you can fine tune the use of sandboxed solutions in your farm.

To plan where to deploy sandboxed solutions you should consider both which servers will run the SharePoint Foundation Sandboxed Code Service, and which site collections will be able to run sandboxed solutions. If you enable sandboxed solutions on some site collections you should disable them on the remaining site collections by setting the quotas on those site collections to 0.

Plan resource usage quotas for sandboxed solutions

Sandboxed solutions are monitored for resource usage based on default resource quotas. If a sandboxed solution exceeds any of the resource quotas, the solution is disabled for the remainder of the day or until a farm administrator manually resets the solution. This helps administrators to know when a particular sandboxed solution is making excessive demands on shared resources or in some cases where a resource-intensive sandboxed solution requires an increased quota.

The default quotas are satisfactory for most scenarios; however, you can adjust individual quota limits to permit higher limits where appropriate.

If you determine that a sandboxed solution is consistently misusing server resources, you can block that solution until the developer can correct the situation. For more information about blocking and unblocking sandboxed solutions, see Block or unblock a sandboxed solution (SharePoint Foundation 2010) (http://technet.microsoft.com/library/6687e357-8531-4904-9c17-faa6908a793d(Office.14).aspx).

The default values that are assigned to sandboxed solution quotas are listed in the following table.

Resource	Description	Units	Resources per Point	Absolute Limit
AbnormalProcessTerminationCount	Abnormally terminated process	occurrence	1	1
CPUExecutionTime	CPU Execution Time for site	seconds	3,600	60
CriticalExceptionCount	Critical Exception Events	events	10	3
InvocationCount	Solution Invocation Events	events	<TBD>	<TBD>
PercentProcessorTime	Percent CPU usage by solution	percentage	85	100
ProcessCPUCycles	Solution CPU cycles	cycles	1 x10^11	1 x10^11
ProcessHandleCount	Windows handles count	items	10,000	1,000
ProcessIOBytes	Windows handles count	items	0	1 x10^8
ProcessThreadCount	Thread count in overall process	instances	10,000	200
ProcessVirtualBytes	Memory consumed	bytes	0	1.0×10^9
SharePointDatabaseQueryCount	Number of SharePoint database queries	instances	20	100
SharePointDatabaseQueryTime	Elapsed time to execute query	seconds	120	60
UnhandledExceptionCount	Number of unhandled exceptions	instances	50	3
UnresponsiveProcessCount	Number of unresponsive processes	instances	2	1

Plan sandboxed solutions governance

While you are still planning for sandboxed solutions, you should consider your processes for governance issues, including the following:

    At what point will the farm administrator block or unblock a sandboxed solution? Identifying the administrative policy for blocking and unblocking sandboxed solutions will eliminate confusion if there is any doubt about the need to block a solution.

    At what point will you transfer a sandboxed solution to the global catalog as a full trust solution? This decision applies to solution code that is developed by your organization’s developers. You should establish a policy for determining what level of testing is required for a sandboxed solution to be considered ready for production use in your organization.

    When you are planning for who can deploy sandboxed solutions, will you choose to add people to the site collection administrators group or establish a procedure for a limited number of site collection administrators to deploy sandboxed solutions on behalf of their users? Depending on the security concerns in your organization, you can decide to add people directly to the site collection administrators group rather than requiring them to ask permission to deploy the sandboxed solution.

Plan for collaboration sites (SharePoint Foundation 2010)

With Microsoft SharePoint Foundation 2010, you can support collaboration sites in your environment. Collaboration sites store information that individuals and groups can collectively author, share, and revise. These sites do not need to be associated with a particular portal site collection or part of a publishing site collection. They can be stand-alone sites that are available for teams or groups of users who need to collaborate on projects or share information. For example, a team at an engineering firm might want a collaboration site to discuss current project status, assign tasks, or arrange group lunches, without publishing this internal information to the corporate intranet.

Collaboration sites can be made available for searching from your portal or publishing site so that information from these sites is not lost to your organization. However, for easier data recovery and maintenance, collaboration sites should be hosted either on a separate Web application or in separate content databases in the same Web application as your portal or publishing site.

You can create these collaboration sites for your users, or you can allow the users to create these sites on their own.

For more information about collaboration sites and architectural planning, see Logical architecture sample design: collaboration sites.

In this article:

    Determine number of collaboration sites

    Specific paths

    Additional paths

Determine number of collaboration sites

Estimate approximately how many collaboration sites to expect in your environment, and how many such sites that you are willing to support. If you require users to request a collaboration site, you can control how many are created. If you let users create their own collaboration sites, you will have many of these sites in your environment.

Specific paths

You can use specific paths in Microsoft SharePoint Foundation 2010 to contain the SharePoint site collections, similar to the way that folders contain files or documents in the file system. By default, when you create a Web application, two paths are made available for you:

 Root path (/) This is an explicit inclusion that can contain one site collection. For example, if you want a URL to appear as http://company_name/default.aspx, you would create the site collection at this root path.

 Sites path (/sites) This is a general path that can contain many site collections. For example, when you use the /sites path, the URL for a site named Site_A would be similar to http://server_name/sites/Site_A/default.aspx.

Note:

The name of the /sites path varies depending on the specific language that was used during installation.

Additional paths

You can also create additional paths. This enables you to group site collections. Then, when you create a site collection, you can choose from the following alternatives:

    Create the site collection at the root of the Web application (if no site collection has already been created there).

    Create the site collection under the /sites path.

    Create the site collection under any additional paths that have been made available for that Web application.

In general, the /sites path should be sufficient for most installations. However, consider using other paths for the following situations:

    You have a complex installation and expect to have many site collections, and you want to group similar sites together.

For example, you could use /personal for individual user sites and /team for group collaboration sites, instead of using /sites for all.

    You want to be able to add a filter to your firewall or router to constrain a specific namespace to internal access only.

For example, you could expose the /team path for external collaboration, but not /personal.

Integration with Microsoft SharePoint Workspace 2010

Microsoft SharePoint Workspace 2010 provides a rich client for Microsoft SharePoint Foundation 2010, which enables real-time synchronization of desktop content with SharePoint documents and lists. Microsoft SharePoint Workspace 2010 also provides options for creating ad hoc Groove collaboration workspaces and shared folder workspaces. Information can be easily synchronized both online and offline with a designated SharePoint site or with external partners and offsite team members via shared workspaces. Microsoft SharePoint Workspace 2010 is installed automatically with enterprise versions of Microsoft Office 2010 or it can be installed separately from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkID=48516&clcid=0x409).

For more information, see Plan for SharePoint Workspace 2010 (http://technet.microsoft.com/library/e8a433c1-ea1f-4cf7-adc8-50972f58d465(Office.14).aspx).
Document management planning (SharePoint Foundation 2010)

These articles will guide you in planning the document management features of your solution that is based on Microsoft SharePoint Foundation 2010.

The articles in this section include the following:

    Document library planning (SharePoint Foundation 2010)

This article describes how to use document libraries to organize documents in your enterprise.

    Content types planning (SharePoint Foundation 2010)

This article describes how to plan content types, which are the SharePoint Foundation 2010 mechanism to define and share the attributes of documents, list items, and folders.

    Versioning, content approval, and checkout planning (SharePoint Foundation 2010)

This article describes how to plan content governance by using versioning, check-in and check-out, and approval for publishing content.

    Co-authoring overview (SharePoint Foundation 2010) describes the feature and provides administrators an understanding of the settings that can be used to manage co-authoring.

Document library planning (SharePoint Foundation 2010)

This article describes how to plan document libraries and integrate libraries into your Microsoft SharePoint Foundation 2010 document management solution.

Document libraries are collections of files on SharePoint Foundation 2010 that you share with other site users. Most document management features are delivered through document libraries. As part of document management planning, you should determine the kind of document libraries that best fit your organization’s needs.

Plan document libraries

Document libraries are collections of files on SharePoint Foundation 2010 that you share with other site users. Most SharePoint Foundation 2010 document management features are delivered through document libraries. As part of document management planning, you should determine the document libraries that best fit your organization’s needs.

SharePoint Foundation 2010 includes the following kinds of document libraries:

    Document Library    Use a Document Library for general purpose document storage, document collaboration, and easy sharing of content.

    Picture Library    Use a Picture Library to share, manage, and reuse digital pictures.

Use document libraries to store content on which your workgroup is collaborating and to create shared knowledge bases. For example, a workgroup that designs products can use a document library to store works-in-progress such as design proposals, specifications, and supporting information. Using metadata, displayed as columns of information, the status of each design document can be maintained and made public, together with each document’s author, the project name, and so on. Completed documents can be stored separately in a searchable knowledge base document library that is used as source of information when researching new projects

In SharePoint Foundation 2010, document libraries can contain multiple kinds of documents. To implement this, you associate one or more content types with the document library. When multiple content types are associated with a library, the New command for that library will let users create new documents of any content type associated with the library, and metadata for all content types that the library can contain are displayed in document library views. For more information about content types planning, see Content types planning (SharePoint Foundation 2010).

Other document library features that support collaboration include the following:

    Templates   You can design a template and associate it with a document library to standardize the documents created in the library.

    Workflows   Using a custom workflow (see Plan workflows (SharePoint Foundation 2010)), business processes can be run on documents. For example, a workflow could send a document for review.

    Check in and out   You can require that users check documents in and out of a document library before editing them.

    Versioning   You can choose from three versioning options.
Content types planning (SharePoint Foundation 2010)

This article describes content types and workflows and provides guidance about how to plan how you can integrate them into your Microsoft SharePoint Foundation 2010 document management solution.
Plan content types

In this section:

    What are content types?

    Column templates

    Folder content types
- What are content types?
A content type defines the attributes of a list item, a document, or a folder. Each content type can specify:

    Properties to associate with items of its type.

    Workflows that can be launched from items of its type.

    Document templates (for document content types).

    Document conversions to make available (for document content types).

    Custom features.

You can associate a content type with a list or library. When you do this, you are specifying that the list or library can contain items of that content type and that the New command in that list or library will let users create new items of that type.

Note:

You can also associate properties, workflows, policies, and templates directly with a list or library. However, doing this can limit these associations to the list or library and is not reusable across your solution. In SharePoint Foundation 2010 site level workflows can be associated with multiple lists or libraries.

Document libraries and lists can contain multiple content types. For example, a library can contain both the documents and the graphics related to a project. When a list or library contains multiple content types, the following apply:

    By default, the New command in that list or library lets users select from among all available content types when they create a new item. Content type owners can configure the New command to display only certain content types.

    The columns associated with all available content types are displayed.

You can define custom content types in a site’s content type gallery. A custom content type must be derived, directly or indirectly, from a core content type such as Document or Item. After it is defined in a site, a custom content type is available in that site and in all sites below that site. To make a content type most widely available within a site collection, define it in the content type gallery of the top-level site.

For example, if your organization uses a particular contract template, in the content type gallery of the top-level site in a site collection you can create a content type that defines the metadata for that contract, the contract’s template, and workflows required to review and complete the contract. Then, any document library in your site collection to which you associate the Contract content type will include all these features and will enable authors to create new contracts based on the template.

In sites based on SharePoint Foundation 2010, each default list item or library item, such as Contact, Task, or Document, has a corresponding content type in the site’s content type gallery. When planning content types, you can use these out-of-box content type definitions as starting points, basing new content types on existing content types as needed or modifying the default types.

Content types are organized into a hierarchy that enables one content type to inherit its characteristics from another content type. This enables classes of documents to share characteristics across an organization, while also enabling teams to customize these characteristics for particular sites or lists.

For example, all customer deliverable documents in an enterprise may require a set of metadata such as account number, project number, and project manager. By creating a top-level Customer Deliverable content type, from which all other customer deliverable document types inherit, you ensure that required information such as account numbers and project numbers will be associated with all variants of customer deliverable documents in your organization. Note that if another required column is added to the top-level Customer Deliverable content type, the content type owner can propagate the changes to all content types that inherit from it, which will add the new column to all customer deliverable documents.
- Column templates
Each item of metadata that is associated with a content type is a column, which is a location in a list to store information. Lists or libraries are often displayed graphically as columns of information. However, depending on the view associated with the list, the columns can appear in other forms, such as days in a calendar display. In forms associated with a list or library, columns are displayed as fields.

You can define columns for use in multiple content types. To do this, create them in a Column Templates gallery. There is a Column Templates gallery in each site in a site collection. As with content types, columns defined in the Column Templates gallery of a site are available in that site and in all sites below it.
- Folder content types
Folder content types define the metadata that is associated with a folder in a list or library. When you apply a folder content type to a list or library, the New command in that list or library will include the folder content type, which makes it possible for users create folders of that type.

You can define views in a list or library that are available only in folders of a particular content type. This is useful when you want a folder to contain a particular kind of document and you want views in that folder to only display columns that are relevant to the document type contained in that folder.

By using the SharePoint Foundation 2010 object model, you can customize the New command for a folder content type so that, when a user creates a new folder of that type, the folder is prepopulated with multiple files and documents based on templates stored on the server. This is useful, for example, for implementing a compound document type that requires multiple files to contribute to a single deliverable document.

Versioning, content approval, and checkout planning (SharePoint Foundation 2010)

This article describes how to plan to use versioning, content approval, and check-out in Microsoft SharePoint Foundation 2010 to control document versions throughout their life cycle.

In this article:

    About versioning, content approval, and check-outs

    Plan versioning

    Plan content approval

    Plan check-out and check-in

About versioning, content approval, and check-outs

SharePoint Foundation 2010 includes the following features that can help you control documents in a document library:

    Versioning is the method by which successive iterations of a document are numbered and saved.

    Content approval is the method by which site members with approver permissions control the publication of content.

    Check-out and Check-in are the methods by which users can better control when a new version of a document is created and also comment on changes that were made when a document is checked in.

You configure settings for the content control features discussed in this article in document libraries. To share these settings across libraries in your solution, you can create document library templates that include your content control settings; this ensures that new libraries will reflect your content control decisions.

Plan versioning

The default versioning control for a document library depends on the site collection template. However, you can configure versioning control for a document library depending on your particular requirements. Each document library can have a different versioning control that best suits the type of documents in the library. SharePoint Foundation 2010 has three versioning options:

    No versioning   Specifies that no previous versions of documents are saved. When no versioning is being used, previous versions of documents are not retrievable, and document history is also not retained because comments that accompany each iteration of a document are not saved. Use this option on document libraries that contain unimportant content or content that will never change.

    Create major versions   Specifies that numbered versions of documents are retained using a simple versioning scheme (such as 1, 2, 3). To control the effect on storage space, you can specify how many previous versions to keep, counting back from the current version.

In major versioning, every time that a new version of a document is saved, all users who have permissions to the document library will be able to view the content. Use this option when you do not want to differentiate between draft versions of documents and published versions. For example, in a document library that is used by a workgroup in an organization, major versioning is a good choice if everyone on the team must be able to view all iterations of each document.

    Create major and minor (draft) versions   Specifies that numbered versions of documents are retained by using a major and minor versioning scheme (such as 1.0, 1.1, 1.2, 2.0, 2.1). Versions ending in .0 are major versions and versions ending with non-zero extensions are minor versions. Previous major and minor versions of documents are saved together with current versions. To control the effect on storage space, you can specify how many previous major versions to keep, counting back from the current version. You also can specify how many major versions being kept should include their respective minor versions. For example, if you specify that minor versions should be kept for two major versions and the current major version is 4.0, then all minor versions starting at 3.1 will be kept.

In major and minor versioning, any user who has read permissions can view major versions of documents. You can specify which users can also view minor versions. Typically, grant users who can edit items permissions to view and work with minor versions, and restrict users who have read permissions to viewing only major versions.

Use major and minor versioning when you want to differentiate between published content that can be viewed by an audience and draft content that is not yet ready for publication. For example, on a human resources Web site that describes organizational benefits, use major and minor versioning to restrict employees’ access to benefits descriptions while the descriptions are being revised.

Note:

Regardless of the versioning control you choose, you must consider the effect that retaining multiple versions of the same document can have on storage space.

Plan content approval

Use content approval to formalize and control the process of making content available to an audience. For example, an enterprise that publishes content as one of its products or services might require a legal review and approval before publishing the content. Content publishing can also be scheduled depending on the document state.

A document draft awaiting content approval is in the Pending state. When an approver reviews the document and approves the content, it becomes available for viewing by site users who have read permissions. A document library owner can enable content approval for a document library and optionally can associate a workflow with the library to run the approval process.

The way that documents are submitted for approval varies depending on the versioning settings in the document library:

    No versioning   If no versioning is being used and changes to a document are saved, the document’s state becomes Pending. SharePoint Foundation 2010 keeps the earlier version of the document so that users with read permissions can still view it. After the pending changes have been approved, the new version of the document is made available for viewing by users who have read permissions and the earlier version is not retained.

If no versioning is being used and a new document is uploaded to the document library, it is added to the library in the Pending state and is not viewable by users who have read permissions until it is approved.

    Create major versions   If major versioning is being used and changes to a document are saved, the document’s state becomes Pending and the previous major version of the document is made available for viewing by users who have read permissions. After changes to the document are approved, a new major version of the document is created and made available to site users who have read permissions, and the previous major version is saved to the document’s history list.

If major versioning is being used and a new document is uploaded to the document library, it is added to the library in the Pending state and is not viewable by users who have read permissions until it is approved as version 1.

    Create major and minor (draft) versions   If major and minor versioning is being used and changes to a document are saved, the author has the choice of saving a new minor version of the document as a draft or creating a new major version, which changes the document’s state to Pending. After the changes to the document are approved, a new major version of the document is created and made available to site users who have read permissions. In major and minor versioning, both major and minor versions of documents are kept in a document’s history list.

If major and minor versioning is being used and a new document is uploaded to the document library, it can be added to the library in the Draft state as version 0.1, or the author can immediately request approval in which case the document’s state becomes Pending.

Plan check-out and check-in
You can require that users check out documents from a document library before editing the documents. It is always recommended to do this. The benefits of requiring check-out and check-in include the following:

 Better control of when document versions are created. When a document is checked out, the author can save the document without checking it in. Other users of the document library will be unable to see these changes and a new version is not created. A new version (visible to other users) is only created when an author checks in a document. This gives the author more flexibility and control.

 Better capture of metadata. When a document is checked in, the author can write comments that describe the changes that were made to the document. This promotes creation of an ongoing historical record of the changes that are made to the document.

If your solution requires that users check in and check out documents when editing them, the Microsoft Office 2010 client applications include features that support these actions. Users can check out documents, undo check-outs, and check in documents from Office 2010 client applications.

When a document is checked out, it is saved in the user’s My Documents folder in a subfolder named “SharePoint Drafts.” This folder is displayed in the Office 2010 client applications. When the document is checked out, the user can only save edits to this local folder. When the user is ready to check the document in, the document is saved back to the original server location.

From Office 2010 client applications, users can also decide to leave checked-out documents on the server by changing content editing options.
- See Also
Document library planning (SharePoint Foundation 2010)
Co-authoring overview (SharePoint Foundation 2010)

In today’s highly connected work environment, documents created by multiple authors, editors, and stakeholders are becoming the rule, instead of the exception. Organizations look to the communication and collaboration capabilities of Microsoft SharePoint Foundation 2010 to help them foster communication and collaboration between end-users while reducing administration required to support it. Microsoft Office 2010 continues this trend with co-authoring functionality for Microsoft PowerPoint 2010, Microsoft Word 2010, and Microsoft OneNote 2010 documents on SharePoint Foundation 2010.

Co-authoring removes barriers to server-based document collaboration and helps organizations to reduce the overhead associated with traditional document sharing through attachments. Co-authoring simplifies collaboration by enabling multiple users to work productively on the same document without intruding on one another’s work or locking one another out. This functionality requires no additional server setup and is the default state for documents stored in SharePoint Foundation 2010. Co-authoring functionality is managed by using the same tools and technologies that are already used to manage SharePoint Foundation, helping to minimize the impact on administrators.

In this article:

    Co-authoring functionality in SharePoint Foundation 2010

    Understanding the end-user experience

    Important considerations

    OneNote Notebooks

    Software Version Requirements

    Co-authoring in a mixed Office environment

    Performance and scalability

Co-authoring functionality in SharePoint Foundation 2010

In traditional collaboration, documents are shared via e-mail attachments. Tracking versions and edits from multiple authors is difficult and time-consuming for users. E-mail systems have to contend with storing multiple copies of the same document, not to mention increased network traffic as documents are sent repeatedly.

The use of SharePoint Foundation to store documents for collaboration has reduced these problems by providing consistent access to up-to-date versions of documents, the ability to track previous versions, and centralized management. Storing a single document, instead of many attachments, also reduces network and storage overhead.

But this solution hasn’t been perfect. When one author has a document open, other authors cannot work on it. If someone forgets to close a document or check it in, other users may be locked out indefinitely, a situation that often requires a call to the IT department to resolve the problem.

Co-authoring in SharePoint Foundation 2010 addresses these issues by making it possible for multiple users to work on a document, at any time, without interfering with each other’s changes. This approach streamlines many common document-collaboration scenarios. For example:

    Two or more authors are working on different parts of a composite document. While one author works on his section of the document, another author can work on hers, without either interrupting their work.

    Several authors are working on a composite slide show. Each author can add slides to the presentation and edit them, instead of working in isolation and trying to merge several documents and make them consistent all at the same time.

    A document is sent out to several experts and stakeholders, each of whom has some edits or additions. No user’s edits are lost, because they are all working on a central, server-stored document.

Understanding the end-user experience

Co-authoring is easy to use from the end user’s point of view. When a user wants to work on a document in Word 2010, PowerPoint 2010, or OneNote 2010, he or she merely opens it from SharePoint Foundation, as usual. If another user already has the document open, both users are able to edit the document at the same time; access to the document is not blocked and no error appears

In Word 2010 and PowerPoint 2010, saving to a document notifies other users viewing the document that there are new edits. Those users can refresh their view immediately to see those changes or continue their work and refresh later to see the latest edits. The authors can also see one another’s work, and everyone knows who is working on the document. SharePoint Foundation 2010 versioning and tracking tools protect the document so that authors can roll back unwanted changes. When Office Communication Server is available, users can see the online status of fellow co-authors and initiate instant messaging conversations without leaving the document.

With OneNote 2010, shared notebooks enable users to share notes seamlessly. When a user edits a page of the notebook, those edits are automatically synchronized with other users of that notebook to ensure everybody has a complete set of notes. Edits made by multiple users on the same page appear automatically, enabling near real-time collaboration. Versioning and other shared features in OneNote make it possible for users to roll back edits, show what edits are new, and determine who made a specific edit.

The Excel 2010 client application does not support co-authoring workbooks in SharePoint Foundation 2010. However, the Excel client application does support non-real-time co-authoring workbooks stored locally or on network (UNC) paths by using the Shared Workbook feature. Co-authoring workbooks in SharePoint Foundation is supported by using the Microsoft Excel Web App, included with Office Web Apps. Office Web Apps is available to users through Windows Live and to business customers with Microsoft Office 2010 volume licensing and document management solutions based on Microsoft SharePoint 2010 Products. For more information, see Office Web Apps (Installed on SharePoint 2010 Products) (http://technet.microsoft.com/library/8a58e6c2-9a0e-4355-ae41-4df25e5e6eee(Office.14).aspx).
Important considerations

There are several factors that administrators will want to consider when planning how to use co-authoring in their environment.

Co-authoring functionality in SharePoint Foundation is designed to be easy to set up and requires minimal effort to manage. However there are several things to consider when you set up and manage co-authoring:

    Permissions – For multiple users to be able to edit the same document, users need edit permissions for the document library where that document is stored. The simplest way to ensure this is to give all users access to the SharePoint site where documents are stored. In cases in which only a subset of users should have permission to co-author documents in a particular library, SharePoint permissions can be used to manage access.

    Versioning –SharePoint Foundation versioning keeps track of changes to documents while they are being edited, and even stores previous versions for reference. By default, this feature is turned off in SharePoint Foundation 2010. SharePoint Foundation 2010 supports two kinds of versioning, major and minor. It is best that minor versioning not be turned on for document libraries used for co-authoring in OneNote, as this may interfere with the synchronization and versioning capabilities that are part of the product. This limitation only applies to minor versioning; major versioning may be used with OneNote.

    Number of versions – The number of document versions retained affects storage requirements on the server. This number can be tuned in the document library settings to limit the number of versions retained. OneNote notebooks that are frequently updated may result in many versions being stored on the server. To avoid using unnecessary disk space, we recommend that an administrator set the maximum number of versions retained to a reasonable number on document libraries used to store OneNote notebooks.

    Versioning period – The versioning period determines how often SharePoint Foundation will create a new version of a Word or PowerPoint document that is being co-authored. Setting this period to a low value will capture versions more often, for more detailed version tracking, but may require more server storage. The versioning period does not impact OneNote notebooks. This value can be altered by adjusting the coAuthoringVersionPeriod property on the server. For more information about adjusting this setting, see Configure the co-authoring versioning period (SharePoint Foundation 2010) (http://technet.microsoft.com/library/21b24d64-74bc-49c4-b91c-35ed1f45bdc4(Office.14).aspx).

    Check out – When a user checks out a document for editing, this locks the document for editing to only that user, which prevents co-authoring. Require Check Out should not be enabled in document libraries where co-authoring will be used. By default, Require Check Out is not enabled in SharePoint Foundation 2010. Users should not check out documents manually when co-authoring is being used.
OneNote Notebooks

Unlike Microsoft Word and Microsoft PowerPoint, Microsoft OneNote stores version information within the file itself. For this reason, administrators should follow these recommended practices when storing OneNote notebooks in a SharePoint Foundation document library:

 Do not enable minor versioning. By default, minor versioning is not enabled in SharePoint Foundation 2010.

 If major versioning is enabled, set a reasonable maximum number of versions to store. By default, major versioning is not enabled in SharePoint Foundation 2010.

Software Version Requirements

For users to co-author documents by using Office 2010, those documents must be stored in SharePoint Server 2010 or SharePoint Foundation 2010. To take advantage of the co-authoring functionality, users must have Word 2010, PowerPoint 2010, or OneNote 2010.

Note:

The co-authoring functionality in Office 2010 can also be used without SharePoint Server 2010 or SharePoint Foundation 2010 if users have Windows Live SkyDrive accounts. Using co-authoring without SharePoint Server 2010 or SharePoint Foundation 2010 is not covered in this article.

Co-authoring in a mixed Office environment
Some organizations may want to use co-authoring in an environment where users have different versions of Office.
- Mixed environment that has Microsoft Office PowerPoint and Word 2007
Users of earlier versions of PowerPoint and Word can share and edit documents stored in SharePoint Foundation 2010 exactly as with previous versions of SharePoint Foundation. However, they cannot use co-authoring to work on them at the same time. To collaborate best in PowerPoint and Word, we recommend that all users work with Office 2010. Users of Office PowerPoint and Word 2007 will not experience any significant difference between their current experience and their user experience on Office 2010. For instance, if Office 2007 users open a document stored in Office 2010 that is currently being edited by another user, they will see a message that the document is being used and will be unable to edit it. If no other user is editing the document, Office 2007 users will be able to open it as usual. When an Office 2007 user opens a document, this creates a lock on the document and prevents users of Office 2010 from using co-authoring to edit the document. This behavior matches earlier versions of SharePoint Foundation.
- Mixed environment that has Microsoft Office OneNote 2007
OneNote 2010 is backward compatible with the Office OneNote 2007 file format and supports co-authoring with OneNote 2007 users. In mixed environments, notebooks must be saved in the OneNote 2007 file format for OneNote 2007 and OneNote 2010 users to work on it together. By upgrading to the OneNote 2010 file format, however, users gain several key features, including compatibility with the Microsoft OneNote Web App that allows users without any version of OneNote installed to edit and co-author notebooks.

OneNote 2010 includes the ability to upgrade OneNote 2007 files to OneNote 2010 files at any time, providing an easy upgrade path for organizations that are moving from a mixed environment to a unified environment on Office 2010.

Performance and scalability
SharePoint Foundation 2010 and Office 2010 applications have been designed to minimize the performance and scalability impact associated with co-authoring in your environment. Office clients do not send or download co-authoring information from the server until more than one author is editing. When a single user is editing a document, the performance impact resembles that of previous versions of SharePoint Foundation.

Office clients are configured to reduce server impact by reducing the frequency of synchronization actions related to co-authoring when the server is under heavy load, or when a user is not actively editing the document, further helping to reduce overall performance impact.
- See Also
Co-authoring administration (SharePoint Foundation 2010) (http://technet.microsoft.com/library/83f79b8d-4e27-4c3f-819c-3546476fe923(Office.14).aspx)
Business data and processes planning (SharePoint Foundation)

The topics in this section will help you plan and build solutions that integrate business processes with your organization’s data.

In this section:

 Plan for Business Connectivity Services (SharePoint Foundation 2010)

 Plan workflows (SharePoint Foundation 2010)

Plan for Business Connectivity Services (SharePoint Foundation 2010)

This section describes how to plan for Business Connectivity Services within a Microsoft SharePoint Foundation 2010 environment.

In this section:

    Business Connectivity Services overview (SharePoint Foundation 2010)

    Business Connectivity Services security overview (SharePoint Foundation 2010)

    Diagnostic logging in Business Connectivity Services overview (SharePoint Foundation 2010)

Business Connectivity Services overview (SharePoint Foundation 2010)

Microsoft SharePoint Foundation 2010 includes Microsoft Business Connectivity Services, which are a set of services and features that provide a way to connect SharePoint solutions to sources of external data and to define external content types that are based on that external data. External content types resemble content types and allow the presentation of and interaction with external data in SharePoint lists (known as external lists) and Web Parts. External systems that Microsoft Business Connectivity Services can connect to include SQL Server databases, SAP applications, Web services (including Windows Communication Foundation Web services), custom applications, and Web sites based on SharePoint. By using Microsoft Business Connectivity Services, you can design and build solutions that extend SharePoint collaboration capabilities to include external business data and the processes that are associated with that data.

Microsoft Business Connectivity Services solutions use a set of standardized interfaces to provide access to business data. As a result, developers of solutions do not have to learn programming practices that apply to a specific system or adapter for each external data source. Microsoft Business Connectivity Services also provide the run-time environment in which solutions that include external data are loaded, integrated, and executed.

Typical solutions based on Business Connectivity Services

Information workers typically perform much of their work outside the formal processes of a business system. For example, they collaborate by telephone or e-mail messages, use documents and spreadsheets from multiple sources, and switch between being online and offline. Solutions that are based on Microsoft Business Connectivity Services can be designed to fit within these informal processes that information workers use:

 They can be built by combining multiple services and features from external data systems to deliver solutions that are targeted to specific roles.

 They support informal interactions and target activities and processes that occur mostly outside formal enterprise systems. Because they are built by using SharePoint 2010 Products, solutions that are based on Microsoft Business Connectivity Services promote collaboration.

 They help users perform tasks within the familiar user interface of SharePoint 2010 products.

Here are some examples of solutions that are based on Microsoft Business Connectivity Services:

 Help desk An enterprise implements its help desk, which provides internal technical support, as a solution that is based on Microsoft Business Connectivity Services. Support requests and the technical support knowledge base are stored in external databases and are integrated into the solution by using the Business Data Connectivity service. The solution displays both support requests and the knowledge base in the Web browser. Information workers can view their current requests and tech support specialists view the requests assigned to them. Workflows take support issues through each of their stages. Managers on the technical support team can view dashboards that display help desk reports. Typical reports indicate the number of support issues assigned to each support specialist, the most critical issues currently, and the number of support incidents that are handled by each support specialist during a given time period.

 Sales Dashboard A sales dashboard application helps sales associates in an organization quickly find the information that they need and enter new data. Sales orders and customer information are managed in an external database and integrated into the solution by using Microsoft Business Connectivity Services. Depending on their roles, team members can view sales analytics information, individual team members’ sales performance data, sales leads, and a customer’s contact information and orders. Sales professionals can view their daily calendars, view tasks assigned to them by their managers, collaborate with team members, and read industry news.

noteDXDOC112778PADS Security Note

We recommend that you use Secure Sockets Layer (SSL) on all channels between client computers and front end servers. Also we recommend using Secure Sockets Layer or Internet Protocol Security (IPSec) between servers running Microsoft SharePoint Foundation 2010 and external systems.

Business Connectivity Services security overview (SharePoint Foundation 2010)

This article describes the security architecture of the Microsoft Business Connectivity Services server and client, the supported security environments, the authentication modes available to connect external content types to external systems, the authorization options available on stored objects, and the general techniques for configuring Microsoft Business Connectivity Services security.

In this article:

    About this article

    Business Connectivity Services security architecture

     Business Connectivity Services authentication overview

     Business Connectivity Service permissions overview

    Securing Business Connectivity Services

About this article

Microsoft Business Connectivity Services include security features for authenticating users to access external systems and for configuring permissions on data from external systems. Microsoft Business Connectivity Services are highly flexible and can accommodate a range of security methods from within supported Microsoft Office 2010 applications and from the Web browser.

Business Connectivity Services security architecture
This section describes the Microsoft Business Connectivity Services security architecture.

noteDXDOC112778PADS Security Note

We recommend that you use Secure Sockets Layer (SSL) on all channels between client computers and front end servers. Also we recommend using Secure Sockets Layer or Internet Protocol Security (IPSec) between servers running Microsoft SharePoint Foundation 2010 and external systems. An exception is that you cannot use SSL when transmitting messages to external systems using the SOAP 1.1 protocol or when connecting to a SQL server database. However, in those cases you can use IPSec to protect the data exchange.
- Accessing external data
When a user accesses external data from a Web browser, three systems are involved: the logged on user’s client computer, the Web server farm, and the external system.

1.    From Web browsers, users typically interact with external data in external lists or by using Web Parts.

2.    The BDC Server Runtime on front-end servers uses data from the Business Data Connectivity service to connect to and execute operations on external systems.

3.    The Secure Store Service securely stores credential sets for external systems and associates those credential sets to individual or group identities.

Important:

The Secure Store Service is not included in SharePoint Foundation 2010. If you need a secure store in SharePoint Foundation 2010, you must supply a custom secure store provider.

4.    The Security Token Service is a Web service that responds to authentication requests by issuing security tokens made up of identity claims that are based on user account information.
5. Microsoft Business Connectivity Services can pass credentials to databases and Web services that are configured to use claims-based authentication. For an overview of claims-based authentication, see Plan authentication methods (SharePoint Foundation 2010).

Business Connectivity Services authentication overview

Microsoft Business Connectivity Services can be configured to pass authentication requests to external systems by using the following types of methods:

 Credentials These are typically in the form of name/password. Some external systems may also require additional credentials such as a personal identification number (PIN) value.

 Claims Security Assertion Markup Language (SAML) tickets can be passed to claims-aware services that supply external data.

Configuring Business Connectivity Services for credentials authentication

Microsoft Business Connectivity Services can use credentials that a user supplies to authenticate requests for external data. The following methods by which users can supply credentials for accessing external data are supported:

 Windows authentication:

 Windows Challenge/Response (NTLM)

 Microsoft Negotiate

 Authentication other than Windows

 Forms-based

 Digest

 Basic

When configuring Microsoft Business Connectivity Services to pass credentials, the solution designer adds authentication-mode information to external content types. The authentication mode gives Microsoft Business Connectivity Services information about how to process an incoming authentication request from a user and map that request to a set of credentials that can be passed to the external content system. For example, an authentication mode could specify that the user’s credentials be passed directly through to the external data system. Alternatively, it could specify that the user’s credentials should be mapped to an account that is stored in a Secure Store Service which should then be passed to the external system.

You associate an authentication mode with an external content type in the following ways:

 When you create an external content type in Microsoft SharePoint Designer.

 If the external system is a Web service, you can use the Microsoft Business Connectivity Services administration pages to specify the authentication mode.

 You can specify the authentication mode by directly editing the .XML file that defines the external content type.

The following table describes the authentication modes of the Microsoft Business Connectivity Services:

Authentication mode	Description
PassThrough	Passes the credentials of the logged-on user to the external system. This requires that the user’s credentials are known to the external system. Note: If the Web application is not configured to authenticate with Windows credentials, the NT Authority/Anonymous Logon account is passed to the external system rather than the user’s credentials. This mode is called User’s Identity in the Microsoft Business Connectivity Services administration pages and in SharePoint Designer 2010.
RevertToSelf	When the user is accessing external data from a Web browser, this mode ignores the user’s credentials and sends the application pool identity account under which the BCS runtime is running on the Web server to the external system. When the user is accessing external data from an Office client application, this mode is equivalent to PassThrough mode, because Microsoft Business Connectivity Services running on the client will be running under the user’s credentials. This mode is called BDC Identity in the Microsoft Business Connectivity Services administration pages and in SharePoint Designer 2010. Note: By default, RevertToSelf mode is not enabled. You must use Windows PowerShell to enable RevertToSelf mode before you can create or import models that use RevertToSelf. For more information, see RevertToSelf authentication mode (http://technet.microsoft.com/library/453fa20f-7223-4bb7-96c3-fc92c2eb436d.aspx#BDCIdentity). RevertToSelf mode is not supported in hosted environments.
WindowsCredentials	For external Web services or databases, this mode uses a Secure Store Service to map the user’s credentials to a set of Windows credentials on the external system. This mode is called Impersonate Windows Identity in the Microsoft Business Connectivity Services administration pages and in SharePoint Designer 2010.
Credentials	For an external Web service, this mode uses a Secure Store Service to map the user’s credentials to a set of credentials that are supplied by a source other than Windows and that are used to access external data. The Web service should use basic or digest authentication when this mode is used. Important: To help preserve security in this mode, we recommend that the connection between the Microsoft Business Connectivity Services and the external system should be secured by using Secure Sockets Layer (SSL) or Internet Protocol Security (IPSec). This mode is called Impersonate Custom Identity in the Microsoft Business Connectivity Services administration pages and in Office SharePoint Designer.
RDBCredentials	For an external database, this mode uses a Secure Store Service to map the user’s credentials to a set of credentials that are supplied by a source other than Windows. To help preserve security in this mode, we recommend that the connection between the Microsoft Business Connectivity Services and the external system should be secured by using Secure Sockets Layer (SSL) or IPSec. This mode is called Impersonate Custom Identity in the Microsoft Business Connectivity Services administration pages and in Office SharePoint Designer.
DigestCredentials	For a WCF Web service, this mode uses a Secure Store Service to map the user’s credentials to a set of credentials using Digest authentication. This mode is called Impersonate Custom Identity – Digest in the Microsoft Business Connectivity Services administration pages and in SharePoint Designer 2010.

The following illustration shows the Microsoft Business Connectivity Services authentication modes when it uses credentials.

 In PassThrough (User’s Identity) mode (A) the logged-on user’s credentials are passed directly to the external system.

 In RevertToSelf (BDC Identity) mode (B) the user’s logon credentials are replaced with the credentials of the process account under which Microsoft Business Connectivity Services is running, and those credentials are passed to the external system.

 Three modes use the Secure Store Service: WindowsCredentials (Impersonate Windows ID,) RdbCredentials (Impersonate Custom ID,) and Credentials. In those modes, the user’s credentials are mapped to a set of credentials for the external system and Microsoft Business Connectivity Services passes those credentials to the external system. Solution administrators can either map each user’s credentials to a unique account on the external system or they can map a set of authenticated users to a single group account.

Configuring Business Connectivity Services for claims-based authentication

Microsoft Business Connectivity Services can provide access to external data based on an incoming security tokens and it can pass security tokens to external systems. A security token is made up of a set of identity claims about a user, and the use of security tokens for authentication is called “claims-based authentication.” SharePoint Foundation includes a Security Token Service that issues security tokens.

The following illustration shows how the Security Token Service and the Secure Store Service work together in claims-based authentication:

1. A user tries an operation on an external list that is configured for claims authentication.

2. The client application requests a security token from the Secure Token Service.

3. Based on the requesting user’s identity, the Secure Token Service issues a security token that contains a set of claims and a target application identifier. The Secure Token Service returns the security token to the client application.

4. The client passes the security token to the Secure Store Service.

5. The Secure Store Service evaluates the security token and uses the target application identifier to return a set of credentials that apply to the external system.

6. The client receives the credentials and passes them to the external system so that an operation (such as retrieving or updating external data) can be performed.

Business Connectivity Service permissions overview

Permissions in Microsoft Business Connectivity Services associate an individual account, group account, or claim with one or more permission levels on an object in a metadata store. By correctly setting permissions on objects in Microsoft Business Connectivity Services, you help enable solutions to securely incorporate external data. When planning a permissions strategy, we recommend that you give specific permissions to each user or group that needs it, in such a way that the credentials provide the least privilege needed to perform the needed tasks.

Caution:

Properly setting permissions in Microsoft Business Connectivity Services is one element in an overall security strategy. Equally important is securing the data in external systems. How you do this depends on the security model and features of the external system and is beyond the scope of this article.

Note:

Business Connectivity Services uses the permissions on the metadata objects and the permissions on the external system to determine authorization rules. For example, a security trimmer can keep external data from appearing in users’ search results. However, if users somehow discover the URL to the trimmed external data, they can access the external data if they have the necessary permissions to the metadata object and the external system. The correct way to prevent users from accessing external data is to set the appropriate permissions both in Business Connectivity Services and in the external system.

What can permissions be set on?

Each instance of the Business Data Connectivity service (or, in the hosting case, each partition) contains a metadata store that includes all the models, external systems, external content types, methods, and method instances that have been defined for that store’s purpose. These objects exist in a hierarchy as depicted in the following illustration:

Note:

In the previous hierarchy graphic, labels in parentheses are the names of objects as they are defined in the Microsoft Business Connectivity Services metadata schema. The labels that are not in parentheses are the names of each object as it appears in the user interface of the Business Data Connectivity service. For a full discussion of the Microsoft Business Connectivity Services metadata schema, along with walkthroughs of many development tasks, see the Microsoft SharePoint 2010 Software Development Kit (http://go.microsoft.com/fwlink/?LinkId=166117&clcid=0x409).

The hierarchy of objects in a metadata store determines which objects can propagate their permissions to other objects. In the illustration, each object on which permissions can be set, and optionally propagated, is shown with a solid line; each object that takes its permissions from its parent object is shown with a dotted line. For example, the illustration shows that an External System (LobSystem) can be secured by assigning permissions to it, but an Action cannot be assigned permissions directly. Objects that cannot be assigned permissions take the permissions of their parent object. For example, an Action takes the permissions of its parent External Content Type (Entity).

noteDXDOC112778PADS Security Note

When the permissions on an object in a metadata store are propagated, permission settings to all children of that item are replaced by the permissions of the propagating object. For example, if permissions are propagated from an External Content Type, all Methods and Method Instances of that External Content Type receive the new permissions.

Four permission levels can be set on the metadata store and the objects it contains:

 Edit

noteDXDOC112778PADS Security Note

The Edit permission should be considered highly privileged. With the Edit permission, a malicious user can steal credentials or corrupt a server farm. We recommend that, in a production system, you give Edit permission only to users whom you trust to have administrator-level permissions.

 Execute

 Selectable in clients

 Set permissions

The following table defines the meaning of these permissions on the various objects for which they can be set.

Object	Definition	Edit permissions	Execute permissions	Selectable in clients permissions	Set permissions permissions
Metadata store	The collection of XML files, stored in the Business Data Connectivity service, that each contain definitions of models, external content types, and external systems.	The user can create new external systems.	Although there is no “Execute” permission on the metadata store itself, this setting can be used to propagate Execute permissions to child objects in the metadata store.	Although there is no “Selectable in clients” permission on the metadata store itself, this setting can be used to propagate these permissions to child objects in the metadata store.	The user can set permissions on any object in the metadata store by propagating them from the metadata store.
Model	An XML file that contains sets of descriptions of one or more external content types, their related external systems, and information that is specific to the environment, such as authentication properties.	The user can edit the model file.	The “Execute” permission is not applicable to models.	The “Selectable in clients” permission is not applicable to models.	The user can set permissions on the model.
External system	The metadata definition of a supported source of data that can be modeled, such as a database, Web service, or .NET connectivity assembly.	The user can edit the external system. Setting this permission also makes the external system and any external system instances that it contains visible in SharePoint Designer.	Although there is no “Execute” permission on an external system itself, this setting can be used to propagate Execute permissions to child objects in the metadata store.	Although there is no “Selectable in clients” permission on an external system itself, this setting can be used to propagate these permissions to child objects in the metadata store.	The user can set permissions on the external system.
External content type	A reusable collection of metadata that defines a set of data from one or more external systems, the operations available on that data, and connectivity information related to that data.	Although there is no “Edit” permission on an external content type itself, this setting can be used to propagate these permissions to child objects in the metadata store.	The user can execute operations on the external content type.	The user can create external lists of the external content type.	The user can set permissions on the external content type.
Method	An operation related to an external content type.	The user can edit the method.	Although there is no “Execute” permission on a method itself, this setting can be used to propagate Execute permissions to child objects in the metadata store.	There is no “Selectable in clients” permission on a method.	The user can set permissions on the method.
Method instance	For a particular method, describes how to use a method by using a specific set of default values.	The user can edit the method instance.	The user can execute the method instance.	There is no “Selectable in clients” permission on a method instance.	The user can set permissions on the method instance.

Special permissions on the Business Data Connectivity service

Along with the general capabilities of setting permissions described earlier, there is a set of special permissions for the Business Data Connectivity service:

 Farm administrators have full permissions to the Business Data Connectivity service. This is necessary, for example, to be able to maintain or repair an instance of the service. However, be aware that the farm administrator does not have execute permissions on any object in the metadata store and this right must be given explicitly by an administrator of an instance of the Business Data Connectivity service if it is required.

 Windows PowerShell users are farm administrators and can run commands on the Business Data Connectivity service.

 Application pool accounts on front end servers have the same permissions to the Business Data Connectivity service as farm administrators. This permission is necessary to generate deployment packages based on Microsoft Business Connectivity Services.

 SharePoint Designer users should, in most cases, be given the following permissions on the whole metadata store: Edit, Execute, and Selectable in clients. SharePoint Designer users should not be given Set permissions permissions. If necessary, you can limit the permissions of the SharePoint Designer user to a subset of the metadata store.

Caution:

To help ensure a secure solution, SharePoint Designer should be used to create external content types in a test environment in which Edit permissions can be assigned freely. When deploying the tested solution to a production environment, remove the edit permissions to help protect the integrity of the external data.

Common tasks and their related permissions

This section describes common tasks in the Business Data Connectivity service and the required permissions to perform them.

Task	Permissions
Create a new object in the metadata store	To create a new metadata object, a user must have edit permissions on the parent metadata object. For example, to create a new method in an external content type, a user must have permissions on the external content type. See the illustration earlier in this article for child/parent relationships among objects in the metadata store.
Delete an object from the metadata store	To delete a metadata object, a user must have edit permissions on that object. To delete an object and all its child objects (such as deleting an external content type and all its methods) the edit permission is also required on all the child objects.
Adding an external content type to a model	To add an external content type to a model, a user must have edit permissions on the model.
Importing models	To import a model to the metadata store, a user must have edit permissions on the metadata store. If explicit permissions are not assigned on the model, the user who imported it will be given edit permissions on the model.
Exporting models	To export a model from the metadata store, a user must have edit permissions on the model and on all external systems contained in the model.
Generating a deployment package	Deployment packages are generated by the application pool account that is used by the front-end server. This account has full permissions to the metadata store so that it can perform this task.
Setting initial permissions on the metadata store.	When an instance of the Business Data Connectivity service is first created, its metadata store is empty. The farm administrator has full permissions to the store and can set initial permissions.

Securing Business Connectivity Services
This section discusses additional measures that can be used to help secure Business Connectivity Services
- Service account
For security isolation, the Business Data Connectivity service application and the front-end server should not use the same service account.
- Server to server communication
Securing the communication between the Business Data Connectivity service application and external systems helps ensure that sensitive data is not compromised. You need to use an encrypted communication channel to protect data that is sent between servers running SharePoint Foundation 2010 and external systems. Internet Protocol security (IPsec) is one method that can be used to help protect communication. The choice of which method to use depends on the specific communication channels you are securing and the benefits and tradeoffs that are most appropriate for your organization.
- Applications that use FileBackedMetadataCatalog
For security reasons, RevertToSelf authentication mode is disabled on SharePoint Foundation 2010 by default. However, this does not prevent applications that use the FileBackedMetadataCatalog class from importing models and executing calls that use RevertToSelf authentication. This can result in elevating privileges for users by granting privileges to the application pool account. You should review all applications to ensure that they do not use FileBackedMetadataCatalog class and RevertToSelf authentication before installing them on a production system.

Diagnostic logging in Business Connectivity Services overview (SharePoint Foundation 2010)

You can troubleshoot issues related to Microsoft Business Connectivity Services on servers that are running Microsoft SharePoint Foundation 2010 by using event logs and trace logs on either client or server. Also, each entry to the event log or trace log has an associated Activity ID that can be used to track a problem from the server to the external data source.

Note:

In addition to the logging methods discussed in this topic, you can use Microsoft System Center Operations Manager Management Pack to monitor a solution that is based on Microsoft Business Connectivity Services. For more information about how to configure System Center Operations Manager Management Pack, see the guide including in the management pack download at Microsoft SharePoint 2010 Products Management Pack (http://go.microsoft.com/fwlink/?LinkId=184971&clcid=0x409).

In this article:

    Diagnostic logging in Business Connectivity Services

    About Activity IDs

    Diagnostic logging on servers

    Example: using diagnostic logging

Diagnostic logging in Business Connectivity Services

For solutions that are based on Microsoft Business Connectivity Services, diagnostic logging occurs on servers that are running Microsoft SharePoint Foundation. There are two logs: the event log and the trace log. They both record diagnostic information that Microsoft Business Connectivity Services generate. Event logs record error messages. Trace logs contain more in-depth information, such as stack traces and informational messages. In general, trace logs provide more details than event logs.

Each logged item of information includes an Activity ID, which is a unique GUID value. Activity ID values can also be sent to external systems when a Create, Update, or Delete operation occurs on an item. By using Activity IDs, an action can be traced from the server or client to the external data source. For more information about Activity IDs, see About Activity IDs .

You can set the level of diagnostic logging for the event log and for the trace log. This will limit the types and amount of information that will be written to each log. The following tables define the levels of logging available for the event log and trace log:

Event log levels

Level	Definition
None	No logging occurs.
Critical	This message type indicates a serious error that has caused a major failure in the solution.
Error	This message type indicates an urgent condition. All error events should be investigated.
Warning	This message type indicates a potential problem or issue that might require attention. Warning messages should be reviewed and tracked for patterns over time.
Information	Information messages do not require any action, but they can provide valuable data for monitoring the state of your solution.
Verbose	This event log level corresponds to lengthy events or messages.

Trace log levels

Level	Definition
None	No trace logs are written.
Unexpected	This level is used to log messages about events that cause solutions to stop processing. When set to log at this level, the log will only include events at this level.
Monitorable	This level is used to log messages about any unrecoverable events that limit the solution’s functionality but do not stop the application. When set to log at this level, the log will also include critical errors (Unexpected level).
High	This level is used to log any events that are unexpected but which do not stall the processing of a solution. When set to log at this level, the log will include warnings, errors (Monitorable level) and critical errors (Unexpected level).
Medium	When set to this level, the trace log includes everything except Verbose messages. This level is used to log all high-level information about operations that were performed. At this level, there is enough detail logged to construct the data flow and sequence of operations. This level of logging could be used by administrators or support professionals to troubleshoot issues.
Verbose	When set to log at this level, the log includes messages at all other levels. Almost all actions that are performed are logged when you use this level. Verbose tracing produces many log messages. This level is typically used only for debugging in a development environment.

Diagnostic logs are useful both in development and production environments, but requirements for the level of logging will probably differ depending on the kind of environment. When planning for diagnostic logging in Microsoft Business Connectivity Services, consider the business needs and the lifecycle stage of the environment before you set the logging level.

For example, during solution design, you might, for debugging purposes, set both logging levels to Verbose to capture all the messages that are generated about the state of the system. Conversely, in a production environment, you might want to capture only messages in the categories High, Monitorable, and Unexpected for trace logs and the categories Critical and Error for event logs. Doing this will save logging disk space and limit any negative performance effects of logging.

About Activity IDs

A unique GUID value called an Activity ID is generated for each Create, Update, or Delete operation on external data in a solution based on Microsoft Business Connectivity Services. Anything related to the operation that is logged in the trace log or event log includes its Activity ID value.

Important:

In the event logs and trace log files on the server, Activity ID values are labeled as “CorrelationId” values.

The Activity ID value generated for a Create, Update, or Delete operation is sent to the external system along with other information related to that operation. If the external system has a logging mechanism, this value can be captured and logged on that system. Therefore, if an operation causes entries to the SharePoint logs, the same operation can be traced to the external system by using its Activity ID value. This facilitates end-to-end troubleshooting of issues.

Often, an operation such as Create will cause multiple events to be written to the logs. When this happens, the same Activity ID value is used for all events that are logged for the operation. This is useful in troubleshooting issues because the recurring value of the Activity ID facilitates finding all events for a particular operation. Conversely, when the same type of operation occurs repeatedly, a unique Activity ID value is generated for each operation instance. For example, if an item of an external content type is updated twice, each update operation will be associated with a unique Activity ID value.

Tip:

In some circumstances, the Business Data Connectivity service will retry an operation if it failed to go through to the external system. In those cases, the same Activity ID will be used for the retried operation.

Diagnostic logging on servers

By default, Microsoft Business Connectivity Services logging is enabled on SharePoint Foundation servers. The default logging levels are:

 For the event log: Critical and Error

 For the trace log: Medium

Should diagnostic logging of Microsoft Business Connectivity Services become disabled, enable it by selecting Business Connectivity Services on the Diagnostic Logging page in SharePoint Foundation Central Administration. You can also use Windows PowerShell to configure event logs and trace logs on the server. For example, you can change the drive that logging writes to, and you can set the level of verbosity of logging.

For more information about logging in SharePoint Foundation 2010, such as how to set the location of the log files, see Configure diagnostic logging (SharePoint Foundation 2010) (http://technet.microsoft.com/library/a5641210-8224-4e11-9d93-4f96fa4c327c(Office.14).aspx).

You can use Windows PowerShell to view the event logs on the server by and you can export the logs, for example to a spreadsheet program. For more information, see View diagnostic logs (SharePoint Foundation 2010) (http://technet.microsoft.com/library/28a72c44-2c3a-459d-aa64-918c3a71c858(Office.14).aspx).

Microsoft Business Connectivity Services output two categories to the trace log on SharePoint Foundation front end Web servers: BDC_Shared_Services and SS_Shared_Service. You can use the Event Viewer to open the trace log, and you can filter on the relevant log entries by searching on “SPS_BusinessData” (for Microsoft Business Connectivity Services outputs) and “SPS_SecureStoreService”.
Example: using diagnostic logging
This short, simplified scenario illustrates the use of diagnostic logging in a production environment. An enterprise has deployed a new time card submission solution based on Microsoft Business Connectivity Services. This solution uses an external system to store timecard information for employees, such as vacation time and sick leave, and to interact with employees and the payroll system when employees report absence from work. Employees use a Web Part to interact with the system.

On the server farm, the logging levels are set to the default values for Microsoft Business Connectivity Services:

 For the event log: Critical and Error

 For the trace log: Medium

In this scenario, an employee submits a value for the number of sick leave hours but neither the employee nor his manager receives a confirming email message reporting that the sick leave time was successfully submitted. The employee calls the internal technical support service and reports the issue.

The support technician recognizes that the time card application is based on Microsoft Business Connectivity Services. She checks the event log but finds no error associated with the identity of the user at the time the user submitted the time card request. She then checks the trace log, where she finds the evidence of the activity: an Update operation associated with the user at the appropriate time. The Update operation in the trace log includes an Activity ID value which the support technician notes.

The support technician knows that logging is also supported on the external system. Using the Activity ID, she locates the item logged on the external system and finds evidence of an error written to the log at the end of the Update operation: the update failed because the employee had used up all of his allotted sick leave time. She also notes that there is no log entry confirming that an email message was generated on the external system immediately at the end of the Update operation. The support technician concludes that there is an error in the logic of the time card application. Although the application properly did not allocate sick time pay when the employee exceeded his allotted amount of hours, it failed to generate an email message informing the employee of the issue. She reports the problem to the development team that created the application and the development team updates the application.
- See Also
Monitoring overview (SharePoint Foundation 2010) (http://technet.microsoft.com/library/d2e48b54-1a32-4ec6-8b9e-b884b7faca8f(Office.14).aspx)

Configure diagnostic logging (SharePoint Foundation 2010) (http://technet.microsoft.com/library/a5641210-8224-4e11-9d93-4f96fa4c327c(Office.14).aspx)

Business Connectivity Services overview (SharePoint Foundation 2010)
Plan workflows (SharePoint Foundation 2010)

A workflow is a feature of Microsoft SharePoint Foundation 2010 that moves documents or list items through a specific sequence of actions or tasks related to a business process. Workflows can be used to manage common business processes such as document review or approval.

In this section:

    Workflows overview (SharePoint Foundation 2010)

This article introduces the types of business processes that workflows can facilitate and describes the workflows included in SharePoint Foundation 2010.

    Choose a workflow authoring tool (SharePoint Foundation)

This article describes the different Microsoft supported workflow authoring tools, how they can be used together for rapid workflow authoring.

    Plan for workflow security and user management (SharePoint Foundation 2010)

This article highlights some aspects of workflow behavior that relate to security and raises other issues for administrators and workflow developers to consider when they plan to configure and develop workflows.

    Approval Workflow: A Scenario (SharePoint Foundation 2010)
This article shows how an approval-type workflow that is created in Microsoft SharePoint Designer 2010 or Workflow Designer in Visual Studio 2010, and that is then hosted by using SharePoint Foundation 2010 might look.
- See Also
Workflow administration (SharePoint Foundation 2010) (http://technet.microsoft.com/library/30f3251d-53a8-4fd4-ad87-31c48591a0f7(Office.14).aspx)
Workflows overview (SharePoint Foundation 2010)

The workflow feature in Microsoft SharePoint Foundation 2010 enables solution architects, designers, and administrators to improve business processes. Fundamentally, a workflow consists of two things: the forms that a workflow uses to interact with its users and the logic that defines the workflow’s behavior. Understanding how workflows are created requires knowledge about both.

In this article:

    Workflow overview

    Benefits of using workflows

    Predefined workflows

    Sample workflow scenario

    Workflow types: Declarative and compiled

    Workflow templates

    Workflow associations

Workflow overview

Workflows in SharePoint Foundation 2010 enable enterprises to reduce the amount of unnecessary interactions between people as they perform business processes. For example, to reach a decision, groups typically follow a series of steps. The steps can be a formal, standard operating procedure, or an informal implicitly understood way to operate. Collectively, the steps represent a business process. The number of human interactions that occur in business processes can inhibit speed and the quality of decisions. Software that simplifies and manages this “human workflow” enables the automation of interactions among groups who participate in the process. This automation results in more speed, overall effectiveness of the interactions, and often a reduction in errors.

You can model business processes by using flow charts, such as those created using Microsoft Visio 2010 and can represent business processes by using workflow terminology. You can automate business processes, such as document approval, by associating a workflow with data in SharePoint Foundation 2010. For example, you can create a workflow to route a document for review, track an issue through its various stages of resolution, or guide a contract through an approval process.

One problem that many IT departments face when implementing business processes that require participation of information workers is that those processes do not integrate with the way people actually work. For a business process to be effective, it must be integrated with the familiar, everyday tools and applications used in the workplace so that it becomes part of the daily routine of information workers. In the electronic workplace, this includes integration with e-mail, calendars, task lists, and collaboration Web sites.

Benefits of using workflows
The primary benefits of using workflows are to facilitate business processes and improve collaboration.

Business processes that enterprises use depend on the flow of information or documents. These business processes require the active participation of information workers to complete tasks that contribute to their workgroup’s decisions or deliverables. In SharePoint Foundation 2010, these types of business processes are implemented and managed by using workflows.

Examples of business processes that could be facilitated by workflows include:

    Contract approval   Guiding a proposed contract among members of an organization who must approve or reject it.

    Expense reporting   Managing the submission of an expense report and associated receipts, reviewing the report, approving it, and reimbursing the submitter.

    Technical support   Guiding the progress of a technical support incident as it is opened by a customer, investigated by a support engineer, routed to technical experts, resolved, and added to a knowledge base.

    Interviewing   Managing the process of interviewing a job candidate. This includes scheduling and tracking interview appointments, collecting interview feedback as it accumulates, making that feedback available to subsequent interviewers, and facilitating the hire/no-hire decision.
- Automating business processes
Businesses depend on business processes. Although those processes often involve software, the most important processes in many organizations depend on people. Workflows can automate interactions among the people who participate in a process to improve how that process functions, increase its efficiency, and lower its error rate.

Many processes can benefit from automated support for human interactions. Examples include the following:

    Approval   A common aspect of human-oriented business processes is the requirement to get approval from multiple participants. What is being approved can vary widely, ranging from a Microsoft Word document that contains next year’s marketing plan to an expense report from a trip to a conference. In every case, some number of people must review the information, perhaps appending comments, and then indicate approval or rejection.

    Coordinating group efforts   Whether it is preparing a response to a request for proposal (RFP), managing the translation of a document into one or more languages, or something else, many processes require people to work together in an organized way. By defining the steps of the process through an automated workflow, the group’s work can be made more efficient and the process itself more predictable.

    Issue tracking   Many business processes generate a list of outstanding issues. An automated workflow can be used to maintain that list, assign issues to the people who can resolve them, and track the status of that resolution.
To support these kinds of automated business processes, SharePoint Foundation 2010 can run workflow applications. Based on Windows Workflow Foundation 3.5, these applications interact with people through a Web browser. For more information about Windows Workflow Foundation 3.5, see Windows Workflow Foundation (http://go.microsoft.com/fwlink/?LinkId=127778).
- Workflows improve collaboration
Workflows help people collaborate on documents and manage project tasks by implementing business processes on documents and items on a SharePoint site or site collection. Workflows help organizations follow consistent business process practices. Workflows increase organizational efficiency and productivity through management of the tasks and steps involved in those business processes. Workflows speed up decision making by helping to ensure that the appropriate information is made available to the appropriate people at the time that they need it. Workflows also help ensure that individual workflow tasks are completed by the appropriate people and in the appropriate sequence. This enables the people who perform these tasks to concentrate on performing the work instead of on the work processes.

For example, on a SharePoint Foundation 2010 site, you can create a workflow to be used with a document library to route a document to a group of people for approval. When the author starts this workflow, the workflow creates document approval tasks, assigns these tasks to the workflow participants, and then sends e-mail alerts to the participants.

When the workflow is in progress, the workflow owner or the workflow participants can check progress on the Workflow Status page. When the workflow participants complete their workflow tasks, the workflow ends, and the workflow owner is automatically notified that the workflow has finished.
Predefined workflows

For sites and site collections created in Microsoft SharePoint Foundation 2010, a predefined Three-state workflow is included by default, and is the only predefined workflow available in SharePoint Foundation 2010. The Three-state workflow can be used to manage business processes that require organizations to track a high volume of issues or list items, such as customer support issues, sales leads, or project tasks.

The Three-state workflow is so named because it tracks the status of an issue or item through three different states, and through two transitions between the states. For example, when a Three-state workflow is initiated on an issue in an Issues list, SharePoint Foundation 2010 creates a task for the assigned user. When the user completes the task, the workflow changes from its initial state (Active) to its middle state (Resolved) and creates a task for the assigned user. When the user completes the task, the workflow changes from its middle state (Resolved) to its final state (Closed), and creates another task for the user the workflow is assigned to at that time. Note that when you associate the Three-state workflow with a list, you can choose to specify different state names, other than Active, Resolved, and Closed. Note that the Three-state workflow is not supported for use with libraries.

You can also make a copy of the predefined workflow to use as a starting point when creating a custom workflow.

Sample workflow scenario

Imagine that you work for Adventure Works, a sports store franchise that sells bicycles worldwide. This company has sales representatives that visit different countries to help new franchisees open new sports stores.

The scenario described in this section is one where an expense report is submitted for approval. If the expense report is for less than $5,000.00, a manager is required to approve, disapprove, or forward it. If the expense report is equal to, or more than, $5,000.00, a manager must review the expense report, comment on it, and then if the manager recommends approval, it is forwarded to a vice-president, who must approve or disapprove it.

In this scenario, the expense report form is an ASPX form displayed to the user on a SharePoint Web page. The workflow is a sequential type of workflow project created in Microsoft SharePoint Designer 2010, and is composed of both automated tasks and tasks that require human action. The workflow is running on SharePoint Foundation 2010.

1.    The sales representative — the first workflow participant — browses to an intranet self-service portal and selects the Expense Report form. A data entry page opens. The sales representative first fills out a simple expense report form that contains entries for the person’s name, the expense purpose, the expense total, and the name and e-mail address of the person’s direct manager. The sales representative then clicks Submit to submit the form.

Upon submission of the form, the data is saved centrally, the workflow is initiated, and the review task is assigned to the approver (in this case, the sales representative’s manager).

2.    The workflow notifies the sales representative’s manager. The notification is an e-mail message that contains instructions for completing the task and provides a link to a Web site that displays the Expense Report form.

3.    The manager, the second workflow participant, goes to the Web site and reviews the expense report. The workflow task item provides three actions that the manager can perform: Approve, Disapprove or Forward.

    If the expense report is less than $5,000.00, the manager sees options to Approve or Disapprove the expense report.

    If the expense report is more than $5,000.00, the manager sees options to Forward the expense report to a company vice president, or to Disapprove the expense report at the manager’s level.

4.    The manager takes action to approve, disapprove, or forward the expense report, and the workflow continues:

    If the expenses are approved by the manager, the task completion sends a message to the workflow indicating that the task is completed, the workflow notifies the sales representative through an e-mail message, and then the workflow adds the expense data to the line-of-business (LOB) accounting system.

    If the expenses are not approved by the manger, he types an explanation for his decision. The task completion sends a message to the workflow indicating that the task is completed, and then the workflow notifies the sales representative through an e-mail message.

    If the manager selects the option to forward the expense report to a company vice president, the manager makes relevant comments in the form and then clicks Forward. The workflow then notifies the vice president through an e-mail message that contains instructions for completing the task and provides a link to a Web site that displays the Expense Report form.

5.    The vice president — the third workflow participant — is given the option to Approve or Disapprove the expense report. When the vice president acts to approve or disapprove the expense report, the workflow continues.

    If the vice president approves the expenses, the expense data is added to the accounting system, the workflow notifies the sales representative and manager through e-mail, and then the workflow notifies SharePoint that the task is completed.

    If the vice president does not approve the expenses, the vice president types an explanation for the decision into the form. The workflow notifies the sales representative and manager through e-mail, and then the workflow notifies SharePoint that the task is completed.

As you can imagine, there are many ways to expand the functionality of this workflow within the context of this scenario. For example, you can configure the workflow so that if the vice president disapproves the expense report, the report is returned to the sales representative’s manager. The manager can further justify the expense and resubmit it for approval to the vice president, can pass along the disapproval to the sales representative, or take some other action.

In this sample expense report scenario, the business rules are always the same. This workflow solution defines the manager and vice president approvers, defines the business logic for the routing of the workflow, and predefines the content of the notifications. However, many real-world applications have complex business rules. Routing for approval can depend on many business variables. Notifications can also change, depending on other variables.

For example, imagine that in the same expense reporting solution, you have to route the expense report to as many as ten managers, depending on the expense purpose, the expense total, and the date of submission. Additionally, depending on the expense purpose, the content of the notifications sent by the workflow contain some small differences. This means that there can be multiple workflow solutions with different routing levels and notifications.

Microsoft SharePoint Foundation 2010 enables you to create and implement workflow solutions to meet the business needs of your organization. It does this by leveraging the workflow design and customization features of SharePoint Designer 2010 and Microsoft Visual Studio.

Workflow types: Declarative and compiled

An important distinction to understand about workflows is whether they are a declarative workflow, such as those created using Microsoft SharePoint Designer 2010 or a compiled workflow, such as those created using Visual Studio 2010. A declarative workflow is a workflow that is built from conditions and actions that are assembled into rules and steps, and that sets the parameters for the workflow without writing any code.

A compiled workflow, like declarative workflows, can also be built from conditions and actions without the workflow author actually writing code but also enable the workflow author to add custom code to the workflow. Regardless of whether a workflow author adds custom code to a code-centric workflow, the most important distinction to understand is the difference in the way that declarative and compiled workflows are run on the server. A compiled workflow is stored on a server running SharePoint Foundation 2010 as a precompiled dll file whereas a declarative workflow is deployed on a server running SharePoint Foundation 2010 as an Extensible Object Markup Language (XOML) file and compiled in the content database each time an instance of the workflow is started.

For more information about the Microsoft supported tools for authoring workflows, see Choose a workflow authoring tool (SharePoint Foundation).
Workflow templates

When creating a custom workflow using SharePoint Designer 2010, you can choose to create a workflow that will only be used with a specific list, library, content type, or site. Alternatively, you can choose to create a reusable workflow template, which can be associated with multiple lists, libraries, content types, or sites.

Note:

SharePoint Designer 2010 does not support creating reusable workflows for sites. Instead, you can use Visual Studio 2010 to create them.

When authoring a workflow, you can also choose to make it global, which means that once it is activated on a site it will be active for all the sub-sites below that site as well. However, you cannot use SharePoint Designer 2010 to create a global workflow and then save the workflow as a WSP file.

Workflow associations

SharePoint Foundation 2010 takes advantage of the Workflow Foundation runtime. One or more workflow templates, each containing the code that defines a particular workflow, can be installed on a server. Once this is done, an association can be created between a specific template and a document library, list, content type, or site. This template can then be loaded and executed by the SharePoint Foundation 2010-hosted Workflow Foundation runtime, creating a workflow instance.

Like all Workflow Foundation workflows, those based on SharePoint Foundation 2010 rely on Workflow Foundation runtime services. The Workflow Foundation standard persistence service allows the state of a persisted workflow to be linked with the document or item, and allows for long-running business processes that can span days, months, or years.

SharePoint workflows can be associated with lists, libraries, and content types. Reusable workflows created using Visual Studio 2010 can also be associated with sites. The following table describes the minimum permissions required to associate a workflow.

Associate workflow with	Minimum permissions required
List or library	Full Control permission level on the list or library
List or library content type	Member of the Site Owners group on the SharePoint site
Site content type	Member of the Site Owners group on the SharePoint site
Site	Member of the Site Owners group on the SharePoint site

For more information about workflow associations, see Add a workflow association (SharePoint Foundation 2010) (http://technet.microsoft.com/library/19872b79-f5ac-4b56-a24b-75af33c89763(Office.14).aspx).

Choose a workflow authoring tool (SharePoint Foundation)

What is a workflow? Fundamentally, it consists of two things: the forms a workflow uses to interact with its users and the logic that defines the workflow’s behavior. Understanding how workflows are created requires knowing something about both.

Because it communicates with users through a Web browser, a workflow relies on ASP.NET to display its forms. Accordingly, those forms are defined as .aspx pages. A workflow can potentially display its own forms at four points in its lifecycle:

    Association: When an administrator associates a workflow template with a particular document library or list, he might be able to set options that will apply to every workflow instance created from this association. If a workflow author chooses to allow this, she must provide a form that lets the administrator specify this information.

    Initiation: The initiator of a workflow might be allowed to specify options when he starts a running instance. In the approval scenario just described, for instance, the options included specifying the list of workflow participants and defining how long each one had to complete his or her task. If a workflow allows this, its author must provide a form to allow the initiator to set these options.

    Task Completion: The running workflow instance must display a form to the participants in the workflow to let them complete their task. This form is what allowed the approvers in the earlier scenario to make comments on the document and indicate their approval or rejection.

    Modification: The creator of a workflow can allow it to be modified while it’s running. For example, a workflow might allow adding new participants after it has begun executing or extending the due date for completing tasks. If this option is used, the workflow must display a form at this point to let a participant specify what changes should be made.

Workflows built solely on Microsoft SharePoint Foundation 2010 define their forms as .aspx pages. A workflow’s logic is always defined as a group of activities, just as with any workflow based on the Windows Workflow Foundation (WF). To specify the logic and forms for a workflow, Microsoft provides two different tools, each targeting a different audience. Software developers can use the Workflow Designer feature of Windows Workflow Foundation. This tool runs inside Visual Studio 2010 Professional Edition and provides a graphical environment for organizing activities into workflows. Information workers, a less technical group, can use Microsoft SharePoint Designer 2010 to create workflows without writing code. The next two sections examine how workflows can be created by using each of these tools.
Authoring workflows with Visual Studio 2010 and WF Workflow Designer

In many ways, a workflow is like a flowchart. Given this, it makes sense to provide a graphical tool that lets developers specify a workflow’s actions. This tool is SharePoint Workflow tools in Visual Studio 2010 Professional, which is a project type that uses the Windows Workflow Foundation (WF) Designer, and adds deployment and forms support for SharePoint Workflows. Developers can use WF Workflow Designer to define graphically a workflow’s activities and the order in which those activities will be executed. The screen below shows a simple example of how this looks in Microsoft Visual Studio.

Collect Feedback Workflow

The activities available for use appear in the Toolbox on the left side of the screen. A developer can drag these activities onto the design surface to define the steps in a workflow. The properties of each activity can then be set in the Properties window that appears in the lower right corner.

The Base Activity Library Windows Workflow Foundation provides a group of fundamental activities, as described earlier. Microsoft SharePoint Foundation also provides a set of activities designed expressly for creating workflows. Among the most important of these are the following:

    OnWorkflowActivated: provides a standard starting point for a workflow. Among other things, this activity can accept information supplied by a SharePoint administrator by using the Association form when the workflow is associated with a document library, list, content type, or site. It can also accept information supplied by the Initiation form when the workflow is started. Every workflow must begin with this activity.

    CreateTask: creates a task assigned to a particular user in a task list. For example, the approval workflow in the scenario described earlier used this activity to add a task to the task list used by each of the participants. This activity also has a SendEmailNotification property that, when set to true, automatically sends an e-mail message to the person for whom this task was created.

    OnTaskChanged: accepts information from the Task Completion form. The approval workflow in the earlier scenario used this activity to accept the input of each participant when the document was approved.

    CompleteTask: marks a task as completed.

    DeleteTask: removes a task from a task list.

    OnWorkflowModified: accepts information from the Modification form, which can then be used to change how this instance of the workflow behaves. If the workflow’s creator chooses not to include any instances of this activity in the workflow, that workflow cannot be modified while it’s running.

    SendEmail: sends e-mail to a specified person or group of people.

    LogToHistoryList: writes information about the workflow’s execution to a history list. The information in this list is used to let users see where a workflow is in its execution, look at the workflow’s history after it’s completed, and more. To allow this kind of monitoring, the workflow’s author must write information to a History list at appropriate points in the workflow’s execution. Because it provides its own mechanism for tracking workflows, Microsoft SharePoint Foundation doesn’t support WF’s standard tracking service.

A typical pattern for a simple workflow begins with an OnWorkflowActivated activity, and then uses a CreateTask activity to assign a task to a participant in the workflow. The BAL’s standard While activity might then be used to wait until the user completes the task. To learn when this has happened (perhaps the user makes multiple changes to the task, then checks a box on the Task Completion form when she’s done), an OnTaskChanged activity executes within the While, extracting whatever information the user has entered on that form. When the user has completed the task, a CompleteTask activity might execute, followed by a DeleteTask. The workflow can then go on to the next participant, using CreateTask to assign a task to him, and so on. And of course, other things can occur, such as sending e-mail, logging information to the history list, or even including the BAL’s Code activity, which allows running arbitrary code.

All of the activities provided by SharePoint Foundation are concerned with letting workflows operate within the SharePoint environment. The business logic a workflow implements is entirely up to the creator of that workflow. In fact, a developer authoring a workflow is free to create and use her own custom activities—she’s not required to use only those provided by SharePoint Foundation and WF.

As described earlier, Windows Workflow Foundation supports sequential, parallel, and state machine workflows. A workflow created with the WF Workflow Designer can also use any of these options. To allow this, SharePoint Foundation adds project types to Visual Studio, one for each of these workflow styles.

Whatever style is chosen, the developer must define more than just the workflow’s logic; he must also specify the .aspx form it should use. To do this, the developer relies on a file named element.xml. This file provides a template that the developer fills in to specify what form, if any, should be displayed at each of the four points at which a workflow is allowed to do this.

A developer must do some work to pass information between a workflow and the .aspx forms it uses. The Microsoft.Windows.SharePoint.Workflow namespace exposes an object model for developers. Using the types in this namespace, the creator of a workflow can pass information from an .aspx form to the workflow and vice-versa.

Once a workflow and its forms have been created, the developer must package them into what is referred to as a Feature. A SharePoint administrator must then install this Feature, which includes installing the workflow’s assemblies to the target system’s global assembly cache. The new workflow will now be visible to the administrator as a workflow template that can be associated with a document library, list, content type, or site.

For a software developer, creating a workflow by using Visual Studio and the WF Workflow Designer isn’t especially hard. The developer needs to understand the specifics of working in this environment, but much of what he’s doing will be familiar. Yet software developers aren’t the only people who’d like to author workflows. As described next, people who aren’t professional developers can also create workflows by using Microsoft SharePoint Designer 2010.
Authoring workflows with Microsoft SharePoint Designer 2010

Microsoft SharePoint Designer 2010 is a separate application that is available as a free download. Microsoft SharePoint Designer enables information workers and others to add application logic (implemented as a workflow) to SharePoint sites. This is certainly a useful goal, but Microsoft SharePoint Designer also addresses another important problem. If a developer creates a workflow by using Visual Studio, that workflow must be deployed on a server running SharePoint Foundation like any other feature. Yet many SharePoint administrators won’t allow arbitrary code to be deployed on their servers, believing that the risk of destabilizing the system is too great. Being able to create straightforward business logic tied to documents and list items is very useful, however, and it’s something that many SharePoint users need. Along with allowing less technical people to create workflows, Microsoft SharePoint Designer also addresses this problem by providing a safer way to define and deploy business logic on servers running SharePoint Foundation.

The workflow scenarios that Microsoft SharePoint Designer is intended to address are different in some ways from those addressed by Visual Studio and WF Workflow Designer. While it’s certainly possible to create complex applications, the intent of Microsoft SharePoint Designer is to let users add business logic to SharePoint sites. For example, suppose that a site contains a list that allows its users to submit change requests. Microsoft SharePoint Designer could be used to create a workflow that automatically informs the submitter when her change request is accepted or rejected. Similarly, a custom workflow might inform a particular group of users whenever a new document is added to a particular document library. Performing this kind of custom notification isn’t complicated—creating the workflows is easy—but it’s challenging with earlier versions of SharePoint Foundation because of administrators’ reluctance to install user-written code.

There’s an obvious question here: why should logic created with Microsoft SharePoint Designer be treated any differently? What makes SharePoint administrators willing to allow workflows built with this tool to be deployed on the systems for which they’re responsible? The answer is that workflows built with Microsoft SharePoint Designer can only use activities from an administrator-controlled list. In addition to the activities provided by SharePoint Foundation, a site administrator can choose whether to include custom activities created by a developer on this list. By defining exactly what workflows are allowed to do, a SharePoint administrator can have more confidence that deploying logic created by using Microsoft SharePoint Designer won’t destabilize his system.

Both because it’s intended for information workers rather than developers and because it emphasizes simpler scenarios, Microsoft SharePoint Designer uses a different model for creating workflows than the Visual Studio-hosted WF Workflow Designer. Instead of a graphical approach, Microsoft SharePoint Designer uses a rule-based approach. It’s somewhat similar to the Rules Wizard in Microsoft Outlook, a tool that’s familiar to many people. The screen below illustrates how a user of Microsoft SharePoint Designer defines a step in a workflow. Notice that this workflow runs some actions in parallel; some actions run serially. Earlier versions of SharePoint Foundation supported running actions only serially; actions only ran consecutively.

Process Order Workflow

Each step can have a condition and an action. The condition determines whether this step’s action should be executed, as in the If statement shown above. The choices for actions include things such as assigning an entertainer to an event, collecting approval, and many more. Each of these actions is actually carried out by some SharePoint Foundation activity, and the activities used here are the same as with Visual Studio and WF Workflow Designer. The list of actions can also include any other activities allowed by the SharePoint administrator for this site, including custom activities created by developers.

Even though its user interface looks quite different from the graphical approach used with Visual Studio and WF Workflow Designer, Microsoft SharePoint Designer creates a standard WF workflow. What’s actually produced is a workflow that is sequential, parallel, or combination of both with conditions expressed using the WF rules engine. Workflows created with this tool do have some limitations, however. For example, they can’t be modified while they’re running, unlike those built using Visual Studio and WF Workflow Designer, and only sequential and parallel workflows can be created—state machines aren’t supported. Also, workflows built with this tool can be authored against a specific document library, list, or site when they’re designed. Workflow authors can also create a general workflow template that can be later associated with any library, list, or content type. While this does place limits on how a workflow can be used, it also makes deploying the workflow much simpler. In fact, when a user finishes authoring a workflow with Microsoft SharePoint Designer, the tool provides a one-click deployment of the workflow to the target site, which includes activating the workflow. This is significantly less complicated than the multi-step deployment process required for workflows created using Visual Studio and WF Workflow Designer.

Workflows created by using Microsoft SharePoint Designer can also display customized forms. Rather than require workflow authors to create .aspx pages directly, however, the tool instead generates those pages. The author specifies details about how the generated pages should look, such as what fields they should contain, and Microsoft SharePoint Designer takes care of the rest. Of the four points in a workflow’s lifecycle where forms can be used, however, only two are used with workflows created by using Microsoft SharePoint Designer: Initiation and Task Completion. Because every workflow created with this tool must be associated with a particular document library, list, content type, or site there’s no need for an association step and hence no Association form. And since these workflows can’t be modified while they’re running, there’s no need for a Modification form.

Microsoft SharePoint Designer also provides the ability to import workflows that were created using Microsoft Visio 2010. This enables business managers or workflow authors to create the workflow logic using a well known graphical environment. A workflow author can then import the workflow logic into Microsoft SharePoint Designer, modify it if necessary, and then publish it to a SharePoint site.

SharePoint Foundation provides a great deal of functionality for creating document-oriented workflows. Yet ultimately, it’s a platform for development and execution. On its own, it provides no workflow functionality that’s directly usable by end users. Workflows running on SharePoint Foundation also have other restrictions, such as the inability to interact with participants by using Office client applications.

Authoring tool comparison

The following table shows the important differences between the tools that Microsoft supports for creating workflows in SharePoint Foundation by using both SharePoint Designer and WF Workflow Designer in Visual Studio 2010 Professional Edition.

Capability/Requirement	SharePoint Designer	WF Workflow Designer in Visual Studio
Workflows can be created using only actions that are approved by site administrators?	Yes	No
Workflows are accessible in client applications (other than the browser)?	Yes	Yes
Can use Microsoft Visio Professional to create workflow logic?	Yes	No
Need to write code?	No	Yes
Additional activities (other than those provided by SharePoint Foundation) are provided?	No	Yes
Can create custom activities?	No	Yes
Workflow can be modified while it is running?	No	Yes
One-click publishing of workflows?	Yes	Yes
Workflows can be deployed remotely?	Yes	No
Can be made available across the farm?	No	Yes
Can be scoped to a site collection?	Yes	Yes

Plan for workflow security and user management (SharePoint Foundation 2010)

Before deploying workflows in Microsoft SharePoint Foundation 2010 to users, administrators might have concerns about security issues, such as information disclosure or elevation of privilege. This article highlights some aspects of workflow behavior that relate to security and raises other issues for administrators and workflow developers to consider when they plan to configure and develop workflows.

In this article:

    List manager, administrator, and developer roles and responsibilities (http://technet.microsoft.com/library/cda43349-4574-4eec-97cd-78963542d8b6.aspx#BKMK_Rolesandresponsibilities)

    Running workflows as an administrator (http://technet.microsoft.com/library/cda43349-4574-4eec-97cd-78963542d8b6.aspx#BKMK_Workflowsrunasadministrator)

    Workflow configuration settings (http://technet.microsoft.com/library/cda43349-4574-4eec-97cd-78963542d8b6.aspx#BKMK_Workflowconfigurationsettings)

    Information disclosure in task and workflow history lists (http://technet.microsoft.com/library/cda43349-4574-4eec-97cd-78963542d8b6.aspx#BKMK_Disclosure)

    Spoofing and tampering attacks in the task and workflow history lists (http://technet.microsoft.com/library/cda43349-4574-4eec-97cd-78963542d8b6.aspx#BKMK_Spoofing)

    User-Impersonation Step type for declarative workflows (http://technet.microsoft.com/library/cda43349-4574-4eec-97cd-78963542d8b6.aspx#BKMK_UserStep)

List manager, administrator, and developer roles and responsibilities
The following are some common workflow actions and the related responsibilities, which explain the role of administrators and developers in running workflows.
- Workflow developers
Develop workflow schedule and template Workflow developers are responsible for coding the assembly that contains the business logic that will run on a SharePoint item. This assembly is called a workflow schedule. They are also responsible for packaging the workflow forms and assembly into a workflow feature, or into a workflow template.
- Site administrators
Manage Central Administration workflow settings Site administrators can control general workflow settings, such as task alert results and external participant settings on the SharePoint Central Administration Web site.

Deploy Workflow features Site administrators can install workflow features on a site collection to make them available for association.
- List administrators (anyone with Manage List or Web Designer permissions)
Add workflows   List administrators must associate (add) a workflow template to a list or content type, according to the business needs of the list or content type. This association makes the workflow template available to end users, who can then select default values and settings.

Remove workflows   List administrators can remove workflow associations from a list or content type, or prevent new instances from running.

Terminate a workflow   If a workflow instance fails, list administrators can stop a running workflow instance, such as when a workflow instance produces an error or does not start, by using the Terminate this workflow link on the Workflow Status page. This action is reserved for administrators.

Running workflows as an administrator

The most important security concept to be aware of is that workflows run as part of the system account in SharePoint Foundation 2010, through the identity application pool settings on the server computer and domain. This means that within SharePoint Foundation 2010, workflows have administrator permissions. On the server, workflows have the same permissions as the application pool, which frequently has administrator permissions. These permissions enable workflows to perform actions that ordinary users cannot perform, such as routing a document to a specific location or records center, or adding a user account to the system.

This setting, that workflows have administrator permissions, cannot be changed. It is up to the workflow schedule (that is, the workflow code) to detect user actions and, based on those actions, continue or roll back changes, or impersonate a user in order to mimic that user’s permissions.

When they deploy workflows, administrators must understand the actions that the workflow will perform so that they can assess possible risks associated with elevation of permission in a workflow and help the workflow developer reduce any security concerns.

Workflow configuration settings
SharePoint Foundation 2010 has some configuration settings that administrators have to set according to their security needs.
- Required permissions to start a workflow
In addition to preventing the elevation of permissions in the code, list administrators can restrict the permission level that is required to start a workflow during the association process. Administrators can select either of two permission levels to start a specific workflow association: Edit Item or Manage List.

The default setting for associating a workflow is to allow users with Edit Item permissions to manually start a workflow. This means that any authenticated SharePoint Foundation 2010 user on the list who has Edit Item permissions can start an instance of this workflow association. If during workflow creation the administrator selects the option to require that the user have Manage Lists permissions in order to start the workflow, only list administrators can start an instance of this association.

Because workflows are designed to be used by standard contributors, most workflows do not require the restriction to Manage Lists permissions. However, administrators can use this setting for workflows such as a document disposal workflow, where the administrator wants only certain people to execute the disposal actions.
- Central Administration settings
The following settings can be found on the Central Administration page by clicking Application Management and, in the Web Applications section, clicking Manage web applications. On the Web applications page, select the Web application that you want to configure, and in the Manage group of the ribbon click General Settings, and then select Workflow. The Workflow Settings page opens, and the following settings are displayed:

 User-Defined Workflows

 Workflow Task Notifications
- Enable user-defined workflows
By default, user-defined workflows are enabled for all sites on the Web application, as shown in the User-Defined Workflows section of the Workflow Settings page. When this option is selected, users can define workflows in a workflow editor such as the SharePoint Designer 2010 workflow editor. Users who define these workflows must have Manage List permissions on the site to which they are deploying the workflow.
- Task notification for users without site access
On the Workflow Settings page, in the Workflow Task Notifications section, you can set options for sending notifications about pending workflow tasks to users who do not have access to the site.

Internal users

In SharePoint Foundation 2010 it is possible to resolve the names of internal users in the directory service who are not members of the site or who do not have access to that task. In this case, an administrator can select the Alert internal users who do not have site access when they are assigned a workflow task option in the Workflow Task Notifications section to set whether such users receive a task notification by e-mail. This option means that users are alerted when they are assigned a workflow task. This option is enabled by default, and the e-mail message that users receive contains a link that they can click to request access to the site (administrators must still grant access). This e-mail message might also contain information about the document. This information can include the title of the document and instructions from the workflow owner. If there are information disclosure concerns associated with internal users who are not members of the site, administrators might want to disable the Alert internal users who do not have site access when they are assigned a workflow task setting.

External users

External users who are not in the directory service but who are assigned a well-formed SMTP e-mail address can still be assigned workflow tasks. Because external users will find it difficult to access the document, SharePoint Foundation 2010 includes a setting, Allow external users to participate in workflow by sending them a copy of the document, which makes it possible to send external users a task notification by e-mail with the document attached. When this option is enabled, the task is assigned to the workflow owner, and the external user can complete the task by sending e-mail to the owner.

By default, the option Allow external users to participate in workflow by sending them a copy of the document is disabled. But this setting can be useful in situations that require external participation, such as approval of business documents that involve external customers. Administrators who enable this setting (select Yes) must verify that the workflow schedule supports the external participant setting. For example, when a task is created for an external user, the custom workflow must specify the external e-mail address in the OnBehalfEmail property in the SPWorkflowTaskProperties object that was used to initialize the task). Several built-in workflows in SharePoint Foundation 2010 support this setting.

Custom workflow developers who want to enable this functionality must work with administrators to determine whether there are information disclosure risks in attaching the actual document to an external e-mail message. Administrators must evaluate the benefits and risks when enabling this setting.

Information disclosure in task and workflow history lists

Because tasks and history list items can contain data about users and the actions they perform on documents, the items might disclose confidential information. For example, a promotion Approval workflow might collect feedback on its tasks that an organization wants only the workflow owner and each participant in the task to see.

Task and history lists are typical lists in a site. By default, therefore, all readers can view tasks and history items. Administrators and developers must determine the information that cannot be disclosed and decide whether to help secure task and history items that are created by the workflow.

Securing these items can be done in several ways. For example, administrators can set list-level permissions. If disclosure is to be private — that is, not publicly available but available to a specific group of people — administrators can create a new task or history list and set permissions for the list that are targeted to that group. If administrators do not want anyone to see history events on a workflow status page, they can remove view permissions to the workflow history list from which a status page pulls its information. Users who do not have permissions to view the history list itself, or any item on the list, will receive an Access Denied error when they open any status page that pulls data from that history list.

If finer restrictions are required, workflow developers can set per-item permissions when they create tasks or history items. The CreateTask activity has a SpecialPermissions property that gives only specified permissions to access the newly created task. The LogToHistoryList activity does not have such a property, so to set per-item permissions on history list items, administrators must use the object model (OM) in SharePoint Foundation 2010. Per-item permissions can affect performance negatively and should not be used unless they are necessary.

Tasks and history items do not have to be handled in the same manner. Administrators can mix and match list permissions and item-level permissions.

Spoofing and tampering attacks in the task and workflow history lists
Any contributor can modify tasks or history items if there are no restrictions on those lists. This means that malicious users can modify task descriptions to give participants incorrect instructions or to order participants to click malicious links. To change the perceived results of a process, malicious users also can add false or inaccurate history events or can modify history events to make them false or inaccurate.

As detailed earlier, task and history lists are normal lists in a site. By default, there are no permission restrictions on either task lists or history lists. To avoid spoofing and tampering attacks, administrators must determine the vulnerabilities that exist and either restrict access to columns in a list (for example, make vulnerable columns such as task descriptions read-only so that only the workflow can set them on item creation), set special permissions on the list, or set item-level permissions on the items in a list.
- Security issues in the workflow history list
A key benefit of workflows is the ability to track process information to provide visibility into a process. The workflow history list is a repository for this information, where a workflow status page can search for data related to a workflow instance and can make this information available to users. Users can see all items to which they have access in the history list.

However, because the workflow history list tracks information, users might assume that it can be used as an audit trail for events. This is not the case: Workflow history is not a security feature. History lists are standard SharePoint lists that are used for storing events that are visible to any user and that have no special permissions associated with them. By default, users can modify and add events if they have edit and add permissions on the site. To audit events, use the SharePoint’s Audit Log feature. Only administrators can access this log and the log does not require additional work to protect it from tampering attacks.

To better protect the history list, administrators can restrict edit and add permissions to the list, so that only system account administrators (for example, workflow administrators) and list administrators can add items. List administrators must have add permissions to log “Terminate this workflow” events. If edit and add permissions are restricted on the history list, users still must be granted view permissions in order to see status information.

User-Impersonation Step type for declarative workflows

The User-Impersonation Step type can be used to run sections of declarative workflows by the person who authored the workflow rather than by the workflow’s initiator. Declarative means a model that you use to create the workflow and set the parameters for the workflow without writing any code.

In SharePoint Foundation 2010, declarative workflows always run in the user context of the workflow initiator unless an impersonation step is encountered. If an impersonation step is encountered, the declarative workflow is run in the context of the workflow associator. The default workflow tasks respect SharePoint permissions by impersonating the user who started a workflow when the workflow is run. This arrangement keeps things fairly safe in SharePoint Foundation 2010, but blocks many scenarios in which a workflow designer with high permission levels wants to author a powerful workflow that can be completed successfully by users who have lower permission levels.

Through a safe and scoped form of privilege elevation, site actions can be automated through workflow. This reduces the burden on a SharePoint site administrator. Automation of a high-security process is useful in publishing and approval scenarios in which existing actions are enabled to impersonate someone other than the workflow’s initiator.

The following are sample scenarios that demonstrate the User-Impersonation Step type:

    Publish to a secure list

Jackie has locked down the Pages document library for the public face of her SharePoint site. She has set up an Approval workflow that, by using Microsoft SharePoint Designer 2010, submits content from site contributors for approval. Jackie puts her workflow actions in an impersonation step so that the workflow actions will always impersonate her, a site administrator, as the author of the workflow.

When Connie (a contributor) posts a content draft to the Pages library of the site, and tries to publish her article, that action causes Jackie’s Approval workflow to start so that the post can be reviewed and approved. Tasks are sent out to the approvers in the workflow on behalf of Connie. Upon review and approval by the approvers, the system sets the moderation status of the post to “Approved”, even though Connie does not have permission to approve pages.

    Granting permissions to users

Joanne has set up a workflow in SharePoint Designer 2010 that uses a user-impersonation action “Add User to Group” to grant Design permissions to her site. Because the workflow uses an impersonation scope, the action of adding a user to the group will always be performed on Joanne’s behalf.

The rest of the workflow lets contributors visit the site and complete a form to log their access request to a list.

For example, a separate user, Olivier, receives a task when Connie, a user, logs a request, and when he approves the task, Connie is added to the Designer group for the site even though neither Olivier nor Connie has Manage Lists permissions on Joanne’s site.

    Templates and taking ownership

William created several workflows in SharePoint Designer 2010 and saved them as templates for reuse across the company, but he soon leaves the company. His account is removed, his administrator status is revoked, and now the SharePoint Designer 2010 workflows that William created fail to complete due to the loss of William’s permissions.

A parent SharePoint site administrator, John, can intervene for each workflow, without having to re-create the workflows in SharePoint Designer 2010. John takes ownership of the administrative symptoms in each broken template. After doing this, secure publishing and access granting now occur under John’s name instead of William’s — and nothing else has changed.

The following are workflow actions that can be impersonated:

    Set Content Approval Status (as Owner)

    Create List Item (as Owner)

    Update List Item (as Owner)

    Delete List Item (as Owner)

    Add/Remove/Set/Inherit List Item Permissions (as Owner)

As a SharePoint administrator, you must consider the possible security effects of incorporating impersonation into workflows on the SharePoint site. This applies to new actions but also to existing actions such as updating list items.

For example, consider a model in which user-impersonation actions in the workflow could still run as the initiator. If a user has administrator permissions only over a site in the site collection, that user could maliciously create a workflow to gain rights to the parent Web of the site. All that the malicious user would have to do is to persuade the administrator to upload a file to a document library on the malicious user’s site to begin the workflow’s attack and compromise the whole parent Web of the site.

This risk prompted development of the restriction “user-impersonation actions always impersonate their associator” in SharePoint Designer 2010. The associator is the person who associates a workflow to a particular list or Web. In SharePoint Foundation 2010 declarative workflows, the associator is the same person as the workflow author; that is, the user who builds the workflow in SharePoint Designer 2010. However, the associator can also be anyone who associates a declarative workflow template. The concern now is that the author/associator is forced to accept responsibility for anything that occurs because of a User-Impersonation Step type, because the author/associator’s credentials are being used in the elevation. This requires that the authors/associators understand the workflows they design or associate. Therefore, during workflow creation, SharePoint Designer 2010 provides a cautionary message on the workflow creation page to the author/associator about the User-Impersonation Step type.

Approval Workflow: A Scenario (SharePoint Foundation 2010)

The most common example of human workflow in most organizations is some variation of approval: A group of people must approve or reject some document, and perhaps add comments to explain their decisions. This article shows how an approval-type workflow that is created in SharePoint Designer 2010 or Workflow Designer in Visual Studio 2010, and that is then hosted by using SharePoint Foundation 2010 might look. Before reading this example, it is useful to define the roles that different people play.

 Workflow author The developer or information worker who creates a workflow template.

 SharePoint Foundation 2010 administrator The person who installs a workflow template and associates it with a document library or list.

 Workflow initiator The person who starts a workflow, causing a workflow instance to be created from a particular workflow association.

 Workflow participants The people who interact with a workflow instance to complete the business process that it supports.

As described in the following section, people in each of these roles play their own parts in creating, installing, starting, and using a workflow.

Authoring a workflow

Microsoft provides two options for creating workflows in SharePoint Foundation 2010. Developers use Visual Studio 2010 and Workflow Designer, whereas information workers use the rules-based approach that SharePoint Designer 2010 provides. In both cases, the result is a workflow template that must be deployed to a server that is running SharePoint Foundation 2010. This scenario assumes that a workflow template has already been created.

Associating a workflow

Before you can use a workflow, you must install a workflow template on a server that is running SharePoint Foundation 2010, and then you must associate the workflow with a particular document library, list, content type, or (in the case of a site workflow) site. You can then start the workflow from any document or item in that library or list. Although workflows cannot be explicitly started from content types, a workflow that is associated with a content type can be started from a document or list item to which that content type is attached. Because workflows operate in the same manner on items and documents, a workflow template can typically be attached to a list, library, or content type. You can also create a template that can be associated only with a particular list or library.

Both installation and association are performed automatically for workflows that are deployed by using SharePoint Designer 2010. However, when you use Visual Studio to deploy workflows, a server administrator must explicitly install the workflow template. In addition, a user must associate the template with a library, list, content type, or site. Whoever creates this association also assigns the association a unique name, which enables users to reference it. Optionally, the workflow author can let the person who creates the association set options for the workflow behavior, such as a default list of people who can always participate in the process. The same template can be associated with multiple libraries, lists, or content types, and each association can be customized as required. After the association is created and any available options are set, a workflow initiator can create a workflow instance from this association, as described in the following section.

Associating a workflow with a site

Site workflows are associated with the site itself. An item does not have to be started for the workflow to run.

You can use site workflows for processes that do not have a list item context. For example, you could create a workflow to request permissions for the site, a workflow to request and provision a new site, or a workflow that uses context that is stored outside the SharePoint site, without having to create a corresponding SharePoint list item from which to start the workflow.

Site workflows can be associated with a site through the site’s settings and can be started on the site itself. SharePoint Designer 2010 can also deploy site workflows directly to a site.

Site workflows work in the same way as list items, as described earlier in this article, except that site workflows cannot be started from a document or item in a library or list.

For more information, see Add a workflow association (SharePoint Foundation 2010) (http://technet.microsoft.com/library/19872b79-f5ac-4b56-a24b-75af33c89763(Office.14).aspx).
Starting a workflow

SharePoint Foundation 2010 provide three options to start an instance of a workflow. All three options run the workflow from the beginning every time. (If an instance of a workflow that is created from a particular association is already running on a particular document or list item, it is not possible to start another instance of the workflow on the same document or item.) The following are the options for starting a workflow:

    A SharePoint Foundation 2010 user can manually start a workflow.

    You can configure a workflow to run automatically when a user creates a document or item.

    You can configure a workflow to run automatically when a user changes a document or item.

For example, a Microsoft Word user can upload a new document to a site’s document library. This causes an instance of a workflow that is associated with that library to start.

This scenario uses the first of these three options: manually starting an Approval workflow for a document. To start a workflow instance from a document in a document library, a SharePoint Foundation 2010 user does the following:

1.    Points to the document and selects Workflows from the drop-down menu.

2.    Selects the workflow to start.

This example assumes that a workflow that will route the document for approval has been created.

When a workflow is started (that is, when an instance of a workflow is created), it can also display a screen that enables a user to specify relevant information. For a workflow that routes a document for approval, this information can include the name of each person who must approve the document, an indication of when each approval is due, and a list of people to be notified. After this information is supplied, the user clicks Start. The workflow begins to execute and requests each participant to review the document in the order in which names were entered on this screen.

When a workflow is started, it can also optionally send an e-mail message to the person who started it. Similarly, a workflow can inform its creator by e-mail when it has finished. You can also configure the workflow to notify the participants in the workflow — in this example, the people who are approving the document—by e-mail that the workflow has something for them to do.
Interacting with a workflow

The concept of tasks models the interaction between a person and a running workflow. A task is a unit of work that is assigned to an individual. For example, each person on this workflow’s approval list will be assigned a task that requests approval of the document. SharePoint Foundation 2010 can have a task list for every site, and a running workflow can add tasks to this list that specify the person or persons who are assigned to each task. Users of that site can see the work that is awaiting them by accessing their task list through a Web browser. Optionally, you can have a custom task list for just your workflow tasks.

To a SharePoint Foundation 2010 user, the list of waiting tasks is merely another list. In this example, the user browses to the team SharePoint site and selects the option to view the list of Tasks that are assigned to him. To work on a task, the user in this example clicks the task name.

Because the way that a workflow interacts with participants can vary, the workflow itself defines the screen that is displayed to the user. In this example, the workflow provides options to approve or reject the document and a text box in which participants can type comments.

Other available options let users reassign the task to another person or to request a change. Here, the user might type a comment, and then click Approve. The workflow then creates a task in the task list of the next person in its list of approvers. When every participant has responded, the workflow ends.

SharePoint Foundation 2010 workflows also provide other options, including the following:

 The initiator of a workflow can check the status of the workflow.

For example, in the scenario described here, the initiator might check the progress of the approval process.

 A workflow can be modified while it is executing.

The workflow’s author determines the allowed modifications, if any. An Approval workflow, for example, could allow the addition of a new approver while the workflow is in progress. The ability to modify in-progress workflows is important because it reflects how people actually work. Because spontaneous change to business processes is a part of life within any business, SharePoint Foundation 2010 workflows were designed to let users handle this.
Summarizing the process

When a workflow template is installed on a site and associated with a document library, list, site, or content type, a site user can start an instance of a workflow.

1.    The process starts when the workflow initiator selects a document and starts an instance of a workflow.

2.    The initiator creates a workflow instance from this association.

3.    The user customizes this new instance and starts it.

4.    The running instance of the workflow adds a task to the task list of a participant.

The approval workflow that is used in this scenario assigns these tasks sequentially. However, you can assign tasks to many participants at the same time, which allows tasks to be performed in parallel.

5.    Participants in the workflow can learn about tasks that the workflow has assigned to them by checking their task lists.

6.    Each participant interacts with the running instance of the workflow to complete assigned tasks.

In the example described here, this interaction required approving a document, but the interaction could be anything that the workflow author wants.

It is worth noting that the document on which a workflow runs is not itself sent from person to person. Instead, the document remains on the site, and each workflow participant is given a link to it. In fact, there is no requirement that the workflow use the document or item with which it is associated. Another point worth emphasizing is that SharePoint Foundation 2010 itself defines what is displayed to the initiator of the workflow and the participants in the workflow in steps 1, 2, and 5. However, the workflow author defines and creates the ASPX Web pages that are used in step 3 and step 6. This allows the author to control how users customize and interact with the workflow.
Plan site creation and maintenance (SharePoint Foundation 2010)

If you plan on having more than a few site collections in your Microsoft SharePoint Foundation 2010 environment, you need to be sure that you have a plan for site creation and maintenance. Without such a plan, it is difficult to control or track when SharePoint sites are created, whether sites are still active, and when you can safely remove inactive sites. Before you deploy and make sites available to users, you need to answer questions such as:

    Do you want to tightly control site creation or to allow many users to create sites?

    At which level in the site hierarchy should additional sites be created?

    How do you find and remove unused sites in your environment?

Articles and worksheets help you design and record a plan for site creation and maintenance. This will help you prepare to manage growth in your environment.

In this section:

    Plan process for creating sites (SharePoint Foundation 2010)

Discusses how to determine which type of site creation process will fit your organization, and which method to use to implement that process.

    Plan site maintenance and management (SharePoint Foundation 2010)

Discusses how to plan for maintaining your SharePoint sites from the beginning to make sure that your sites stay current, useful, and usable.

    Plan quota management (SharePoint Foundation 2010)

Contains guidance about how to determine settings for quota templates and recycle bins, and how to decide whether or when to delete unused Web sites.

Plan process for creating sites (SharePoint Foundation 2010)

Some organizations need to maintain tight control over who can create sites, or when sites are created. Other organizations can allow users more access and freedom to create sites when needed. This article helps you determine which type of site creation process will fit your organization, and which method to use to implement that process.

In this article:

    Determine who can create sites and a method for site creation

    Plan for Self-Service Site Management

    Plan for custom site creation processes

    Worksheet

Determine who can create sites and a method for site creation

By default, new site collections (and therefore new top-level Web sites) can only be created by using Central Administration, which means that they can only be created by members of the Farm Administrators group. This behavior might suit your organization if you want your environment to be tightly controlled and managed, with only a few people allowed to add top-level sites. However, the default top-level site creation method might not suit your organization if you have any of the following requirements:

    You want users to be able to easily create informal, perhaps even disposable, top-level sites, such as for short-term projects.

    You want to create an informal space for team, group, or community interaction.

    You are hosting top-level sites (either internally or externally) and want the process for requesting and receiving a top-level site to be as quick and low cost as possible.

There are several ways to allow users to create their own sites, while still maintaining some control over your environment. Consider which of the following methods will work best for your organization.

    Self-Service Site Management   In Central Administration, you can turn on Self-Service Site Management to allow users to create site collections under the /sites path (or other path you specify) within a particular Web application. This method is best used when you want to allow groups or communities to create sites. This method also works well if you are hosting sites and want to allow users to create sites without waiting for a complicated process. The sign-up page for Self-Service Site Management can be customized or replaced with a page that includes all of the information you might need to integrate with a billing system or to track custom metadata about the site at creation time. This method does not work well when large numbers of users need access to multiple sites. Because Self-Service Site Management creates site collections, which have separate permissions, users need to be added uniquely to different site collections. If you use subsites instead, the users can be inherited from the parent site in the site collection. Search works within a specific site collection. Therefore, if you want users to be able to find content across multiple sites, make the sites into subsites within a site collection.

    Subsites of existing sites   Limit users to creating subsites of existing sites, rather than new site collections and top-level sites. Any user who has the Full Control or Manage Hierarchy permission level on an existing site can create a subsite. This method is the most limited, because you still control how many site collections there are. Because the sites are always subsites of other sites, they can either be easy to organize (if there are just a few) or very difficult to organize and browse (for example, if everyone in your organization wants a subsite and they create them at different levels in the site collection’s hierarchy, the site collection can soon become very difficult to navigate).

Note:

If you do not want users to have this capability, you can remove the Create Subsites right from the Full Control and Manage Hierarchy permission levels, either at the site collection or Web application level.

Note:

Keep in mind that none of these methods can control how much space each site takes up in your content databases. To control site sizes, you should use quotas and set a size limit for site collections. You cannot set individual size limits for subsites. For more information, see Plan site maintenance and management (SharePoint Foundation 2010).
Plan for Self-Service Site Management

Self-Service Site Management allows users to create and manage their own top-level Web sites automatically. When you turn on Self-Service Site Management for a Web application, users can create their own top-level Web sites under a specific path (by default, the /sites path). When turned on, this capability advertises itself with an announcement added to the top-level site at the root path of the Web application, so any users who have permission to view that announcement can follow the link.

Note:

If you want to use a path other than /sites for Self-Service Site Management, you must add the path as a wildcard inclusion. For more information, see Plan for collaboration sites (SharePoint Foundation 2010).

This capability can obviously affect the security for your Web server. Self-Service Site Management is disabled by default — you must turn on the feature to use it. You enable Self-Service Site Management for a single Web application at a time. If you want to use it on all Web applications in your server farm, you must enable it for every Web application individually.

If you enable Self-Service Site Management, you should consider the following:

    Generally, you should require a secondary site collection administrator. Administrative alerts, such as those for when quotas are exceeded, or checking for unused Web sites, go to the primary and secondary administrators. Having more than one contact reduces administrator involvement with these sites because the secondary contact can perform required tasks even if the primary contact is not available.

    Define a storage quota and set it as the default quota for the Web application.

    Review the number of sites allowed per content database. Combined with quotas, this will help you limit the size of the databases in your system.

    Enable unused Web site notifications, so that sites that are forgotten or no longer of value can be identified.

Because Self-Service Site Management creates new top-level Web sites on an existing Web application, any new sites automatically conform to the Web application’s default quota settings, unused Web site notification settings, and other administrative policies.
Plan for custom site creation processes

You can, of course, create your own process for site creation by using a custom form to request a site that integrates with a back-end billing system to charge a customer’s credit card or a corporate cost center. If you have a complicated system or process that you want to include as part of site creation, you should create a custom application to call the site creation interface and perform any other tasks you require. However, if you simply want to add a few custom fields to the site creation page (for example, to track which department in your company is requesting a particular site), you should consider using Self-Service Site Management and customize the sign-up page to include the information that you need. You can customize the scsignup.aspx page in the site definition to include the metadata that you need without having to develop an entire application.

For more information about building custom applications or editing pages in a site definition, see the SharePoint 2010 developer portal on MSDN (http://go.microsoft.com/fwlink/?LinkId=178818).
Worksheet

Use the following worksheet to plan the process for creating sites:

 Site Creation and Maintenance Worksheet (http://go.microsoft.com/fwlink/?LinkId=193521&clcid=0x409)

Plan site maintenance and management (SharePoint Foundation 2010)

All Web sites, particularly sites that have more than one author, get cluttered. Periodic review and cleanup can help keep your site functioning well, whether your site is large or small. If you build a plan for maintaining your site or sites from the beginning, you can ensure that they stay current, useful, and usable.

In this article:

    Plan for site maintenance

    Plan for managing site collections

    Worksheet

Plan for site maintenance

Your site maintenance plan will be different from that for any other environment, and it will contain different elements. Site maintenance is different for sites managed by an IT department than it is for user-created sites and managed sites. However, some best practices for a site maintenance plan include:

    Ask users what they want in IT-managed sites. Perform periodic surveys to determine what your users need from the site.

    Use usage logs and reports to find out which areas of the site are being used, and then correlate that with user surveys to find out what can be improved.

    Archive obsolete content or sites. However, if you are going to archive or delete obsolete content or sites, be sure that users understand that plan and that you perform these actions only at predictable times. For example, publish a schedule of when you are going to archive content or delete unused sites.

    Periodically review site permissions. For example, review the permissions quarterly to remove permissions for any users who have left the group or project.

    Select a reasonable time interval for your maintenance activities. For example, if you plan to conduct periodic user surveys, do not conduct them more than twice a year (and preferably, no more than once a year).

    Create a plan for regular backups of site content. Determine or discover how often backups will be made, and the process for restoring content when necessary. For more information about planning for backup and restore, see Plan for backup and recovery (SharePoint Foundation 2010).

Start now, during your planning process, to create a plan for site maintenance. Record your plan, including how often to tune up the site and archive content. Get your plan reviewed by members of your team and representatives of your user base. This way, you can identify any concerns that users might have now, determine how best to address these concerns, and have a plan for site maintenance in place by the time your site goes live.

You can record this information in the Site Creation and Maintenance Worksheet (http://go.microsoft.com/fwlink/?LinkId=193521&clcid=0x409).
Plan for managing site collections
One part of your site maintenance plan should be a plan for how to manage the size and number of site collections in your environment. This is most important if you are allowing Self-Service Site Management. Most organizations want to be able to predict and control how much growth they can expect from sites because of the impact that they can have on database resources. For example, if a particular content database contains 100 sites, and one of those sites is taking up more than 50 percent of the space, then that site might need to be in its own content database. This will ensure that you preserve some room for additional growth, while maintaining the ability to back up and restore the databases.

Two methods for managing site collections are:

 Site collection quotas Use this method to control how large site collections can become.

 Site use confirmation and deletion Use this method to monitor and remove unused site collections.
- Plan site collection quotas
Use quotas to track and limit site storage. You can send a warning e-mail message to site collection administrators when site storage reaches a particular size (in megabytes), and then lock the site to further content when site storage reaches a maximum size. When you perform your database and server capacity planning, determine what size limits (if any) you want to enforce. The following list describes how to take the best advantage of quotas:
    Create different quota templates for different site types. For example, you might want different quotas for different divisions, or for different customer types, or for different paths (perhaps sites under the /sites path only get 100 MB per site collection, whereas sites under the /vip path can take up to 300 MB per site collection). Whenever you create a site collection from Central Administration, you can specify on which quota template it is based. Note that sites created by using Self-Service Site Management use the default quota for the Web application. For more information, see Create, edit, and delete quota templates (SharePoint Foundation 2010) (http://technet.microsoft.com/library/6d984258-158b-40d5-b4a5-cdb2cfe8e5f3(Office.14).aspx).

    Give enough room for reasonable growth in sites. Depending on what each site is used for, storage space needs can vary dramatically. Sites are designed to grow over time as they are used. A quota limit of 50 MB is unlikely to be enough storage space to start with for most sites, and is unlikely to be anywhere near enough for a site that has a long life.

    Allow for reasonable notice between the warning e-mail message and locking the site for exceeding its quota. For example, do not set the warning limit to 80 MB and the site storage limit to 85 MB. If users are in the middle of uploading several large files, they will not be happy if blocked from completing that task with very little notice.
- Plan site use confirmation and deletion
You need to plan how to handle sites that become inactive after a project has ended, or sites that users created just to test out some ideas, and then abandoned. Site use confirmation and deletion can help you keep your environment cleaner, by helping you identify when sites are no longer needed. This feature works by automatically sending an e-mail message to site owners to see if they consider their site active. If the owner does not respond to the e-mail message (after a specified number of messages over a specified length of time), the site can be deleted.

To plan for site use confirmation and deletion, decide the following:

    How long you want to wait before checking to see if a site is inactive. The default length of time for team or project sites is 90 days after site creation, but you should probably give owners longer than that. For a test or personal site, 90 days is probably too long. Usually a site that was created, was actively used, and is now ready to be deleted or archived, took at least six months and probably a few years to complete that life cycle. Reminders every six months are valuable for those situations.

    How often you want to send an e-mail message to site owners to see if their sites are inactive. After the first e-mail message, if the site administrator does not respond, you can continue with additional notices at daily, weekly, or monthly intervals.

    Whether you want to automatically delete unused sites. If the site administrator does not respond to multiple e-mail messages, do you want to go ahead and delete the site automatically? We recommend that you make a backup first. You can do so by making sure that regular backups are performed. You can use the SharePoint 2010 developer portal on MSDN (http://go.microsoft.com/fwlink/?LinkId=178818) to customize this functionality so that it automatically makes a backup of the site before deletion, but this is not default behavior.

    If you are going to automatically delete unused sites, how many e-mail messages will you send to site owners before you do so? By default, four weekly notices are sent before site deletion, but you can increase or decrease this number to suit your needs.

For more information, see Manage unused Web sites (SharePoint Foundation 2010) (http://technet.microsoft.com/library/eb760fce-48e0-43a8-9bcf-febb868f7115(Office.14).aspx).
Worksheet

Use the following worksheet to plan for site maintenance and management:

 Site Creation and Maintenance Worksheet (http://go.microsoft.com/fwlink/?LinkId=193521)

Plan quota management (SharePoint Foundation 2010)

A quota specifies storage limit values for the maximum amount of data that can be stored in a site collection. Quotas also specify the storage size that, when reached, triggers an e-mail alert to the site collection administrator. Quota templates apply these settings to any site collection in a SharePoint farm.

By default, a quota contains 300 points. A point is a relative measurement of resource usage, for example, CPU cycles, memory, or page faults. Points enable comparisons between measurements of resource usage that could not be compared otherwise. For example, it takes millions of CPU cycles to make up one point, but each time a sandboxed solution stops working is counted as one point. For more information about sandboxed solutions, see Sandboxed solutions overview (SharePoint Foundation 2010).

Quotas are particularly useful when you are using Microsoft SharePoint Foundation 2010 in enterprise environments, such as a company-wide intranet or an Internet Service Provider (ISP). You should use quotas in these environments to ensure that one site collection cannot use so many resources that other site collections can no longer function. You can assign a quota template to a site collection when you create the site collection, or you can assign a quota template at a later time. You can also reverse a decision to use quotas at any place in the site collection hierarchy.

In this article:

    About planning quota management

    Determine quota template settings

    Determine recycle bin settings

    Delete unused Web sites

About planning quota management

The basic steps to plan quota management are the following:

1.    Determine quota template settings

2.    Determine recycle bin settings

3.    Delete unused Web sites

This article contains guidance about how to determine the quota settings for site collections in an enterprise. This article does not include prerequisite information such as how to configure outgoing e-mail, start the Disk Quota Warning timer job, or plan performance and capacity.

Determine quota template settings

There is no default quota template for site collections in a SharePoint Foundation 2010 environment. For example, a quota for a site collection might use the following settings as a starting point:

1. Automated e-mail is sent to a site collection administrator when the size of the site reaches 450 megabytes (MB).

2. Users are prevented from uploading additional documents when the size of a site collection reaches 500 MB.

You must evaluate the size and number of items that you expect users to store in their sites. You must also adjust these settings appropriately to ensure that the sites are used in accordance with an organization’s best practices. For example, if a specific team or group in an organization has a business need to store a greater volume of content on its team site, you can adjust the quota limits for that site collection.

The size of the data reported by quotas does not necessarily match the size of the storage in the database. This is because the quota feature estimates storage figures for empty sites (that is, sites that contain no user content) and includes those figures in the quota, in addition to the actual storage from the database. The estimated size of an empty site includes the real size of the template pages for SharePoint Foundation 2010, for example, the forms pages and the pages in the _layouts directory.

If you change the values for a quota template, those changes apply only to new site collections to which you apply the template. SharePoint Foundation 2010 does not apply the changed quota values to existing sites collections unless you use the object model to update the quota values in the database.

Determine recycle bin settings

The recycle bin can help to prevent the permanent deletion of content. The recycle bin enables site owners to retrieve items that users have deleted, without requiring administrator intervention such as restoring files from backup tapes. Key planning considerations include whether to use the second-stage recycle bin and how much space to allocate.

The recycle bin is turned on and off at the Web application level. By default, the recycle bin is turned on in all the site collections in a Web application.

The recycle bin has two stages. When a user deletes an item, the item is automatically sent to the first-stage recycle bin. By default, when an item is deleted from the first-stage recycle bin, the item is sent to the second-stage recycle bin. The second-stage recycle bin stores items that users have deleted from their recycle bins. Only site collection administrators can restore items from the second-stage recycle bin. The size that is specified for the second-stage recycle bin increases the total size of the site. You must plan data capacity accordingly.

Consider allocating at least a small amount of space, for example, 10 percent, to the second-stage recycle bin to accommodate cases in which a user mistakenly deletes an important document, a folder in a document library, or a column in a list.

Items in both the first-stage and the second-stage recycle bins are automatically deleted when the time period specified for the deleted items expires (by default, 30 days). However, when the size limit of the second-stage recycle bin is reached, items are automatically deleted starting with the oldest items. Site collection administrators can also empty the second-stage recycle bin manually. For more information, see Configure Recycle Bin settings (SharePoint Foundation 2010) (http://technet.microsoft.com/library/267e6d15-1411-458f-8944-ee8cbf305368(Office.14).aspx).
Delete unused Web sites

You can delete a quota template if you change your quota structures. However deleting a quota template does not delete quota values from site collections to which a quota template has been applied. If you want to remove quotas from all site collections that use a specific quota template, you must use the object model or perform a SQL Server query.

Automatic deletion of unused Web sites can help you lessen the risk of deleting data that is critical to business operations. You should include the following tasks in your planning process:

 Require a secondary contact for all sites. If the site owner is not available or leaves the organization, the secondary contact can confirm the usage of the site. If you do not have a secondary contact and you shorten the number of days or number of notices that are given before you delete an unused site, you might accidentally delete a site that is still required.

 Archive sites before they are deleted automatically. You will be able to restore the sites that contain business-critical information or plan to store the content databases for a longer duration, so that a deleted site can be restored.

For more information, see Manage unused Web sites (SharePoint Server 2010) (http://technet.microsoft.com/library/4737381b-24e5-4c32-bdff-10dd4a81e648(Office.14).aspx).
Plan e-mail integration (SharePoint Foundation 2010)

Enabling communication is a critical component for creating Web applications in which group members can interact with each other and keep up with changes to information through the use of alerts. The site collection features that are dependent on communications being properly set up include:

    Alerts that notify group members when things have changed.

    Administrative messages related to requests for site access and other site administration issues.

    Discussion groups.

To make the most effective use of the communications features, planning should include understanding the software requirements and maintenance considerations.

Plan communication by using the following articles:

    Plan incoming e-mail (SharePoint Foundation 2010), which provides information on how to set up e-mail for discussion groups.

    Plan outgoing e-mail (SharePoint Foundation 2010), which provides information on how to use alerts and administrative messages.

Plan incoming e-mail (SharePoint Foundation 2010)

The incoming e-mail feature of Microsoft SharePoint Foundation 2010 enables SharePoint sites to receive and store e-mail messages and attachments in lists and libraries. This article helps server and farm administrators understand the choices they need to make before they deploy the incoming e-mail feature for their organization.

In this article:

    About incoming e-mail

    Key decisions for planning incoming e-mail

    Configuration options and settings modes

About incoming e-mail

The incoming e-mail feature enables teams to store the e-mail that they send to other team members without opening the SharePoint site and uploading the content that was sent in e-mail. This is possible because most types of lists and libraries can be assigned a unique e-mail address.

Before configuring incoming e-mail, you must perform the following tasks:

 If you are using the basic scenario, each SharePoint front-end Web server must be running the Simple Mail Transfer Protocol (SMTP) service and the Microsoft SharePoint Foundation Web Application service.

 If you are using the advanced scenario, you can use one or more servers in the server farm to run the SMTP service and to have a valid SMTP server address. Alternatively, you must know the name of a server outside the farm that is running the SMTP service and the location of the e-mail drop folder.

For more information about installing the SMTP service, see Configure incoming e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d06(Office.14).aspx).
Key decisions for planning incoming e-mail
As you plan to implement incoming e-mail, you must decide whether to use a basic or and advanced scenario, as described below.
- Using a basic scenario
You can enable a basic incoming e-mail scenario by installing the Simple Mail Transfer Protocol (SMTP) service on the server running SharePoint Foundation 2010 and enabling incoming e-mail by using the automatic settings mode with all default settings. In this scenario, e-mail is delivered directly to your SMTP server and SharePoint Foundation 2010 periodically checks for e-mail in the default e-mail drop folder that is automatically configured by the SMTP service.

Selecting the automatic settings mode and accepting all the default settings is the easiest way to enable incoming e-mail because all configuration settings are made for you and, therefore, little expertise is required. For most organizations, this configuration is all that is needed.

You enable a basic incoming e-mail scenario in the following steps:

1.    The server administrator uses the Add Features Wizard to install the SMTP Server feature on the server from which you want to receive incoming e-mail. This installs and starts the SMTP service on that server.

2.    The farm administrator enables incoming e-mail by using the automatic settings mode and accepting all the default values.

3.    The site collection administrator enables the incoming e-mail feature on the libraries and lists in which they want to store incoming e-mail and assigns each library and list a unique e-mail address in the form address@SMTPserveraddress, for example, sharedfiles@SMTPserver.contoso.com.

When users send e-mail to the address of a list or library, SharePoint Foundation 2010 detects that new e-mail has been delivered and sends it to the appropriate list or library based on the e-mail address.

Note:

You can also use the automatic settings option in an advanced scenario and select whether to use the Microsoft SharePoint Directory Management service, a safe e-mail server, and an incoming e-mail server display address. These options are all discussed in the “Using the advanced scenario” later in this article.
If this basic scenario meets your needs, you can skip the remainder of this article. For more information, see Configure incoming e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d06(Office.14).aspx).
- Using an advanced scenario
For more advanced administrators, additional choices are available, some of which require more expertise to deploy than choosing the basic scenario with all default options. This section describes the following configuration options:

    SharePoint Directory Management service

    Incoming e-mail server display address

    Safe e-mail server

    E-mail drop folder

If you use the advanced scenario to configure incoming e-mail, you will need to perform additional procedures. For more information, see Configure incoming e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d06(Office.14).aspx).
- SharePoint Directory Management service
The SharePoint Directory Management service connects SharePoint sites to your organization’s user directory to provide enhanced e-mail features. The benefit of using this service is that it enables users to create and manage e-mail distribution groups from SharePoint sites. This service also creates contacts in your organization’s user directory so people can find e-mail-enabled SharePoint lists in their address books. However, using SharePoint Directory Management service requires more management because it is communicating with Active Directory Domain Services (AD DS).

Note:

It is recommended that you use Microsoft Exchange Server together with SharePoint Directory Management service. If you do not, you must customize your own directory management service.

You can configure the SharePoint Directory Management service by using either the automatic or the advanced settings mode. You can choose to enable the SharePoint Directory Management service in your SharePoint server farm, or you can use the SharePoint Directory Management service of another farm. One advantage of using the service running on another farm is that Active Directory permissions are managed in a centralized place (that is, on the other farm).

To enable this service on a server or server farm runningSharePoint Foundation 2010, the SharePoint Central Administration application pool account used by SharePoint Foundation 2010 must have write access to the container that you specify in Active Directory. This requires an Active Directory administrator to set up the organizational unit (OU) and the permissions on the OU. The advantage of using the SharePoint Directory Management service on a remote farm is that you do not need the help of an Active Directory administrator to create and configure the OU if the OU already exists.

Note:

There are a number of procedures that you need to perform if you plan to use SharePoint Directory Management service. For more information, see Configure incoming e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d06(Office.14).aspx).

A typical directory management scenario proceeds in the following steps:

1.    A site collection administrator creates a new SharePoint group.

2.    The administrator chooses to create a distribution list to associate with that SharePoint group and assigns an e-mail address to that distribution list.

3.    Over time, the administrator adds users to and removes users from this SharePoint group. As users are added to and removed from the group, the SharePoint Directory Management service automatically adds and removes them from the distribution list, which is stored in the Active Directory directory service. Because distribution lists are associated with a particular SharePoint group, this distribution list is available to all members of that SharePoint group.

4.    By default, e-mail addresses are automatically generated for discussion boards and calendars on team sites and then added to the team distribution list. The e-mail addresses for these two lists will be in the following form, by default: GroupAddress.discussions and GroupAddress.calendar.

5.    By including e-mail addresses for discussion boards and calendars in the distribution list, all e-mail and meeting invitations sent to this distribution list will be archived in the team site.

For more information about SharePoint Directory Management Service, see Inside SharePoint: SharePoint Directory Integration (http://technet.microsoft.com/en-us/magazine/2008.09.insidesharepoint.aspx) (http://go.microsoft.com/fwlink/?LinkId=151766).
- SharePoint Directory Management Service configuration options
When you configure the SharePoint Directory Management service to create distribution groups and contacts in Active Directory, you must provide the following information:

    Name of the Active Directory container in which new distribution groups and contacts will be created. This must be provided in the following format:

OU=ContainerName, DC=DomainName, DC=TopLevelDomainName

Example

OU=SharePointContacts,DC=Contoso,DC=com

    Name of the SMTP server to use for incoming e-mail (or accept the default SMTP server if one exists). This must be provided in the following format:

Server.subdomain.domain.top-level_domain

For example, SharePointServer.support.contoso.com

    Whether to accept messages from only authenticated users.

    Whether to allow users to create distribution groups from SharePoint sites. If you choose yes for this option, you can also choose whether users can do any combination of the following actions:

    Create a new distribution group.

    Change a distribution group’s e-mail address.

    Change a distribution group’s title and description.

    Delete a distribution group.

When configuring the SharePoint Directory Management service to create distribution groups and contacts using a remote SharePoint Directory Management service, you must provide the following information:

    The URL of the remote directory management service, for example, http://server:adminport/_vti_bin/SharePointEmailWS.asmx.

    The name of the SMTP server to use for incoming e-mail.

    Whether to accept messages from only authenticated users.

    Whether to allow users to create distribution groups from SharePoint sites.
- Incoming e-mail server display address
Administrators can specify the e-mail server address that will be displayed in Web pages when users create an incoming e-mail address for a site, list, or group. This setting is often used in conjunction with the SharePoint Directory Management service to provide a more friendly e-mail server address for users to type, for example, mylist@example.com.
- Safe e-mail server
You can configure SharePoint Foundation 2010 to accept e-mail from any e-mail server or only e-mail that has been routed through a safe-e-mail server application.

You can derive the following benefits by routing e-mail through a safe e-mail server:

    User authentication: The SMTP service cannot authenticate users who send e-mail to your site, but Exchange Server can. The server administrator can use the SharePoint Central Administration Web site to specify that the system accept e-mail from authenticated users only if the e-mail is sent through Exchange Server.

    Spam filtering:Exchange Server provides spam filtering to eliminate unsolicited commercial e-mail before it is forwarded to its destination — in this case, the server running SharePoint Foundation 2010. Another technique that can reduce spam is to allow members of the team site to archive e-mail only in lists on which you have granted write permissions to members.

    Virus protection:Exchange Server provides virus protection for e-mail routed through it.

Note:

Because this option is only available in automatic mode, you cannot specify one or more safe e-mail servers and also specify an e-mail drop folder.
- E-mail drop folder
If the SMTP service is running on another server than on the SharePoint server, you must specify the location from which SharePoint Foundation 2010 retrieves incoming e-mail. You specify the e-mail drop folder so that SharePoint Foundation 2010 knows from where to retrieve incoming e-mail. However, if you specify a specific e-mail drop folder, SharePoint Foundation 2010 cannot detect configuration changes on the remote e-mail server that is delivering the e-mail to your drop folder. This means that if an administrator configures the e-mail server to no longer deliver e-mail to this folder, SharePoint Foundation 2010 cannot detect that the configuration has changed, and therefore will not be able to retrieve the files from the new location.

Note:

When incoming e-mail is set to advanced mode, you must ensure that you have the proper permissions on the e-mail drop folder. For more information, see Configure incoming e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d06(Office.14).aspx).

Note:

Because this option is only available in advanced mode, you cannot specify an e-mail drop folder and also specify one or more safe e-mail servers.

Configuration options and settings modes

As a farm administrator, you have two settings modes from which to choose when enabling incoming e-mail: automatic and advanced. As described in the “Using a basic scenario” section, you can choose the automatic settings mode with default settings. However, the automatic settings mode has additional options that you can choose.

The following table describes the configuration options and whether they are configured on the Configure Incoming E-Mail Settings page in Central Administration by using the automatic settings mode or the advanced settings mode.

Configuration option	Automatic settings mode	Advanced settings mode
Safe e-mail servers	Yes	No
E-mail drop folder	No	Yes
SharePoint Directory management service	Yes	Yes
Incoming e-mail server display address	Yes	Yes

The advanced and automatic settings modes are similar in that they both enable farm administrators to configure the SharePoint Directory Management service and the e-mail server address to display in Web pages. These settings modes differ in that the automatic settings mode replaces the ability to choose what e-mail servers to accept e-mail from with the ability to specify the folder to which e-mail is dropped. SharePoint Foundation 2010 uses this e-mail drop folder to detect new e-mail messages.

Note:

The e-mail drop folder setting is not available in automatic mode, because that mode automatically sets the e-mail drop folder to the folder that is specified by the SMTP service.

Plan incoming e-mail worksheet

Download a Word version of the Plan incoming e-mail worksheet (http://go.microsoft.com/fwlink/?LinkId=200542). Use this worksheet to plan incoming e-mail in order to enable SharePoint sites to receive and store e-mail messages and attachments in lists and libraries.
- See Also
Configure incoming e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d06(Office.14).aspx)

Plan outgoing e-mail (SharePoint Foundation 2010)

Configure outgoing e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/ebb924d4-b9a2-4e40-bcb3-0ee582cc5a21(Office.14).aspx)
Plan outgoing e-mail (SharePoint Foundation 2010)

Outgoing e-mail is the foundation on which site administrators can implement several e-mail notification features. These features help end users track changes and updates to individual site collections and allow site administrators to deliver status messages.

This article helps site administrators understand both the uses for integrating outgoing e-mail and the requirements for integrating it into their site collections.

In this article:

 About outgoing e-mail

 Key planning phases of outgoing e-mail

About outgoing e-mail

Properly configuring outgoing e-mail is a requirement for implementing e-mail alerts and notifications. The outgoing e-mail feature uses an outbound Simple Mail Transfer Protocol (SMTP) service to relay e-mail alerts and notifications. These e-mail features include the following:

 Alerts

In a large and growing site collection, users need an efficient way to keep up with updates to lists, libraries, and discussions. Setting up alerts provides an effective means to stay on top of changes. For example, if many users work on the same document, the owner of the document can set up alerts to be notified whenever there are changes to this document. Users can specify which areas of the site collection or which documents they want to track and decide how often they want to receive alerts.

Note:

Users must have at least View permissions to set up alerts.

 Administrative messages

Site administrators might want to receive notices when users request access to a site or when site owners have exceeded their specified storage space. Setting up outgoing e-mail enables site administrators to receive automatic notifications for site administration issues.

Outgoing e-mail support can be enabled at both the server farm level (available in the System Settings section of the Central Administration Web site) and at the Web application level (available in the Application Management section of the Central Administration Web site). Therefore, you can specify different settings for a specific Web application. Outgoing e-mail settings at the Web application level override those set up at the server farm level.

Key planning phases of outgoing e-mail
Before you configure outgoing e-mail, you must have an SMTP service to relay e-mail alerts and notifications.

The outgoing e-mail settings include several components that must be considered when planning for this feature:

    An SMTP service to relay e-mail alerts and notifications. You will need the DNS name or IP address of the SMTP mail server to use.

    An address to use in the header of an alert message that identifies the sender of the message.

    A Reply-to address that is displayed in the To field of a message when a user replies to an alert or notification.

    A character set to use in the body of alert messages.
- Outbound SMPT server
The SMTP service is a component of Internet Information Services (IIS); however, it is not enabled by default with IIS. It can be enabled by using Add or Remove Programs in Control Panel.

After determining which SMTP server to use, the SMTP server must be configured to allow anonymous access and to allow e-mail messages to be relayed. Additionally, the SMTP server must have Internet access if you want the ability to send messages to external e-mail addresses.
For more information about installing, configuring, and managing the SMTP service, see Help for Internet Information Services (IIS) Manager (http://go.microsoft.com/fwlink/?LinkId=72343).

Note:

Only a member of the Farm Administrators group can configure an SMTP server. The user must also be a member of the local Administrators group on the server.
- From and Reply-to addresses
When configuring outgoing e-mail, you can configure the following two addresses:

 From address

Alerts and notifications are sent from an administrative account on the server farm. This account is probably not the one you want to be displayed in the From field of an e-mail message. The address that you use does not need to correspond to an actual e-mail account; it can be a simple friendly address that is recognizable to an end user. For example, “Site administrator” might be an appropriate From address.

 Reply-to address

This is the address that will be displayed in the To field of a message if a user replies to an alert or notification. The Reply-to address should also be a monitored account to ensure that end users receive prompt feedback for issues they might have. For example, a help desk alias might be an appropriate Reply-to address.
- Character set
When you configure outgoing e-mail, you will need to specify the character set to use in the body of e-mail messages. A character set is a mapping of characters to their identifying code values. The default character set for outgoing e-mail is Unicode UTF-8, which allows most combination of characters (including bidirectional text) to co-exist in a single document. In most cases, the default setting of UTF-8 works well, although East Asian languages are best rendered with their own character set.

Be aware that if you select a specific language code, the text is less likely to appear correctly in mail readers configured for other languages.
- See Also
Configure outgoing e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/ebb924d4-b9a2-4e40-bcb3-0ee582cc5a21(Office.14).aspx)
Server farm and environment planning (SharePoint Foundation 2010)

This section describes how to plan server farms and environments.

In this section:

    System requirements (SharePoint Foundation 2010)

    Services architecture planning (SharePoint Foundation 2010)

    Plan authentication (SharePoint Foundation 2010)

    Plan security hardening (SharePoint Foundation 2010)

    Plan automatic password change (SharePoint Foundation 2010)

    Plan for host-named site collections (SharePoint Foundation 2010)

    SQL Server and storage (SharePoint Foundation 2010)

    Plan for business continuity management (SharePoint Foundation 2010)

    Virtualization planning (SharePoint Foundation 2010)

    Performance and capacity test results and recommendations (SharePoint Foundation 2010)

System requirements (SharePoint Foundation 2010)

Before you install Microsoft SharePoint Foundation 2010, you must ensure that you have installed all required hardware and software. To effectively plan your deployment, you must understand the level of support provided for the Web browsers that you will be using in your environment and how support for IP versions 4 and 6 is implemented in SharePoint Foundation 2010. You must also understand the URL and path length restrictions in SharePoint Foundation 2010.

The articles in this section help you prepare for the installation of SharePoint Foundation 2010 by providing information about the prerequisites that you need to run SharePoint Foundation 2010.

    Hardware and software requirements (SharePoint Foundation 2010)

This article describes the hardware and software requirements that you must meet to successfully install SharePoint Foundation 2010.

    Plan browser support (SharePoint Foundation 2010)

This article describes levels of support for Web browsers to use with SharePoint Foundation 2010.

    URL path length restrictions (SharePoint Foundation 2010)

This article discusses the specific URL path length and character restrictions in SharePoint Foundation 2010, Internet Explorer 7, and Internet Explorer 8 that you should be aware of when planning sites, navigation, and structure.

    IP support (SharePoint Foundation 2010)

This article describes SharePoint Foundation 2010 support for IP version 4 (IPv4) and IP version 6 (IPv6).

Hardware and software requirements (SharePoint Foundation 2010)

This article lists the minimum hardware and software requirements to install and run Microsoft SharePoint Foundation 2010.

Important:

If you contact Microsoft technical support about a production system that does not meet the minimum hardware specifications described in this document, support will be limited until the system is upgraded to the minimum requirements.

In this article:

    Overview

    Hardware requirements—Web servers, application servers, and single server installations

    Hardware requirements—Database servers

    Software requirements

    Access to applicable software

Overview

Microsoft SharePoint Foundation 2010 provides for a number of installation scenarios. Currently, these installations include single server with built-in database installations and single-server or multiple-server farm installations.

Hardware requirements—Web servers, application servers, and single server installations

The requirements in the following table apply both to installations on a single server with a built-in database and to servers running SharePoint Foundation 2010 in a multiple server farm installation.

Component	Minimum requirement
Processor	64-bit, four cores
RAM	 4 GB for developer or evaluation use  8 GB for production use in a single server or multiple server farm
Hard disk	80 GB for system drive For production use, you need additional free disk space for day-to-day operations. Maintain twice as much free space as you have RAM for production environments. For more information, see Capacity management and sizing for SharePoint Server 2010 (http://technet.microsoft.com/library/031b0634-bf99-4c23-8ebf-9d58b6a8e6ce(Office.14).aspx).

Hardware requirements—Database servers

The requirements in the following table apply to database servers in production environments with multiple servers in the farm.

Note:

Our definitions of small and medium deployments are those described in the “Reference Architectures” section in Capacity management and sizing for SharePoint Server 2010 (http://technet.microsoft.com/library/031b0634-bf99-4c23-8ebf-9d58b6a8e6ce(Office.14).aspx).

Component	Minimum requirement
Processor	 64-bit, four cores for small deployments  64-bit, eight cores for medium deployments
RAM	 8 GB for small deployments  16 GB for medium deployments For large deployments, see the “Estimate memory requirements” section in Storage and SQL Server capacity planning and configuration (SharePoint Server 2010) (http://technet.microsoft.com/library/a96075c6-d315-40a8-a739-49b91c61978f(Office.14).aspx). Note: These values are higher than those recommended as the minimum values for SQL Server because of the distribution of data required for a SharePoint Products 2010 environment. For more information about SQL Server system requirements, see Hardware and Software Requirements for Installing SQL Server 2008 (http://go.microsoft.com/fwlink/?LinkId=129377).
Hard disk	80 GB for system drive Hard disk space is dependent on the size of your SharePoint content. For information about estimating the size of content and other databases for your deployment, see Storage and SQL Server capacity planning and configuration (SharePoint Server 2010) (http://technet.microsoft.com/library/a96075c6-d315-40a8-a739-49b91c61978f(Office.14).aspx).

Software requirements

The requirements in the following tables apply to single server with built-in database installations and server farm installations that include a single server and multiple servers in the farm.

Important:

SharePoint Foundation 2010 does not support single label domain names. For more information, see Information about configuring Windows for domains with single-label DNS names (http://support.microsoft.com/kb/300684).

The Microsoft SharePoint Products Preparation Tool — which you access from the SharePoint Foundation 2010 Start page — can assist you in the installation of the software prerequisites for SharePoint Foundation 2010. Ensure that you have an Internet connection, because some of these prerequisites are installed from the Internet. For more information, see Deploy a single server with SQL Server (SharePoint Foundation 2010) (http://technet.microsoft.com/library/58d28a34-7a84-4564-a4cb-0e6b5425f67e(Office.14).aspx), Deploy a single server with a built-in database (SharePoint Foundation 2010) (http://technet.microsoft.com/library/6181fe5b-90ca-40cf-aade-abd59cf3c907(Office.14).aspx), and Multiple servers for a three-tier farm (SharePoint Foundation 2010) (http://technet.microsoft.com/library/246fb1c9-660e-40b5-860b-7d681f04505a(Office.14).aspx).

Minimum requirements

Environment	Minimum requirement
Database server in a farm	One of the following:  The 64-bit edition of Microsoft SQL Server 2008 R2.  The 64-bit edition of Microsoft SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2. From the Cumulative update package 2 for SQL Server 2008 Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=165962) page, click the View and request hotfix downloads link and follow the instructions. On the Hotfix Request page, download the SQL_Server_2008_SP1_Cumulative_Update_2 file. When you install Microsoft SQL Server 2008 SP1 on Windows Server 2008 R2, you might receive a compatibility warning. You can disregard this warning and continue with your installation. Note: We do not recommend that you use CU3 or CU4, but instead CU2, CU5, or a later CU than CU5. For more information, see Cumulative update package 5 for SQL Server 2008 (http://go.microsoft.com/fwlink/?LinkId=196928). Download the SQL_Server_2008_RTM_CU5_SNAC file.  The 64-bit edition of Microsoft SQL Server 2005 with Service Pack 3 (SP3). From the Cumulative update package 3 for SQL Server 2005 Service Pack 3 (http://go.microsoft.com/fwlink/?LinkId=165748) page, click the View and request hotfix downloads link and follow the instructions. On the Hotfix Request page, download the SQL_Server_2005_SP3_Cumulative_Update_3 file. For more information about choosing a version of SQL Server, see SQL Server 2008 R2 and SharePoint 2010 Products: Better Together (white paper) (SharePoint Server 2010) (http://technet.microsoft.com/library/665876e1-2706-42ad-bd76-8e4d1da0ce92(Office.14).aspx).
Single server with built-in database	 The 64-bit edition of Windows Server 2008 Standard, Enterprise, Data Center, or Web Server with SP2, or the 64-bit edition of Windows Server 2008 R2 Standard, Enterprise, Data Center, or Web Server. If you are running Windows Server 2008 without SP2, the Microsoft SharePoint Products Preparation Tool installs Windows Server 2008 SP2 automatically. Note: You must download an update for Windows Server 2008 and Windows Server 2008 R2 before you run Setup. The update is a hotfix for the .NET Framework 3.5 SP1 that is installed by the Preparation tool. It provides a method to support token authentication without transport security or message encryption in WCF. For more information and links, see the “Access to Applicable Software” section later in this article.  KB979917 – QFE for Sharepoint issues – Perf Counter fix & User Impersonation (http://go.microsoft.com/fwlink/?LinkId=192577).  For Windows Server 2008 SP2, download the Windows6.0-KB979917-x64.msu (Vista) file.  For Windows Server 2008 R2, download the Windows6.1-KB979917-x64.msu (Win7) file. For information, see the related KB article Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode (http://go.microsoft.com/fwlink/?LinkId=192578). The preparation tool installs the following prerequisites:  Web Server (IIS) role  Application Server role  Microsoft .NET Framework version 3.5 SP1  SQL Server 2008 Express with SP1  Microsoft Sync Framework Runtime v1.0 (x64)  Microsoft Filter Pack 2.0  Microsoft Chart Controls for the Microsoft .NET Framework 3.5  Windows PowerShell 2.0  SQL Server 2008 Native Client  Microsoft SQL Server 2008 Analysis Services ADOMD.NET  ADO.NET Data Services Update for .NET Framework 3.5 SP1  A hotfix for the .NET Framework 3.5 SP1 that provides a method to support token authentication without transport security or message encryption in WCF.  Windows Identity Foundation (WIF) Note: If you have Microsoft “Geneva” Framework installed, you must uninstall it before you install the Windows Identity Foundation (WIF).
Front-end Web servers and application servers in a farm	 The 64-bit edition of Windows Server 2008 Standard, Enterprise, Data Center, or Web Server with SP2, or the 64-bit edition of Windows Server 2008 R2 Standard, Enterprise, Data Center, or Web Server. If you are running Windows Server 2008 with SP1, the Microsoft SharePoint Products Preparation Tool installs Windows Server 2008 SP2 automatically. Note: You must download an update for Windows Server 2008 and Windows Server 2008 R2 before you run Setup. The update is a hotfix for the .NET Framework 3.5 SP1 that is installed by the Preparation tool. It provides a method to support token authentication without transport security or message encryption in WCF. For more information and links, see the “Access to Applicable Software” section.  KB979917 – QFE for Sharepoint issues – Perf Counter fix & User Impersonation (http://go.microsoft.com/fwlink/?LinkId=192577)  For Windows Server 2008 SP2, download the Windows6.0-KB979917-x64.msu (Vista) file.  For Windows Server 2008 R2, download the Windows6.1-KB979917-x64.msu (Win7) file. For information, see the related KB article Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode (http://go.microsoft.com/fwlink/?LinkId=192578). The preparation tool installs the following prerequisites:  Web Server (IIS) role  Application Server role  Microsoft .NET Framework version 3.5 SP1  Microsoft Sync Framework Runtime v1.0 (x64)  Microsoft Filter Pack 2.0  Microsoft Chart Controls for the Microsoft .NET Framework 3.5  Windows PowerShell 2.0  SQL Server 2008 Native Client  Microsoft SQL Server 2008 Analysis Services ADOMD.NET  ADO.NET Data Services Update for .NET Framework 3.5 SP1  A hotfix for the .NET Framework 3.5 SP1 that provides a method to support token authentication without transport security or message encryption in WCF.  Windows Identity Foundation (WIF) Note: If you have Microsoft “Geneva” Framework installed, you must uninstall it before you install the Windows Identity Foundation (WIF).
Client computer	 A supported browser. For more information, see Plan browser support (SharePoint Foundation 2010).

Optional software

Environment

Optional software

Single server with built-in database

 Windows 7 or Windows Vista. For more information, see Setting Up the Development Environment for SharePoint Server (http://go.microsoft.com/fwlink/?LinkID=164557).

Client computer

 Microsoft Office 2010 client. For more information, see Microsoft Office 2010 (http://go.microsoft.com/fwlink/?LinkId=195843).

 Microsoft Silverlight 3.

Access to applicable software

To install Windows Server 2008 or Microsoft SQL Server, you can go to the Web sites listed in this section. You can install all other software prerequisites through the SharePoint Foundation Start page. Most of the software prerequisites are also available from Web sites listed in this section. The Web Server (IIS) role and the Application Server role can be enabled manually in Server Manager.

In scenarios where installing prerequisites directly from the Internet is not possible or not feasible, you can install the prerequisites from a network share. For more information, see Install prerequisites from a network share (SharePoint Foundation 2010) (http://technet.microsoft.com/library/3fdf5e00-dffa-46bb-a6b8-abaf66aa583f(Office.14).aspx).

    SharePoint Foundation 2010 (http://go.microsoft.com/fwlink/?LinkId=197422)

    Language Packs for SharePoint Foundation 2010 (http://go.microsoft.com/fwlink/?LinkId=197424)

    Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkId=197426)

    Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkId=197428)

    SQL Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkId=197429)

    SQL Server 2008 (http://go.microsoft.com/fwlink/?LinkID=179611)

    SQL Server 2005 (http://go.microsoft.com/fwlink/?LinkId=197431)

    Microsoft SQL Server 2008 SP1 (http://go.microsoft.com/fwlink/?LinkId=166490)

    Cumulative update package 2 for SQL Server 2008 Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=165962)

    Cumulative update package 5 for SQL Server 2008 (http://go.microsoft.com/fwlink/?LinkId=197434). Download the SQL_Server_2008_RTM_CU5_SNAC file.

    Microsoft SQL Server 2005 SP3 (http://go.microsoft.com/fwlink/?LinkId=166496)

    Cumulative update package 3 for SQL Server 2005 Service Pack 3 (http://go.microsoft.com/fwlink/?LinkId=165748)

    Microsoft Windows Server 2008 SP2 (http://go.microsoft.com/fwlink/?LinkId=166500)

    Windows Server 2008 with SP 2 FIX: A hotfix that provides a method to support the token authentication without transport security or message encryption in WCF is available for the .NET Framework 3.5 SP1 (http://go.microsoft.com/fwlink/?LinkID=160770)

    Windows Server 2008 R2 FIX: A hotfix that provides a method to support the token authentication without transport security or message encryption in WCF is available for the .NET Framework 3.5 SP1 (http://go.microsoft.com/fwlink/?LinkID=166231)

    Microsoft .NET Framework 3.5 Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=131037)

    Microsoft SQL Server 2008 Express Edition Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=166503)

    Windows Identity Foundation for Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkID=160381)

    Windows Identity Foundation for Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkID=166363)

    Microsoft Sync Framework v1.0 (http://go.microsoft.com/fwlink/?LinkID=141237)

    Microsoft Office 2010 Filter Packs (http://go.microsoft.com/fwlink/?LinkId=191851)

    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (http://go.microsoft.com/fwlink/?LinkID=141512)

    Windows PowerShell 2.0 (http://go.microsoft.com/fwlink/?LinkId=161023)

    Microsoft SQL Server 2008 Native Client (http://go.microsoft.com/fwlink/?LinkId=166505)

    Microsoft SQL Server 2008 Analysis Services ADOMD.NET (http://go.microsoft.com/fwlink/?linkid=160390)

    KB979917 – QFE for Sharepoint issues – Perf Counter fix & User Impersonation (http://go.microsoft.com/fwlink/?LinkId=192577)

    For Windows Server 2008 SP2, download the Windows6.0-KB979917-x64.msu (Vista) file.

    For Windows Server 2008 R2, download the Windows6.1-KB979917-x64.msu (Win7) file.

    ADO.NET Data Services Update for .NET Framework 3.5 SP1 (http://go.microsoft.com/fwlink/?LinkId=163519) for Windows Server 2008 SP2

    ADO.NET Data Services Update for .NET Framework 3.5 SP1 (http://go.microsoft.com/fwlink/?LinkId=163524) for Windows Server 2008 R2 or Windows 7

    Microsoft Silverlight 3 (http://go.microsoft.com/fwlink/?LinkId=166506)

    Microsoft Office 2010 (http://go.microsoft.com/fwlink/?LinkID=195843)

    Office Communicator 2007 R2 (http://go.microsoft.com/fwlink/?LinkId=196930)

    Microsoft SharePoint Designer 2010 (32-bit) (http://go.microsoft.com/fwlink/?LinkId=196931)

    Microsoft SharePoint Designer 2010 (64-bit) (http://go.microsoft.com/fwlink/?LinkId=196932)

    Microsoft SQL Server 2008 SP1 (http://go.microsoft.com/fwlink/?LinkId=166490)

    Cumulative update package 2 for SQL Server 2008 Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=165962).

    Microsoft SQL Server 2005 SP3 (http://go.microsoft.com/fwlink/?LinkId=166496)

    Cumulative update package 3 for SQL Server 2005 Service Pack 3 (http://go.microsoft.com/fwlink/?LinkId=165748).

    Microsoft Windows Server 2008 SP2 (http://go.microsoft.com/fwlink/?LinkId=166500)

    Windows Server 2008 with SP 2 FIX: A hotfix that provides a method to support the token authentication without transport security or message encryption in WCF is available for the .NET Framework 3.5 SP1 (http://go.microsoft.com/fwlink/?LinkID=160770).

    Windows Server 2008 R2 FIX: A hotfix that provides a method to support the token authentication without transport security or message encryption in WCF is available for the .NET Framework 3.5 SP1 (http://go.microsoft.com/fwlink/?LinkID=166231).

    Microsoft .NET Framework 3.5 Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=131037)

    Microsoft SQL Server 2008 Express Edition Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=166503)

    Windows Identity Framework for Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkID=160381)

    Windows Identity Framework for Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkID=166363)

    Microsoft Sync Framework v1.0 (http://go.microsoft.com/fwlink/?LinkID=141237&clcid=0x409)

    Microsoft Office 2010 Filter Packs (http://go.microsoft.com/fwlink/?LinkId=191851)

    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (http://go.microsoft.com/fwlink/?LinkID=141512)

    Windows PowerShell 2.0 (http://go.microsoft.com/fwlink/?LinkId=161023)

    Microsoft SQL Server 2008 Native Client (http://go.microsoft.com/fwlink/?LinkId=166505)

    Microsoft SQL Server 2008 Analysis Services ADOMD.NET (http://go.microsoft.com/fwlink/?LinkId=130651)

    KB979917 – QFE for Sharepoint issues – Perf Counter fix & User Impersonation (http://go.microsoft.com/fwlink/?LinkId=192577)

    For Windows Server 2008 SP2, download the Windows6.0-KB979917-x64.msu (Vista) file.

    For Windows Server 2008 R2, download the Windows6.1-KB979917-x64.msu (Win7) file.

For information, see the related KB article Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode (http://go.microsoft.com/fwlink/?LinkId=192578).

    Microsoft Office 2010 (http://go.microsoft.com/fwlink/?LinkID=195843)

    Microsoft Silverlight 3 (http://go.microsoft.com/fwlink/?LinkId=166506)

    ADO.NET Data Services Update for .NET Framework 3.5 SP1 (http://go.microsoft.com/fwlink/?LinkId=163519) for Windows Server 2008 SP2

    ADO.NET Data Services Update for .NET Framework 3.5 SP1 (http://go.microsoft.com/fwlink/?LinkId=163524) for Windows Server 2008 R2 or Windows 7

Plan browser support (SharePoint Foundation 2010)

Microsoft SharePoint Foundation 2010 supports several commonly used Web browsers. This article describes different levels of Web browser support, and it explains how ActiveX controls affect features.

In this article:

    About planning browser support

    Key planning phase of browser support

    ActiveX controls

About planning browser support

SharePoint Foundation 2010 supports several commonly used Web browsers. However, certain Web browsers might cause some SharePoint Foundation 2010 functionality to be downgraded, limited, or available only through alternative steps. In some cases, functionality might be unavailable for noncritical administrative tasks.

As part of planning your deployment of SharePoint Foundation 2010, we recommend that you review the browsers used in your organization to ensure optimal performance with SharePoint Foundation 2010.

Key planning phase of browser support

Browser support is an important part of your SharePoint Foundation 2010 implementation. Before you install SharePoint Foundation 2010, ensure that you know which browsers SharePoint Foundation 2010 supports. The information in this topic covers the following areas:

 Browser support levels

 Browser support matrix

 Browser details

Browser support levels

Browser support for SharePoint Foundation 2010 can be divided into three different levels, as follows:

 Supported

A supported Web browser is a Web browser that is supported to work with SharePoint Foundation 2010, and all features and functionality work. If you encounter any issues, support can help you to resolve these issues.

 Supported with known limitations

A supported Web browser with known limitations is a Web browser that is supported to work with SharePoint Foundation 2010, although there are some known limitations. Most features and functionality work, but if there is a feature or functionality that does not work or is disabled by design, documentation on how to resolve these issues is readily available.

 Not tested

A Web browser that is not tested means that its compatibility with SharePoint Foundation 2010 is untested, and there may be issues with using the particular Web browser. SharePoint Foundation 2010 works best with up-to-date, standards-based Web browsers.

Browser support matrix

The following table summarizes the support levels of commonly used browsers.

Browser	Supported	Supported with limitations	Not tested
Internet Explorer 8 (32-bit)	X
Internet Explorer 7 (32-bit)	X
Internet Explorer 8 (64-bit)		X
Internet Explorer 7 (64-bit)		X
Internet Explorer 6 (32-bit)			X
Mozilla Firefox 3.6 (on Windows operating systems)		X
Mozilla Firefox 3.6 (on non-Windows operating systems)		X
Safari 4.04 (on non-Windows operating systems)		X

Browser details

You should review the details of the Web browser that you have or plan to use in your organization to ensure that the Web browser works with SharePoint Foundation 2010 and according to your business needs.

Internet Explorer 8 (32-bit)

Internet Explorer 8 (32-bit) is supported on the following operating systems:

 Windows Server 2008 R2

 Windows Server 2008

 Windows Server 2003

 Windows 7

 Windows Vista

 Windows XP

Known limitations

There are no known limitations for Internet Explorer 8 (32-bit).

Internet Explorer 7 (32-bit)

Internet Explorer 7 (32-bit) is supported on the following operating systems:

 Windows Server 2008

 Windows Server 2003

 Windows Vista

 Windows XP

Known limitations

There are no known limitations for Internet Explorer 7 (32-bit).

Internet Explorer 6 (32-bit)

SharePoint Foundation 2010 does not support Internet Explorer 6 (32-bit).

Internet Explorer 8 (64-bit)

Internet Explorer 8.0 (64-bit) is supported on the following operating systems:

 Windows Server 2008 R2

 Windows Server 2008

 Windows Server 2003

 Windows 7

 Windows Vista

 Windows XP

Known limitations

The following table lists features and their know limitations in Internet Explorer 8 (64-bit).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Works with an ActiveX control and the stssync:// protocol. Therefore, functionality may be limited without an ActiveX control, such as the one that is included in Microsoft Office 2010. The feature also requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Edit in Microsoft Office application	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views and these may not work.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. If Microsoft Excel is not installed, and if no other application is configured to open this file, then this feature will not work.
File upload and copy	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Microsoft InfoPath 2010 integration	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Microsoft PowerPoint 2010 Picture Library integration	Requires a 64-bit ActiveX control, such as the one that is delivered in Microsoft Office 2010. The user can use the following workarounds when no control has been installed:  If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx.  If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library.  If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
New Document	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Send To	Can leverage a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Spreadsheet and Database integration	Require a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. The user can use the following workarounds when no control has been installed:  If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server.  In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu.  Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

Internet Explorer 7 (64-bit)

Internet Explorer 7 (64-bit) is supported on the following operating systems:

 Windows Server 2008

 Windows Server 2003

 Windows Vista

 Windows XP

Known limitations

The following table lists features and their know limitations in Internet Explorer 7 (64-bit).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Works with an ActiveX control and the stssync:// protocol. Therefore, functionality may be limited without an ActiveX control, such as the one that is included in Microsoft Office 2010. This feature requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Edit in Microsoft Office application	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. If Microsoft Excel is not installed, and if no other application is configured to open this file, then this feature will not work.
File upload and copy	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Microsoft InfoPath 2010 integration	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Microsoft PowerPoint 2010 Picture Library integration	Requires a 64-bit ActiveX control, such as the one that is delivered in Microsoft Office 2010. The user can use the following workarounds when no control has been installed:  If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx.  If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library.  If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
New Document	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Send To	Can leverage a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Spreadsheet and Database integration	Require a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. The user can use the following workarounds when no control has been installed:  If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server.  In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu.  Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

Mozilla Firefox 3.6 (on Windows operating systems)

Mozilla Firefox 3.6 is supported on the following operating systems:

 Windows Server 2008 R2

 Windows Server 2008

 Windows Server 2003

 Windows 7

 Windows Vista

 Windows XP

Known limitations

The following table lists features and their know limitations in Mozilla Firefox 3.6 (on Windows operating systems).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Works with an ActiveX control, but requires a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. The feature also requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Drag and Drop Web Parts	Cannot be moved by using drag and drop on Web Part pages. Users must click Edit on the Web Part, select Modify Web Part, and then select the zone from the Layout section of the Web Part properties page. Web Parts can be moved using drag and drop on Pages.
Edit in Microsoft Office application	Requires an ActiveX control, such as the one that is delivered in SharePoint Foundation 2010, and a Firefox control adaptor. For more information about Microsoft Office 2010 Firefox Plug-in, see FFWinPlugin Plug-in (http://go.microsoft.com/fwlink/?LinkId=199867). If you install and configure the Office Web Applications on the server, the Edit functionality works and you can modify Office documents in your browser. This functionality only works with Microsoft Office 2010 or an equivalent product together with a Firefox plug-in.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views, and these may not work. Explorer view requires Internet Explorer.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. If Microsoft Excel is not installed, and if no other application is configured to open this file, then this feature will not work.
File upload and copy	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Microsoft InfoPath 2010 integration	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Microsoft PowerPoint 2010 Picture Library integration	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. The user can use the following workarounds when no control has been installed:  If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx.  If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library.  If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires an ActiveX control, such as the one delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
New Document	Requires an ActiveX control, such as the one delivered in Microsoft Office 2010, and a Firefox control adaptor. For more information about Microsoft Office 2010 Firefox Plug-in, see FFWinPlugin Plug-in (http://go.microsoft.com/fwlink/?LinkId=199867). Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Rich Text Editor – Basic Toolbar	A user can update the Rich Text Editor basic toolbar to a Full Rich Text Editor that includes the ribbon by changing the field’s properties, as follows: On the FldEdit.aspx, in the List Settings menu, select Specific Field Settings. Next, under Columns, click Description. In the Additional Columns Settings section, under Specify the type of text to allow, select Enhanced rich text (Rich text with pictures, tables, and hyperlinks).
Send To	Can leverage an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Spreadsheet and Database integration	Require ActiveX controls, such as those that are delivered in Microsoft Office 2010, and Firefox control adaptors. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. The user can use the following workarounds when no control has been installed:  If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server.  In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu.  Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

Mozilla FireFox 3.6 (on non-Windows operating systems)

Mozilla FireFox 3.6 is supported on the following operating systems:

 Mac OSX

 UNIX/Linux

Known limitations

The following table lists features and their know limitations in Mozilla FireFox 3.6 (on non-Windows operating systems).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires an ActiveX control that is not supported on this platform. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Drag and Drop Web Parts	Cannot be moved by using drag and drop on Web Part pages. Users must click Edit on the Web Part, select Modify Web Part, and then select the zone from the Layout section of the Web Part properties page. Web Parts can be moved using drag and drop on Pages.
Edit in Microsoft Office application	Requires an ActiveX control that is not supported on this platform. If you install and configure the Office Web Applications on the server, the Edit functionality works and you can modify Office documents in your browser.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views, and these may not work. Explorer view requires Internet Explorer.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. Requires an application that is configured to open this file.
File upload and copy	Requires an ActiveX control that is not support on this platform.
Microsoft InfoPath 2010 integration	Requires an ActiveX control that is not support on this platform.
Microsoft PowerPoint 2010 Picture Library integration	Requires an ActiveX control that is not supported on this platform. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. The user can use the following workarounds when no control has been installed:  If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx.  If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library.  If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires an ActiveX control that is not supported on this platform.
New Document	Requires an ActiveX control that is not supported on this platform. Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Rich Text Editor – Basic Toolbar	A user can update the Rich Text Editor basic toolbar to a Full Rich Text Editor that includes the ribbon by changing the field’s properties, as follows: On the FldEdit.aspx, in the List Settings menu, select Specific Field Settings. Next, under Columns, click Description. In the Additional Columns Settings section, under Specify the type of text to allow, select Enhanced rich text (Rich text with pictures, tables, and hyperlinks).
Send To	Can leverage an ActiveX control that is not supported on this platform. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires an ActiveX control that is not supported on this platform.
Spreadsheet and Database integration	Require ActiveX controls that is not supported on this platform. The user can use the following workarounds when no control has been installed:  If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server.  In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu.  Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

Note:

FireFox browsers on UNIX/Linux systems may not work with the Web Part menu.

Note:

Some ActiveX features, such as list Datasheet view and the control that displays user presence information, do not work in Mozilla Firefox 3.6. Firefox users can use the Microsoft Office 2010 Firefox Plug-in to launch documents.

Safari 4.04 (on non-Windows operating systems)

Safari 4.0.4 is supported on the following operating systems:

 Mac OSX (Version 10.6, Snow Leopard)

Known limitations

The following table lists features and their know limitations in Safari 4.04 (on non-Windows operating systems).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires an ActiveX control that is not supported on this platform.
Drag and Drop Web Parts	Cannot be moved by using drag and drop on Web Part pages. Users must click Edit on the Web Part, select Modify Web Part, and then select the zone from the Layout section of the Web Part properties page. Web Parts can be moved using drag and drop on Pages.
Edit in Microsoft Office application	Requires an ActiveX control that is not supported on this platform. If you install and configure the Office Web Applications on the server, the Edit functionality works and you can modify Office documents in your browser.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views. Explorer view requires Internet Explorer.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. Requires an application that is configured to open this file.
File upload and copy	Requires an ActiveX control that is not supported on this platform.
Microsoft InfoPath 2010 integration	Requires an ActiveX control that is not supported on this platform.
Microsoft PowerPoint 2010 Picture Library integration	Requires an ActiveX control that is not supported on this platform. The user can use the following workarounds when no control has been installed:  If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx.  If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library.  If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires an ActiveX control that is not supported on this platform.
New Document	Requires an ActiveX control that is not supported on this platform. Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Rich Text Editor – Basic Toolbar	A user can update the Rich Text Editor basic toolbar to a Full Rich Text Editor that includes the ribbon by changing the field’s properties, as follows: On the FldEdit.aspx, in the List Settings menu, select Specific Field Settings. Next, under Columns, click Description. In the Additional Columns Settings section, under Specify the type of text to allow, select Enhanced rich text (Rich text with pictures, tables, and hyperlinks).
Send To	Can leverage an ActiveX control that is not supported on this platform. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires an ActiveX control that is not supported on this platform.
Spreadsheet and Database integration	Require ActiveX controls that are not supported on this platform. The user can use the following workarounds when no control has been installed:  If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server.  In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu.  Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

ActiveX controls

Some of the features in SharePoint Foundation 2010 use ActiveX controls. In secure environments, these controls must be able to work on the client computer before their features will function. Some ActiveX controls, such as those included in Microsoft Office 2010, does not work with 64-bit browser versions. For Microsoft Office 2010 (64-bit), only the following control works with 64-bit browsers:

 name.dll – Presence information

URL path length restrictions (SharePoint Foundation 2010)

This article discusses the specific URL path length and character restrictions in Microsoft SharePoint Foundation 2010, Internet Explorer 7, and Internet Explorer 8 that you should be aware of when planning sites, navigation, and structure. This article does not discuss URL length limitations in other browsers. For this information, see the browser documentation.

In this article:

    Understanding URL and path lengths

    URL path length limitations

    Resolving URL length problems

Understanding URL and path lengths

This section discusses URL composition, how SharePoint Foundation 2010 builds URLs, how URLs are encoded and lengthened, and passed as parameters in other URLs.

SharePoint URL composition

The total length of a SharePoint URL equals the length of the folder or file path, including the protocol and server name and the folder or file name, plus any parameters that are included as part of the URL. The formula is as follows:

URL = protocol + server name + folder or file path + folder or file name+ parameters

For example, the following is a typical URL path to a file stored in SharePoint Foundation 2010:

http://www.contoso.com/sites/marketing/documents/Shared%20Documents/Promotion/Some%20File.xlsx

Where the parts of the URL path are as listed in the following table.

URL part	Example
Protocol	http://
Server name	www.contoso.com/
Folder or file path	sites/marketing/documents/Shared%20Documents/Promotion/
File name	Some%20File.xlsx

URL Encoding

URL encoding ensures that all browsers will correctly transmit text in URL strings. Characters such as a question marks (?), ampersands (&), slash marks (/), and spaces might be truncated or corrupted by some browsers. SharePoint Foundation 2010 adheres to the standards for URL encoding that are defined in The Internet Engineering Task Force (IETF) RFC 3986 (http://go.microsoft.com/fwlink/?LinkId=195564&clcid=0x409).

If you have non-standard ASCII characters, such as high-ASCII or double-byte Unicode characters, in the SharePoint URL, each of those characters is URL-encoded into two or more ASCII characters when they are passed to the Web browser. Thus, a URL with many high-ASCII characters or double-byte Unicode characters can become longer than the original un-encoded URL. The list below gives examples of the multiplication factors:

 High-ASCII characters — for example, (!, “, #, $, %, &, [Space]): multiplication factor = 3

 Double byte Unicode characters — for example, Japanese, Chinese, Korean, Hindi: multiplication factor = 9

For example, when you translate the names of sites, library, folder, and file in the URL path http://www.contoso.com/sites/marketing/documents/Shared%20Documents/Promotion/Some%20File.xlsx into Japanese, the resulted encoded URL path will become something like the following:

http://www.contoso.com/sites/%E3%83%9E%E3%83%BC%E3%82%B1%E3%83%86%E3%82%A3%E3%83%B3%E3%82%B0/%E6%96%87%E6%9B%B8/DocLib/%E3%83%97%E3%83%AD%E3%83%A2%E3%83%BC%E3%82%B7%E3%83%A7%E3%83%B3/%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB.xlsx. This path is 224 characters, whereas the original URL path is only 94 characters.

Important:

The following characters cannot be used in an un-encoded URL: (~, #, %, &, *, {}, \, :, <>, /, +, |, “).

URL parameters

URL parameters are data that are included as part of the URL that are processed. These parameters are also URL-encoded and can be encoded multiple times, producing very long URLs.

For example, if you browse to a list, the URL might be something like the following: http://www.contoso.com/sites/marketing/documents/Shared%20Documents/Forms/AllItemA.aspx?RootFolder=%2Fsites%2Fmarketing%2Fdocuments%2FShared%20Documents%2FPFPromoti&FolderCTID=0x012000F2A09653197F4F4F919923797C42ADEC&View={CD527605-9A7A-448D-9A35-67A33EF9F766}. This URL is 260 characters.

If you then click Create View on the Library tab, the entire URL is included in the resulting URL as the source parameter and it is encoded to be much longer — for example, http://www.contoso.com/sites/marketing/documents/_layouts/ViewType.aspx?List=%7BED6E21E0%2DDF28%2D4165%2DBC3E%2D5371987CC2D2%7D&Source=http%3A%2F%2Fwww%2Econtoso%2Ecom%2Fsites%2Fmarketing%2Fdocuments%2FShared%2520Documents%2FForms%2FAllItems%2Easpx%3FRootFolder%3D%252Fsites%252Fmarketing%252Fdocuments%252FShared%2520Documents%252FPromotion%26FolderCTID%3D0x012000F2A09653197F4F4F919923797C42ADEC%26View%3D%7BCD527605%2D9A7A%2D448D%2D9A35%2D67A33EF9F766%7D. This URL is 457 characters.

Important

 SharePoint Foundation 2010 truncates the URL source parameter if the total URL length to be passed to Internet Explorer is more than 1950 bytes. The source parameter is a reference to a previously visited page. The result of the truncation of the source parameter is that the user will be referred back to default location rather than the location specified in the source parameter.

 Other parameters, such as sort orders, root folder parameters, and views are not truncated.

URL path length limitations
This section discusses the different URL length limitations in SharePoint Foundation 2010 and Internet Explorer, and how to plan for URL path lengths.
- SharePoint URL path length limitations
The limitations In this section apply to the total length of the URL path to a folder or a file in SharePoint Foundation 2010 but not to the length of any parameters. Also, these limitations apply only to un-encoded URLs, not to encoded URLs. There is no limit to encoded URLs in SharePoint Foundation 2010. The limitations are the following:

    260 Unicode (UTF-16) code units – the characters in a full file path, not including a domain/server name.

    256 Unicode (UTF-16) code units – the characters in a full folder path, not including the file name and the domain/server name.

    128 Unicode (UTF-16) code units – characters in a path component, that is, a file or folder name.

    260 Unicode (UTF-16) code units – the characters in a full path, including a domain/server name for use with Office clients.

    256 Unicode (UTF-16) code units – the characters in a full path including the domain/server name, for use with Active X controls.
For more information, see Microsoft Knowledge Base article 894630, You receive a “The specified file or folder name is too long” error message (http://go.microsoft.com/fwlink/?LinkId=195567&clcid=0x409).

Note:

Understanding code units – In most cases, one UTF-16 character equals one UTF-16 code unit. However, characters that use Unicode code points greater than U+10000 will equal two UTF-16 code units. These characters include, but are not limited to, Japanese or Chinese surrogate pair characters. If your paths include these characters, the URL length will exceed the URL length limitation with fewer than 256 or 260 characters.
- Internet Explorer URL length limitations
Internet Explorer also has limitations that are separate from those in SharePoint Foundation 2010. Even though you make the SharePoint Foundation 2010 URL path shorter than the limitations, you might experience an Internet Explorer URL length limitation because of added parameters and encoding of the URL. You must use the most restrictive limitation as a guideline for planning URL lengths.

Both Internet Explorer 7 and Internet Explorer 8 have a maximum URL length of 2,083 UTF-8 characters and a maximum path length of 2,048 UTF-8 characters. However, in Internet Explorer 7, under certain circumstances, the effective URL length limitation is 1024 UTF-8 characters, not 2083 UTF-8 characters. For more information about the URL length limits in Internet Explorer, see Microsoft Knowledge Base article 208427, Maximum URL length is 2,083 characters in Internet Explorer (http://go.microsoft.com/fwlink/?LinkId=195568&clcid=0x409).

Important:

Unless all of the browsers in the environment are Internet Explorer 8, use the effective limit of 1024 UTF-8 characters.
Resolving URL length problems

There are several ways that you can resolve or mitigate URL length problems in the SharePoint Foundation 2010 environment. The following list provides suggestions:

    Upgrade all the end-user browsers to Internet Explorer 8, which has a longer URL length limit.

    Use shorter names for sites, folders, and documents and control the depth of the site and folder structures to reduce the lengths of URLs.

    If possible or allowed, use ASCII names for sites, folders, and documents. This will avoid situations where the URL will be lengthened by being encoded.

    To reduce the risk that the SharePoint Foundation 2010 end-users will encounter problems because of URL length limitations, we recommend that you apply the following effective limits in the deployment:

    256 Unicode (UTF-16) Code units – the effective file path length limitation, including a domain/server name

    128 Unicode (UTF-16) Code units – the path component length limitation

IP support (SharePoint Foundation 2010)

This article explains the support for Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6) addressing in Microsoft SharePoint 2010 Products.

SharePoint 2010 Products support the following environments:

    Pure IPv4 environment

    Mixed IPv4 and IPv6 environment

    Pure IPv6 environment

In a SharePoint environment, “mixed” can be defined as one of the following likely scenarios:

    Both IPv4 and IPv6 protocols are running in your environment.

    Some of your client computers are using IPv4 and some of them are using IPv6.

    Your client computers are using IPv4, but the computer running Microsoft SQL Server is using IPv6.

By default, the IPv6 protocol and the IPv4 protocol are both installed and enabled in Windows Server 2008 and Windows Server 2008 R2. When both IPv4 and IPv6 are enabled, IPv6 is given preference over IPv4. Additionally, you can remove the IPv4 protocol so that the computer runs IPv6 exclusively.

To determine what version is being used, you can use the IPConfig.exe tool. For additional information, see IPConfig (http://go.microsoft.com/fwlink/?LinkId=122336&clcid=0x409).

The following list shows other important considerations regarding IPv6:

    For any computer that is authenticated by using a domain controller and is only running IPv6 within a SharePoint 2010 Products environment, the domain controller must be running Windows Server 2008 or Windows Server 2008 R2. Ensure that you use the correct service pack and any additional software prerequisites. For more information, see Hardware and software requirements (SharePoint Foundation 2010).

    All versions of Microsoft SQL Server supported for SharePoint 2010 Products also support IPv6. For more information about IPv6 support for SQL Server 2008, see Connecting Using IPv6 (http://go.microsoft.com/fwlink/?LinkId=183115). For more information about IPv6 support for SQL Server 2005, see Connecting Using IPv6 (http://go.microsoft.com/fwlink/?LinkId=183118).

    In SharePoint 2010 Products, when using IPv6 protocol, all end-user Uniform Resource Locators (URLs) must be based on DNS names with AAAA records. Browsing to SharePoint URLs that use IPv6 literal addresses is not supported. An example of a literal address URL is http://%5B2001:db8:85a3:8d3:1319:8a2e:370:7344%5D. However, SharePoint 2010 Products support entering IPv6 literal addresses for certain farm administration functionality, such as entering the server name when creating or attaching databases. For server names that use a literal address format, you must enclose the literal address within square brackets. For more information about AAAA records, see Adding a Resource Record to a Forward Lookup Zone (http://go.microsoft.com/fwlink/?LinkId=181956).

For additional information about IPv6, see Internet Protocol Version 6 (IPv6) (http://go.microsoft.com/fwlink/?LinkId=120794&clcid=0x409) and IP Addressing (http://go.microsoft.com/fwlink/?LinkId=120795&clcid=0x409).

See Also

Internet Protocol, Version 6 (IPv6) Specification (http://go.microsoft.com/fwlink/?LinkId=183119)
Logical architecture planning

This section contains articles to help you learn about and plan logical architectures for Microsoft SharePoint Foundation 2010.

In this section:

 Services architecture planning (SharePoint Foundation 2010)

 Plan for host-named site collections (SharePoint Foundation 2010)

Services architecture planning (SharePoint Foundation 2010)

This article describes the services architecture for sharing service applications and provides example architectures for Microsoft SharePoint Foundation 2010.

In this article:

    About service applications

    Services infrastructure and design principles

The following poster-size models are also available to use with this article. You can modify the diagrams within the models to represent your own organization plans.

    Services in Microsoft SharePoint 2010 Products

    Visio (http://go.microsoft.com/fwlink/?LinkID=167090)

    PDF (http://go.microsoft.com/fwlink/?LinkID=167092)

    XPS (http://go.microsoft.com/fwlink/?LinkID=167091)

    Cross-farm services in SharePoint 2010 Products

    Visio (http://go.microsoft.com/fwlink/?LinkID=167093)

    PDF (http://go.microsoft.com/fwlink/?LinkID=167095)

    XPS (http://go.microsoft.com/fwlink/?LinkID=167094)

About service applications

SharePoint Foundation 2010 includes a set of services that can be shared across Web applications. These services are called service applications. Some service applications can be shared across farms. Sharing service applications across Web applications and farms greatly reduces the resources required to provide these services across multiple sites.

The following service applications are provided with SharePoint Foundation 2010:

    Business Data Connectivity service — Gives access to line-of-business data systems.

    Usage and Health Data Collection service  — Collects farm wide usage and health data, and provides the ability to view various usage and health reports.

    Microsoft SharePoint Foundation Subscription Settings Service  — Provides multi-tenant functionality for service applications. Tracks subscription IDs and settings for services that are deployed in partitioned mode. Deployed through Windows PowerShell only.

Some service applications are provided by other Microsoft products, including Microsoft Office Web Apps. Office Web Apps are online companions to Microsoft Word, Excel, PowerPoint, and OneNote, enabling people to access and do light editing or sharing of Office documents from virtually anywhere. Business customers licensed for Microsoft Office 2010 through a Volume Licensing program can run Office Web Apps on-premises on a server running SharePoint Foundation 2010.

The services infrastructure is extensible, and third party companies can create additional service applications that can be used with SharePoint Foundation 2010.

Service applications are different from the services that are started and stopped on specific servers and listed on the Services on Server page in the SharePoint Central Administration Web site. Some of the services listed on this page are associated with service applications, but service applications represent specific instances of services that can be configured and shared in specific ways.

Services infrastructure and design principles
SharePoint 2010 Products improves the services infrastructure that was introduced in the previous version. In SharePoint 2010 Products, the infrastructure for hosting services moves into SharePoint Foundation 2010 and the configuration of service offerings is much more flexible. Individual services can be configured independently, and third-party companies can add services to the platform.
- Deploying services
You deploy service applications within a farm by using one of the following methods:

    Selecting services when you run the SharePoint Products Configuration Wizard.

    Adding services one by one on the Manage Service Applications page in the Central Administration site.

    Using Windows PowerShell.
- More granular configuration of services
The service application infrastructure gives you more control over which services are deployed and how service applications are shared:

1.    You can deploy only the service applications that are needed to a farm.

2.    Web applications can be configured to use only the service applications that are needed, instead of all the services that have been deployed.

3.    You can deploy multiple instances of the same service in a farm and assign unique names to the resulting service applications.

4.    You can share service applications across multiple Web applications within the same farm.

You can choose the service applications for a Web application when you create the Web application. You can also modify the service applications that are associated with a Web application later.
- Service application groups
By default, all service applications are included in a default group, unless you change this setting for a service application when it is created. You can add and remove service applications from the default group at any time.

The following diagram shows a typical deployment with all service applications contained in the default service group.

When you create a Web application, you can select the default group or you can create a custom group of service applications. You create a custom group of service applications by selecting only the service applications that you want the Web application to use.

Custom groups that are created in Central Administration are not reusable across multiple Web applications. Each time that you select custom when you create a Web application, you are selecting service applications only for the Web application that you are creating.
- Logical architecture
Service applications are deployed within a single Internet Information Services (IIS) Web site. This is the default behavior and cannot be changed. However, you can customize the configuration of service application groups and the association of Web applications to service application groups.

The following diagram shows the logical architecture for a more complex deployment.

Notice the following characteristics of the farm in the diagram:

    All service applications are contained within the same IIS Web site.

    There are two groups of service applications: the default group and a custom group. Not all service applications have to be included in the default group. In the diagram, an additional instance of the Business Data Connectivity service is added to the farm but not included in the default group. It is used only by one Web application.

    Web applications connect either to the default group or to a custom group of service applications. In the diagram, there is one custom group.

Service applications can be deployed to different application pools to achieve process isolation. However, if you want to optimize the performance of your farm, we recommend that you deploy service applications to one application pool.

To achieve physical isolation for a service application, choose or create a different application pool for the service application.
- Connections for service applications
When you create a service application, a connection for the service application is created at the same time. A connection is a virtual entity that connects Web applications to service applications. In Windows PowerShell, these connections are called proxies. “Proxy” appears at the end of the type description for connections on the Manage Service Applications page in Central Administration.
- Service application administration
Service applications are managed directly in Central Administration rather than through a separate administration site. If needed, service applications can be monitored and managed remotely. Service applications can also be managed and scripted by using Windows PowerShell.

Plan for host-named site collections (SharePoint Foundation 2010)

In this article:

    About host-named site collections

    About host headers

    Create a host-named site collection

    Programmatically create a host-named site collection

    Use managed paths with host-named site collections

    Expose host-named sites over HTTP or SSL

    Configure SSL for host-named site collections

    Use host-named site collections with off-box SSL termination

Microsoft SharePoint Foundation 2010 supports both path-based and host-named site collections. The primary difference between path-based and host-named site collections is that all path-based site collections in a Web application share the same host name (DNS name), and each host-named site collection in a Web application is assigned a unique DNS name.

Path-based site collections provide a corporate hosting solution with all site collections sharing the same host name of the Web application. In a path-based deployment, you can have a single site collection at the root of the Web application and additional site collections under managed paths within the Web application.

Host-named site collections provide a scalable Web hosting solution with each site collection assigned to a unique DNS name. In a Web hosting deployment, each host-named site collection has its own vanity host name URL, such as http://customer1.contoso.com, http://customer2.contoso.com, or http://www.customer3.com.

SharePoint Foundation 2010 provides two significant improvements to host-named site collections: the ability to use managed paths with host-named site collections, and the ability to use off-box SSL termination with host-named site collections.

About host-named site collections

Web hosters provide customers with Web server space to host their own Web sites. In a path-based SharePoint Foundation 2010 environment, these sites would typically be assigned to http://www.contoso.com/sites/customer1, http://www.contoso.com/sites/customer2, and so on. However, Web hosting customers typically want to have their Web sites available at a vanity domain name, such as http://customer1.contoso.com, http://customer2.contoso.com, and so on.

One way to support this customer request is to provide each customer with their own Web application and assign the customer’s unique DNS name to the Web application. However, SharePoint Foundation 2010 Web applications do not scale as well as SharePoint Foundation 2010 site collections. SharePoint Foundation 2010 supports host-named site collections as an alternative to creating individual Web applications for each customer. Host-named site collections can scale to thousands of site collections because they can all exist within a single Web application and still offer vanity naming capability.

Because host-named site collections have a single URL, they do not support alternate access mappings and are always considered to be in the Default zone. If you need to support site collections responding to multiple host-name URLs, consider using path-based site collections with alternate access mappings instead of host-named site collections.There are several additional configuration options to consider when provisioning a new SharePoint Foundation 2010 site. Specifying the appropriate site template during site creation will determine which preconfigured Web parts and other user interface elements are available on the new site. In a hosting scenario, you will probably want to select either a team site template (value of “STS#0” when creating the site) or a blank site with no Web parts or prebuilt lists (value of “STS#1”). Also consider specifying site quotas on each newly provisioned site collection.

About host headers

Host headers refer to the portion of the HTTP protocol that tells the Web server the DNS name of the site that the client is connecting to. You can apply host headers at two different levels in SharePoint Foundation 2010:

 The Web application (IIS Web site) level

 The site collection level

It’s important to understand the distinction between these two levels. Host headers at the IIS Web site level are only intended for path-based site collections. Host headers at the site collection level are only intended for host-named site collections. In most cases, applying a host header binding at the IIS Web site level makes it impossible to access host-named site collections through the IIS Web site. This is because IIS will not respond to requests for host names that differ from the host header binding.

Path-based site collections and host-named site collections can co-exist in the same Web application and can exist in multiple Web applications. To ensure that both types of site collections are accessible to users, do not put host header bindings on the IIS Web site assigned to the Default zone of your Web application, if you have host-named site collections in that Web application. You can apply host header bindings to the IIS Web sites in the other zones of your Web application. This enables you to use the Default zone with host-named site collections while allowing you to use alternate access mapping functionality in the other zones for path-based site collections.

You can manually modify host header bindings on the IIS Web site from the IIS Manager, but this is not recommended. Any changes you make using the IIS Manager will not be recorded in SharePoint Foundation 2010. If SharePoint Foundation 2010 tries to provision an IIS Web site on another computer in the farm for the same Web application and zone, the original host header binding is used instead of the modified binding. If you want to modify an existing binding for an IIS Web site, remove the Web application from the zone and then re-extend the Web application into the zone with the binding you want to use.

Create a host-named site collection

You must use Windows PowerShell to create a host-named site collection. You cannot use the SharePoint Foundation 2010 Central Administration Web application to create a host-named site collection, but you can use Central Administration to manage the site collection after you have created it.

You can create a host-named site collection by using the Windows PowerShell New-SPSite cmdlet with the -HostHeaderWebApplication parameter, as shown in the following example:

1.    To create a host-named site collection using Windows PowerShell, verify that you meet the following minimum requirements: See Add-SPShellAdmin.

2.    On the Start menu, click All Programs.

3.    Click Microsoft SharePoint 2010 Products.

4.    Click SharePoint 2010 Management Shell.

5.    From the Windows PowerShell command prompt (that is, PS C:\>), type the following:

New-SPSite http://host.header.site.url -OwnerAlias DOMAIN\username –

HostHeaderWebApplication http://servername

This creates a host-named site collection with the URL http://host.header.site.url in the SharePoint Foundation 2010 Web application with the URL http://servername.
Programmatically create a host-named site collection

In addition to using the Windows PowerShell to create host-named sites, you can use the SharePoint Foundation 2010 object model. The following code sample creates the host-named site collection with the URL http://host.header.site.url in the SharePoint Foundation 2010 Web application with the URL http://servername:

SPWebApplication webApp = SPWebApplication.Lookup(new

Uri(“http://www.contoso.com”));

SPSiteCollection sites = webApp.Sites;

SPSite Site = null;

Site = sites.Add(“http://hoster.contoso.com”, “Site_Title”,

“Site_Description”, 1033, “STS#0”, “contoso\owner”,

“Owner_Display_Name”, “Owner_Email”, “contoso\secondaryowner,

“Secondary_Owner_Display_Name”, “Secondary_Owner_Email”, true);

SharePoint Foundation 2010 ships with a set of Web services for various user and administrative tasks. One of these administrative tasks is creating a new site collection. The CreateSite Web service method does not support the creation of host-named site collections. A workaround for this issue is to write a Web service that wraps the API sample code.

Use managed paths with host-named site collections

SharePoint Foundation 2010 adds support for managed paths with host-named site collections. Hosters can provide multiple site collections to the same customer with each site collection sharing the customer’s unique host name but differentiated by the URL path after the host name.

Managed paths for host-named site collections are different from managed paths for path-based site collections. Managed paths for host-named site collections do not apply to path-based site collections; nor do managed paths for path-based site collections apply to host-named site collections. Managed paths created for host-named site collections are available to all host-named site collections within the farm regardless of which Web application the host-named site collection is in. You must create a root host-named site collection for a host name before you can create a managed path host-named site collection for that host name.

You can create a managed path for use with host-named site collections by using the Windows PowerShell New-SPManagedPath cmdlet with the -HostHeader parameter, as shown in the following example:

New-SPManagedPath pathname –HostHeader

A host-named site collection created at a managed path is shown in the following example:

New-SPSite http://host.header.site.url/pathname/sitename -OwnerAlias DOMAIN\username -HostHeaderWebApplication http://servername

Expose host-named sites over HTTP or SSL

Host-named site collections will use the same protocol scheme as the public URL in the Default zone of their Web application. If you wish to provide the host-named site collections in your Web application over HTTP, ensure that the public URL in the Default zone of your Web application is an HTTP-based URL. If you wish to provide host-named site collections in your Web application over SSL, ensure that the public URL in the Default zone of your Web application is an HTTPS-based URL.

Unlike an earlier version, SharePoint Foundation 2010 does not support a host-named site collection using both HTTP- and SSL-based URLs simultaneously. If some host-named site collections need to be available over HTTP while other host-named site collections need to be available over SSL, separate the host-named site collections into two different Web applications dedicated for that type of access. In this scenario, HTTP host-named site collections should be in a Web application dedicated for HTTP access and SSL host-named site collections should be in a Web application dedicated for SSL access.

Configure SSL for host-named site collections

In hosting scenarios, hosters can configure a single Web application with SSL and then create multiple host-named site collections within that Web application. To browse to a site over SSL, a server certificate has to be installed and assigned to the IIS Web site. Each host-named site collection in a Web application will share the single server certificate assigned to the IIS Web site.

Hosters need to acquire a wildcard certificate or subject alternate name certificate and then use a host-named site collection URL policy that matches that certificate. For example, if a hoster acquires a *.contoso.com wildcard certificate, the hoster has to generate host-named site collection URLs such as https://site1.contoso.com, https://site2.contoso.com, and so on, to enable these sites to pass browser SSL validation. However, if customers require unique second-level domain names for their sites, the hoster has to create multiple Web applications rather than multiple host-named site collections.

To configure SSL for host-named site collections, enable SSL when creating the Web application. This will create an IIS Web site with an SSL binding instead of an HTTP binding. After the Web application is created, open IIS Manager and assign a certificate to that SSL binding. You can then create site collections in that Web application.

Use host-named site collections with off-box SSL termination

Because SharePoint Foundation 2010 uses the public URL in the Default zone of the Web application to determine whether host-named site collections will be rendered as HTTP or SSL, you can now use host-named site collections with off-box SSL termination. There are 3 requirements to use SSL termination with host-named site collections:

    The public URL in the Default zone of the Web application must be an HTTPS-based URL.

    The SSL terminator or reverse proxy must preserve the original HTTP host header from the client.

    If the client SSL request is sent to the default SSL port (443), then the SSL terminator or reverse proxy must forward the decrypted HTTP request to the front-end Web server on the default HTTP port (80). If the client SSL request is sent to a non-default SSL port, then the SSL terminator or reverse proxy must forward the decrypted HTTP request to the front-end Web server on the same non-default port.

To use host-named site collections with off-box SSL termination, configure your Web application as you normally would for SSL termination and ensure that it meets the requirements described above. In this scenario, SharePoint Foundation 2010 will render links of its host-named site collections in that Web application using HTTPS instead of HTTP.

Plan authentication (SharePoint Foundation 2010)

This section describes how to plan for authentication.

In this section:

 Plan authentication methods (SharePoint Foundation 2010)

Plan authentication methods (SharePoint Foundation 2010)

This article describes the authentication methods and authentication modes that are supported by Microsoft SharePoint Foundation 2010. Authentication is the process of validating a user’s identity. After a user’s identity is validated, the authorization process determines which sites, content, and other features the user can access. Authentication modes determine how accounts are used internally by SharePoint Foundation 2010.

In this article:

    Supported authentication methods

    Authentication modes — classic or claims-based

    Implementing Windows authentication

    Implementing forms-based authentication

    Implementing SAML token-based authentication

    Choosing authentication for LDAP environments

    Planning zones for Web applications

    Architecture for SAML token-based providers

Supported authentication methods

SharePoint Foundation 2010 supports authentication methods that were included in previous versions and also introduces token-based authentication that is based on Security Assertion Markup Language (SAML) as an option. The following table lists the supported authentication methods.

Method	Examples	Notes
Windows	 NTLM  Kerberos  Anonymous  Basic  Digest	At this time, Windows certificate authentication is not supported.
Forms-based authentication	 Lightweight Directory Access Protocol (LDAP)  SQL database or other database  Custom or third-party membership and role providers
SAML token-based authentication	 Active Directory Federation Services (AD FS) 2.0  Third-party identity provider  Lightweight Directory Access Protocol (LDAP)	Supported only with SAML 1.1 that uses the WS-Federation Passive profile.

Authentication modes — classic or claims-based

SharePoint Foundation 2010 introduces claims-based authentication, which is built on Windows Identity Foundation (WIF). You can use any of the supported authentication methods with claims-based authentication. Or, you can use classic-mode authentication, which supports Windows authentication.

When you create a Web application, you select one of the two authentication modes to use with the Web application, either claims-based or classic-mode.

If you select classic-mode, you can implement Windows authentication and the user accounts are treated by SharePoint Foundation 2010 as Active Directory Domain Services (AD DS) accounts.

If you select claims-based authentication, SharePoint Foundation 2010 automatically changes all user accounts to claims identities, resulting in a claims token for each user. The claims token contains the claims pertaining to the user. Windows accounts are converted into Windows claims. Forms-based membership users are transformed into forms-based authentication claims. Claims that are included in SAML-based tokens can be used by SharePoint Foundation 2010. Additionally, SharePoint developers and administrators can augment user tokens with additional claims. For example, user Windows accounts and forms-based accounts can be augmented with additional claims that are used by SharePoint Foundation 2010.

The following chart summarizes the support for authentication types by each authentication mode.

Type	Classic-mode authentication	Claims-based authentication
Windows  NTLM  Kerberos  Anonymous  Basic  Digest	Yes	Yes
Forms-based authentication  LDAP  SQL database or other database  Custom or third-party membership and role providers	No	Yes
SAML token-based authentication  AD FS 2.0  Windows Live ID  Third-party identity provider  LDAP	No	Yes

A SharePoint Foundation 2010 farm can include a mix of Web applications that use both modes. Services do not differentiate between user accounts that are traditional Windows accounts and Windows claims accounts. Consequently, a user who belongs to sites that are configured to use a mix of authentication modes will receive search results that include results from all the sites that the user has access to, regardless of the mode that is configured for Web applications. The user is not interpreted as two different user accounts. This is because services and service applications use claims identities for inter-farm communication regardless of the mode that is selected for Web applications and users.

However, users who belong to more than one user repository that is recognized by SharePoint Server Web applications are treated as separate user accounts, depending on which identity they use to log in.

The following guidance will help you decide which mode to select:

 For new implementations of SharePoint Foundation 2010, use claims-based authentication. With this option, all supported authentication types are available for Web applications. There is no practical reason to select classic-mode authentication for new deployments, even if your environment includes only Windows accounts. Windows authentication is implemented the same way regardless of the mode that is selected. There are no additional steps to implement Windows authentication when you use the claims-based authentication mode.

 If you are upgrading a previous version solution to SharePoint Foundation 2010 and the solution includes only Windows accounts, you can use classic-mode authentication. This lets you use the same design for zones and URLs.

 If you are upgrading a solution that requires forms-based authentication, the only option is to upgrade to claims-based authentication.

If you are upgrading from an earlier version to SharePoint Foundation 2010 and you select claims-based authentication, be aware of the following considerations:

 Custom code might need to be updated. Web Parts or other custom code that relies on or uses Windows identities will have to be updated. If the custom code uses Windows identities, use classic-mode authentication until the code is updated.

 Migrating many Windows users to claims identities takes time. When you change a Web application from classic mode to claims-based during the upgrade process, you must use Windows PowerShell to convert Windows identities to claims identities. This can be a time-consuming process. Be sure to allow enough time during the upgrade process to complete this task.

 Search alerts are currently not supported with claims-based authentication.

Claims authentication is built on WIF. WIF is a set of .NET Framework classes that are used to implement claims-based identity. Claims authentication relies on standards such as WS-Federation, WS-Trust, and protocols such as SAML. For more information about claims authentication, see the following resources:

 Claims-based Identity for Windows: An Introduction to Active Directory Federation Services 2.0, Windows CardSpace 2.0, and Windows Identity Foundation (white paper) (http://go.microsoft.com/fwlink/?LinkId=198942)

 Windows Identity Foundation home page (http://go.microsoft.com/fwlink/?LinkId=198943)

You do not have to be a claims architect to use claims authentication in SharePoint Foundation 2010. However, implementing SAML token-based authentication requires coordination with administrators of your claims-based environment, as described later in this article.

Implementing Windows authentication

The process of implementing Windows authentication methods is similar for both authentication modes (classic or claims-based). Choosing claims-based authentication for a Web application does not increase the complexity of implementing Windows authentication methods. This section summarizes the process for each method.

Integrated Windows authentication — Kerberos and NTLM

Both Kerberos protocol and NTLM are Integrated Windows authentication methods, which let clients seamlessly authenticate without being prompted for credentials. Users who access SharePoint sites from Windows Explorer will authenticate by using the credentials the Internet Explorer process is running under. By default, these credentials are the credentials that the user used to log on to the computer. Services or applications that access SharePoint Server in Integrated Windows authentication mode will attempt to authenticate by using the credentials of the running thread, which is the identity of the process by default.

NTLM is the simplest form of Windows authentication to implement. Simply select this option when you are creating a Web application.

Kerberos protocol is a secure protocol that supports ticketing authentication. Use of the Kerberos protocol requires additional configuration of the environment. To enable Kerberos authentication, the client and server computers must have a trusted connection to the domain Key Distribution Center (KDC). Configuring the Kerberos protocol involves setting up service principal names (SPNs) in AD DS before you install SharePoint Foundation 2010.

The following steps summarize the process of configuring Kerberos authentication:

1. Configure Kerberos authentication for SQL communications by creating SPNs in AD DS for the SQL Server service account.

2. Create SPNs for Web applications that will use Kerberos authentication.

3. Install the SharePoint Foundation 2010 farm.

4. Configure specific services within the farm to use specific accounts.

5. Create the Web applications that will use Kerberos authentication.

For more information, see Configure Kerberos authentication (SharePoint Server 2010) (http://technet.microsoft.com/library/3f849874-1580-47d3-af88-042a3494909f(Office.14).aspx).

Additionally, for claims-authentication Web applications, the claims to Windows token service must be configured for constrained delegation. Constrained delegation is required to convert claims to Windows tokens. For environments that include multiple forests, a two-way trust between forests is required to use the claims to Windows token service. For more information about how to configure this service, see Configure Kerberos authentication for the claims to Windows token service (SharePoint Server 2010) (http://technet.microsoft.com/library/9736e391-1dbf-4a37-b95d-3fdaa5baac7d(Office.14).aspx).

Kerberos authentication allows delegation of client credentials to access back-end data systems, which requires additional configuration depending on the scenario. The following table provides examples.

Scenario	Additional configuration
Delegating a client’s identity to a back-end server. Displaying RSS feeds to authenticated content.	Configure Kerberos constrained delegation for computers and service accounts.
Identity delegation for Microsoft SQL Server Reporting Services (SSRS)	Configure SPNs for SQL Server Reporting Services accounts. Configure delegation for SQL Server Reporting Services.
Identity delegation for Excel Services in SharePoint	Configure constrained delegation for servers that run Excel Services. Configure constrained delegation for the Excel Services service account.

For more information about how to configure Kerberos authentication, including configuration steps for common scenarios, see Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products and Technologies (white paper) (http://go.microsoft.com/fwlink/?LinkID=197178).

Digest and Basic

Implementing Digest and Basic authentication requires configuring these authentication methods directly in Internet Information Services (IIS).

Implementing forms-based authentication

Forms-based authentication is an identity management system that is based on ASP.NET membership and role provider authentication. In SharePoint Foundation 2010, forms-based authentication is available only when you use claims-based authentication.

Forms-based authentication can be used against credentials stored in AD DS, in a database such as a SQL Server database, or in an LDAP data store such as Novell eDirectory, Novell Directory Services (NDS), or Sun ONE. Forms-based authentication enables user authentication based on validation of credential input from a logon form. Unauthenticated requests are redirected to a logon page, where the user must provide valid credentials and submit the form. If the request can be authenticated, the system issues a cookie that contains a key for reestablishing the identity for subsequent requests.

To use forms-based authentication to authenticate users against an identity management system that is not based on Windows or that is external, you must register the membership provider and role manager in the Web.config file. Registering the role manager is a new requirement for SharePoint Foundation 2010. In the previous version, this was optional. SharePoint Foundation 2010 uses the standard ASP.NET role manager interface to gather group information about the current user. Each ASP.NET role is treated as a domain group by the authorization process in SharePoint Foundation 2010. You register role managers in the Web.config file the same way that you register membership providers for authentication.

If you want to manage membership users or roles from the SharePoint Central Administration Web site, you must register the membership provider and the role manager in the Web.config file for the Central Administration Web site. You must also register the membership provider and the role manager in the Web.config file for the Web application that hosts the content.

For more information about how to configure forms-based authentication, see the following resources:

    TechNet article: Configure forms-based authentication for a claims-based Web application (SharePoint Server 2010) (http://technet.microsoft.com/library/fd1391bb-c787-4742-b007-bf57e18dad66(Office.14).aspx)

    MSDN blog article: Claims-based authentication “Cheat Sheet” Part 1 (http://go.microsoft.com/fwlink/?LinkId=198944)

    MSDN article: Forms Authentication in SharePoint Products and Technologies (Part 2): Membership and Role Provider Samples (http://go.microsoft.com/fwlink/?LinkId=198945)
Implementing SAML token-based authentication

SAML token-based authentication requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment. AD FS 2.0 is an example of a claims-based environment.

A claims-based environment includes an identity provider security token service (IP-STS). The IP-STS issues SAML tokens on behalf of users who are included in the associated user directory. Tokens can include any number of claims about a user, such as a user name and groups the user belongs to.

SharePoint Foundation 2010 takes advantage of claims that are included in tokens provided by an IP-STS to authorize users. In claims environments, an application that accepts SAML tokens is known as a relying party STS (RP-STS). A relying party application receives the SAML token and uses the claims inside to decide whether to grant the client access to the requested resource. In SharePoint 2010 Products, each Web application that is configured to use a SAML provider is added to the IP-STS server as a separate RP-STS entry. A SharePoint farm can include multiple RP-STS entries.

Implementing SAML token-based authentication with SharePoint 2010 Products involves the following processes that require advance planning:

1.    Export the token-signing certificate from the IP-STS. This certificate is known as the ImportTrustCertificate. Copy the certificate to a server computer in the SharePoint Foundation 2010 farm.

2.    Define the claim that will be used as the unique identifier of the user. This is known as the identity claim. Many examples of this process use the user e-mail name as the user identifier. Coordinate with the administrator of the IP-STS to determine the correct identifier because only the owner of the IP-STS knows which value in the token will always be unique per user. Identifying the unique identifier for the user is part of the claims-mapping process. Claims mappings are created by using Windows PowerShell.

3.    Define additional claims mappings. Define which additional claims from the incoming token will be used by the SharePoint Foundation 2010 farm. User roles are an example of a claim that can be used to permission resources in the SharePoint Foundation 2010 farm. All claims from an incoming token that do not have a mapping will be discarded.

4.    Create a new authentication provider by using Windows PowerShell to import the token-signing certificate. This process creates the SPTrustedIdentityTokenIssuer. During this process, you specify the identity claim and additional claims that you have mapped. You must also create and specify a realm that is associated with the first SharePoint Web applications that you are configuring for SAML token-based authentication. After the SPTrustedIdentityTokenIssuer is created, you can create and add more realms for additional SharePoint Web applications. This is how you configure multiple Web applications to use the same SPTrustedIdentityTokenIssuer.

5.    For each realm that is added to the SPTrustedIdentityTokenIssuer, you must create an RP-STS entry on the IP-STS. This can be done before the SharePoint Web application is created. Regardless, you must plan the URL before you create the Web applications.

6.    Create a new SharePoint Web application and configure it to use the newly created authentication provider. The authentication provider will appear as an option in Central Administration when claims mode is selected for the Web application.

You can configure multiple SAML token-based authentication providers. However, you can only use a token-signing certificate once in a farm. All providers that are configured will appear as options in Central Administration. Claims from different trusted STS environments will not conflict.

If you are implementing SAML token-based authentication with a partner company and your own environment includes an IP-STS, we recommend that you work with the administrator of your internal claims environment to establish a trust relationship from your internal IP-STS to the partner STS. This approach does not require adding an additional authentication provider to your SharePoint Foundation 2010 farm. It also allows your claims administrators to manage the whole claims environment.

Note:

If you use SAML token-based authentication with AD FS on a SharePoint Foundation 2010 farm that has multiple Web servers in a load-balanced configuration, there might be an effect on the performance and functionality of client Web-page views. When AD FS provides the authentication token to the client, that token is submitted to SharePoint Foundation 2010 for each permission-restricted page element. If the load-balanced solution is not using affinity, each secured element is authenticated to more than one SharePoint Foundation 2010 server, which might result in rejection of the token. After the token is rejected, SharePoint Foundation 2010 redirects the client to reauthenticate back to the AD FS server. After this occurs, an AD FS server might reject multiple requests that are made in a short time period. This behavior is by design, to protect against a denial of service attack. If performance is adversely affected or pages do not load completely, consider setting network load balancing to single affinity. This isolates the requests for SAML tokens to a single Web server.

For more information about how to configure SAML token-based authentication, see the following resources:

    TechNet article: Configure authentication using a SAML security token (SharePoint Server 2010) (http://technet.microsoft.com/library/33a9bbc3-fcf5-4aaa-97ec-cd1c7a44d279(Office.14).aspx)

    MSDN blog article: Claims-based authentication “Cheat Sheet” Part 2 (http://go.microsoft.com/fwlink/?LinkId=198946)

    TechNet blog article: Planning Considerations for Claims Based Authentication in SharePoint 2010 (http://go.microsoft.com/fwlink/?LinkId=198947)

    TechNet blog article: Creating both an Identity and Role Claim for a SharePoint 2010 Claims Auth Application (http://go.microsoft.com/fwlink/?LinkId=198948)

    TechNet blog article: How to Create Multiple Claims Auth Web Apps in a Single SharePoint 2010 Farm (http://go.microsoft.com/fwlink/?LinkId=198949)
Choosing authentication for LDAP environments

LDAP environments can be implemented by using either forms-based authentication or SAML token-based authentication. We recommend that you use forms-based authentication because it is less complex. However, if the environment supports WS-Federation 1.1 and SAML Token 1.1, then SAML is recommended. Profile synchronization is not supported with LDAP providers that are not associated with ADFS 2.0.

Planning zones for Web applications

Zones represent different logical paths for gaining access to the same sites in a Web application. Each Web application can include as many as five zones. When a Web application is created, the default zone is created. Additional zones are created by extending the Web application and selecting one of the remaining zone names: intranet, extranet, Internet, or custom.

In previous versions, zones are used to implement different types of authentication for users coming from different networks or authentication providers. In the current version, claims authentication allows multiple types of authentication to be implemented on the same zone.

Your plan for zones will depend on which of the following modes is selected for a Web application:

    Classic mode — Similar to previous versions, only one type of authentication can be implemented per zone. However, in the current version, only Windows authentication can be implemented when classic mode is selected. Consequently, multiple zones can be used only to implement multiple types of Windows authentication, or to implement the same type of Windows authentication against different Active Directory stores.

    Claims authentication — Multiple authentication providers can be implemented on a single zone. Multiple zones can be used also.

Implementing more than one type of authentication on a single zone

If you are using claims authentication and implementing more than one type of authentication, we recommend that you implement multiple types of authentication on the default zone. This results in the same URL for all users.

When you are implementing multiple types of authentication on the same zone, the following restrictions apply:

    Only one instance of forms-based authentication can be implemented on a zone.

    Central Administration allows you to use both an Integrated Windows method and Basic at the same time. Otherwise, more than one type of Windows authentication cannot be implemented on a zone.

If multiple SAML token-based authentication providers are configured for a farm, these will all appear as options when you create a Web application or a new zone. Multiple SAML providers can be configured on the same zone.

The following diagram illustrates multiple types of authentication implemented on the default zone for a partner collaboration site.

In the diagram, users from different directory stores access the partner Web site by using the same URL. A dashed box surrounding partner companies shows the relationship between the user directory and the authentication type that is configured in the default zone. For more information about this design example, see Design sample: Corporate deployment (SharePoint Server 2010) (http://technet.microsoft.com/library/1cffb278-6497-46fc-abd0-3dd652064c89(Office.14).aspx).

Planning for crawling content

The crawl component requires access to content using NTLM. At least one zone must be configured to use NTLM authentication. If NTLM authentication is not configured on the default zone, the crawl component can use a different zone that is configured to use NTLM authentication.

Implementing more than one zone

If you plan to implement more than one zone for Web applications, use the following guidelines:

    Use the default zone to implement your most secure authentication settings. If a request cannot be associated with a specific zone, the authentication settings and other security policies of the default zone are applied. The default zone is the zone that is created when you initially create a Web application. Typically, the most secure authentication settings are designed for end-user access. Consequently, end users are likely to access the default zone.

    Use the minimum number of zones that are required to provide access to users. Each zone is associated with a new IIS site and domain for accessing the Web application. Only add new access points when these are required.

    Ensure that at least one zone is configured to use NTLM authentication for the crawl component. Do not create a dedicated zone for the index component unless it is necessary.

The following diagram illustrates multiple zones that are implemented to accommodate different authentication types for a partner collaboration site.

In the diagram, the default zone is used for remote employees. Each zone has a different URL associated with it. Employees use a different zone depending on whether they are working in the office or are working remotely.

For more information about this design example, see Design sample: Corporate deployment (SharePoint Server 2010) (http://technet.microsoft.com/library/1cffb278-6497-46fc-abd0-3dd652064c89(Office.14).aspx).
Architecture for SAML token-based providers

The architecture for implementing SAML token-based providers includes the following components:

SharePoint security token service   This service creates the SAML tokens that are used by the farm. The service is automatically created and started on all servers in a server farm. The service is used for inter-farm communication because all inter-farm communication uses claims authentication. This service is also used for authentication methods that are implemented for Web applications that use claims authentication, including Windows authentication, forms-based authentication, and SAML token-based authentication. You must configure the security token service during the deployment process. For more information, see Configure the security token service (SharePoint Server 2010) (http://technet.microsoft.com/library/156cbd50-a05b-4490-b869-f74e2fc0e09d(Office.14).aspx).

Token-signing certificate (ImportTrustCertificate)   This is the certificate that is exported from an IP-STS. The certificate is copied to one server in the farm. Once you use this certificate to create an SPTrustedIdentityTokenIssuer, you cannot use it again to create another one. If you want to use the certificate to create a different SPTrustedIdentityTokenIssuer, you must delete the existing one first. Before you delete an existing one, you must disassociate it from any Web applications that may be using it.

Identity claim   The identity claim is the claim from a SAML token that is the unique identifier of the user. Only the owner of the IP-STS knows which value in the token will always be unique for each user. The identity claim is created as a regular claims mapping during the process of mapping all desired claims. The claim that serves as the identity claim is declared when the SPTrustedIdentityTokenIssuer is created.

Other claims   These claims consist of additional claims from a SAML ticket that describe users. These can include user roles, user groups, or other kinds of claims such as age. All claims mappings are created as objects that are replicated across the servers in a SharePoint Foundation farm.

Realm   In the SharePoint claims architecture, the URI or URL that is associated with a SharePoint Web application that is configured to use a SAML token-based provider represents a realm. When you create a SAML-based authentication provider on the farm, you specify the realms, or Web application URLs, that you want the IP-STS to recognize, one at a time. The first realm is specified when you create the SPTrustedIdentityTokenIssuer. Additional realms can be added after the SPTrustedIdentityTokenIssuer is created. Realms are specified by using syntax similar to the following: $realm = “urn:sharepoint:mysites”. After you add the realm to the SPTrustedIdentityTokenIssuer, you must create an RP-STS trust with the realm on the IP-STS server. This process involves specifying the URL for the Web application.

SPTrustedIdentityTokenIssuer   This is the object that is created on the SharePoint farm that includes the values necessary to communicate with and receive tokens from the IP-STS. When you create the SPTrustedIdentityTokenIssuer, you specify which token-signing certificate to use, the first realm, the claim that represents the identity claim, and any additional claims. You can only associate a token-signing certificate from an STS with one SPTrustedIdentityTokenIssuer. However, after you create the SPTrustedIdentityTokenIssuer, you can add more realms for additional Web applications. After a realm is added to the SPTrustedIdentityTokenIssuer, it must also be added to the IP-STS as a relying party. The SPTrustedIdentityTokenIssuer object is replicated across servers in the SharePoint Foundation farm.

Relying party security token service (RP-STS)   In SharePoint Foundation 2010, each Web application that is configured to use a SAML provider is added to the IP-STS server as an RP-STS entry. A SharePoint Foundation farm can include multiple RP-STS entries.

Identity provider security token service (IP-STS)   This is the secure token service in the claims environment that issues SAML tokens on behalf of users who are included in the associated user directory.

The following diagram illustrates the SharePoint 2010 Products claims architecture.

The SPTrustedIdentityTokenIssuer object is created by using several parameters. The following diagram illustrates the key parameters.

As the diagram illustrates, an SPTrustedIdentityTokenIssuer can include only one identity claim, one SignInURL parameter, and one Wreply parameter. However, it can include multiple realms and multiple claims mappings. The SignInURL parameter specifies the URL to redirect a user request to in order to authenticate to the IP-STS. Some IP-STS servers require the Wreply parameter, which is set to either true or false and is false by default. Only use the Wreply parameter if it is required by the IP-STS.
Plan security hardening (SharePoint Foundation 2010)

This article describes security hardening for Microsoft SharePoint Foundation 2010 Web server, application server, and database server roles, and gives detailed guidance about the specific hardening requirements for ports, protocols, and services in Microsoft SharePoint 2010 Products.

In this article:

 Secure server snapshots (http://technet.microsoft.com/library/7dcb6a86-f9d4-4c0f-b7c6-fa12a47029c4.aspx#ServerSnapshots)

 Specific port, protocol, and service guidance

Secure server snapshots

In a server farm environment, individual servers play specific roles. Security hardening recommendations for these servers depend on the role each server plays. This article contains secure snapshots for two categories of server roles:

 Web server and application server roles

 Database server role

The snapshots are divided into common configuration categories. The characteristics defined for each category represent the optimal hardened state for Microsoft SharePoint 2010 Products. This article does not include hardening guidance for other software in the environment.

Web server and application server roles

This section identifies hardening characteristics for Web servers and application servers. Some of the guidance applies to specific service applications; in these cases, the corresponding characteristics need to be applied only on the servers that are running the services associated with the specified service applications.

Category	Characteristic
Services listed in the Services MMC snap-in	Enable the following services:  File and Printer Sharing  World Wide Web Publishing Service Ensure that these services are not disabled:  Claims to Windows Token Service  SharePoint 2010 Administration  SharePoint 2010 Timer  SharePoint 2010 Tracing  SharePoint 2010 VSS Writer Ensure that these services are not disabled on the servers that host the corresponding roles:  SharePoint 2010 User Code Host  SharePoint Foundation Search V4
Ports and protocols	 TCP 80, TCP 443 (SSL)  File and Printer Sharing service —either of the following, used by search roles:  Direct-hosted SMB (TCP/UDP 445) — this is the recommended port  NetBIOS over TCP/IP (NetBT) (TCP/UDP ports 137, 138, 139) — disable this port if you do not use it  Ports required for communication between Web servers and service applications (the default is HTTP):  HTTP binding: 32843  HTTPS binding: 32844  net.tcp binding: 32845 (only if a third party has implemented this option for a service application)  UDP port 1434 and TCP port 1433 — default ports for SQL Server communication. If these ports are blocked on the SQL Server computer (recommended) and databases are installed on a named instance, configure a SQL Server client alias for connecting to the named instance.  TCP/IP 32846 for the Microsoft SharePoint Foundation User Code Service (for sandbox solutions) — This port must be open for outbound connections on all Web servers. This port must be open for inbound connections on Web servers or application servers where this service is turned on.  Ensure that ports remain open for Web applications that are accessible to users.  Block external access to the port that is used for the Central Administration site.  TCP/25 (SMTP for e-mail integration)
Registry	No additional guidance
Auditing and logging	If log files are relocated, ensure that the log file locations are updated to match. Update directory access control lists (ACLs) also.
Code access security	Ensure that you have a minimal set of code access security permissions enabled for your Web application. The <trust> element in the Web.config file for each Web application should be set to WSS_Minimal (where WSS_Minimal has its low defaults as defined in 14\config\wss_minimaltrust.config or by your own custom policy file, which is minimally set.)
Web.config	Follow these recommendations for each Web.config file that is created after you run Setup:  Do not allow compilation or scripting of database pages via the PageParserPaths elements.  Ensure <SafeMode> CallStack=””false”” and AllowPageLevelTrace=””false””.  Ensure that the Web Part limits around maximum controls per zone is set low.  Ensure that the SafeControls list is set to the minimum set of controls needed for your sites.  Ensure that your Workflow SafeTypes list is set to the minimum level of SafeTypes needed.  Ensure that customErrors is turned on (<customErrors mode=””On””/>).  Consider your Web proxy settings as needed (<system.net>/<defaultProxy>).  Set the Upload.aspx limit to the highest size you reasonably expect users to upload (default is 2 GB). Performance can be affected by uploads that exceed 100 MB.

Database server role

The primary recommendation forSharePoint 2010 Products is to secure inter-farm communication by blocking the default ports used for Microsoft SQL Server communication and establishing custom ports for this communication instead. For more information about how to configure ports for SQL Server communication, see Blocking the standard SQL Server ports, later in this article.

Specific port, protocol, and service guidance

The rest of this article describes in greater detail the specific hardening requirements for SharePoint 2010 Products.

In this section:

 Blocking the standard SQL Server ports

 Service application communication

 File and Printer Sharing service requirements

 User Profile service hardening requirements

 Connections to external servers

 Service requirements for e-mail integration

 Service requirements for session state

 SharePoint 2010 Products services

 Web.config file

Blocking the standard SQL Server ports

The specific ports used to connect to SQL Server are affected by whether databases are installed on a default instance of SQL Server or a named instance of SQL Server. The default instance of SQL Server listens for client requests on TCP port 1433. A named instance of SQL Server listens on a randomly assigned port number. Additionally, the port number for a named instance can be reassigned if the instance is restarted (depending on whether the previously assigned port number is available).

By default, client computers that connect to SQL Server first connect by using TCP port 1433. If this communication is unsuccessful, the client computers query the SQL Server Resolution Service that is listening on UDP port 1434 to determine the port on which the database instance is listening.

The default port-communication behavior of SQL Server introduces several issues that affect server hardening. First, the ports used by SQL Server are well-publicized ports and the SQL Server Resolution Service has been the target of buffer overrun attacks and denial-of-service attacks, including the “Slammer” worm virus. Even if SQL Server is updated to mitigate security issues in the SQL Server Resolution Service, the well-publicized ports remain a target. Second, if databases are installed on a named instance of SQL Server, the corresponding communication port is randomly assigned and can change. This behavior can potentially prevent server-to-server communication in a hardened environment. The ability to control which TCP ports are open or blocked is essential to securing your environment.

Consequently, the recommendation for a server farm is to assign static port numbers to named instances of SQL Server and to block UDP port 1434 to prevent potential attackers from accessing the SQL Server Resolution Service. Additionally, consider reassigning the port used by the default instance and blocking TCP port 1433.

There are several methods you can use to block ports. You can block these ports by using a firewall. However, unless you can be sure that there are no other routes into the network segment and that there are no malicious users that have access to the network segment, the recommendation is to block these ports directly on the server that hosts SQL Server. This can be accomplished by using Windows Firewall in Control Panel.

Configuring SQL Server database instances to listen on a nonstandard port

SQL Server provides the ability to reassign the ports that are used by the default instance and any named instances. In SQL Server 2005 and SQL Server 2008, you reassign ports by using SQL Server Configuration Manager.

Configuring SQL Server client aliases

In a server farm, all front-end Web servers and application servers are SQL Server client computers. If you block UDP port 1434 on the SQL Server computer, or you change the default port for the default instance, you must configure a SQL Server client alias on all servers that connect to the SQL Server computer.

To connect to an instance of SQL Server 2005 or SQL Server 2008, you install SQL Server client components on the target computer and then configure the SQL Server client alias by using SQL Server Configuration Manager. To install SQL Server client components, run Setup and select only the following client components to install:

 Connectivity Components

 Management Tools (includes SQL Server Configuration Manager)

For specific hardening steps for blocking the standard SQL ports, see Harden SQL Server for SharePoint environments (SharePoint Foundation 2010) (http://technet.microsoft.com/library/2b390dec-8719-4d18-b283-f97140dfea92(Office.14).aspx).

Service application communication

By default, communication between Web servers and service applications within a farm takes place by using HTTP with a binding to port 32843. When you publish a service application, you can select either HTTP or HTTPS with the following bindings:

 HTTP binding: port 32843

 HTTPS binding: port 32844

Additionally, third parties that develop service applications can implement a third choice:

 net.tcp binding: port 32845

You can change the protocol and port binding for each service application. On the Service Applications page in Central Administration, select the service application, and then click Publish.

Communication between service applications and SQL Server takes place over the standard SQL Server ports or the ports that you configure for SQL Server communication.

File and Printer Sharing service requirements

Several core features depend on the File and Printer Sharing service and the corresponding protocols and ports. These include, but are not limited to, the following:

 Search queries All search queries require the File and Printer Sharing service.

 Crawling and indexing content To crawl content, servers that include crawl components send requests through the front-end Web server. The front-end Web server communicates with content databases directly and sends results back to the servers that include crawl components. This communication requires the File and Printer Sharing service.

The File and Printer Sharing service requires the use of named pipes. Named pipes can communicate by using either direct-hosted SMB or NetBT protocols. For a secure environment, direct-hosted SMB is recommended instead of NetBT. The hardening recommendations provided in this article assume that SMB is used.

The following table describes the hardening requirements that are introduced by the dependency on the File and Printer Sharing service.

Category	Requirements	Notes
Services	File and Printer Sharing	Requires the use of named pipes.
Protocols	Named pipes that use direct-hosted SMB Disable NetBT	Named pipes can use NetBT instead of direct-hosted SMB. However, NetBT is not considered as secure as direct-hosted SMB.
Ports	Either of the following:  Direct-hosted SMB (TCP/UDP 445) — recommended  NetBT (TCP/UDP ports 137, 138, 139)	Disable NetBT (ports 137, 138, and 139) if it is not being used

For more information about how to disable NetBT, see the Microsoft Knowledge Base article 204279, Direct hosting of SMB over TCP/IP (http://go.microsoft.com/fwlink/?LinkId=76143).

Service requirements for e-mail integration

E-mail integration requires the use of two services:

 SMTP service

 Microsoft SharePoint Directory Management service

SMTP service

E-mail integration requires the use of the Simple Mail Transfer Protocol (SMTP) service on at least one of the front-end Web servers in the server farm. The SMTP service is required for incoming e-mail. For outgoing e-mail, you can either use the SMTP service or route outgoing email through a dedicated e-mail server in your organization, such as a Microsoft Exchange Server computer.

Microsoft SharePoint Directory Management service

SharePoint 2010 Products include an internal service, the Microsoft SharePoint Directory Management Service, for creating e-mail distribution groups. When you configure e-mail integration, you have the option to enable the Directory Management Service feature, which lets users create distribution lists. When users create a SharePoint group and they select the option to create a distribution list, the Microsoft SharePoint Directory Management Service creates the corresponding Active Directory distribution list in the Active Directory environment.

In security-hardened environments, the recommendation is to restrict access to the Microsoft SharePoint Directory Management Service by securing the file associated with this service, which is SharePointEmailws.asmx. For example, you might allow access to this file by the server farm account only.

Additionally, this service requires permissions in the Active Directory environment to create Active Directory distribution list objects. The recommendation is to set up a separate organizational unit (OU) in Active Directory for SharePoint 2010 Products objects. Only this OU should allow write access to the account that is used by the Microsoft SharePoint Directory Management Service.

SharePoint 2010 Products services

Do not disable services that are installed by SharePoint 2010 Products (listed in the snapshot previously).

If your environment disallows services that run as a local system, you can consider disabling the SharePoint 2010 Administration service only if you are aware of the consequences and can work around them. This service is a Win32 service that runs as a local system.

This service is used by the SharePoint 2010 Timer service to perform actions that require administrative permissions on the server, such as creating Internet Information Services (IIS) Web sites, deploying code, and stopping and starting services. If you disable this service, you cannot complete deployment-related tasks from the Central Administration site. You must use Windows PowerShell to run the Start-SPAdminJob (http://technet.microsoft.com/library/a96146cd-9973-4680-9a0b-d91ec51200d5(Office.14).aspx) cmdlet (or use the Stsadm.exe command-line tool to run the execadmsvcjobs operation) to complete multiple-server deployments for SharePoint 2010 Products and to run other deployment-related tasks.

Web.config file

The .NET Framework, and ASP.NET in particular, use XML-formatted configuration files to configure applications. The .NET Framework relies on configuration files to define configuration options. The configuration files are text-based XML files. Multiple configuration files can, and typically do, exist on a single system.

System-wide configuration settings for the .NET Framework are defined in the Machine.config file. The Machine.config file is located in the %SystemRoot%\Microsoft.NET\Framework\%VersionNumber%\CONFIG\ folder. The default settings that are contained in the Machine.config file can be modified to affect the behavior of applications that use the .NET Framework on the whole system.

You can change the ASP.NET configuration settings for a single application if you create a Web.config file in the root folder of the application. When you do this, the settings in the Web.config file override the settings in the Machine.config file.

When you extend a Web application by using Central Administration, SharePoint 2010 Products automatically create a Web.config file for the Web application.

The Web server and application server snapshot presented earlier in this article lists recommendations for configuring Web.config files. These recommendations are intended to be applied to each Web.config file that is created, including the Web.config file for the Central Administration site.

For more information about ASP.NET configuration files and editing a Web.config file, see ASP.NET Configuration (http://go.microsoft.com/fwlink/?LinkID=73257).

Plan automatic password change (SharePoint Foundation 2010)

To simplify password management, the automatic password change feature enables you to update and deploy passwords without having to perform manual password update tasks across multiple accounts, services, and Web applications. You can configure the automatic password change feature to determine if a password is about to expire and reset the password using a long, cryptographically-strong random string. To implement the automatic password change feature, you have to configure managed accounts.

In this article:

    Configuring managed accounts

    Resetting passwords automatically on a schedule

    Detecting password expiration

    Resetting the account password immediately

    Synchronizing SharePoint Foundation account passwords with Active Directory Domain Services

    Resetting all passwords immediately

    Credential change process
Configuring managed accounts

Microsoft SharePoint Foundation 2010 supports the creation of managed accounts to improve security and ensure application isolation. Using managed accounts, you can configure the automatic password change feature to deploy passwords across all services in the farm. You can configure SharePoint Web applications and services, running on application servers in a SharePoint farm, to use different domain accounts. You can create multiple accounts in Active Directory Domain Services (AD DS), and then register each of these accounts in SharePoint Foundation 2010. You can map managed accounts to various services and Web applications in the farm.
Resetting passwords automatically on a schedule

Prior to the implementation of the automatic password change feature, updating passwords required resetting each account password in AD DS and then manually updating account passwords on all of the services running on all the computers in the farm. To do this, you had to run the Stsadm command-line tool or use the SharePoint Central Administration Web application. Using the automatic password change feature, you can now register managed accounts and enable SharePoint Foundation 2010 to control account passwords. Users have to be notified about planned password changes and related service interruptions, but the accounts used by a SharePoint farm, Web applications, and various services can be automatically reset and deployed within the farm as necessary, based on individually configured password reset schedules.
Detecting password expiration

IT departments typically impose a policy requiring that all domain account passwords be reset on a regular basis, for example, every 60 days. SharePoint Foundation 2010 can be configured to detect imminent password expiration, and send an e-mail notification to a designated administrator. Even without administrator intervention, SharePoint Foundation 2010 can be configured to generate and reset passwords automatically. The automatic password reset schedule is also configurable to ensure that the impact of possible service interruptions during a password reset will be minimal.
Resetting the account password immediately

You can always override any automatic password reset schedule and force an immediate service account password reset, using a specific password value. In this scenario, the password for the service account can also be changed in AD DS by SharePoint Foundation 2010. The new password is then immediately propagated to other servers in the farm.
Synchronizing SharePoint Foundation account passwords with Active Directory Domain Services

If AD DS and SharePoint Foundation 2010 account passwords are not synchronized, services in the SharePoint farm will not start. If an Active Directory administrator changes an Active Directory account password without coordinating the password change with a SharePoint administrator, there is a risk of service interruptions. In this scenario, a SharePoint administrator can immediately reset the password from the Account Management page using the password value that was changed in AD DS. The password is updated and immediately propagated to the other servers in the SharePoint farm.
Resetting all passwords immediately

If an administrator suddenly leaves your organization, or if the service account passwords need to be immediately reset for any other reason, you can quickly create a Windows PowerShell script that calls the password change cmdlets. You can use the script to generate new random passwords and deploy the new passwords immediately.
Credential change process

When SharePoint Foundation 2010 changes the credentials for a managed account, the credential change process will occur on one server in the farm. Each server in the farm will be notified that the credentials are about to change and servers can perform critical pre-change actions, if necessary. If the account password has not yet been changed, then SharePoint Foundation 2010 will attempt to change the password using either a manually entered password, or a long, cryptographically-strong random string. The complexity settings will be queried from the appropriate policy (network or local), and the generated password will be equivalent to the detected settings.SharePoint Foundation 2010 will attempt to commit a password change. If it is unable to commit the password change, it will retry, using a new sequence, for a specified number of times. If the account password update process succeeds, it will proceed to the next dependent service, where it will again attempt to commit a password change. If it does not ultimately succeed, each dependent service will be notified that they can resume normal activity. Either success in committing a password change or failure to commit will result in the generation of an automated password change status notification that will be sent by e-mail to farm administrators.
- See Also
Configure automatic password change (SharePoint Foundation 2010) (http://technet.microsoft.com/library/a1784b2d-68a4-409d-a8fa-35d0ab885e24(Office.14).aspx)
SQL Server and storage (SharePoint Foundation 2010)

This section describes how to plan for Microsoft SQL Server and storage configuration for Microsoft SharePoint Foundation 2010.

In this section:

    Overview of SQL Server in a SharePoint environment (SharePoint Foundation 2010)

This article describes the relationship between SharePoint Foundation 2010 and supported versions of SQL Server. It also describes how you can interact with the databases, and introduces ways of using the reporting and business intelligence (BI) features of SQL Server with SharePoint Foundation 2010.

    Overview of Remote BLOB Storage (SharePoint Foundation 2010)

This article describes how SharePoint Foundation 2010 works with remote BLOB storage.

    Plan for remote BLOB storage (RBS) (SharePoint Foundation 2010)

This article describes the factors to consider when moving to a remote BLOB storage solution.

Overview of SQL Server in a SharePoint environment (SharePoint Foundation 2010)

This article describes the relationship between Microsoft SharePoint Foundation 2010 and supported versions of Microsoft SQL Server. It also describes how you can interact with the databases, and it introduces ways of using the reporting and business intelligence (BI) features of SQL Server with SharePoint Foundation 2010.

For more information about the supported versions of SQL Server, see Hardware and software requirements (SharePoint Foundation 2010).

In this article:

 SharePoint 2010 Products and the SQL Server database engine

 SQL Server as a data platform for business intelligence in SharePoint 2010 Products

SharePoint 2010 Products and the SQL Server database engine

SharePoint Foundation 2010 is an application that is built on the SQL Server database engine. Most content and settings in SharePoint Foundation 2010 are stored in relational databases. SharePoint Foundation 2010 uses the following kinds of databases:

    Configuration   The Configuration database and Central Administration content database are called configuration databases. They contain data about farm settings such as the databases used, Internet Information Services (IIS) Web sites or web applications, solutions, Web Part packages, site templates, default quota, and blocked file types. A farm can only have one set of configuration databases.

    Content   Content databases store all site content: site documents, such as files in document libraries, list data; Web Part properties; and user names and rights. All the data for a specific site resides in one content database. Each Web application can contain many content databases. Each site collection can be associated with only one content database, although a content database can be associated with many site collections.

    Service application   Service application databases store data for use by a service application. The databases for service applications vary significantly in what they are used for.

For a full list of all of the databases that support SharePoint Foundation 2010, see Database types and descriptions (SharePoint Server 2010) (http://technet.microsoft.com/library/9b1e8b21-7675-4186-beb6-3adeef4360e6(Office.14).aspx).Database types and descriptions (SharePoint Foundation 2010) (http://technet.microsoft.com/library/da66a206-369d-46bc-b974-cf3564baadff(Office.14).aspx).
- Working with the SQL Server databases that support SharePoint 2010 Products
The SQL Server databases that support SharePoint Foundation 2010 can be created either by SharePoint Foundation 2010, or by a database administrator. For more information, see Deploy by using DBA-created databases (SharePoint Foundation 2010) (http://technet.microsoft.com/library/c7647e52-2178-4d3d-9376-84b2c9a35a1e(Office.14).aspx).

Microsoft does not support directly querying or modifying the databases that support SharePoint Foundation 2010, except for the Usage and Health Data Collection service application database, which can be queried directly and can have its schema added to.

The SQL Server databases that support SharePoint Foundation 2010 are subject to sizing limitations and to configuration recommendations that are not standard for SQL Server.
SQL Server as a data platform for business intelligence in SharePoint 2010 Products
SharePoint Foundation 2010 can be used with SQL Server BI tools to analyze and display BI data in meaningful ways. SQL Server provides the primary data infrastructure and business intelligence platform that gives report authors and business users trusted, scalable, and secure data.

The following sections describe the technologies and features in SQL Server that support business intelligence functionality and features in SharePoint Foundation 2010.
- SQL Server database engine
The SQL Server database engine is the core service for storing, processing, and securing data. BI data can be collected from the SQL Server database engine. For more information, see SQL Server Database Engine (http://go.microsoft.com/fwlink/?LinkId=199540).
- SQL Server Analysis Services (SSAS): multi-dimensional data
Microsoft SQL Server Analysis Services (SSAS) multidimensional data enables you to design, create, and manage multidimensional structures that contain detail and aggregated data from multiple data sources. A cube wizard is available in SQL Server 2008 R2 that simplifies how you can create cubes. Dimensional data or cube data is a prototypical data source for the types of analysis that can be done by using the business intelligence-related service applications in SharePoint Foundation 2010. For more information, see SQL Server Analysis Services – Multidimensional Data (http://go.microsoft.com/fwlink/?LinkId=199541).
- SQL Server Analysis Services: data mining
SQL Server Analysis Services data mining tools provide a set of industry-standard data mining algorithms and other tools that help you discover trends and patterns in your data. The following Excel add-ins help you perform predictive analysis:

 Table Analysis Tools for Excel provide easy-to-use tools that take advantage of Analysis Services Data Mining to perform powerful analytics on spreadsheet data. For more information, see SQL Server Analysis Services – Data Mining (http://go.microsoft.com/fwlink/?LinkId=199543).

 Data Mining Client for Excel lets users build, test, and query data mining models within Microsoft Office Excel 2007 by using either worksheet data or external data available through Analysis Services.

Note:

To enable add-ins, you must have a connection to the server.
- SQL Server Reporting Services (SSRS)
Microsoft SQL Server Reporting Services (SSRS) and SharePoint Foundation 2010 are easily integrated. SQL Server Reporting Services has a full range of tools with which you can create, deploy, and manage reports for your organization. It also has features that enable you to extend and customize your reporting functionality.

The available functionality includes:

 Creating reports with Report Builder 3, one of the SQL Server Reporting Services authoring tools, which you can launch directly from SharePoint Foundation 2010.

 Publishing SSRS reports in SharePoint Foundation 2010.

You can publish report server content types to a SharePoint library and then view and manage those documents from a SharePoint site.

For more information about SSRS, see SQL Server Reporting Services (http://go.microsoft.com/fwlink/?LinkId=199545). For more information about how to install the different integration modes, see Overview of documentation for SQL Server Reporting Services reports in SharePoint (http://technet.microsoft.com/library/44be0f8c-e167-4b92-9125-2c03b4e440cf(Office.14).aspx).
- SQL Server Integration Services (SSIS)
Microsoft SQL Server Integration Services (SSIS) provides rich data integration and data transformation solutions. You can create a repeatable extract, transform, and load (ETL) process to automate moving data from sources such as XML data files, flat files, or relational data sources to one or more destinations. If data comes from disparate sources and is not mined or cleansed for the benefits that are provided in BI applications, SQL Server Integration Services helps prepare the data. For more information, see SQL Server Integration Services (http://go.microsoft.com/fwlink/?LinkId=199546).
- Business Intelligence Development Studio (BIDS)
Microsoft Business Intelligence Development Studio (BIDS) provides intuitive wizards for building integration, reporting, and analytic solutions in a unified environment. BIDS supports the complete development life cycle of developing, testing, and deploying solutions and reports. BIDS is based on the Visual Studio 2005 development environment but customizes it with the SQL Server services–specific extensions and project types for reports, ETL data flows, OLAP cubes, and data mining structure.
- PowerPivot for Excel and PowerPivot for SharePoint
PowerPivot is an add-in that enables users to create self-service BI solutions. It also facilitates sharing and collaboration on those solutions in a SharePoint Foundation 2010 environment. PowerPivot also enables IT organizations to increase operational efficiencies through Microsoft SQL Server 2008 management tools. Components of PowerPivot include the following:

 PowerPivot for Excel 2010 is a data analysis add-in that delivers computational power directly to Microsoft Excel 2010. PowerPivot for Excel (formerly known as “Gemini”) lets users analyze large quantities of data, and its integration with SharePoint Foundation 2010 helps IT departments monitor and manage how users collaborate. The add-in removes the one-million-row limit for worksheets and provides rapid calculations for large data sets. For more information, see PowerPivot Overview (http://go.microsoft.com/fwlink/?LinkId=199547).

 PowerPivot for SharePoint 2010 extends SharePoint Foundation 2010 and Excel Services to add server-side processing, collaboration, and document management support for the PowerPivot workbooks that you publish to SharePoint sites. For more information, see PowerPivot for SharePoint (http://go.microsoft.com/fwlink/?LinkId=199547).
- Master Data Services
SQL Server Master Data Services lets you centrally manage important data assets companywide and across diverse systems to provide more trusted data to your BI applications. Master Data Services helps you create a master data hub that includes a thin-client data management application for a data steward. The application can also apply workflow to assigned owners, apply extensible business rules to safeguard data quality, and apply hierarchy and attribute management strategies. For more information, see Master Data Services (http://go.microsoft.com/fwlink/?LinkId=199548).
- StreamInsight and complex event processing
Microsoft StreamInsight is a new feature in SQL Server 2008 R2 that provides a powerful platform for developing and deploying complex event processing (CEP) applications. CEP is a technology for processing streams of events with high-throughput and low-latency. StreamInsight lets you analyze data without first storing it, and helps you monitor data from multiple sources to detect patterns, trends, and exceptions almost instantly. The ability to monitor, analyze, and act on data in motion in an event-driven manner provides significant opportunity to make more rapid, informed business decisions. For more information, see Microsoft StreamInsight (http://go.microsoft.com/fwlink/?LinkId=199549).

Evaluate provider options

RBS requires a provider that connects the RBS APIs and SQL Server. Microsoft SQL Server 2008 Express and Microsoft SQL Server 2008 R2 Express include the FILESTREAM provider.

Important:

RBS can be run on the local server running Microsoft SQL Server 2008 R2, SQL Server 2008 or SQL Server 2008 R2 Express. To run RBS on a remote server, you must be running SQL Server 2008 R2 Enterprise edition. SharePoint Foundation 2010 requires you to use the version of RBS that is included with the SQL Server Remote BLOB Store installation package from the Feature Pack for Microsoft SQL Server 2008 R2. Earlier versions of RBS will not work with SharePoint Foundation 2010. In addition, RBS is not supported in SQL Server 2005.

BLOBs can be kept on commodity storage such as direct-attached storage (DAS) or network attached storage (NAS), as supported by the provider. The FILESTREAM provider is supported by SharePoint Foundation 2010 when it is used on local hard disk drives only. You cannot use RBS with FILESTREAM on remote storage devices, such as NAS.

The following table summarizes FILESTREAM benefits and limitations.

Operational requirement	RBS with FILESTREAM	RBS without FILESTREAM
SQL Server integrated backup and recovery of the BLOB Store	Yes	Yes
Scripted migration to BLOBs	Yes	Yes
Supports mirroring	No	No
Log shipping	Yes	Yes, with provider implementation
Database snapshots	No¹	No¹
Geo replication	Yes	No
Encryption	NTFS only	No
Network Attached Storage (NAS)	Not supported by SharePoint 2010 Products	Yes, with provider implementation

¹If the RBS provider that you are using does not support snapshots, you cannot use snapshots for content deployment or backup. For example, the SQL FILESTREAM provider does not support snapshots.

If FILESTREAM is not a practical provider for your environment, you can purchase a supported third-party provider. In this case, you should evaluate the following criteria when shopping for a provider:

 Backup and restore capability

 Tested disaster recovery

 Deployment and data migration

 Performance impact

 Long-term administrative costs

Important:

We do not recommend that you develop your own provider unless you are an independent software vendor (ISV) that has significant development experience in designing storage solutions.

Plan for business continuity management (SharePoint Foundation 2010)

Business continuity management consists of the business decisions, processes, and tools you put in place in advance to handle crises. A crisis might affect your business only, or be part of a local, regional, or national event.

Features of Microsoft SharePoint Foundation 2010 are likely to be part of your business continuity management strategy, but your overall plan should be much more comprehensive and include the following elements:

    Clearly documented procedures.

    Offsite storage of key business records.

    Clearly designated contacts.

    Ongoing staff training, including practices and drills.

    Offsite recovery mechanisms.

In this article:

    Business continuity management capabilities

    Service level agreements

Business continuity management capabilities

Microsoft SharePoint Foundation 2010 includes the following capabilities that support business continuity management.

    Versioning   Users can lose data by overwriting a document. With versioning, users can keep multiple versions of the same document in a document library. In the event of an unwanted change, an overwritten document, or document corruption, the previous version can easily be restored by the user. When versioning is enabled, users can recover their data themselves.

For more information, see Plan to protect content by using recycle bins and versioning (SharePoint Foundation 2010).

    Recycle Bin   SharePoint Foundation 2010 includes a two-stage Recycle Bin. Users who have the appropriate permissions can use the first-stage Recycle Bin to recover documents, list items, lists, and document libraries that have been deleted from a site. Site collection administrators can use the second-stage Recycle Bin, also called the Site Collection Recycle Bin, to recover items that have been deleted from the first-stage Recycle Bin. When the first-stage Recycle Bin is enabled, users can recover their data themselves.

For more information, see Plan to protect content by using recycle bins and versioning (SharePoint Foundation 2010).

    Backup and recovery   You can use Windows PowerShell cmdlets or the SharePoint Central Administration Web site to back up and recover farms, databases, Web applications, and site collections. There are also many external and third-party tools that you can use to back up and recover data. For more information, see Plan for backup and recovery (SharePoint Foundation 2010).

    Availability   No single feature provides availability within a SharePoint Foundation 2010 environment. You can choose among many approaches to improve availability, including the following:

    Fault tolerance of components and the network.

    Redundancy of server roles and servers within a farm.

For more information about availability, see Plan for availability (SharePoint Foundation 2010).

    Disaster recovery   No single feature provides disaster recovery within a SharePoint Foundation 2010 environment. You can choose among many approaches to improve availability when a data center goes offline, including the following:

    Offsite storage of backups, both within and outside your region.

    Shipping images of servers to offsite locations.

    Running multiple data centers, but serving data only through one, keeping the others available on standby.

For more information about disaster recovery, see Plan for disaster recovery (SharePoint Foundation 2010).
Service level agreements

Business continuity management is a key area in which IT groups offer service level agreements (SLAs) to set expectations with customer groups. Many IT organizations offer various SLAs that are associated with different chargeback levels.

The following list describes common features of business continuity management SLAs:

    Versioning

    Whether offered.

    Amount of space allocated.

    Recycle Bins

    Whether offered.

    Amount of space allocated for the first-stage Recycle Bin and second-stage Recycle Bin.

    Length of time that items are held before they are permanently deleted in each Recycle Bin.

    Additional charges for recovering items that have been permanently deleted from the second-stage Recycle Bin.

    Backup and recovery

Backup and recovery SLAs usually identify objects and services that can be backed up and recovered, and the recovery time objective, recovery point objective, and recovery level objective for each. The SLA may also identify the available backup window for each object. For more information about backup and recovery SLAs, see Plan for backup and recovery (SharePoint Foundation 2010).

    Recovery time objective (RTO) is the objective for the maximum time a data recovery process will take. It is determined by the amount of time the business can afford for the site or service to be unavailable.

    Recovery point objective (RPO) is the objective for the maximum amount of time between the last available backup and any potential failure point. It is determined by how much data the business can afford to lose in the event of a failure.

    Recovery level objective (RLO) is the objective that defines the granularity with which you must be able to recover data — whether you must be able to recover the entire farm, Web application, site collection, site, list or library, or item.

    Availability

For each component within a farm that is covered by an availability plan, an availability SLA may identify availability as a percentage of uptime, often expressed as the number of nines — that is, the percentage of time that a given system is active and working. For example, a system with a 99.999 uptime percentage is said to have five nines of availability.

Note:

When calculating availability, most organizations specifically exempt or add hours for planned maintenance activities.

For more information, see Plan for availability (SharePoint Foundation 2010).

    Disaster recovery

For each component within a farm that is covered by a disaster recovery plan, an SLA may identify the recovery point objective and recovery time objective. Different recovery time objectives are often set for different circumstances, for example a local emergency versus a regional emergency.

For more information, see Plan for disaster recovery (SharePoint Foundation 2010).

Protecting content by using recycle bins

The following table describes how an item is deleted and recovered from the first-stage Recycle Bin and the second-stage Recycle Bin.

When a user does this	The item is	The item can be restored by
Deletes an item	Held in the first-stage Recycle Bin until the item is deleted from the Recycle Bin or the item has been in the Recycle Bin longer than the time limit configured for an item to be held in the Recycle Bin.	Users or site collection administrators
Deletes an item from the Recycle Bin	Held in the second-stage Recycle Bin	Site collection administrators

Turning off the Recycle Bin for a Web application empties all Recycle Bins and permanently deletes all items in them.

First-stage Recycle Bin

When an item is deleted from the Recycle Bin, the item is sent to the second-stage Recycle Bin.

Note:

The time limit for the Recycle Bins applies to the total time after the item was first deleted — not the time spent in either Recycle Bin stage.

Second stage (Site Collection) Recycle Bin

For more information about setting quotas, see

 Plan for site maintenance and management (SharePoint Foundation 2010)

 Create quota templates (SharePoint Foundation 2010)

For information about configuring the Recycle Bins, see Configure the Recycle Bin (SharePoint Foundation 2010).

Protecting content by using versioning

Versioning addresses the issue of losing data by overwriting a document. It allows the document library to keep multiple copies of the same document. In the event of an unwanted change, an overwrite, or a document corruption, the previous version can easily be restored by the user. Versioning can be enabled at the library or list level. Items and files can be versioned.

Before configuring versioning, be sure to read Plan for site maintenance and management (SharePoint Foundation 2010) .

For more information about configuring versioning, see Enable and configure versioning (SharePoint Foundation 2010) .

Administrators must closely manage versioning, because if sites have many versions of files and documents, the sites can become quite large. If you do not restrict the size of sites, your sites can surpass your storage capacity. Farm administrators can manage this issue by establishing service level agreements with site owners and by setting size quotas on sites. For more information about managing versioning, see Manage versioning by using quotas (SharePoint Foundation 2010).

Plan for backup and recovery (SharePoint Foundation 2010)

This article describes the stages involved in planning for backup and recovery, which include determining backup and recovery strategies for a Microsoft SharePoint Foundation environment and deciding which tools to use. The stages do not need to be done in the order listed, and the process may be iterative.

When you plan for how you will use backup and recovery for disaster recovery, consider common events, failures, and errors; local emergencies; and regional emergencies.

For detailed information about Microsoft SharePoint Foundation backup and recovery, see Backup and recovery overview (SharePoint Foundation 2010).

In this article:

    Define business requirements

    Choose what to protect and recover in your environment

    Choose tools

    Determine strategies

    Plan for enhanced backup and recovery performance

Define business requirements

To define business requirements, determine the following for each farm and service in the environment:

    Recovery point objective (RPO) is the objective for the maximum amount of time between the last available backup and any potential failure point. It is determined by the amount of data that the business can afford to lose in the event of a failure.

    Recovery time objective (RTO) is the objective for the maximum time a data recovery process will take. It is determined by the amount of time the business can afford for the site or service to be unavailable.

    Recovery level objective (RLO) is the objective that defines the granularity with which you must be able to recover data — whether you must be able to recover the entire farm, Web application, site collection, site, list or library, or item.

Shorter RPO and RTO, and greater granularity of RLO, all tend to cost more.

A worksheet to help you plan your strategies for backup and recovery for your SharePoint Foundation 2010 environment can be downloaded from SharePoint 2010 Products backup and recovery planning workbook (http://go.microsoft.com/fwlink/?LinkID=184385).

Choose what to protect and recover in your environment

Your business requirements will help you determine which components of the environment you need to protect, and the granularity with which you need to be able to recover them.

The following table lists components of a SharePoint environment that you might decide to protect, and the tools that can be used to back up and recover each component.

Component	SharePoint backup	Microsoft SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2	System Center Data Protection Manager (DPM) 2010	File system backup
Farm	Yes		Yes⁶
Service applications	Yes
Web application	Yes
Content databases	Yes	Yes	Yes
Site collection	Yes^{1, 2}	Yes^{1, 2}	Yes^{1, 2}
Site	Yes²	Yes²	Yes
Document library or list	Yes²	Yes²	Yes
List item or document			Yes
Content stored in remote BLOB stores	Yes³	Yes³	Yes³
Customizations deployed as solution packages	Yes⁷	Yes⁷	Yes^{6, 7}
Changes to Web.config made by using Central Administration or an API	Yes	Yes	Yes⁴
Configuration settings (SharePoint)	Yes^{2, 8}	Yes^{2, 8}	Yes ^{2, 9}
Customizations not deployed as solution packages			Yes. Files can be recovered if protected as files.^{4, 5}	Yes
Changes to Web.config not made by using Central administration or an API			Yes⁴	Yes
IIS configurations not set through SharePoint			Yes⁵	Yes
SQL Server Reporting Services databases		Yes	Yes

¹Farm-level and database-level backup and restore can be used for site collection recovery if a single site collection is stored in a database.

²Farm-level and database-level backups can be used with SharePoint Foundation unattached database recovery to restore site collections, sites, lists, and configurations.

³Content stored in remote BLOB stores is backed up and restored with other content, as long as the Remote BLOB Storage (RBS) provider in use has this capability.

⁴Changes to Web.config can be backed up by using file system backup from DPM 2010.

⁵IIS configurations can be recovered by using a bare metal backup from DPM 2010.

⁶DPM 2010 can recover this item by using a combination of a bare metal backup and SharePoint Foundation backup. It cannot be backed up and recovered as an object.

⁷Fully-trusted solution packages are stored in the configuration database, and sandboxed solutions are stored in content databases. They can be recovered as part of farm or content database recovery.

⁸Configuration settings can be recovered from farm-level backups. For more information, see Restore a farm (SharePoint Foundation 2010) (http://technet.microsoft.com/library/f7fd691f-bcf0-4b21-8bb6-d443be711f1e(Office.14).aspx).

⁹The Central Administration content database and the configuration database for a SharePoint Foundation 2010 farm can be recovered but only as part of a full-farm recovery to the same farm, with the same computers.

Note

 You can register SharePoint Foundation 2010 with Windows Server Backup by using the stsadm.exe -o -registerwsswriter operation to configure the Volume Shadow Copy Service (VSS) writer for SharePoint Foundation. Windows Server Backup then includes SharePoint Foundation 2010 in server-wide backups. When you restore from a Windows Server backup, you can select Microsoft SharePoint Foundation (no matter which version of SharePoint 2010 Products is installed), and all components reported by the VSS writer forSharePoint Foundation 2010 on that server at the time of the backup will be restored.

 Windows Server Backup is recommended only for use with for single-server deployments.

Choose what to recover from within SharePoint content databases

From within a content database, you can recover site collections, sites, lists and libraries.

Protecting customizations

Customizations to SharePoint sites can include:

 Master pages, page layouts and cascading style sheets. These objects are stored in the content database for a Web application.

 Web Parts, site or list definitions, custom columns, new content types, custom fields, custom actions, coded workflows, or workflow activities and conditions.

 Third-party solutions and their associated binary files and registry keys, such as IFilters.

 Changes to standard XML files.

 Custom site definitions (Webtemp.xml).

 Changes to the Web.config file.

Protecting workflows

Workflows are a special case of customizations that you can back up and recover. Make sure that your backup and recovery plan addresses any of the following scenarios that apply to your environment:

 Declarative workflows, such as those created in Microsoft SharePoint Designer 2010, are stored in the content database for the site collection to which they are they are deployed. Backing up the content database protects these workflows.

 Custom declarative workflow actions have components in the following three locations:

a. The Visual Studio assemblies for the Activities are stored in the global assembly catalog (GAC).

b. The XML definition files (.ACTIONS files) are stored in the 14\TEMPLATE\{LCID}\Workflow directory.

c. An XML entry to mark the activity as an authorized type is stored in the Web.config file for the Web applications in which it is used.

If your farm workflows use custom actions, you should use a file backup system to protect these files and XML entries. Similar to SharePoint Foundation features such as Web parts and event receivers, these files should be reapplied to the farm as needed after recovery.

 Workflows that depend on custom code, such as those that are created by using Visual Studio, are stored in two locations. The Visual Studio assemblies for the workflow are stored in the global assembly catalog (GAC), and the XML definition files are stored in the Features directory. This is the same as other types of SharePoint Foundation features such as Web parts and event receivers. If the workflow was installed as part of a solution package, backing up the content database protects these workflows.

 If you create a custom workflow that interacts with a site collection other than the one where the workflow is deployed, you must back up both site collections to protect the workflow. This includes workflows that write to a history list or other custom list in another site collection. Performing a farm backup is sufficient to back up all site collections in the farm and all workflows that are associated with them.

 Workflows that are not yet deployed must be backed up and restored separately like any other data file. When you are developing a new workflow but have not yet deployed it to the SharePoint Foundation farm, make sure that you back up the folder where you store your workflow project files by using Windows Backup or another file system backup application.

Protecting service applications

Protecting SQL Server Reporting Services databases

Choose tools

To choose the right tools for backup and recovery, you need to determine whether you can meet the continuity requirements you have set for your business within your budget for time and resources.

Key factors to consider when choosing tools include:

 Speed of backup: Can the tool perform within the maintenance window for your databases? You should test any backup system to ensure that it meets your needs on your hardware.

 Completeness of recovery.

 Granularity of objects that can be recovered.

 Backup type supported (full, differential, or incremental).

 Complexity of managing the tool.

The following table compares the type of backup and size of farm that can be backed up in a six-hour window for backup and recovery tools available from Microsoft.

Tool	Backup type	Size of backup completed in six hours¹
SharePoint farm backup and recovery	Full, differential	600 GB
SQL Server	Full, differential	600 GB
System Center Data Protection Manager	Incremental	Terabytes

¹Backup size was determined by backing up a system that totals the specified size on the test hardware listed in the following section.

Note:

The SharePoint Foundation and SQL Server backups were performed with backup compression turned on.

Test hardware

The following table lists the hardware used in the tests that determined the size of backup that could be completed in a six-hour window.

Component	Description
Processor	64-bit dual processor, 3 GHz
RAM	8 GB
Disk	2 terabyte NTFS file system-formatted partition
Network	100 megabits per second (Mbps) or faster connection between client computers and server
Network share	Network share with 1.25 terabytes free space

Note:

The upper size limit for performing SharePoint Foundation 2010 site collection backups is 85 GB.

For detailed information about the backup and recovery systems that can be used with Microsoft SharePoint Foundation, see the following resources:

 Backup and recovery overview (SharePoint Foundation 2010)

 Backing Up and Restoring Databases in SQL Server (http://go.microsoft.com/fwlink/?LinkID=186643)

 Data Protection Manager 2010 Release Candidate Overview (http://go.microsoft.com/fwlink/?LinkID=186655)

Determine strategies

Based on your business requirements, recovery needs, and the tools you have chosen, determine and document the backup and recovery strategies for your environment.

It is not uncommon for IT departments that support SharePoint Foundation environments to decide to use more than one tool to protect the environment, as they determine the strategies that they will use.

For example, in an environment with databases that are managed by DBAs, the strategies in the following list might be employed:

    All databases are backed up by SQL Server. The backup interval that is set for each database is based on the following:

    The business impact of the content or service.

    The standard rate of change for the database.

    The effect on performance that the backup has on the environment.

    Small, rapidly changing, very high-business-impact content databases are additionally protected by SQL Server database snapshots that are stored on a separate physical disk. Only one snapshot is stored per database, and snapshots are discarded regularly, so that the effect on performance is minimized. The snapshot interval that is set for each database is based on the following:

    The business impact of the content or service.

    The standard rate of change for the database.

    The effect on performance that the snapshot has on the environment.

    The amount of space required to store the snapshot.

Recovering from a snapshot is faster than standard recovery because a snapshot, along with its underlying database, can be treated by SharePoint Foundation as an unattached database. However, the process of creating snapshots can decrease the performance of the underlying database. We recommend that the effect that snapshots have on the performance of your system be tested before they are implemented, and that snapshots be discarded regularly to reduce the space required.

Note:

If you are using RBS, and the RBS provider that you are using does not support snapshots, you cannot use snapshots for backup. For example, the SQL FILESTREAM provider does not support snapshots.

    SharePoint Foundation backup is used to protect service applications. The backup interval is based on the following:

    The business impact of the service.

    The standard rate of change for the database.

    The effect on performance that the backup has on the database.

    All restore operations are performed through SharePoint Foundation. The choice of which restore system to use is determined by the type of backup that is available and the object being restored.

Other tools should be part of your business continuity strategy. Consider how you will use Recycle Bins and versioning in site collections throughout the environment. For more information, see Plan for business continuity management (SharePoint Foundation 2010).
Plan for enhanced backup and recovery performance
As you plan your backup and recovery strategy, consider the following recommendations to help you decrease the effect of backup and recovery on system performance.

By design, most backup jobs consume as many I/O resources as they can to finish the job in the available time for maintenance; therefore, you might see disk queuing and you might see that all I/O requests come back more slowly than usual. This is typical and should not be considered a problem.
- Follow recommendations for configuring SQL Server and storage
Follow the general recommendations for configuring SQL Server and storage for a SharePoint Foundation environment. For more information, see SQL Server and storage (SharePoint Foundation 2010).
- Minimize latency between SQL Server and the backup location
In general, it is best to use a local disk, not a network drive, for backups. If you are backing up multiple servers, you may want to have a directly connected computer that both servers can write to. Network drives that have 1 millisecond or less latency between them and the computers that are running SQL Server will perform well. If your farm has multiple servers in it (including the computer that is running SQL Server), you must use UNC network paths for the SharePoint farm backup location.
- Avoid processing conflicts
Do not run backup jobs during times in which users require access to the system.

To avoid I/O bottlenecks, perform the main backup to a separate disk, and only then copy to tape.

Consider staggering backups so that not all databases are backed up at the same time.

SharePoint Foundation backups use SQL Server backups. When using compression with your backups, be mindful not to overwhelm SQL Server. For example, some third-party backup tools compress data during backup, which can disrupt SQL Server performance. There are tools available to throttle the compression processes and control the effect on SQL Server.
- Follow SQL Server backup and restore optimization recommendations
If you are running SQL Server 2008 Enterprise, we recommend that you use backup compression. For more information, see Backup Compression (SQL Server) (http://go.microsoft.com/fwlink/?LinkId=179525).

If you are using SQL Server backups, use a combination of full, differential, and transaction log backups for the full recovery model to minimize recovery time. Differential database backups are usually faster to create than full database backups, and they reduce the amount of transaction log required to recover the database.

If you are using the full recovery model in SQL Server 2008, we recommend that you use the truncate option during backup to avoid maintenance issues.

For detailed recommendations about how to optimize SQL Server backup and restore performance, see Optimizing Backup and Restore Performance in SQL Server (http://go.microsoft.com/fwlink/?LinkId=126630).
- Ensure sufficient write performance on the backup drive
Carefully consider whether to use redundant array of independent disks (RAID) on your disk backup device. For example, RAID 5 has low write performance, approximately the same speed as for a single disk. (This is because RAID 5 maintains parity information.) Using RAID 10 for a backup device may provide faster backups. For more information about how to use RAID with backups, see Configure RAID for maximum SQL Server I/O throughput (http://go.microsoft.com/fwlink/?LinkId=126632).

Availability overview

Note:

When calculating availability, most organizations specifically exempt or add hours for planned maintenance activities.

The following table correlates uptime percentage with calendar time equivalents.

Acceptable uptime percentage	Downtime per day	Downtime per month	Downtime per year
95	72.00 minutes	36 hours	18.26 days
99 (two nines)	14.40 minutes	7 hours	3.65 days
99.9 (three nines)	86.40 seconds	43 minutes	8.77 hours
99.99 (four nines)	8.64 seconds	4 minutes	52.60 minutes
99.999 (five nines)	0.86 seconds	26 seconds	5.26 minutes

Costs of availability

 Additional hardware and software, which can increase the complexity of interactions among software applications and settings.

 Additional operational complexity.

Determining availability requirements

To gauge your organization’s tolerance of downtime for a site, service, or farm, answer the following questions:

 If the site, service, or farm becomes unavailable, will employees be unable to perform their expected job responsibilities?

 If the site, service, or farm becomes unavailable, will business and customer transactions be stopped, leading to loss of business and customers?

If you answered yes to either of these questions, you should invest in an availability solution.

Choosing an availability strategy and level

You can choose among many approaches to improve availability in a SharePoint Foundation environment, including the following:

 Improve the fault tolerance of server hardware components.

 Increase the redundancy of server roles within a farm.

Hardware component fault tolerance

 Complete redundancy of every component within a server may be impossible or impractical. Use additional servers for additional redundancy.

 Ensure that servers have multiple power supplies connected to different power sources for maximum redundancy.

In any system, we recommend that you work with hardware vendors to obtain fault-tolerant hardware that is appropriate for the system, including redundant array of independent disks (RAID) arrays.

Redundancy within a farm

SharePoint Foundation 2010 supports running server roles on redundant computers (that is, scaling out) within a farm to increase capacity and to provide basic availability.

Availability within a server farm

The following table describes the server roles in a SharePoint Foundation 2010 environment and the redundancy strategies that can be used for each within a farm.

Server role	Preferred redundancy strategy within a farm
Front-end Web server	Deploy multiple front-end Web servers within a farm, and use Network Load Balancing (NLB).
Application server	Deploy multiple application servers within a farm.
Database server	Deploy database servers by using clustering or high-availability database mirroring.

Database availability strategies

You can use Microsoft SQL Server failover clustering or SQL Server high-availability database mirroring to support availability of databases in a SharePoint Foundation environment.

SQL Server failover clustering

SharePoint Foundation references the cluster as a whole; therefore, failover is automatic and seamless from the perspective of SharePoint Foundation.

SQL Server high-availability mirroring

1. The witness server that is configured for SQL Server mirroring automatically swaps the roles of the primary and mirror databases.

2. SharePoint Foundation automatically attempts to contact the server that is specified as the failover database.

For information about how to configure database mirroring, see Configure availability by using SQL Server database mirroring (SharePoint Foundation 2010) (http://technet.microsoft.com/library/142fc165-8f11-4509-b698-d7d44dfdbd22(Office.14).aspx).

For general information about database mirroring, see Database Mirroring (http://go.microsoft.com/fwlink/?LinkID=180597).

Note:

Databases that have been configured to use the SQL Server FILESTREAM remote BLOB store provider cannot be mirrored.

Comparison of database availability strategies for a single farm: SQL Server failover clustering vs. SQL Server high-availability mirroring

The following table compares failover clustering to synchronous SQL Server high-availability mirroring.

SQL Server failover clustering

SQL Server high-availability mirroring

Time to failover

Cluster member takes over immediately upon failure.

Mirror takes over immediately upon failure.

Transactional consistency?

Yes

Yes

Transactional concurrency?

Yes

Yes

Time to recovery

Shorter time to recovery (milliseconds)

Slightly longer time to recovery (milliseconds).

Steps required for failover?

Failure is automatically detected by database nodes; SharePoint Foundation 2010 references the cluster so that failover is seamless and automatic.

Failure is automatically detected by the database; SharePoint Foundation 2010 is aware of the mirror location, if it has been configured correctly, so that failover is automatic.

Protection against failed storage?

Does not protect against failed storage, because storage is shared between nodes in the cluster.

Protects against failed storage because both the principal and mirror database servers write to local disks.

Storage types supported

Shared storage (more expensive).

Can use less-expensive direct-attached storage (DAS).

Location requirements

Members of the cluster must be on the same subnet.

Principal, mirror, and witness servers must be on the same LAN (up to 1 millisecond latency roundtrip).

Recovery model

SQL Server full recovery model recommended. You can use the SQL Server simple recovery model, but the only available recovery point if the cluster is lost will be the last full backup.

Requires SQL Server full recovery model.

Performance overhead

Some decrease in performance may occur while a failover is occurring.

High-availability mirroring introduces transactional latency because it is synchronous. It also requires additional memory and processor overhead.

Operational burden

Set up and maintained at the server level.

The operational burden is larger than clustering. Must be set up and maintained for all databases. Reconfiguring after failover is manual.

Service application redundancy strategies

The redundancy strategy you follow for protecting service applications that run in a farm varies, depending on where the service application stores data.

Service applications that store data in databases

To help protect service applications that store data in databases, you must follow these steps:

1. Install the service on multiple application servers to provide redundancy within the environment.

2. Configure SQL Server clustering or mirroring to protect the data.

The following service applications store data in databases:

 Business Data Connectivity service application

 Application Registry service application

We do not recommend mirroring the Application Registry database, because it is only used when upgrading Windows SharePoint Services 3.0 Business Data Catolog information to SharePoint Foundation 2010.

 Usage and Health Data Collection service application

Note:

We recommend that you do not mirror the Usage and Health Data Collection service application Logging database.

 Microsoft SharePoint Foundation Subscription Settings service

Redundancy and failover between closely located data centers configured as a single farm (“stretched” farm)

Some enterprises have data centers that are located close to one another with high-bandwidth connections so that they can be configured as a single farm. This is called a “stretched” farm. For a stretched farm to work, there must be less than 1 millisecond latency between SQL Server and the front-end Web servers in one direction, and at least 1 gigabit per second bandwidth.

In this scenario, you can provide fault tolerance by following the standard guidance for making databases and service applications redundant.

The following illustration shows a stretched farm.

Stretched farm

Plan for disaster recovery (SharePoint Foundation 2010)

This article describes key decisions in choosing disaster recovery strategies for a Microsoft SharePoint Foundation 2010 environment.

In this article:

    Disaster recovery overview

    Choose a disaster recovery strategy

    Planning for cold standby

    Planning for warm standby

    Planning for hot standby data centers

    System requirements for disaster recovery

Disaster recovery overview

For the purposes of this article, we define disaster recovery as the ability to recover from a situation in which a data center that hosts SharePoint Foundation becomes unavailable.

The disaster recovery strategy that you use for SharePoint Foundation must be coordinated with the disaster recovery strategy for the related infrastructure, including Active Directory domains, Exchange Server, and Microsoft SQL Server. Work with the administrators of the infrastructure that you rely on to design a coordinated disaster recovery strategy and plan.

The time and immediate effort to get another farm up and running in a different location is often referred to as a hot, warm, or cold standby. Our definitions for these terms are as follows:

Hot standby A second data center that can provide availability within seconds or minutes.

Warm standby A second data center that can provide availability within minutes or hours.

Cold standby A second data center that can provide availability within hours or days.

Disaster recovery can be one of the more expensive requirements for a system. The shorter the interval between failure and availability and the more systems you protect, the more complex and costly a disaster recovery solution is likely to be. When you invest in hot or warm standby data centers, costs include:

 Additional hardware and software, which often increase the complexity of operations between software applications, such as custom scripts for failover and recovery.

 Additional operational complexity.

The costs of maintaining hot or warm standby data centers should be evaluated based on your business needs. Not all solutions within an organization are likely to require the same level of availability after a disaster. You can offer different levels of disaster recovery for different content, services, or farms — for example, content that has high impact on your business, or search services, or an Internet publishing farm.

Disaster recovery is a key area in which information technology (IT) groups offer service level agreements (SLAs) to set expectations with customer groups. Many IT organizations offer a variety of SLAs that are associated with different chargeback levels.

When you implement failover between server farms, we recommend that you first deploy and tune the core solution within a farm, and then implement and test disaster recovery.

Choose a disaster recovery strategy

You can choose among many approaches to provide disaster recovery for a SharePoint Foundation environment, depending on your business needs. The following examples show why companies might choose cold, warm, or hot standby disaster recovery strategies.

    Cold standby disaster recovery strategy: A business ships backups to support bare metal recovery to local and regional offsite storage on a regular basis, and has contracts in place for emergency server rentals in another region.

Pros:

    Often the cheapest option to maintain, operationally.

    Often an expensive option to recover, because it requires that physical servers be configured correctly after a disaster has occurred.

Cons: The slowest option to recover.

    Warm standby disaster recovery strategy: A business ships virtual server images to local and regional disaster recovery farms.

Pros: Often relatively inexpensive to recover, because a virtual server farm can require little configuration upon recovery.

Cons: Can be very expensive and time consuming to maintain.

    Hot standby disaster recovery strategy: A business runs multiple data centers, but serves content and services through only one data center.

Pros: Often relatively fast to recover.

Cons: Can be quite expensive to configure and maintain.

Important:

No matter which disaster recovery solution you decide to implement for your environment, you are likely to incur some data loss.

Planning for cold standby data centers

In a cold standby disaster recovery scenario, you can recover by setting up a new farm in a new location, (preferably by using a scripted deployment), and restoring backups. Or, you can recover by restoring a farm from a backup solution such as Microsoft System Center Data Protection Manager 2007 that protects your data at the computer level and lets you restore each server individually. This article does not contain detailed instructions for how to create and recover in cold standby scenarios. For more information, see:

 Restore a farm (SharePoint Foundation 2010) (http://technet.microsoft.com/library/f7fd691f-bcf0-4b21-8bb6-d443be711f1e(Office.14).aspx)

 Restore customizations (SharePoint Foundation 2010) (http://technet.microsoft.com/library/8d1b2aba-edd3-4089-8255-8f3ef2b1b211(Office.14).aspx)

Planning for warm standby data centers

In a warm standby disaster recovery scenario, you can create a warm standby solution by making sure that you consistently and frequently create virtual images of the servers in your farm that you ship to a secondary location. At the secondary location, you must have an environment available in which you can easily configure and connect the images to re-create your farm environment.

This article does not contain detailed instructions for creating warm standby solutions. For more information about how to plan to deploy farms by using virtual solutions, see Plan for virtualization (SharePoint Foundation 2010).
Planning for hot standby data centers

In a hot standby disaster recovery scenario, you can set up a failover farm to provide disaster recovery in a separate data center from the primary farm. An environment that has a separate failover farm has the following characteristics:

    A separate configuration database and Central Administration content database must be maintained on the failover farm.

    All customizations must be deployed on both farms.

Note:

We recommend that you use scripted deployment to create the primary and failover farm by using the same configuration settings and customizations.

    Updates must be applied to both farms, individually.

    SharePoint Foundation content databases can be successfully asynchronously mirrored or log-shipped to the failover farm.

Note:

SQL Server mirroring can only be used to copy databases to a single mirror server, but you can log-ship to multiple secondary servers.

    Service applications vary in whether they can be log-shipped to a farm. For more information, see Service application redundancy across data centers later in this article.

This topology can be repeated across many data centers, if you configure SQL Server log shipping to one or more additional data centers.

Consult with your SAN vendor to determine whether you can use SAN replication or another supported mechanism to provide availability across data centers.

The following illustration shows primary and failover farms before failover.

Primary and failover farms before failover
- Service application redundancy across data centers
To provide availability across data centers for service applications, we recommend that for the services that can be run cross-farm, you run a separate services farm that can be accessed from both the primary and the secondary data centers.

For services that cannot be run cross-farm, and to provide availability for the services farm itself, the strategy for providing redundancy across data centers for a service application varies. The strategy employed depends on whether:

    There is business value in running the service application in the disaster recovery farm when it is not in use.

    The databases associated with the service application can be log-shipped or asynchronously mirrored.

    The service application can run against read-only databases.

The following sections describe the disaster recovery strategies that we recommend for each service application. The service applications are grouped by strategy.
- Databases that can be log-shipped or asynchronously mirrored
After a service application has been initially deployed on a secondary farm, the databases that support the following service applications can be asynchronously mirrored or log-shipped across farms:

    Application Registry service application

Databases: Application Registry service

    Business Data Connectivity service application

Databases: Business Data Connectivity

    Usage and Health Data Collection service application

Databases: Logging

Note:

It is possible to log-ship or mirror the Logging database. However, we recommend that you do not run the Usage and Health Data Collection service on the disaster recovery farm, and that you do not mirror nor log-ship the Logging database.
- Service applications and databases that cannot be log-shipped or asynchronously mirrored
The following service applications must be deployed on both the primary and failover farms, and cannot be log-shipped or asynchronously mirrored. For most of these service applications, we recommend that you deploy them and then verify that the failover farm has the same configuration settings as the primary farm. If configuration changes that affect the service are made on the primary farm, you must update the failover farm.

 Microsoft SharePoint Foundation Subscription Settings service application

Database: Subscription Settings

Note:

Log-shipping the Subscription Settings database is not supported.

System requirements for disaster recovery

In an ideal scenario, the failover components and systems match the primary components and systems in all ways: platform, hardware, and number of servers. At a minimum, the failover environment must be able to handle the traffic that you expect during a failover. Keep in mind that only a subset of users may be served by the failover site. The systems must match in at least the following:

    Operating system version and all updates

    SQL Server versions and all updates

    SharePoint 2010 Products versions and all updates

Although this article primarily discusses the availability of SharePoint 2010 Products, the system uptime will also be affected by the other components in the system. In particular, make sure that you do the following:

    Ensure that infrastructure dependencies such as power, cooling, network, directory, and SMTP are fully redundant.

    Choose a switching mechanism, whether DNS or hardware load balancing, that meets your needs.

Virtualization planning (SharePoint Foundation 2010)

This section contains articles that are designed to help you plan and implement a server virtualization solution for Microsoft SharePoint Foundation 2010 server farms.

In this section:

    Virtualization support and licensing (SharePoint Foundation 2010)

    Hyper-V virtualization requirements (SharePoint Foundation 2010)

    Plan for virtualization (SharePoint Foundation 2010)

Virtualization support and licensing (SharePoint Foundation 2010)

This article provides support and licensing information for using server virtualization technologies to deploy SharePoint 2010 Products in a virtual environment.

SharePoint 2010 Products support for virtualization

All elements of Microsoft SharePoint Foundation 2010 are fully supported when deployed in a Windows Server 2008 Hyper-V technology environment. In addition, any related or required supporting technologies are also supported.

Note:

Support for SharePoint Foundation 2010 virtualization includes third-party virtualization technologies that are hosted or hardware-based, and certified by Microsoft. For more information about certification and participating vendors, see the Server Virtualization Validation Program (SVVP) (http://go.microsoft.com/fwlink/?LinkId=125649).
Server virtualization using Hyper-V technology

Beginning withWindows Server 2008, server virtualization using Hyper-V has been an integral part of the operating system. Hyper-V is available with all editions of the operating system, as well as with Microsoft Hyper-V Server 2008.

We recommend using Windows Server 2008 R2 or Microsoft Hyper-V Server 2008 R2 as virtualization servers for your SharePoint 2010 Products deployment. These releases provide:

 Added capabilities, such as increased virtual processor support and increased memory support for virtual machines.

 Performance improvements, such as improved virtual hard drive performance and network adapter performance.

For more information, see What’s New in Hyper-V in Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkID=155234).
Operating system environment (OSE) licensing

Before you start planning for virtualization you need to determine the licensing requirements for your virtualization environment. Two types of operating system environments (OSEs) exist:

    One physical operating system environment

    One or more virtual operating system environment(s)

A virtual operating system environment is configured to run on a virtual (or otherwise emulated) hardware system. Use of technologies that create virtual OSEs does not change the licensing requirements for the operating system and any applications running in the OSE.

The Windows Server operation system licensing model for physical multicore processor systems is based on the number of physical processors installed on the hardware. This model extends to virtual processors configured for a virtual machine running on a virtualization server. For licensing purposes, a virtual processor is considered to have the same number of threads and cores as each physical processor on the underlying physical hardware system.

For more information about licensing requirements:

    Licensing Microsoft Server Products in Virtual Environments (http://go.microsoft.com/fwlink/?LinkId=187741)

This white paper gives an overview of Microsoft licensing models for the server operating system and server applications under virtual environments.

    Windows Server Virtualization Calculators (http://go.microsoft.com/fwlink/?LinkId=187742)

The Windows Server Virtualization Calculators provide two ways to estimate the number and cost of Windows Server Standard Edition, Enterprise Edition, and Datacenter Edition licenses needed for your virtualization scenarios to help you determine the most cost-effective edition of Windows Server.

Note:

Although Microsoft Hyper-V Server 2008 R2 does not require a license for the virtualization server, licensing requirements must be met for the virtual OSEs.

SharePoint 2010 Products licensing

Every element of a SharePoint farm that is installed on a virtual machine must comply with the licensing requirements for SharePoint Foundation 2010 as well as related and supporting technologies.

Hyper-V virtualization requirements (SharePoint Foundation 2010)

This article provides hardware and software requirements for using hardware-based virtualization. Although Windows Server 2008 Hyper-V technology is the focal point of this document, the basic hardware requirements for enabling hardware-based virtualization also apply to third-party virtualization technologies that are certified by Microsoft.

Hardware

The requirements for hardware-based virtualization are as follows:

    Hardware-assisted virtualization, which is available in processors that include a virtualization option—specifically processors with Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) technology.

    Hardware-enforced Data Execution Prevention (DEP) is available and enabled.

You can use one of the following tools to determine if the processor on an existing server supports Hyper-V:

    AMD Hyper-V Compatibility Check Utility (.zip file) (http://go.microsoft.com/fwlink/?LinkId=150561)

    Intel Processor Identification Utility (Windows Version) (http://go.microsoft.com/fwlink/?LinkId=150562)

Software

One of the following Microsoft products is required for Hyper-V:

    Windows Server 2008 (all editions of Windows Server 2008, except for Windows Server 2008 for Itanium-Based Systems, Windows Web Server 2008, and Windows Server 2008 Foundation)

    Microsoft Hyper-V Server 2008

    Windows Server 2008 R2 (all editions of Windows Server 2008 R2, except for Windows Server 2008 R2 for Itanium-Based Systems, Windows Web Server 2008 R2, and Windows Server 2008 R2 Foundation)

    Hyper-V Server R2

We recommend Windows Server 2008 R2 for virtualization servers because of the many improvements introduced for Hyper-V, such as:

    Live migration to move a running virtual machine from one cluster node to another

    Significant gains in performance and scalability

    Enhanced processor support

    Enhanced virtual machine storage

    Enhanced networking support

For more information, see What’s New in Hyper-V in Windows Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkID=155234).

See Also

Virtualization support and licensing (SharePoint Foundation 2010)
Plan for virtualization (SharePoint Foundation 2010)

This article describes the planning process to follow in order to successfully deploy Microsoft SharePoint Foundation 2010 in a virtual environment. Each step in the planning process includes links to the appropriate documentation. It is assumed that you have determined the SharePoint Foundation 2010 solution that you want to deploy in a virtual environment. On the surface, deploying a SharePoint Foundation 2010 farm on virtual machines is the same as deploying a farm on physical servers. However, deploying in a virtual environment involves a different level of planning that takes into account the characteristics of Windows Server 2008 Hyper-V technology as well as how virtual machines, the virtual network adapters, and virtual hard disks are implemented on a virtualization server.

Before you start developing your virtualization plan, we recommend that you read the Hyper-V Planning and Deployment Guide (http://go.microsoft.com/fwlink/?LinkId=187964).

Detailed information about the following subjects is out-of-scope for this article, but is provided in other articles:

    Capacity management

    Security requirements

    Health and performance monitoring

    Backup and recovery

A virtual environment consists of two interrelated layers, one physical and one virtual. A configuration change in either layer effects servers in the other layer. This interrelationship becomes evident when you plan for, deploy, and use SharePoint Foundation 2010 in a virtual environment.

Create a plan for deploying SharePoint Foundation 2010 in a virtual environment

You should approach planning for a virtual farm the same way as you would plan for a physical farm. Most, if not all, of the issues and requirements for deploying SharePoint Foundation 2010 on physical servers apply equally to virtual machines. Any decisions that you make, such as minimum processor or memory requirements, have a direct bearing on number of virtualization hosts required, as well as their ability to adequately support the virtual machines that you identify for the farm.

After you finish planning a physical farm, you have all the information you need to design virtualization architecture. Ideally, this architecture is as close as possible to the final virtualization solution that you intend to put into production. Realistically, the architecture is likely to change as you move through the deployment phase of the system lifecycle. In fact, you may determine that some farm server roles are not good candidates for virtualization.

The key planning steps, tasks, and references are summarized in following the procedure.

To create a virtualization plan

1. Determine virtualization scope

Determining the scope of farm virtualization is a key contributing factor to successfully implementing, managing, and evaluating your virtualization project. When determining scope, you have to decide whether you will virtualize some or the entire supporting virtual machine infrastructure.

Use the following list of tasks to determine the scope of virtualization.

 Task 1: Identify all the farms that are required to implement your solution. Take into consideration the fact that most solutions have several farm components. For example, an Internet-facing Web portal typically has a publishing farm, an authoring farm, and a testing or quality assurance farm.

 Task 2: For each farm, determine the number of servers that are required as well as the role that each server will have in the farm.

 Task 3: Identify which farms you want to deploy in in a virtual environment.

Refining the scope of a solution also refines the scope of a deployment, which makes it easier to implement and manage. For more information, see Site and solution planning (SharePoint Foundation 2010). In many cases, solutions share common elements; however, each solution may have its own requirements. For more information, see Fundamental site planning (SharePoint Foundation 2010). The article shows one of the popular solutions.

Note:

Expect to refine the scope of your solution as you move through the phases of deploying your farm in a production environment.

2. Identify servers to virtualize

Identify servers that are good candidates for virtualization. From a technical and Microsoft support perspective, all SharePoint servers can be virtualized. The decision to virtualize a particular farm server should be based on:

 Corporate compliance policies (for example, legal and technical)

 Benefits derived from server consolidation, such as reduced power consumption and physical space requirements. For more information, see Server virtualization (http://go.microsoft.com/fwlink/?LinkId=187965).

 Capacity requirements (see next planning step)

3. Identify capacity requirements for each farm server

Determine the resource requirements for each farm server as if it was a physical server. Take into account specialized server roles, such as hosting Enterprise Search components. You need to specify the amount of resources needed for each of the following server components:

 Memory

 Number of processors and minimum clock speed

 Number and size of hard disks

 Number of network adapters and their required throughput speed

4. Determine if virtual machine can meet physical requirements.

You have to determine whether each virtual machine that you identified in Step 3 can meet the capacity requirements of a corresponding physical server. At a minimum, complete the following tasks:

 Task 1: Assess the memory requirement in the context of available virtualization host capacity.

 Task 2: Assess the processor requirement. Hyper-V has a hard limit of four virtual processors per virtual machine. If a physical farm server requires eight processors, determine whether this requirement can be met by scaling out the number of virtual machines in a farm.

 Task 3: Assess the virtual machine storage requirement in the context of local physical storage or SAN.

5. Determine virtualization host requirements

Determine the minimum host requirements (memory, number of cores, number and size of local hard drives, number of network adapters)Also consider and plan for the following:

 Scalability: Determine if you can add more CPUs, more memory, more hard disks, and more network adapters to the host computer.

Important:

Depending on the manufacturer and computer model, you may not be able to increase capacity. You need to have this information before you use or purchase a server.

 Extra host capacity: Determine whether or not the host has the capacity to scale up existing virtual machines, or to add additional virtual machines. This is very important if you plan to use Hyper-V failover clustering, quick migration, or live migration.

Important:

Plan for peak load and determine how short term spikes in load will be handled.

6. Design virtualization architecture

A well-designed architecture is required for a successful solution. For SharePoint Foundation 2010, a basic three-tier topology provides the foundation for all the solutions. The following elements form a good design that is based on the recommended foundation topology:

 Good overall performance

 Ease of maintenance and upgrade

 Flexibility

 Scalability

 High availability

A virtualization architecture model consists of the virtualization hosts and the virtual machines that make up the farm topology. This model enables you to visualize the virtual environment that you plan to deploy.

Note:

Be prepared to refine the architecture as you move through the planning process. The following steps may dictate changes to the architecture.

7. Identify storage requirements

Determine how much local physical storage or SAN storage is required for Hyper-V-related storage such as configuration files, Virtual Hard Disks (VHDs), and snapshots.

8. Identify backup and recovery requirements

In addition to the farm servers, you have to plan backup and recovery for all or part of a farm. For more information, see Backup and recovery (SharePoint Foundation 2010) (http://technet.microsoft.com/library/48dbef54-1f1b-424f-a918-d2c428c3216e(Office.14).aspx).

9. Determine high availability requirements and design a solution

Identify approaches for achieving high availability for Web servers, application servers, and databases. Typical strategies include the following:

 Redundant hardware and servers

 Hot-swappable components

 Failover clustering for virtual and physical servers. For more information, see Hyper-V: Using Hyper-V and Failover Clustering (http://go.microsoft.com/fwlink/?LinkId=187967).

 Clustering or mirroring for database servers. For more information, see Plan for availability (SharePoint Foundation 2010).

10. Identify health and capacity indicators for monitoring the virtual environment.

Combine the key indicators that you derived in the previous steps with the planning you did for SharePoint Foundation 2010. For more information, see Server farm and environment planning (SharePoint Foundation 2010) . You have to determine all the health and capacity indicators in order to collect measurements from the following objects in the virtual environment:

 Virtual machines with SharePoint Foundation 2010 installed

 Virtual machines that are not part of the farm, such as a firewall server

 Virtualization hosts

 Network components

After you start to collect data from the virtual environment, you can create a baseline, which can be used to assess and tune the virtual environment during deployment and after the farm goes into production.

11. Create a deployment plan for the deployment phase of the system lifecycle.

For more information, see the SharePoint 2010 Products Deployment model, available in the Technical diagrams (SharePoint Foundation 2010) article.

12. Create a maintenance plan

Create a maintenance plan that enables you to implement password changes and apply software updates, service packs, and hotfixes. This plan should include the virtual machines and the virtualization hosts.

Performance and capacity test results and recommendations (SharePoint Foundation 2010)

This section contains a series of white papers describing the performance and capacity impact of specific feature sets included in Microsoft SharePoint Foundation 2010. These white papers include information about the performance and capacity characteristics of the feature and how it was tested by Microsoft, including:

    Test farm characteristics

    Test results

    Recommendations

    Troubleshooting performance and scalability

The following table describes the available white paper. You can download the white paper as a Microsoft Word document (.doc) (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8a1fb0d-957d-4f96-8e0a-f5c74df0796e).

Title

Description

SharePoint Foundation 2010 Search Capacity Planning

Provides guidance on how to plan for search in SharePoint Foundation 2010.
- See Also
Capacity management and sizing for SharePoint Server 2010 (http://technet.microsoft.com/library/031b0634-bf99-4c23-8ebf-9d58b6a8e6ce(Office.14).aspx)
Planning worksheets for SharePoint Foundation 2010

In this article:

 Planning worksheets by task

 Planning worksheets by title

This article provides links to worksheets that you can use to record information that you gather and decisions that you make as you plan your deployment of Microsoft SharePoint Foundation 2010. Use these worksheets in conjunction with — not as a substitute for — Planning and architecture for SharePoint Foundation 2010.

Planning worksheets by task

For this task	Use this worksheet	To do this
Plan sites and site collections (SharePoint Foundation 2010)	Site planning data worksheet (http://go.microsoft.com/fwlink/?LinkID=167838&clcid=0x409)	Plan top level site collections and sites, and record decisions about site themes and navigation.
Plan site navigation (SharePoint Foundation 2010)	Site planning data worksheet (http://go.microsoft.com/fwlink/?LinkID=167838&clcid=0x409)	Plan top level site collections and sites, and record decisions about site themes and navigation.
Plan for using themes (SharePoint Foundation 2010)	Site planning data worksheet (http://go.microsoft.com/fwlink/?LinkID=167838&clcid=0x409)	Plan top-level site collections and sites, and record decisions about site themes and navigation.
Plan incoming e-mail (SharePoint Foundation 2010)	Plan incoming e-mail worksheet (http://go.microsoft.com/fwlink/?LinkId=200542)	Plan incoming e-mail in order to enable SharePoint sites to receive and store e-mail messages and attachments in lists and libraries.
Plan for backup and recovery (SharePoint Foundation 2010)	Backup and recovery planning workbook (http://go.microsoft.com/fwlink/?LinkID=184385)	Help you plan strategies for backup and recovery for SharePoint Foundation 2010 environment.
Plan and prepare for upgrade (SharePoint Foundation 2010) (http://technet.microsoft.com/library/cb22a4d2-e8ac-4578-8fb0-4ab03dafd3bd(Office.14).aspx)	Upgrade worksheet (http://go.microsoft.com/fwlink/?LinkId=179928)	Record information about your environment while you prepare for upgrade.

Planning worksheets by title

Use this worksheet	For this task	To do this
Backup and recovery planning workbook (http://go.microsoft.com/fwlink/?LinkID=184385)	Plan for backup and recovery (SharePoint Foundation 2010)	Help you plan strategies for backup and recovery for SharePoint Foundation 2010 environment.
Plan incoming e-mail worksheet (http://go.microsoft.com/fwlink/?LinkId=200542)	Plan incoming e-mail (SharePoint Foundation 2010)	Plan incoming e-mail in order to enable SharePoint sites to receive and store e-mail messages and attachments in lists and libraries.
Site planning data worksheet (http://go.microsoft.com/fwlink/?LinkID=167838&clcid=0x409)	Plan sites and site collections (SharePoint Foundation 2010) Plan site navigation (SharePoint Foundation 2010) Plan for using themes (SharePoint Foundation 2010)	Plan top level site collections and sites, and record decisions about site themes and navigation.
Upgrade worksheet (http://go.microsoft.com/fwlink/?LinkId=179928)	Plan and prepare for upgrade (SharePoint Foundation 2010) (http://technet.microsoft.com/library/cb22a4d2-e8ac-4578-8fb0-4ab03dafd3bd(Office.14).aspx)	Record information about your environment while you prepare for upgrade.

Getting started with Microsoft SharePoint Foundation 2010

Posted on 17 Dec 201217 Dec 2012 by escapebusinesssolutions in Uncategorized

Getting started with
Microsoft SharePoint Foundation 2010

Microsoft Corporation

Published: June 2011

Author: Microsoft Office System and Servers Team (itspdocs@microsoft.com)
- Abstract
The content in the book covers information about how to get started with the installation, configuration, and upgrade to Microsoft SharePoint Foundation 2010.

The content in this book is a copy of selected content in the SharePoint Foundation 2010 technical library (http://go.microsoft.com/fwlink/?LinkId=181463) as of the publication date. For the most current content, see the technical library on the Web.

This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

© 2011 Microsoft Corporation. All rights reserved.

Microsoft, Access, Active Directory, Backstage, Excel, Groove, Hotmail, InfoPath, Internet Explorer, Outlook, PerformancePoint, PowerPoint, SharePoint, Silverlight, Windows, Windows Live, Windows Mobile, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

Contents

Getting help    iv

Introduction to Getting Started for SharePoint Foundation 2010    1

What’s new in SharePoint Foundation 2010    2

Changes from Windows SharePoint Services 3.0 to SharePoint Foundation 2010    3

Deprecated features    3

Features removed from SharePoint Foundation 2010    3

Hardware and software requirements (SharePoint Foundation 2010)    7

Overview    7

Hardware requirements—Web servers, application servers, and single server installations    7

Hardware requirements—Database servers    8

Software requirements    9

Access to applicable software    14

Plan browser support (SharePoint Foundation 2010)    18

About planning browser support    18

Key planning phase of browser support    18

ActiveX controls    33

Deploy a single server with SQL Server (SharePoint Foundation 2010)    35

Overview    35

Before you begin    36

Install SharePoint Foundation 2010    36

Post-installation steps    43

Deploy a single server with a built-in database (SharePoint Foundation 2010)    45

Overview    45

Before you begin    46

Install SharePoint Foundation 2010    46

Post-installation steps    49

Configure Windows Server Backup    51

Roadmap to SharePoint Foundation 2010 content    52
Getting help

Every effort has been made to ensure the accuracy of this book. This content is also available online in the Office System TechNet Library, so if you run into problems you can check for updates at:

http://technet.microsoft.com/office

If you do not find your answer in our online content, you can send an e-mail message to the Microsoft Office System and Servers content team at:

itspdocs@microsoft.com

If your question is about Microsoft Office products, and not about the content of this book, please search the Microsoft Help and Support Center or the Microsoft Knowledge Base at:

http://support.microsoft.com

Introduction to Getting Started for SharePoint Foundation 2010

Microsoft SharePoint Foundation 2010 is a versatile technology that organizations and business units of all sizes can use to increase the efficiency of business processes and improve team productivity. SharePoint Foundation 2010 gives people access to information they need by using tools for collaboration that help people stay connected across organizational and geographic boundaries.

This Getting Started guide for SharePoint Foundation 2010 covers what’s new in SharePoint Foundation 2010, and includes some end-to-end deployment scenarios to get you started quickly with an evaluation environment for SharePoint Foundation 2010. The following list describes each topic in this guide.

“What’s new in SharePoint Foundation 2010” provides a list of links to content that will introduce you to the new capabilities and features in SharePoint Foundation 2010.
“Changes from Windows SharePoint Services 3.0 to SharePoint Foundation 2010” describes the features that have been deprecated or removed from Windows SharePoint Services 3.0 to SharePoint Foundation 2010.
“Hardware and software requirements (SharePoint Foundation 2010)” describes the minimum and recommended hardware and software that are required to run SharePoint Foundation 2010.
“Plan browser support (SharePoint Foundation 2010)” describes the functionality available — and level of support — for SharePoint Foundation 2010 features that you can expect when you are using several common Web browsers.
“Deploy a single server with SQL Server (SharePoint Foundation 2010)” provides end-to-end installation instructions for setting up SharePoint Foundation 2010 on a single server farm. This installation scenario is ideal for evaluating SharePoint Foundation 2010 functionality or for hosting a very small installation of SharePoint Foundation 2010. It is also useful if you want to configure a farm to meet your needs first, and then add servers to the farm later.
“Deploy a single server with a built-in database (SharePoint Foundation 2010)” provides end-to-end instructions for installing SharePoint Foundation 2010 on a single server with a built-in database. This configuration is useful if you want to evaluate SharePoint Foundation 2010 features and capabilities, such as collaboration, document management, and search. This configuration is also useful if you are deploying only a few Web sites and you want to minimize administrative overhead.
“Roadmap to SharePoint Foundation 2010 content” summarizes the content and resources that are available on the Microsoft.com Web site that can help you understand and use SharePoint Foundation 2010 as you go beyond the basics that are presented in this guide.

What’s new in SharePoint Foundation 2010

Published: May 12, 2010

Microsoft SharePoint Foundation 2010 is the essential solution for organizations that need a secure, manageable, Web-based collaboration platform. It helps teams stay connected and productive by providing easy access to the people, documents, and information that they need to make well-informed decisions and get work done.

To see what’s new in SharePoint Foundation 2010, review the following:
- What’s New in Microsoft SharePoint Foundation 2010 (http://go.microsoft.com/fwlink/?LinkId=188355) The TechNet Resource Center page points to articles and other resources to introduce you to new features such as Windows PowerShell, the new command-line interface and scripting language; health monitoring, an integrated health analysis tool (SharePoint Maintenance Manager) that enables SharePoint to automatically check for potential configuration, performance, and usage problems; and sandboxed solutions, a restricted execution environment that enables programs to access only certain resources and keep problems that occur in the sandbox from affecting the rest of the server environment.
- SharePoint Foundation 2010 home page (http://go.microsoft.com/fwlink/?LinkId=188906) This site gives an overview of SharePoint Foundation 2010 and includes videos that demonstrate key features that can improve productivity, provide flexible deployment, and create a scalable, unified infrastructure.
Changes from Windows SharePoint Services 3.0 to SharePoint Foundation 2010
Published: May 12, 2010

This article describes the features that have been deprecated or removed from Windows SharePoint Services 3.0 to Microsoft SharePoint Foundation 2010. Deprecated features are provided in SharePoint Foundation 2010 for compatibility with previous product versions. These features will be removed in subsequent versions.

In this article:
- Deprecated features
- Features removed from SharePoint Foundation 2010

Deprecated features

The following feature is shipped with SharePoint Foundation 2010 but will be removed from subsequent versions.

Stsadm command-line tool

Description: The Stsadm command-line tool has been deprecated.

Reason for change: The Stsadm command-line tool will be superseded by Windows PowerShell 2.0.

Migration path: The Stsadm command-line tool is included to support compatibility with previous product versions. You should use Windows PowerShell 2.0 when performing command-line administrative tasks.

Features removed from SharePoint Foundation 2010

The following features and functionality are no longer available in SharePoint Foundation 2010.

32-bit operating systems

Description: SharePoint Foundation 2010 requires a 64-bit operating system. Running SharePoint Foundation 2010 on 32-bit operating systems is no longer supported.

Reason for change: SharePoint Foundation 2010 has numerous features that benefit from the performance provided by 64-bit operating systems.

Migration path: Install SharePoint Foundation 2010 on 64-bit operating systems.

Side-by-side installation

Description: The ability to perform side-by-side installation of Windows SharePoint Services 3.0 and SharePoint Foundation 2010 on the same server is being removed. This change is related to the removal of support for Gradual upgrade.

Reason for change: Compatibility and performance issues prevent side-by-side installation.

Migration path: Perform upgrade-in-place installation on the same hardware, or perform database attach to a new farm. Use new hardware if both Windows SharePoint Services 3.0 and SharePoint Foundation 2010 versions of a farm must exist at the same time.

For more information, see Perform a database attach upgrade to SharePoint Foundation 2010 (http://technet.microsoft.com/library/caaf9332-63bc-46b6-997f-edbfe8a84ad1(Office.14).aspx).

Gradual upgrade

Description: Support for the gradual upgrade feature is being removed as part of the removal of Side-by-side installation.

Reason for change: Compatibility and performance issues prevent side-by-side installation.

Migration path: Use the read-only database capability of Windows SharePoint Services 3.0 with the database attach upgrade capability of SharePoint Foundation 2010 to minimize downtime.

For more information, see Perform a database attach upgrade to SharePoint Foundation 2010 (http://technet.microsoft.com/library/caaf9332-63bc-46b6-997f-edbfe8a84ad1(Office.14).aspx).

For long upgrade periods where you must maintain both Windows SharePoint Services 3.0 and SharePoint Foundation 2010 versions of a farm, you can use the alternate access mapping (AAM) URL redirection capability provided in SharePoint Foundation 2010. Upgrades that use AAM URL redirection are performed by using database attach upgrade command-line operations instead of timer job-based events that are scheduled from the user interface (UI).

For more information, see Using AAM URL redirection as part of the upgrade process (SharePoint Foundation 2010) (http://technet.microsoft.com/library/f63d606b-e8bf-4b0c-986a-39382da76781(Office.14).aspx).

Web discussions

Description: Web discussions enable users to add comments about documents and pages without modifying their actual content. SharePoint Foundation 2010 does not support Web discussions.

Reason for change: This feature was deprecated in Windows SharePoint Services 3.0 because of its low adoption rate. The feature has now been removed from the product.

Migration path: This functionality is no longer available.

SQL Server 2000 data sources

Description: SQL Server 2000 data sources are no longer supported in SharePoint Foundation 2010.

Reason for change: SQL Server 2000 does not fully support many of the newer data features available in SharePoint Foundation 2010.

Migration path: Use data sources that are on Microsoft SQL Server 2005 or Microsoft SQL Server 2008.

ODBC data sources

Description: ODBC data sources are no longer supported in SharePoint Foundation 2010.

Reason for change: Newer and more versatile database connection options have replaced the functionality of ODBC.

Migration path: ODBC is no longer listed as an option for connecting to a data source. Use another data connection type.

Version 3 themes

Description: A theme is a set of colors, fonts, and decorative elements that enable you to quickly change the appearance of a site. The functionality provided in the version 3 themes is not available in the newly designed version 4 themes.

Reason for change: Version 4 themes are redesigned to simplify the process of generating themes. The new architecture is not compatible with the architecture of version 3 themes.

Migration path: Version 3 themes are still supported if the UI mode is kept at version 3. Version 3 themes are not supported in version 4 UI mode.

Web bot software agents

Description: A Web bot software agent is a dynamic object on a Web page that is evaluated when the page is saved or, in some cases, when the page is opened in a Web browser. Search crawlers and indexers are examples of Web bots. Developers can no longer use Web bot entry points and users cannot add Web bots to SharePoint Foundation 2010 sites.

Reason for change: This functionality is replaced by Web Parts.

Migration path: Use Web Parts instead of Web bots.

E-mail enabled groups and Microsoft SharePoint Directory Management service (DMS)

Description: The Microsoft SharePoint Directory Management service (DMS) connects SharePoint sites to an organization’s user directory to provide enhanced e-mail features. If a SharePoint farm is using DMS, users cannot enable SharePoint groups to use e-mail.

Reason for change: The type of authentication used in DMS is being replaced with claims authentication.

Migration path: This feature is not available in SharePoint Foundation 2010. Use claims authentication instead.

For more information, see Plan authentication methods (SharePoint Foundation 2010) (http://technet.microsoft.com/library/b6bc8fec-c11c-4ed7-a78d-3ad61c7ef6c0(Office.14).aspx).

Permissions for sub-webs

Description: When you assign a permission level to a parent site, that permission level is inherited by all sub-webs of the parent site by default. In Windows SharePoint Services 3.0, if you wanted a sub-web to have different permissions from its parent, you could edit the inherited permission level definition at the sub-web scope. The result was that you would have two permission levels with the same name but different permissions, depending on their scope. For example, suppose you assigned the Design permission level to a parent site, but you want to change the permissions on a sub-web so that users will not be able to apply style sheets to pages in that sub-web. In Windows SharePoint Services 3.0, you could edit the Design permission level on the sub-web itself, remove the Apply Style Sheets permission, and save the permission level as Design. It would not be possible, just by looking at permission levels, to determine that the sub-web actually had a different set of permissions than its parent site.

Migration path: In SharePoint Foundation 2010, if you want to give different permissions to a sub-web, you must assign a separate permission level to the sub-web. Site collections that are upgraded from Windows SharePoint Services 3.0 and have these unique permission level structures will continue to work. However, the user interface in SharePoint Foundation 2010 does not have a way to edit an inherited permission level at the sub-web scope, so you cannot change them or create new permission level definitions of this type. If you have a specific business need for continuing to use the Windows SharePoint Services 3.0 process, use the SharePoint Foundation 2010 object model.

Internationalized domain names

Description: Although Windows SharePoint Services 3.0 supported internationalized domain names (IDNs), SharePoint Foundation 2010 does not.

Reason for change: Support of internationalized domain names (IDNs) has been deprecated.

Migration path: If you currently use IDNs with Windows SharePoint Services 3.0 and you plan to upgrade or migrate to SharePoint Foundation 2010, you must stop using IDNs, delete all IDN settings, and then set up an environment that does not use IDN before doing so.

Hardware and software requirements (SharePoint Foundation 2010)

Updated: March 31, 2011

This article lists the minimum hardware and software requirements to install and run Microsoft SharePoint Foundation 2010.

Important:

If you contact Microsoft technical support about a production system that does not meet the minimum hardware specifications described in this document, support will be limited until the system is upgraded to the minimum requirements.

In this article:

Overview
Hardware requirements—Web servers, application servers, and single server installations
Hardware requirements—Database servers
Software requirements
Access to applicable software

Overview

Microsoft SharePoint Foundation 2010 provides for a number of installation scenarios. Currently, these installations include single server with built-in database installations and single-server or multiple-server farm installations.

Hardware requirements—Web servers, application servers, and single server installations

Component	Minimum requirement
Processor	64-bit, four cores
RAM	4 GB for developer or evaluation use 8 GB for production use in a single server or multiple server farm
Hard disk	80 GB for system drive You must have sufficient space for the base installation and sufficient space for diagnostics such as logging, debugging, creating memory dumps, and so on. For production use, you also need additional free disk space for day-to-day operations. Maintain twice as much free space as you have RAM for production environments. For more information, see Capacity management and sizing for SharePoint Server 2010 (http://technet.microsoft.com/library/031b0634-bf99-4c23-8ebf-9d58b6a8e6ce(Office.14).aspx).

Hardware requirements—Database servers

The requirements in the following table apply to database servers in production environments with multiple servers in the farm.

Note:

Component

Minimum requirement

Processor

64-bit, four cores for small deployments
64-bit, eight cores for medium deployments

RAM

8 GB for small deployments
16 GB for medium deployments

For large deployments, see the “Estimate memory requirements” section in Storage and SQL Server capacity planning and configuration (SharePoint Server 2010) (http://technet.microsoft.com/library/a96075c6-d315-40a8-a739-49b91c61978f(Office.14).aspx).

Note:

These values are higher than those recommended as the minimum values for SQL Server because of the distribution of data required for a SharePoint Products 2010 environment. For more information about SQL Server system requirements, see Hardware and Software Requirements for Installing SQL Server 2008 (http://go.microsoft.com/fwlink/?LinkId=129377).

Hard disk

80 GB for system drive

Hard disk space is dependent on the size of your SharePoint content. For information about estimating the size of content and other databases for your deployment, see Storage and SQL Server capacity planning and configuration (SharePoint Server 2010) (http://technet.microsoft.com/library/a96075c6-d315-40a8-a739-49b91c61978f(Office.14).aspx).

Software requirements

The requirements in the following tables apply to single server with built-in database installations and server farm installations that include a single server and multiple servers in the farm.

Important:

The Microsoft SharePoint Products Preparation Tool — which you access from the SharePoint Foundation 2010 Start page — can assist you in the installation of the software prerequisites for SharePoint Foundation 2010. Ensure that you have an Internet connection, because some of these prerequisites are installed from the Internet. For more information, see Deploy a single server with SQL Server (SharePoint Foundation 2010), Deploy a single server with a built-in database (SharePoint Foundation 2010), and Multiple servers for a three tier farm (SharePoint Foundation 2010) (http://technet.microsoft.com/library/246fb1c9-660e-40b5-860b-7d681f04505a(Office.14).aspx).

Minimum requirements

Environment

Minimum requirement

Database server in a farm

One of the following:

The 64-bit edition of Microsoft SQL Server 2008 R2.
The 64-bit edition of Microsoft SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2. From the Cumulative update package 2 for SQL Server 2008 Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=165962) page, click the View and request hotfix downloads link and follow the instructions. On the Hotfix Request page, download the SQL_Server_2008_SP1_Cumulative_Update_2 file. When you install Microsoft SQL Server 2008 SP1 on Windows Server 2008 R2, you might receive a compatibility warning. You can disregard this warning and continue with your installation.

Note:

We do not recommend that you use CU3 or CU4, but instead CU2, CU5, or a later CU than CU5. For more information, see Cumulative update package 5 for SQL Server 2008 (http://go.microsoft.com/fwlink/?LinkId=196928). Download the SQL_Server_2008_RTM_CU5_SNAC file.

The 64-bit edition of Microsoft SQL Server 2005 with Service Pack 3 (SP3). From the Cumulative update package 3 for SQL Server 2005 Service Pack 3 (http://go.microsoft.com/fwlink/?LinkId=165748) page, click the View and request hotfix downloads link and follow the instructions. On the Hotfix Request page, download the SQL_Server_2005_SP3_Cumulative_Update_3 file.

For more information about choosing a version of SQL Server, see SQL Server 2008 R2 and SharePoint 2010 Products: Better Together (SharePoint Server 2010): white paper (http://technet.microsoft.com/library/665876e1-2706-42ad-bd76-8e4d1da0ce92(Office.14).aspx).

Single server with built-in database

The 64-bit edition of Windows Server 2008 Standard, Enterprise, Data Center, or Web Server with SP2; the 64-bit edition of Windows Server 2008 R2 Standard, Enterprise, Data Center, or Web Server; or the 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, Data Center, or Web Server. If you are running Windows Server 2008 with SP1, the Microsoft SharePoint Products Preparation Tool installs Windows Server 2008 SP2 automatically.

Note:

You must download an update for Windows Server 2008 and Windows Server 2008 R2 before you run Setup. The update is a hotfix for the .NET Framework 3.5 SP1 that is installed by the Preparation tool. It provides a method to support token authentication without transport security or message encryption in WCF. For more information and links, see the “Access to Applicable Software” section later in this article.

KB979917 – QFE for Sharepoint issues – Perf Counter fix & User Impersonation (http://go.microsoft.com/fwlink/?LinkId=192577).
- For Windows Server 2008 SP2, download the Windows6.0-KB979917-x64.msu (Vista) file.
- For Windows Server 2008 R2, download the Windows6.1-KB979917-x64.msu (Win7) file.
  
  For information, see the related KB article Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode (http://go.microsoft.com/fwlink/?LinkId=192578).

The preparation tool installs the following prerequisites:

Web Server (IIS) role
Application Server role
Microsoft .NET Framework version 3.5 SP1
SQL Server 2008 Express with SP1
Microsoft Sync Framework Runtime v1.0 (x64)
Microsoft Filter Pack 2.0
Microsoft Chart Controls for the Microsoft .NET Framework 3.5
Windows PowerShell 2.0
SQL Server 2008 Native Client
Microsoft SQL Server 2008 Analysis Services ADOMD.NET
ADO.NET Data Services Update for .NET Framework 3.5 SP1
A hotfix for the .NET Framework 3.5 SP1 that provides a method to support token authentication without transport security or message encryption in WCF.
Windows Identity Foundation (WIF)

Note:

If you have Microsoft “Geneva” Framework installed, you must uninstall it before you install the Windows Identity Foundation (WIF).

Front-end Web servers and application servers in a farm

The 64-bit edition of Windows Server 2008 Standard, Enterprise, Data Center, or Web Server with SP2; the 64-bit edition of Windows Server 2008 R2 Standard, Enterprise, Data Center, or Web Server; or the 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, Data Center, or Web Server. If you are running Windows Server 2008 with SP1, the Microsoft SharePoint Products Preparation Tool installs Windows Server 2008 SP2 automatically.

Note:

KB979917 – QFE for Sharepoint issues – Perf Counter fix & User Impersonation (http://go.microsoft.com/fwlink/?LinkId=192577)
- For Windows Server 2008 SP2, download the Windows6.0-KB979917-x64.msu (Vista) file.
- For Windows Server 2008 R2, download the Windows6.1-KB979917-x64.msu (Win7) file.
  
  For information, see the related KB article Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode (http://go.microsoft.com/fwlink/?LinkId=192578).

The preparation tool installs the following prerequisites:

Web Server (IIS) role
Application Server role
Microsoft .NET Framework version 3.5 SP1
Microsoft Sync Framework Runtime v1.0 (x64)
Microsoft Filter Pack 2.0
Microsoft Chart Controls for the Microsoft .NET Framework 3.5
Windows PowerShell 2.0
SQL Server 2008 Native Client
Microsoft SQL Server 2008 Analysis Services ADOMD.NET
ADO.NET Data Services Update for .NET Framework 3.5 SP1
A hotfix for the .NET Framework 3.5 SP1 that provides a method to support token authentication without transport security or message encryption in WCF.
Windows Identity Foundation (WIF)

Note:

If you have Microsoft “Geneva” Framework installed, you must uninstall it before you install the Windows Identity Foundation (WIF).

Client computer

A supported browser. For more information, see Plan browser support (SharePoint Foundation 2010).

Optional software

Environment	Optional software
Single server with built-in database	Windows 7 or Windows Vista. For more information, see Setting Up the Development Environment for SharePoint Server (http://go.microsoft.com/fwlink/?LinkID=164557).
Client computer	Microsoft Office 2010 client. For more information, see Microsoft Office 2010 (http://go.microsoft.com/fwlink/?LinkId=195843). Microsoft Silverlight 3.

Access to applicable software

To install Windows Server 2008 or Microsoft SQL Server, you can go to the Web sites listed in this section. You can install all other software prerequisites through the SharePoint Foundation Start page. Most of the software prerequisites are also available from Web sites listed in this section. The Web Server (IIS) role and the Application Server role can be enabled manually in Server Manager.

In scenarios where installing prerequisites directly from the Internet is not possible or not feasible, you can install the prerequisites from a network share. For more information, see Install prerequisites from a network share (SharePoint Foundation 2010) (http://technet.microsoft.com/library/3fdf5e00-dffa-46bb-a6b8-abaf66aa583f(Office.14).aspx).

Plan browser support (SharePoint Foundation 2010)

Updated: April 7, 2011

Microsoft SharePoint Foundation 2010 supports several commonly used Web browsers. This article describes different levels of Web browser support, and it explains how ActiveX controls affect features.

In this article:
About planning browser support

SharePoint Foundation 2010 supports several commonly used Web browsers. However, certain Web browsers might cause some SharePoint Foundation 2010 functionality to be downgraded, limited, or available only through alternative steps. In some cases, functionality might be unavailable for noncritical administrative tasks.

As part of planning your deployment of SharePoint Foundation 2010, we recommend that you review the browsers used in your organization to ensure optimal performance with SharePoint Foundation 2010.

If you are upgrading from SharePoint Portal Server 2003 to SharePoint Foundation 2010, additional considerations for browser support exist. For information, see Upgrade from SharePoint Portal Server 2003 to SharePoint Server 2010 (http://technet.microsoft.com/library/ba5a173b-8ff1-4096-a7ab-8c8412b9114c(Office.14).aspx).

Key planning phase of browser support

Browser support levels
Browser support matrix
Browser details

Browser support levels

Browser support for SharePoint Foundation 2010 can be divided into three different levels, as follows:

Supported

A supported Web browser is a Web browser that is supported to work with SharePoint Foundation 2010, and all features and functionality work. If you encounter any issues, support can help you to resolve these issues.
Supported with known limitations

A supported Web browser with known limitations is a Web browser that is supported to work with SharePoint Foundation 2010, although there are some known limitations. Most features and functionality work, but if there is a feature or functionality that does not work or is disabled by design, documentation on how to resolve these issues is readily available.
Not tested

A Web browser that is not tested means that its compatibility with SharePoint Foundation 2010 is untested, and there may be issues with using the particular Web browser. SharePoint Foundation 2010 works best with up-to-date, standards-based Web browsers.

Browser support matrix

The following table summarizes the support levels of commonly used browsers.

Browser	Supported	Supported with limitations	Not tested
Internet Explorer 9 (32-bit)	X
Internet Explorer 8 (32-bit)	X
Internet Explorer 7 (32-bit)	X
Internet Explorer 9 (64-bit)		X
Internet Explorer 8 (64-bit)		X
Internet Explorer 7 (64-bit)		X
Internet Explorer 6 (32-bit)			X
Mozilla Firefox 3.6 (on Windows operating systems)		X
Mozilla Firefox 3.6 (on non-Windows operating systems)		X
Safari 4.04 (on non-Windows operating systems)		X

Browser details

Internet Explorer 8 (32-bit) and Internet Explorer 9 (32-bit)

Internet Explorer 8 (32-bit) and Internet Explorer 9 (32-bit) are supported on the following operating systems:

Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
Windows 7
Windows Vista
Windows XP

Known limitations

There are no known limitations for Internet Explorer 8 (32-bit) and Internet Explorer 9 (32-bit).

Internet Explorer 7 (32-bit)

Internet Explorer 7 (32-bit) is supported on the following operating systems:

Windows Server 2008
Windows Server 2003
Windows Vista
Windows XP

Known limitations

There are no known limitations for Internet Explorer 7 (32-bit).

Internet Explorer 6 (32-bit)

SharePoint Foundation 2010 does not support Internet Explorer 6 (32-bit).

Internet Explorer 8 (64-bit) and Internet Explorer 9 (64-bit)

Internet Explorer 8.0 (64-bit) and Internet Explorer 9 (64-bit) are supported on the following operating systems:

Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
Windows 7
Windows Vista
Windows XP

Known limitations

The following table lists features and their known limitations in Internet Explorer 8 (64-bit) and Internet Explorer 9 (64-bit).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Works with an ActiveX control and the stssync:// protocol. Therefore, functionality may be limited without an ActiveX control, such as the one that is included in Microsoft Office 2010. The feature also requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Edit in Microsoft Office application	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views and these may not work.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. If Microsoft Excel is not installed, and if no other application is configured to open this file, then this feature will not work.
File upload and copy	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Microsoft InfoPath 2010 integration	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Microsoft PowerPoint 2010 Picture Library integration	Requires a 64-bit ActiveX control, such as the one that is delivered in Microsoft Office 2010. The user can use the following workarounds when no control has been installed: If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx. If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library. If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
New Document	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Send To	Can leverage a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Spreadsheet and Database integration	Require a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. The user can use the following workarounds when no control has been installed: If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server. In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu. Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

Internet Explorer 7 (64-bit)

Internet Explorer 7 (64-bit) is supported on the following operating systems:

Windows Server 2008
Windows Server 2003
Windows Vista
Windows XP

Known limitations

The following table lists features and their known limitations in Internet Explorer 7 (64-bit).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Works with an ActiveX control and the stssync:// protocol. Therefore, functionality may be limited without an ActiveX control, such as the one that is included in Microsoft Office 2010. This feature requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Edit in Microsoft Office application	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. If Microsoft Excel is not installed, and if no other application is configured to open this file, then this feature will not work.
File upload and copy	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Microsoft InfoPath 2010 integration	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Microsoft PowerPoint 2010 Picture Library integration	Requires a 64-bit ActiveX control, such as the one that is delivered in Microsoft Office 2010. The user can use the following workarounds when no control has been installed: If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx. If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library. If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
New Document	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Send To	Can leverage a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control.
Spreadsheet and Database integration	Require a 64-bit ActiveX control. Microsoft Office 2010 does not provide a 64-bit version of this control. The user can use the following workarounds when no control has been installed: If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server. In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu. Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

Mozilla Firefox 3.6 (on Windows operating systems)

Mozilla Firefox 3.6 is supported on the following operating systems:

Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
Windows 7
Windows Vista
Windows XP

Known limitations

The following table lists features and their known limitations in Mozilla Firefox 3.6 (on Windows operating systems).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Works with an ActiveX control, but requires a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. The feature also requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Drag and Drop Web Parts	Cannot be moved by using drag and drop on Web Part pages. Users must click Edit on the Web Part, select Modify Web Part, and then select the zone from the Layout section of the Web Part properties page. Web Parts can be moved using drag and drop on Pages.
Edit in Microsoft Office application	Requires an ActiveX control, such as the one that is delivered in SharePoint Foundation 2010, and a Firefox control adaptor. For more information about Microsoft Office 2010 Firefox Plug-in, see FFWinPlugin Plug-in (http://go.microsoft.com/fwlink/?LinkId=199867). If you install and configure the Office Web Applications on the server, the Edit functionality works and you can modify Office documents in your browser. This functionality only works with Microsoft Office 2010 or an equivalent product together with a Firefox plug-in.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views, and these may not work. Explorer view requires Internet Explorer.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. If Microsoft Excel is not installed, and if no other application is configured to open this file, then this feature will not work.
File upload and copy	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Microsoft InfoPath 2010 integration	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Microsoft PowerPoint 2010 Picture Library integration	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. The user can use the following workarounds when no control has been installed: If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx. If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library. If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires an ActiveX control, such as the one delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
New Document	Requires an ActiveX control, such as the one delivered in Microsoft Office 2010, and a Firefox control adaptor. For more information about Microsoft Office 2010 Firefox Plug-in, see FFWinPlugin Plug-in (http://go.microsoft.com/fwlink/?LinkId=199867). Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Rich Text Editor – Basic Toolbar	A user can update the Rich Text Editor basic toolbar to a Full Rich Text Editor that includes the ribbon by changing the field’s properties, as follows: On the FldEdit.aspx, in the List Settings menu, select Specific Field Settings. Next, under Columns, click Description. In the Additional Columns Settings section, under Specify the type of text to allow, select Enhanced rich text (Rich text with pictures, tables, and hyperlinks).
Send To	Can leverage an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires an ActiveX control, such as the one that is delivered in Microsoft Office 2010, and a Firefox control adaptor. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Spreadsheet and Database integration	Require ActiveX controls, such as those that are delivered in Microsoft Office 2010, and Firefox control adaptors. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. The user can use the following workarounds when no control has been installed: If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server. In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu. Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

Mozilla FireFox 3.6 (on non-Windows operating systems)

Mozilla FireFox 3.6 is supported on the following operating systems:

Mac OSX
UNIX/Linux

Known limitations

The following table lists features and their known limitations in Mozilla FireFox 3.6 (on non-Windows operating systems).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires an ActiveX control that is not supported on this platform. Microsoft Office 2010 does not provide a Firefox control adaptor for this control.
Drag and Drop Web Parts	Cannot be moved by using drag and drop on Web Part pages. Users must click Edit on the Web Part, select Modify Web Part, and then select the zone from the Layout section of the Web Part properties page. Web Parts can be moved using drag and drop on Pages.
Edit in Microsoft Office application	Requires an ActiveX control that is not supported on this platform. If you install and configure the Office Web Applications on the server, the Edit functionality works and you can modify Office documents in your browser.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views, and these may not work. Explorer view requires Internet Explorer.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. Requires an application that is configured to open this file.
File upload and copy	Requires an ActiveX control that is not support on this platform.
Microsoft InfoPath 2010 integration	Requires an ActiveX control that is not support on this platform.
Microsoft PowerPoint 2010 Picture Library integration	Requires an ActiveX control that is not supported on this platform. Microsoft Office 2010 does not provide a Firefox control adaptor for this control. The user can use the following workarounds when no control has been installed: If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx. If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library. If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires an ActiveX control that is not supported on this platform.
New Document	Requires an ActiveX control that is not supported on this platform. Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Rich Text Editor – Basic Toolbar	A user can update the Rich Text Editor basic toolbar to a Full Rich Text Editor that includes the ribbon by changing the field’s properties, as follows: On the FldEdit.aspx, in the List Settings menu, select Specific Field Settings. Next, under Columns, click Description. In the Additional Columns Settings section, under Specify the type of text to allow, select Enhanced rich text (Rich text with pictures, tables, and hyperlinks).
Send To	Can leverage an ActiveX control that is not supported on this platform. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires an ActiveX control that is not supported on this platform.
Spreadsheet and Database integration	Require ActiveX controls that is not supported on this platform. The user can use the following workarounds when no control has been installed: If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server. In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu. Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

Note:

FireFox browsers on UNIX/Linux systems may not work with the Web Part menu.

Note:

Safari 4.04 (on non-Windows operating systems)

Safari 4.0.4 is supported on the following operating systems:

Mac OSX (Version 10.6, Snow Leopard)

Known limitations

The following table lists features and their known limitations in Safari 4.04 (on non-Windows operating systems).

Feature	Limitation
Connect to Outlook, Connect to Office, and Sync to SharePoint Workspace	Requires an application that is compatible with the stssync:// protocol, such as Microsoft Outlook.
Datasheet view	Requires an ActiveX control that is not supported on this platform.
Drag and Drop Web Parts	Cannot be moved by using drag and drop on Web Part pages. Users must click Edit on the Web Part, select Modify Web Part, and then select the zone from the Layout section of the Web Part properties page. Web Parts can be moved using drag and drop on Pages.
Edit in Microsoft Office application	Requires an ActiveX control that is not supported on this platform. If you install and configure the Office Web Applications on the server, the Edit functionality works and you can modify Office documents in your browser.
Explorer view	Removed in SharePoint Foundation 2010. Libraries that have been upgraded from earlier versions of SharePoint Foundation 2010 may still have Explorer views. Explorer view requires Internet Explorer.
Export to Excel	Downloads a file with an .iqy extension to the Web browser. Requires an application that is configured to open this file.
File upload and copy	Requires an ActiveX control that is not supported on this platform.
Microsoft InfoPath 2010 integration	Requires an ActiveX control that is not supported on this platform.
Microsoft PowerPoint 2010 Picture Library integration	Requires an ActiveX control that is not supported on this platform. The user can use the following workarounds when no control has been installed: If a user wants to upload multiple pictures in a picture library, the user must upload one picture at a time by using Upload.aspx. If a user wants to edit a picture in a picture library, the user must download the picture, edit it, and then upload the picture to the picture library. If a user wants to download more than one picture from a picture library, the user must download one picture at a time by clicking on the picture link.
Microsoft Visio 2010 diagram creation	Requires an ActiveX control that is not supported on this platform.
New Document	Requires an ActiveX control that is not supported on this platform. Although the New Document command may not work, you can use the Upload Document functionality. If you install and configure Office Web Applications on the server, the New Document command works, and you can create an Office document in your browser.
Rich Text Editor – Basic Toolbar	A user can update the Rich Text Editor basic toolbar to a Full Rich Text Editor that includes the ribbon by changing the field’s properties, as follows: On the FldEdit.aspx, in the List Settings menu, select Specific Field Settings. Next, under Columns, click Description. In the Additional Columns Settings section, under Specify the type of text to allow, select Enhanced rich text (Rich text with pictures, tables, and hyperlinks).
Send To	Can leverage an ActiveX control that is not supported on this platform. Without the control, files cannot be sent from one SharePoint farm to another SharePoint farm. However, files can still be sent from one site to another site.
Signing Forms (InfoPath Form Services)	Requires an ActiveX control that is not supported on this platform.
Spreadsheet and Database integration	Require ActiveX controls that are not supported on this platform. The user can use the following workarounds when no control has been installed: If a user wants to edit a document, the user must download the document, edit it, and then save it back to the server. In a list that requires a document to be checked out for editing, a user must use the Edit menu to check out the document, edit it, and then check it in by using the Edit menu. Export to spreadsheet. Users can export a SharePoint list as a spreadsheet by clicking Export to Spreadsheet on the List tab on the ribbon.
Web Part to Web Part Connections	May require deactivation of browsers pop-up blockers for SharePoint sites.

ActiveX controls

Some of the features in SharePoint Foundation 2010 use ActiveX controls. In secure environments, these controls must be able to work on the client computer before their features will function. Some ActiveX controls, such as those included in Microsoft Office 2010, does not work with 64-bit browser versions. For Microsoft Office 2010 (64-bit), only the following control works with 64-bit browsers:
- name.dll – Presence information
Deploy a single server with SQL Server (SharePoint Foundation 2010)

Updated: June 10, 2010

This article describes how to perform a clean installation of Microsoft SharePoint Foundation 2010 on a single server farm.

In this article:

Overview

When you install SharePoint Foundation 2010 on a single server farm, you can configure SharePoint Foundation 2010 to meet your specific needs. After Setup and the SharePoint Products Configuration Wizard have been completed, you will have installed binaries, configured security permissions, registry settings, the configuration database, and the content database, and installed the SharePoint Central Administration Web site.

Next, you can choose to run the Farm Configuration Wizard to configure the farm, select the services that you want to use in the farm, and create the first site collection, or you can manually perform the farm configuration at your own pace.

A single server farm typically consists of one server that runs both Microsoft SQL Server and SharePoint Foundation 2010. You can deploy SharePoint Foundation 2010 in a single server farm environment if you are hosting only a few sites for a limited number of users. This configuration is also useful if you want to configure a farm to meet your needs first, and then add servers to the farm at a later stage.

Note:

This guide does not explain how to install SharePoint Foundation 2010 in a multiple server farm environment or how to upgrade from previous releases of SharePoint Foundation. For more information, see Multiple servers for a three tier farm (SharePoint Foundation 2010) (http://technet.microsoft.com/library/246fb1c9-660e-40b5-860b-7d681f04505a(Office.14).aspx). For more information about upgrade, see Upgrading to SharePoint Foundation 2010 (http://technet.microsoft.com/library/91046a84-57a1-40cb-a32c-ff3395073dc9(Office.14).aspx).

Before you begin

Before you begin deployment, do the following:
- Ensure that you are familiar with the operating-system guidelines described in Performance Tuning Guidelines for Windows Server 2008 (http://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv.mspx) and Performance Tuning Guidelines for Windows Server 2008 R2 (http://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv-R2.mspx).
- Ensure that you have met all hardware and software requirements. For more information, see Hardware and software requirements (SharePoint Foundation 2010).
- Ensure that you perform a clean installation of SharePoint Foundation 2010. You cannot install the RTM version of SharePoint Foundation 2010 without first removing the beta version of SharePoint Foundation 2010.
- Ensure that you are prepared to set up the required accounts with appropriate permissions, as described in Administrative and service accounts required for initial deployment (SharePoint Foundation 2010) (http://technet.microsoft.com/library/b1aee1ea-45f6-4e05-ad93-9086f6ad7e79(Office.14).aspx).
Note:

As a security best practice, we recommend that you install SharePoint Foundation 2010 by using least-privilege administration.
- Ensure that you have decided which services to use for your Web application, as described in Configure services (SharePoint Foundation 2010) (http://technet.microsoft.com/library/88da9bdb-b7c2-4174-997b-d767b9b9c9ea(Office.14).aspx).
Install SharePoint Foundation 2010

To install and configure SharePoint Foundation 2010, follow these steps:

Run the Microsoft SharePoint Products Preparation Tool, which installs all required prerequisites to use SharePoint Foundation 2010.
Run Setup, which installs binaries, configures security permissions, and sets registry settings for Microsoft SharePoint Foundation.
Run SharePoint Products Configuration Wizard, which installs and configures the configuration database, the content database, and installs the SharePoint Central Administration Web site.
Configure browser settings.
Run the Farm Configuration Wizard, which configures the farm, creates the first site collection, and selects the services that you want to use in the farm.
Perform post-installation steps.

Important:

To complete the following procedures, you must be a member of the Administrators group on the local computer.

Run the Microsoft SharePoint Products Preparation Tool

Use the following procedure to install software prerequisites for SharePoint Foundation 2010.

To run the Microsoft SharePoint Products Preparation Tool

Insert your SharePoint Foundation 2010 installation disc.
On the SharePoint Foundation 2010 Start page, click Install software prerequisites.

Note:

Because the preparation tool downloads components from the Microsoft Download Center, you must have Internet access on the computer on which you are installing Microsoft SharePoint Foundation.

On the Welcome to the Microsoft SharePoint Products Preparation Tool page, click Next.
On the License Terms for software product page, review the terms, select the I accept the terms of the License Agreement(s) check box, and then click Next.
On the Installation Complete page, click Finish.

Run Setup

The following procedure installs binaries, configures security permissions, and sets registry settings for SharePoint Foundation 2010.

To run Setup

On the SharePoint Foundation 2010 Start page, click Install SharePoint Foundation.
On the Read the Microsoft Software License Terms page, review the terms, select the I accept the terms of this agreement check box, and then click Continue.
On the Choose the installation you want page, click Server farm.
On the Server Type tab, click Complete.
Optional: To install SharePoint Foundation 2010 at a custom location, click the Data Location tab, and then either type the location or click Browse to find the location.
Click Install Now.
When Setup finishes, click Close.

Note:

If Setup fails, check the TEMP folder of the user who ran Setup. Ensure that you are logged in as the user who ran Setup, and then type %temp% in the location bar in Windows Explorer. If the path %temp% resolves to a location that ends in a “1” or “2”, you will need to navigate up one level to view the log files. The log file name is Microsoft SharePoint Foundation 2010 Setup (<timestamp>).

Tip:

To access the SharePoint Products Configuration Wizard, click Start, point to All Programs, and then click Microsoft SharePoint 2010 Products. If the User Account Control dialog box appears, click Continue.

Run the SharePoint Products Configuration Wizard

The following procedure installs and configures the configuration database, the content database, and installs the SharePoint Central Administration Web site.

To run the SharePoint Products Configuration Wizard

On the Welcome to SharePoint Products page, click Next.
In the dialog box that notifies you that some services might need to be restarted during configuration, click Yes.
On the Connect to a server farm page, click Create a new server farm, and then click Next.
On the Specify Configuration Database Settings page, do the following:
1. In the Database server box, type the name of the computer that is running SQL Server.
2. In the Database name box, type a name for your configuration database, or use the default database name. The default name is SharePoint_Config.
3. In the Username box, type the user name of the server farm account. Ensure that you type the user name in the format DOMAIN\user name.

Important:

The server farm account is used to create and access your configuration database. It also acts as the application pool identity account for the SharePoint Central Administration application pool, and it is the account under which the Microsoft SharePoint Foundation Workflow Timer service runs. The SharePoint Products Configuration Wizard adds this account to the SQL Server Login accounts, the SQL Server dbcreator server role, and the SQL Server securityadmin server role. The user account that you specify as the service account must be a domain user account, but it does not need to be a member of any specific security group on your front-end Web servers or your database servers. We recommend that you follow the principle of least privilege and specify a user account that is not a member of the Administrators group on your front-end Web servers or your database servers.

In the Password box, type the user password.

Click Next.
On the Specify Farm Security Settings page, type a passphrase, and then click Next.

Ensure that the passphrase meets the following criteria:

Contains at least eight characters
Contains at least three of the following four character groups:
- English uppercase characters (from A through Z)
- English lowercase characters (from a through z)
- Numerals (from 0 through 9)
- Nonalphabetic characters (such as !, $, #, %)

Note:

Although a passphrase is similar to a password, it is usually longer to enhance security. It is used to encrypt credentials of accounts that are registered in Microsoft SharePoint Foundation; for example, the Microsoft SharePoint Foundation system account that you provide when you run the SharePoint Products Configuration Wizard. Ensure that you remember the passphrase, because you must use it each time you add a server to the farm.

On the Configure SharePoint Central Administration Web Application page, do the following:
1. Either select the Specify port number check box and type the port number you want the SharePoint Central Administration Web application to use, or leave the Specify port number check box cleared if you want to use the default port number.
2. Click either NTLM or Negotiate (Kerberos).
Click Next.
On the Completing the SharePoint Products Configuration Wizard page, review your configuration settings to verify that they are correct, and then click Next.

Note:

If you want to automatically create unique accounts for users in Active Directory Domain Services (AD DS), click Advanced Settings, and enable Active Directory account creation.

On the Configuration Successful page, click Finish.

Note:

If the SharePoint Products Configuration Wizard fails, check the PSCDiagnostics log files, which are located on the drive on which SharePoint Foundation is installed, in the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\14\LOGS folder.

Note:

If you are prompted for your user name and password, you might need to add the SharePoint Central Administration Web site to the list of trusted sites and configure user authentication settings in Internet Explorer. You might also want to disable the Internet Explorer Enhanced Security settings. Instructions for how to configure or disable these settings are provided in the following section.

Note:

If you see a proxy server error message, you might need to configure your proxy server settings so that local addresses bypass the proxy server. Instructions for configuring proxy server settings are provided later in the following section.

Configure browser settings

After you run the SharePoint Products Configuration Wizard, you should ensure that SharePoint Foundation 2010 works properly for local administrators in your environment by configuring additional settings in Internet Explorer.

Note:

If local administrators are not using Internet Explorer, you might need to configure additional settings. For information about supported browsers, see Plan browser support (SharePoint Foundation 2010).

If you are prompted for your user name and password, perform the following procedures:

Add the SharePoint Central Administration Web site to the list of trusted sites
Disable Internet Explorer Enhanced Security settings

If you receive a proxy server error message, perform the following procedure:

Configure proxy server settings to bypass the proxy server for local addresses

For more information, see Getting Started with IEAK 8 (http://go.microsoft.com/fwlink/?LinkId=151359&clcid=0x409).

To add the SharePoint Central Administration Web site to the list of trusted sites

In Internet Explorer, on the Tools menu, click Internet Options.
On the Security tab, in the Select a zone to view or change security settings area, click Trusted Sites, and then click Sites.
Clear the Require server verification (https:) for all sites in this zone check box.
In the Add this Web site to the zone box, type the URL to your site, and then click Add.
Click Close to close the Trusted Sites dialog box.
Click OK to close the Internet Options dialog box.

To disable Internet Explorer Enhanced Security settings

Click Start, point to All Programs, point to Administrative Tools, and then click Server Manager.
In Server Manager, select the root of Server Manager.
In the Security Information section, click Configure IE ESC.

The Internet Explorer Enhanced Security Configuration dialog box opens.
In the Administrators section, click Off to disable the Internet Explorer Enhanced Security settings, and then click OK.

To configure proxy server settings to bypass the proxy server for local addresses

In Internet Explorer, on the Tools menu, click Internet Options.
On the Connections tab, in the Local Area Network (LAN) settings area, click LAN Settings.
In the Automatic configuration area, clear the Automatically detect settings check box.
In the Proxy Server area, select the Use a proxy server for your LAN check box.
Type the address of the proxy server in the Address box.
Type the port number of the proxy server in the Port box.
Select the Bypass proxy server for local addresses check box.
Click OK to close the Local Area Network (LAN) Settings dialog box.
Click OK to close the Internet Options dialog box.

Run the Farm Configuration Wizard

You have now completed Setup and the initial configuration of SharePoint Foundation 2010. You have created the SharePoint Central Administration Web site.

You can now create your farm and sites, and you can select services by using the Farm Configuration Wizard.

To run the Farm Configuration Wizard

On the SharePoint Central Administration Web site, on the Configuration Wizards page, click Launch the Farm Configuration Wizard.
On the Help Make SharePoint Better page, click one of the following options, and then click OK:

Yes, I am willing to participate (Recommended.)
No, I don’t want to participate.

On the Configure your SharePoint farm page, click Walk me through the settings using this wizard, and then click Next.
In the Service Account section, click a service account that you want to use to configure your services.

Note:

For security reasons, we recommend that you use a different account from the farm administrator account to configure services in the farm.

If you decide to use an existing managed account — that is, an account that SharePoint Foundation is aware of — ensure that you click that option before you continue.

Select the services that you want to use in the farm, and then click Next.

Note:

For more information, see Configure services (SharePoint Foundation 2010) (http://technet.microsoft.com/library/88da9bdb-b7c2-4174-997b-d767b9b9c9ea(Office.14).aspx). If you are using Microsoft Office Web Apps, see Office Web Apps (Installed on SharePoint 2010 Products) (http://technet.microsoft.com/library/8a58e6c2-9a0e-4355-ae41-4df25e5e6eee(Office.14).aspx).

On the Create Site Collection page, do the following:
1. In the Title and Description section, in the Title box, type the name of your new site.
2. Optional: In the Description box, type a description of what the site contains.
3. In the Web Site Address section, select a URL path for the site.
4. In the Template Selection section, in the Select a template list, select the template that you want to use for the top-level site in the site collection.

Note:

To view a template or a description of a template, click any template in the Select a template list.

Click OK.
On the Configure your SharePoint farm page, review the summary of the farm configuration, and then click Finish.

Post-installation steps

After you install and configure SharePoint Foundation 2010, your browser window opens to the Central Administration Web site of your new SharePoint site. Although you can start adding content to the site or customizing the site,

we recommend that you first perform the following administrative tasks by using the SharePoint Central Administration Web site.
- Configure usage and health data collection You can configure usage and health data collection in your server farm. The system writes usage and health data to the logging folder and to the logging database.
  
  For more information, see Configure usage and health data collection (SharePoint Foundation 2010) (http://technet.microsoft.com/library/5c97fd40-008a-4fbc-8b3a-98244d8f0016(Office.14).aspx).
- Configure diagnostic logging You can configure diagnostic logging that might be required after initial deployment or upgrade. The default settings are sufficient for most situations, but depending upon the business needs and lifecycle of the farm, you might want to change these settings.
  
  For more information, see Configure diagnostic logging (SharePoint Foundation 2010) (http://technet.microsoft.com/library/a5641210-8224-4e11-9d93-4f96fa4c327c(Office.14).aspx).
- Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-mail discussions as they happen, save e-mailed documents, and show e-mailed meetings on site calendars. In addition, you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and management.
  
  For more information, see Configure incoming e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d06(Office.14).aspx).
- Configure outgoing e-mail You can configure outgoing e-mail so that your Simple Mail Transfer Protocol (SMTP) server sends e-mail alerts to site users and notifications to site administrators. You can configure both the “From” e-mail address and the “Reply” e-mail address that appear in outgoing alerts.
  
  For more information, see Configure outgoing e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/ebb924d4-b9a2-4e40-bcb3-0ee582cc5a21(Office.14).aspx).
- Configure a mobile account You can configure a mobile account so that SharePoint sends text message (SMS) alerts to your, or site users’, mobile phones. For more information, see Configure a mobile account (SharePoint Foundation 2010) (http://technet.microsoft.com/library/36d537dc-2726-4594-a6e6-f7b2c035179f(Office.14).aspx).
- Install and configure Remote BLOB Storage You can install and configure Remote BLOB Storage (RBS) for an instance of SQL Server 2008 that supports a SharePoint farm.
  
  For more information, see Install and configure Remote BLOB Storage (SharePoint Foundation 2010) (http://technet.microsoft.com/library/6348e3a7-e2f4-4321-b145-da42269883aa(Office.14).aspx).
  
  ***BEGIN MOSS ONLY***
Deploy a single server with a built-in database (SharePoint Foundation 2010)

Published: May 12, 2010

This article describes how to perform a clean installation of Microsoft SharePoint Foundation 2010 on a single server with a built-in database.

In this article:

Overview

You can quickly publish a SharePoint site by deploying SharePoint Foundation 2010 on a single server with a built-in database. This configuration is useful if you want to evaluate SharePoint Foundation 2010 features and capabilities, such as collaboration, document management, and search. This configuration is also useful if you are deploying a small number of Web sites and you want to minimize administrative overhead. When you deploy SharePoint Foundation 2010 on a single server with a built-in database by using the default settings, Setup installs Microsoft SQL Server 2008 Express and the SharePoint product, and then the SharePoint Products Configuration Wizard creates the configuration database and content database for your SharePoint sites. Additionally, the SharePoint Products Configuration Wizard installs the SharePoint Central Administration Web site and creates your first SharePoint site collection.

Note:

This article does not describe how to install SharePoint Foundation 2010 in a farm environment, or how to upgrade from previous releases of SharePoint Foundation. For more information about installing SharePoint Foundation 2010 on a single server farm, see Deploy a single server with SQL Server (SharePoint Foundation 2010). For more information about installing SharePoint Foundation 2010 on a multiple server farm, see Multiple servers for a three tier farm (SharePoint Foundation 2010) (http://technet.microsoft.com/library/246fb1c9-660e-40b5-860b-7d681f04505a(Office.14).aspx). For more information about upgrade, see Upgrading to SharePoint Foundation 2010 (http://technet.microsoft.com/library/91046a84-57a1-40cb-a32c-ff3395073dc9(Office.14).aspx).

Consider the following restrictions of this method of installation:

You cannot install the single server with built-in database version of SharePoint Foundation on a domain controller.
A SQL Server 2008 Express database cannot be larger than 4 GB.

Before you begin

Before you begin deployment, ensure that you have met all hardware and software requirements. For more information, see Hardware and software requirements (SharePoint Foundation 2010). Also, ensure that you perform a clean installation of SharePoint Foundation 2010. You cannot install the RTM version of SharePoint Foundation 2010 without first removing the beta version of SharePoint Foundation 2010
Install SharePoint Foundation 2010

To install and configure SharePoint Foundation 2010, follow these steps:

Run the Microsoft SharePoint Products Preparation Tool, which installs all prerequisites to use SharePoint Foundation 2010.
Run Setup, which installs SQL Server 2008 Express and the SharePoint product.
Run SharePoint Products Configuration Wizard, which installs the SharePoint Central Administration Web site and creates your first SharePoint site collection.
Configure browser settings.
Perform post-installation steps.

Important:

To complete the following procedures, you must be a member of the Administrators group on the local computer.

Run the Microsoft SharePoint Products Preparation Tool

Use the following procedure to install software prerequisites for SharePoint Foundation 2010.

To run the Microsoft SharePoint Products Preparation Tool

Insert your SharePoint Foundation 2010 installation disc.
On the SharePoint Foundation 2010 Start page, click Install software prerequisites.

Note:

Because the preparation tool downloads components from the Microsoft Download Center, you must have Internet access on the computer on which you are installing SharePoint Foundation.

On the Welcome to the Microsoft SharePoint Products Preparation Tool page, click Next.
On the Installation Complete page, click Finish.

Run Setup

The following procedure installs SQL Server 2008 Express and the SharePoint product. At the end of Setup, you can choose to start the SharePoint Products Configuration Wizard, which is described later in this section.

To run Setup

On the SharePoint Foundation 2010 Start page, click Install SharePoint Foundation.
On the Read the Microsoft Software License Terms page, review the terms, select the I accept the terms of this agreement check box, and then click Continue.
On the Choose the installation you want page, click Standalone.
When Setup finishes, a dialog box prompts you to complete the configuration of your server. Ensure that the Run the SharePoint Products Configuration Wizard now check box is selected.
Click Close to start the configuration wizard.

Note:

Tip:

Run the SharePoint Products Configuration Wizard

The following procedure installs and configures the configuration database, the content database, and installs the SharePoint Central Administration Web site. It also creates your first SharePoint site collection.

To run the SharePoint Products Configuration Wizard

On the Welcome to SharePoint Products page, click Next.
In the dialog box that notifies you that some services might need to be restarted during configuration, click Yes.
On the Configuration Successful page, click Finish.

Note:

Configure browser settings

After you run the SharePoint Products Configuration Wizard, you should ensure that SharePoint Foundation works properly for local administrators in your environment by configuring additional settings in Internet Explorer.

Note:

If you are prompted for your user name and password, perform the following procedures:

Add the SharePoint Central Administration Web site to the list of trusted sites
Disable Internet Explorer Enhanced Security settings

If you receive a proxy server error message, perform the following procedure:

Configure proxy server settings to bypass the proxy server for local addresses

For more information, see Getting Started with IEAK 8 (http://go.microsoft.com/fwlink/?LinkId=151359&clcid=0x409).

To add the SharePoint Central Administration Web site to the list of trusted sites

In Internet Explorer, on the Tools menu, click Internet Options.
On the Security tab, in the Select a zone to view or change security settings area, click Trusted Sites, and then click Sites.
Clear the Require server verification (https:) for all sites in this zone check box.
In the Add this Web site to the zone box, type the URL to your site, and then click Add.
Click Close to close the Trusted Sites dialog box.
Click OK to close the Internet Options dialog box.

If you are using a proxy server in your organization, use the following steps to configure Internet Explorer to bypass the proxy server for local addresses.

To disable Internet Explorer Enhanced Security settings

Click Start, point to All Programs, point to Administrative Tools, and then click Server Manager.
In Server Manager, select the root of Server Manager.
In the Security Information section, click Configure IE ESC.

The Internet Explorer Enhanced Security Configuration dialog box opens.
In the Administrators section, click Off to disable the Internet Explorer Enhanced Security settings, and then click OK.

To configure proxy server settings to bypass the proxy server for local addresses

In Internet Explorer, on the Tools menu, click Internet Options.
On the Connections tab, in the Local Area Network (LAN) settings area, click LAN Settings.
In the Automatic configuration area, clear the Automatically detect settings check box.
In the Proxy Server area, select the Use a proxy server for your LAN check box.
Type the address of the proxy server in the Address box.
Type the port number of the proxy server in the Port box.
Select the Bypass proxy server for local addresses check box.
Click OK to close the Local Area Network (LAN) Settings dialog box.
Click OK to close the Internet Options dialog box.

Post-installation steps

After you install SharePoint Foundation 2010, your browser window opens to the Central Administration Web site of your new SharePoint site. Although you can start adding content to the site or you can start customizing the site,

we recommend that you first perform the following administrative tasks by using the SharePoint Central Administration Web site:
- Configure usage and health data collection You can configure usage and health data collection in your server farm. The system writes usage and health data to the logging folder and to the logging database.
  
  For more information, see Configure usage and health data collection (SharePoint Foundation 2010) (http://technet.microsoft.com/library/5c97fd40-008a-4fbc-8b3a-98244d8f0016(Office.14).aspx).
- Configure diagnostic logging You can configure diagnostic logging that might be required after initial deployment or upgrade. The default settings are sufficient for most situations, but depending upon the business needs and lifecycle of the farm, you might want to change these settings. For more information, see Configure diagnostic logging (SharePoint Foundation 2010) (http://technet.microsoft.com/library/a5641210-8224-4e11-9d93-4f96fa4c327c(Office.14).aspx).
- Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-mail discussions as they happen, save e-mailed documents, and show e-mailed meetings on site calendars. In addition, you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and management. For more information, see Configure incoming e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/445dd72e-a63b-46d0-b92d-bcf0aa9d8d06(Office.14).aspx).
- Configure outgoing e-mail You can configure outgoing e-mail so that your Simple Mail Transfer Protocol (SMTP) server sends e-mail alerts to site users and notifications to site administrators. You can configure both the “From” e-mail address and the “Reply” e-mail address that appear in outgoing alerts. For more information, see Configure outgoing e-mail (SharePoint Foundation 2010) (http://technet.microsoft.com/library/ebb924d4-b9a2-4e40-bcb3-0ee582cc5a21(Office.14).aspx).
- Configure a mobile account You can configure a mobile account so that SharePoint sends text message (SMS) alerts to your, or site users’, mobile phones. For more information, see Configure a mobile account (SharePoint Foundation 2010) (http://technet.microsoft.com/library/36d537dc-2726-4594-a6e6-f7b2c035179f(Office.14).aspx).
- Install and configure Remote BLOB Storage You can install and configure Remote BLOB Storage (RBS) for an instance of SQL Server 2008 that supports a SharePoint server farm. For more information, see Install and configure Remote BLOB Storage (SharePoint Foundation 2010) (http://technet.microsoft.com/library/6348e3a7-e2f4-4321-b145-da42269883aa(Office.14).aspx).
Configure Windows Server Backup

If you want to use Windows Server Backup with SharePoint Foundation 2010, you must register the SharePoint 2010 VSS Writer with Windows Server Backup by running the stsadm -o registerwsswriter command. For more information, see Registerwsswriter: Stsadm operation (Windows SharePoint Services) (http://technet.microsoft.com/en-us/library/cc287616.aspx).

Roadmap to SharePoint Foundation 2010 content

Published: May 12, 2010

This article describes the content available for IT professionals to assist you when you are planning, deploying, administering, and troubleshooting SharePoint Foundation 2010.

For SharePoint Foundation 2010 developer content, see the SharePoint Developer Center (http://go.microsoft.com/fwlink/?LinkId=159918).

Content resources

The SharePoint Foundation 2010 TechCenter (http://go.microsoft.com/fwlink/?LinkId=188950) is your primary gateway to in-depth technical information about SharePoint Foundation 2010. Through the TechCenter, you can access the following:
- SharePoint Foundation 2010 Resource Centers (http://go.microsoft.com/fwlink/?LinkId=188951) Resource centers provide specific links to more information specific to a particular feature of SharePoint Foundation 2010. You can find resource centers for features such as installation and deployment, Business Connectivity Services, enterprise content management, and enterprise search, to name a few.
- SharePoint Foundation 2010 Downloads (http://go.microsoft.com/fwlink/?LinkId=188952) Go to this page to download service packs, add-ins, tools, and trial software to help you optimize your SharePoint Foundation organization.
- SharePoint Foundation 2010 library (http://technet.microsoft.com/library/7019bcb6-43fe-455b-889d-b845cb43286f(Office.14).aspx) The library contains the most up-to-date IT pro content. This content is reviewed and approved by the SharePoint Foundation product team and will evolve over the life cycle of SharePoint Foundation 2010. Also make sure that you check out Newly published content for SharePoint Foundation 2010 (http://technet.microsoft.com/library/8a9690e4-6917-4aab-82ce-cdbe989a2053(Office.14).aspx) in the library. This article contains a list of new or updated library content and is also available as an RSS feed. (http://go.microsoft.com/fwlink/?LinkId=188953). It is updated whenever a new article is published or an existing article is updated.
- SharePoint Foundation 2010 support (http://go.microsoft.com/fwlink/?LinkId=188954) Locate support and troubleshooting resources for SharePoint Foundation. You can search the Microsoft Knowledge Base, TechNet, or blogs for additional help.
Offline resources

If you are working offline and need access to library articles, the following option is available to you:
- SharePoint Foundation 2010 Beta Technical Library in Compiled Help format (http://go.microsoft.com/fwlink/?LinkId=188955) This downloadable .chm file is updated monthly and includes all articles published to the library as of the .chm file’s release date.
Additional resources

The following visual resources supplement the library articles and can assist you when you plan your projects:
- Technical diagrams (SharePoint Foundation 2010) (http://technet.microsoft.com/library/99462701-d16a-4477-af4e-36c8f5083dbf(Office.14).aspx) These poster-size models provide a visual representation of recommended solutions and correspond to various articles in the library. You can modify these models by using Microsoft Office Visio 2007 to reflect your plans for SharePoint Foundation and how it will fit into your own environment.
Community resources

You can use the community resources to learn more about SharePoint Foundation 2010 and to foster discussion, ask questions, and exchange ideas about your experiences with SharePoint Foundation 2010:
- Microsoft SharePoint Team Blog (http://go.microsoft.com/fwlink/?LinkID=82560) This is the official blog of the SharePoint product group. It includes articles written by members of the product team, and product announcements and updates.
- To The SharePoint (http://go.microsoft.com/fwlink/?LinkId=188956) This is the IT pro documentation team blog. This blog includes documentation highlights and announcements for SharePoint Foundation 2010.
- SharePoint 2010 forums (http://go.microsoft.com/fwlink/?LinkId=188957) The forum provides a place for users and SharePoint Foundation product team members to discuss the product.

Windows IT Pro Best Practices for Protecting Your Windows Server 2012 and Hyper-V Based Infrastructures

Posted on 17 Dec 2012 by escapebusinesssolutions in Uncategorized

Windows IT Pro

Best Practices for

Protecting Your Windows

Server 2012 and Hyper-V

Based Infrastructures
sponsored by

Tech Advisor • Symantec | p. 2

Many administrators remember the challenges of architecting a
backup solution for their datacenter, ensuring all the right data
was protected and finding solutions to files that were open
during backup processes. The Virtual Shadow Copy Service (VSS)
completely changed how Windows operating systems were
backed up. Application vendors can now create components
(VSS writers) that the VSS backup framework could call, allowing
an application to flush all transactions and data to disk, thus
ensuring a backup that would be usable in a restore scenario by
having all application data on disk in a consistent state.

Looking at a datacenter today and that of 10 years ago demonstrates
the shift in how IT datacenters are architected. Organizations
have moved from one operating system per server to many
operating systems per server, which is achieved through server
virtualization. Windows Server 2012 provides many new features,
including a new version of Hyper-V. The new hypervisor has seen
large increases in its scalability, allowing for virtual machines
with 64 virtual processors, a terabyte of memory, and virtual hard
disks that are 64 terabytes in size. Additional new features include
virtual fibre channel, SMB 3.0 support allowing virtual machines
to be stored on SMB file shares, and shared nothing live migration
that allow virtual machines to be migrated between hosts that
are not clustered or that share storage with no downtime. The
new scalability and functionality means systems that were previously
not virtualized due to limitations in virtualization are now
capable of being virtualized. The percentage of virtual operating
systems will increase and very large, critical systems will now be
virtualized, making the backup of the virtualization environment
even more important.

The adoption of virtualization adds a new dimension to your organization’s
backup plans and this paper will walk through some
key considerations when hosting services on Windows Server
2012 Hyper-V.

The importance of backups, even in a
virtual environment

Virtualization offers a number of very useful features related to
the state of a virtual machine that can sometimes seem to reduce
the need for backups; however, this is not the case. Likewise
many services offer replication capabilities that are also not
replacements for solid backup processes.

Snapshots are a common feature of virtualization platforms,
including Hyper-V, that allow a point-in-time view of a virtual
machine to be taken. If a virtual machine is running when a
snapshot is taken its current storage content is saved and its
memory and device state is stored. While snapshots provide a
point-in-time copy of a virtual machine the operating system
within the virtual machine is unaware that a snapshot has been
taken, which means data on disk may not be in a consistent state
because the VSS backup framework is not utilized. Additionally,
when a snapshot is applied to a virtual machine it restores a virtual
machine to that point in time and the OS has no knowledge
that its state has been changed back in time. This may cause serious
problem for certain types of service and can cause security
and data problems. Typically, snapshots should be avoided in any
production environment; they are best utilized in development
environments where it can be very useful as part of testing or
troubleshooting to be able to revert an operating system to a
known state repeatedly.

Hyper-V also provides a feature called Hyper-V Replica, which is
an asynchronous replication of storage changes of enabled virtual
machines every five minutes to an alternate Hyper-V server in
a separate location. The goal of this feature is to provide disaster
recovery capability for organizations using inbox capabilities
without the need for separate storage replication technologies.
The typical Hyper-V Replica operation works by sending the content
of the Hyper-V Replica log file, which contains the changes
to the storage over the previous five minutes, to the alternate
Hyper-V server, which then merges the changes into its copy of
the virtual hard disks. Like a snapshot, Hyper-V Replica is not typically
notifying the operating system of the storage replication,
making the data on disk possibly inconsistent. Hyper-V Replica
does offer the capability to initiate a VSS request to the virtual
machine periodically, which forces data to be flushed to disk,
making that specific Hyper-V Replica application data consistent.
However, this feature is in no way designed to be a backup solution
and requires a completely separate Hyper-V server for the
continuous receiving of five-minute storage deltas.

Both snapshots and Hyper-V Replica only work with virtual hard
disks, which means if applications are storing data using pass-
through storage or on storage accessed via iSCSI or virtual fibre
channel, then the data is not backed up. Even more importantly

both snapshots and Hyper-V Replica are only aware at the operating
system level rather than understanding specific applications
and data groups within the virtual machine, which would
severely limit the granularity of restoration.

Where to perform backups

Traditionally, a backup is performed via a backup agent running
on the operating system being backed up. The backup agent
communicates to a central backup service, sending the data to
be protected. For operating systems that are virtualized this approach
can still be used; however, there is another option.

For Hyper-V supported guest operating systems (Windows Server
2003 and above), integration services are provided that enhance
the functionality and performance of the operating systems running
within the virtual machines. Once installed the integration
services add a number of specific capabilities between the operating
system running in the virtual machine and the Hyper-V host.
One of these integrations is “Backup (volume snapshot),” which allows
the Hyper-V host to notify the guest operating system within
the virtual machine when a backup it taken of the virtual machine
at the Hyper-V host. The guest operating system then calls all the
registered VSS writers within the virtual machine, which causes all
the applications to flush information to disk and then notifies the
Hyper-V host that the virtual machines virtual hard disks can be
backed up, thus ensuring an app-consistent backup.

Remember that the granularity of what you are protecting and,
therefore, what can be restored is the most important factor.
When a backup agent is running within the virtual machine on
the guest OS it has direct interaction with registered VSS writers
and knowledge of applications running within the operating
system. This enables the backup to be configured to backup
specific units of application data; for example, for a database
server specific databases could be protected; for a mail server,
specific mailboxes. When the backup is application aware the
restore can equally be application aware, offering application-
specific restoration. If, however, the virtual machine was backed
up at the Hyper-V host level—although the VSS writers in the
virtual machine are still called to ensure the data on disk is in a
consistent state—the data being backed up is the entire virtual
machine, which means at restoration time the only thing that
could be restored is the entire virtual machine or perhaps files
from the associated hard disks. This would mean that backing
up within the virtual machine would be the best option where
application-aware backups are required. However, some backup
solutions on the market take the backup pass-through capability
native to Hyper-V to another functional level by also exposing
application awareness from the virtual machines. This means that
even though backups are taken at the Hyper-V host level, the
backups can still be configured to back up particular application
data and restore at application data unit levels.

Another aspect of the virtual machine’s data must be considered
when performing backups: the actual location of the virtual
machine configuration and virtual hard disks. In basic scenarios
the virtual hard disks and configuration files for virtual machines
are stored on direct-attached storage. However, for environments
that leverage clusters of Hyper-V hosts or that wish to use consolidated
storage, then storage local to a host is not optimal and
shared storage must be used.

Windows Server 2008 R2 introduced Cluster Shared Volumes
(CSV,) which allow an NTFS formatted LUN on a SAN to be concurrently
accessed by all hosts in a cluster. This removed previous
problems associated with dismounting and mounting LUNs
when a virtual machine is migrated between hosts. A special process
is required to back up CSV-enabled volumes, which means
it’s critical that your backup solution has CSV support. Windows
Server 2012 provides improvements to CSV processes by labelling
CSV volumes as CSVFS instead of NTFS, making them easy to
identify. In addition, backups of CSV volumes no longer have to
be performed on a specific member of the cluster, known as the
coordinator node. In Windows Server 2012 volume-level backup
of a CSV can be performed from any node connecting to the CSV
and backups do not interfere with running virtual machines.

Another new shared storage option for Windows Server 2012
Hyper-V virtual machines is to use a Server Message Block (SMB)
3.0 file share. This file share can be hosted on a Windows Server
2012 file server or cluster or a storage appliance with SMB 3.0
support. Windows Server 2012 includes a new “File Server VSS
Agent Service,” which must be enabled on all servers acting as
SMB 3.0 servers for Hyper-V. This enables remote VSS backups
to be performed. This is a very new feature so very few backup
solutions have support for remote VSS SMB backups at the time

of writing. However, talk to your backup vendor to ascertain their
plans and timing for SMB 3.0 support. If your organization wishes
to leverage SMB 3.0 prior to support from the backup solution,
one option is to run the backup agent within the virtual machine
to ensure protection of the operating systems and applications.

What to back up

With all the different components in a virtualized datacenter and
the replication capabilities of many services it can often seem
confusing to decide which operating system instances and which
copies of data should be backed up. Often there is no absolute
right or wrong answer, but there are certain must haves—and
generally you can’t back up too much. It’s better to have
redundant backups of the same data than to miss data.

As previously discussed it’s critical that all data in the organization is
backed up, even if it’s also replicated because backup and
replication meet different needs. But if a data set is replicated three
times is it necessary to back up all three copies? For example,
Exchange has the concept of Database Availability Groups (DAG)
where mailbox databases are stored on multiple servers. The
general rule to follow is to make sure all unique data is backed up
by at least one backup process, which means if a database is
replicated between three services make sure at least one of them is
backed up. The same applies to domain controllers within the
same domain. Typically, domain controllers are highly replaceable
so if a domain controller has a problem another one can be
provisioned in its place very quickly. But it’s important there is a
backup of the Active Directory routinely on at least one, and ideally
two, domain controllers. Care must be taken to ensure that backup
is not lost as databases are moved between different servers and
there is a risk if backups are not running on all servers that a data
set falls out of scope of a backup. As a side note if certain copies are
not backed up its important to ensure there are no negative
effects, such as log files never being truncated or deleted which
normally occurs as part of a backup.

It’s important to back up the operating systems and the
application installs that utilize application data because often it
can be very time consuming to perform an installation of a server
application. Thus restoring the server operating system and the
installed application is the most expedient recovery possible.
Ensure any servers that are required for the primary workload
being backed up are also backed up and recoverable. For
example, a service may have requirements on Active Directory,
on DNS or another server running a middleware service. Make
sure all these systems are backed up to provide protection in a
disaster situation where whole racks of servers or even entire
datacenters are lost.

For the Hyper-V host backup it is important in the event of a server
failure that the virtual machines are not affected, so always use
clusters of Hyper-V hosts which enable virtual machines to move
between hosts. It’s critical to replace failed hosts quickly to restore
resiliency from further failure. Performing backups of Hyper-V hosts
provides a very efficient way of restoring this protection.

When considering the backup of the Hyper-V host and virtual
machines from the host do not back up the same guest
operating system twice. If backups are being performed within
the virtual machine via a backup agent installed on the guest
operating system inside the virtual machine, do not also back up
the virtual machine from the Hyper-V host. This leads to wasted
space and possible conflicts.

Putting it all together

Given how critical backups are to every environment one aspect
that is often overlooked in a process that often backs up to disk is
ensuring protection of the backup itself. While backing up to
disks local to the datacenter provides great performance and very
fast restores it leaves the backup vulnerable to the same disaster
scenarios that could affect the protected servers themselves.
Therefore, always ensure backups are also stored offsite (e.g., to a
second location via disk replication, to a repository on tape, or
replicated to public cloud-based storage).

Additionally, ensure backup and restore processes are frequently
tested and revised. Performing regular test recoveries helps
ensure in the event the backup is really needed it contains the
required information and can be used as desired. Any time a new
system is added to the environment ensure backup and restore
processes are updated accordingly to include the new system
and any systems it is dependent upon.

By following these basic guidelines you can help ensure that your data
and your organization are well protected in the most efficient way.

Getting Started as an Entrepreneur – Wikibooks, open books for an open world

Posted on 14 Dec 2012 by escapebusinesssolutions in Uncategorized

Getting Started as an Entrepreneur – Wikibooks, open books for an open world.

via Getting Started as an Entrepreneur – Wikibooks, open books for an open world.

Unleashing the Ideavirus

Posted on 14 Dec 201214 Dec 2012 by escapebusinesssolutions in Uncategorized

Unleashing the Ideavirus 1 http://www.ideavirus.com

Unleashing the Ideavirus

By Seth Godin

Foreword by Malcolm Gladwell

You have permission to post this, email this, print this and pass it along for free to

anyone you like, as long as you make no changes or edits to its contents or digital

format. In fact, I’d love it if you’d make lots and lots of copies. The right to bind this

and sell it as a book, however, is strictly reserved. While we’re at it, I’d like to keep

the movie rights too. Unless you can get Paul Newman to play me.

Ideavirus™ is a trademark of Do You Zoom, Inc. So is ideavirus.com™.

You can find this entire manifesto, along with slides and notes and other good stuff, at

http://www.ideavirus.com.

This version of the manifesto is current until September 17, 2000. After that date, please go

to http://www.ideavirus.com and get an updated version. You can buy this in book form on

September 1, 2000.

This book is dedicated to Alan Webber and Jerry Colonna. Of course.

Unleashing the Ideavirus 2 http://www.ideavirus.com

STEAL THIS IDEA!

Here’s what you can do to spread the word about Unleashing the Ideavirus:

1. Send this file to a friend (it’s sort of big, so ask first).

2. Send them a link to http://www.ideavirus.com so they can download it themselves.

3. Visit http://www.fastcompany.com/ideavirus to read the Fast Company article.

4. Buy a copy of the hardcover book at

http://www.amazon.com/exec/obidos/ASIN/0970309902/permissionmarket.

5. Print out as many copies as you like.

Unleashing the Ideavirus 3 http://www.ideavirus.com

Look for the acknowledgments at the end. This is, after all, a new digital format, and you want to get right to it!

The #1 question people ask me after reading

Permission Marketing:

ÒSo, how do we get attention to ask for

permission in the first place?”

This manifesto is the answer to that question.

Unleashing the Ideavirus 4 http://www.ideavirus.com

Foreword

The notion that an idea can become contagious, in precisely the same way that a virus does,

is at once common-sensical and deeply counter-intuitive. It is common-sensical because all of

us have seen it happen: all of us have had a hit song lodged in our heads, or run out to buy a

book, or become infected with a particular idea without really knowing why. It is counterintuitive,

though, because it doesn’t fit with the marketer’s traditional vision of the world.

Advertisers spent the better part of the 20th century trying to control and measure and

manipulate the spread of information—to count the number of eyes and ears that they could

reach with a single message. But this notion says that the most successful ideas are those that

spread and grow because of the customer’s relationship to other customers—not the

marketer’s to the customer.

For years, this contradiction lay unresolved at the heart of American marketing. No longer.

Seth Godin has set out to apply our intuitive understanding of the contagious power of

information—of what he so aptly calls the ideavirus—to the art of successful

communication. “Unleashing the Ideavirus” is a book of powerful and practical advice for

businesses.

But more than that, it is a subversive book. It says that the marketer is not—and ought not

to be—at the center of successful marketing. The customer should be. Are you ready for that?

Malcolm Gladwell

Author

The Tipping Point

http://www.gladwell.com

Unleashing the Ideavirus 5 http://www.ideavirus.com

Introduction

If you don’t have time to read the whole book, here’s what it says:

Marketing by interrupting people isn’t cost-effective anymore. You

can’t afford to seek out people and send them unwanted marketing

messages, in large groups, and hope that some will send you money.

Instead, the future belongs to marketers who establish a foundation

and process where interested people can market to each other. Ignite

consumer networks and then get out of the way and let them talk.

If you’re looking for mindblowing new ideas, you won’t find them in this, or any other

marketing book. Guerrilla marketing, 1:1 marketing, permission marketing—these ideas are

not really new, but they are thoughtful constructs that let you figure out how to do

marketing better. The fact is, if we built factories as badly as we create advertising campaigns,

the country would be in a shambles. This book will help you better understand the timehonored

marketing tradition of the ideavirus, and help you launch your own.

Questions the book answers:

Why is it foolish to launch a new business with millions of dollars in TV ads?

Are the market leaders in every industry more vulnerable to sudden successes by the

competition than ever before?

Should book publishers issue the paperback edition of a book before the hardcover?

What’s the single most important asset a company can create—and what is the simple

thing that can kill it?

Every ad needs to do one of two things to succeed…yet most ads do neither. What’s the

right strategy?

Does the Net create a dynamic that fundamentally changes the way everything is

marketed?

How can every business…big and small…use ideavirus marketing to succeed?

Unleashing the Ideavirus 6 http://www.ideavirus.com

Foreword……………………………………………………………………………………………………………………….5

Introduction……………………………………………………………………………………………………………………6

SECTION 1: Why Ideas Matter…………………………………………………………………………………… 11

Farms, Factories And Idea Merchants ………………………………………………………………………………….12

Why Are Ideaviruses So Important?…………………………………………………………………………………….21

And Five Things Ideaviruses Have In Common……………………………………………………………………….22

Seven Ways An Ideavirus Can Help You: ……………………………………………………………………………… 23

The Sad Decline of Interruption Marketing ………………………………………………………………………….. 24

We Live In A Winner-Take-Almost-All World………………………………………………………………………….. 25

The Traffic Imperative: Why Sites Fail ……………………………………………………………………………….. 28

We Used To Make Food. We Used To Make Stuff. Now We Make Ideas…………………………………………. 30

People Are More Connected Than They Ever Were Before. We Have Dramatically More Friends Of Friends

And We Can Connect With Them Faster And More Frequently Than Ever……………………………………….31

ThereÕs A Tremendous Hunger To Understand The New And To Remain On The Cutting Edge……………34

While Early Adopters (The Nerds Who Always Want To Know About The Cool New Thing In Their Field)

Have Always Existed, Now WeÕve Got More Nerds Than Ever Before. If YouÕre Reading This, YouÕre A

Nerd!………………………………………………………………………………………………………………………….. 35

Ideas Are More Than Just Essays And Books. Everything From New Technology To New Ways Of Creating

To New Products Are Winning Because Of Intelligent Ideavirus Management By Their Creators………..36

The End Of The Zero Sum Game ………………………………………………………………………………………… 37

SECTION 2: How To Unleash An Ideavirus…………………………………………………………………..39

While It May Appear Accidental, ItÕs Possible To Dramatically Increase The Chances Your Ideavirus Will

Catch On And Spread. ……………………………………………………………………………………………………..40

The Heart Of The Ideavirus: Sneezers ………………………………………………………………………………….41

Sneezers Are So Important, We Need To Subdivide Them………………………………………………………… 42

The Art Of The Promiscuous …………………………………………………………………………………………….. 47

ItÕs More Than Just Word Of Mouth ……………………………………………………………………………………..51

An Ideavirus Adores A Vacuum …………………………………………………………………………………………. 52

Unleashing the Ideavirus 7 http://www.ideavirus.com

Once It Does Spread, An Ideavirus Follows A Lifecycle. Ignore The Lifecycle And The Ideavirus Dies Out.

Feed It Properly And You Can Ride It For A Long Time…………………………………………………………….54

Viral Marketing Is An Ideavirus, But Not All Ideaviruses Are Viral Marketing ……………………………….. 55

What Does It Take To Build And Spread An Ideavirus? ……………………………………………………………. 57

There Are Three Key Levers That Determine How Your Ideavirus Will Spread:………………………………60

Ten Questions Ideavirus Marketers Want Answered ………………………………………………………………. 64

Five Ways To Unleash An Ideavirus ……………………………………………………………………………………. 65

SECTION THREE: The Ideavirus Formula ……………………………………………………………………. 78

Managing Digitally-Augmented Word Of Mouth……………………………………………………………………… 79

Tweak The Formula And Make It Work …………………………………………………………………………………80

Advanced Riffs On The Eight Variables You Can Tweak In Building Your Virus………………………………. 85

Hive …………………………………………………………………………………………………………………………… 88

Velocity………………………………………………………………………………………………………………………. 92

Vector………………………………………………………………………………………………………………………… 94

Medium ………………………………………………………………………………………………………………………. 96

SMOOTHNESS: It Would All Be Easy If We Had Gorgons……………………………………………………………. 98

Persistence …………………………………………………………………………………………………………………100

Amplifier …………………………………………………………………………………………………………………….102

SECTION 4: Case Studies and Riffs…………………………………………………………………………..104

The Vindigo Case Study…………………………………………………………………………………………………..105

Saving The World With An Ideavirus ………………………………………………………………………………….. 107

Moving Private To Public…………………………………………………………………………………………………..111

YouÕre In The Fashion Business! ………………………………………………………………………………………..113

The Money Paradox ………………………………………………………………………………………………………..117

Think Like A Music Executive (Sometimes)…………………………………………………………………………..119

Is That Your Final Answer?……………………………………………………………………………………………….121

A Dozen ideaviruses Worth Thinking About…………………………………………………………………………. 123

Why I Love Bestseller Lists………………………………………………………………………………………………124

How A Parody Of Star Wars Outsold Star Wars …………………………………………………………………….. 127

Unleashing the Ideavirus 8 http://www.ideavirus.com

Wassup? ……………………………………………………………………………………………………………………..129

Judging a book by its cover ……………………………………………………………………………………………..131

Being The Most ……………………………………………………………………………………………………………. 133

In Defense Of World Domination ………………………………………………………………………………………. 135

If YouÕre A Member Of The Academy, You Go To Movies For Free …………………………………………….. 137

How An Ideavirus Can Drive The Stock Market …………………………………………………………………….. 139

Bumper Sticker Marketing……………………………………………………………………………………………….142

No, You Go First! ………………………………………………………………………………………………………….. 143

Digital Media Wants to Be Free…………………………………………………………………………………………145

Van Gogh Lost His Ear To Prove A Point ……………………………………………………………………………..148

Answering InaÕs Question………………………………………………………………………………………………..150

Crossing The Chasm With An Ideavirus ……………………………………………………………………………….152

The Myth Of The Tipping Point ………………………………………………………………………………………….156

The Compounding Effect …………………………………………………………………………………………………158

Bill GatesÕ Biggest Nightmare…………………………………………………………………………………………..160

Hey, Skinny!…………………………………………………………………………………………………………………164

Get Big Fast? The Mistake So Many Companies MakeÉ…………………………………………………………..165

The Heart Of Viral Marketing……………………………………………………………………………………………168

The Great Advertising Paradox………………………………………………………………………………………….171

Permission: The Missing Ingredient…………………………………………………………………………………… 174

How A Virus And Permission Team Up To Find Aliens…………………………………………………………….. 176

The Art of Creating an Ideavirus………………………………………………………………………………………. 177

Is He Really More Evil Than Satan Himself? ………………………………………………………………………… 178

Case Study: Why Digimarc Is Going To Fail…………………………………………………………………………..179

Why Are These Cows Laughing?…………………………………………………………………………………………181

Never Drink Alone …………………………………………………………………………………………………………183

The Power Of Parody ……………………………………………………………………………………………………..185

Bee Stings And The Measles …………………………………………………………………………………………….186

But IsnÕt It Obvious?………………………………………………………………………………………………………187

Unleashing the Ideavirus 9 http://www.ideavirus.com

Your CompanyÕs Worst Enemy ………………………………………………………………………………………….189

Step By Step, Ideavirus Tactics: ……………………………………………………………………………………….192

The Future Of The Ideavirus: What Happens When Everyone Does It? ………………………………………..194

Acknowledgments ………………………………………………………………………………………………..196

Unleashing the Ideavirus 10 http://www.ideavirus.com

SECTION 1: Why Ideas Matter

STEAL THIS IDEA!

Here’s what you can do to spread the word about Unleashing the Ideavirus:

1. Send this file to a friend (it’s sort of big, so ask first).

2. Send them a link to http://www.ideavirus.com so they can download it themselves.

3. Visit http://www.fastcompany.com/ideavirus to read the Fast Company article.

4. Buy a copy of the hardcover book at

http://www.amazon.com/exec/obidos/ASIN/0970309902/permissionmarket.

5. Print out as many copies as you like.

Unleashing the Ideavirus 11 http://www.ideavirus.com

Farms, Factories And Idea Merchants

Imagine for a second that you’re at your business school reunion, trading lies and bragging

about how successful you are and are about to become. Frank the jock talks about the dotcom

company he just started. Suzie the ex-banker is now focusing her energy on rebuilding

Eastern Europe. And then the group looks at you. With a wry look of amusement, you

answer:

“Well, the future—the really big money—is in owning a farm. A small one, maybe 100

acres. I intend to invest in a tractor of course, and expect that in just a few years my husband

and I can cash out and buy ourselves a nice little brownstone in the city.”

Ludicrous, no? While owning a farm may bring tremendous lifestyle benefits, it hasn’t been a

ticket to wealth for, say, 200 years.

What about owning a factory then? Perhaps the road to riches in the new economy would be

to buy yourself a hot-stamping press and start turning out steel widgets. Get the UAW to

organize your small, dedicated staff of craftsmen and you’re on your way to robber-baron

status.

Most of us can agree that the big money went out of owning a factory about thirty years ago.

When you’ve got high fixed costs and you’re competing against other folks who also know

how to produce both quantity and quality, unseemly profits fly right out the window.

Fact is, the first 100 years of our country’s history were about who could build the biggest,

most efficient farm. And the second century focused on the race to build factories. Welcome

to the third century, folks. The third century is about ideas.

Alas, nobody has a clue how to build a farm for ideas, or even a factory for ideas. We

recognize that ideas are driving the economy, ideas are making people rich and most

important, ideas are changing the world. Even though we’re clueless about how to best

organize the production of ideas, one thing is clear: if you can get people to accept and

Unleashing the Ideavirus 12 http://www.ideavirus.com

embrace and adore and cherish your ideas, you win. You win financially, you gain power and

you change the world in which we live.

So how do you win? What do you need to do to change the status quo of whatever industry

you’re in, or, if you’re lucky, to change the world?

If you’re a farmer, you want nothing more than a high price for your soybeans. If you’re a

manufacturer of consumer goods, you want a display at the cash register at Wal-Mart. But

what if you’re an idea merchant?

The holy grail for anyone who trafficks in ideas is this: to unleash an ideavirus.

An idea that just sits there is worthless. But an idea that moves and grows and infects

everyone it touches… that’s an ideavirus.

In the old days, there was a limit on how many people you could feed with the corn from

your farm or the widgets from your factory. But ideas not only replicate easily and well, they

get more powerful and more valuable as you deliver them to more people.

How does an ideavirus manifest itself? Where does it live? What does it look like? It’s useful

to think of ideas of every sort as being similar. I call them manifestos. An idea manifesto is a

powerful, logical “essay” that assembles a bunch of existing ideas and creates a new one.

Sometimes a manifesto is a written essay. But it can be an image, a song, a cool product or

process… the medium doesn’t matter. The message does. By lumping all sorts of

ideas—regardless of format—into the same category (manifestos) it’s much easier to think of

them as versions of the same thing. As long as you can use your manifesto to change the way

people think, talk or act… you can create value.

Definition: MEDIUM In order to move, an idea has to be encapsulated in a medium. It

could be a picture, a phrase, a written article, a movie, even a mathematical formula (e=mc2).

The Medium used for transmitting the ideavirus determines how smooth it is as well as the

velocity of its growth. A medium is not a manifesto—every idea is a manifesto, trying to

make its point, and the medium is the substance that the idea lives in.

Unleashing the Ideavirus 13 http://www.ideavirus.com

Not only is this an essay about ideas and ideaviruses…it’s also a manifesto striving to become

an ideavirus! If this manifesto changes your mind about marketing and ideas, maybe you’ll

share it with a friend. Or two. Or with your entire company. If that happens, this idea will

become an ideavirus, and spread and gain in value.

We live in a world where consumers actively resist marketing. So it’s imperative to stop

marketing at people. The idea is to create an environment where consumers will market to

each other.

Is an ideavirus a form of marketing? Sure it is. And today, marketing is all there is. You don’t

win with better shipping or manufacturing or accounts payable. You win with better

marketing, because marketing is about spreading ideas, and ideas are all you’ve got left to

compete with.

The future belongs to the people who unleash ideaviruses.

What’s an ideavirus? It’s a big idea that runs amok across the target audience. It’s a

fashionable idea that propagates through a section of the population, teaching and changing

and influencing everyone it touches. And in our rapidly/instantly changing world, the art

and science of building, launching and profiting from ideaviruses is the next frontier.

Have you ever heard of Hotmail? Ever used it? If so, it’s not because Hotmail ran a lot of TV

ads (they didn’t). It’s because the manifesto of free email got to you. It turned into an

ideavirus. Someone you know and trust infected you with it. What about a Polaroid

camera… was your first exposure (no pun intended!) in a TV ad, or did you discover it when

a friend showed you how cool the idea of an instant photograph was?

Sometimes it seems like everyone is watching the same TV show as you, or reading the same

book, or talking about the same movie or website. How does that happen? It usually occurs

because the idea spreads on its own, through an accidental ideavirus, not because the

company behind the product spent a ton of money advertising it or a lot of time

Unleashing the Ideavirus 14 http://www.ideavirus.com

orchestrating a virus. And how the idea spreads, and how to make it spread faster—that’s the

idea behind unleashing an ideavirus.

Word of mouth is not new—it’s just different now. There were always ideaviruses—gossip or

ideas or politics that spread like wildfire from person to person. Without running an ad or

buying a billboard, Galileo managed to upset all of Pisa with his ideas. Today, though,

ideaviruses are more important and more powerful than ever. Ideaviruses are easier to launch

and more effective. Ideaviruses are critical because they’re fast, and speed wins and speed

kills—brands and products just don’t have the time to develop the old way. Ideaviruses give

us increasing returns—word of mouth dies out, but ideaviruses get bigger. And finally,

ideaviruses are the currency of the future. While ideaviruses aren’t new, they’re important

because we’re obsessed with the new, and an ideavirus is always about the new.

Remember the slogan, “Only her hairdresser knows for sure?” That was classic brand

marketing, and it flew in the face of word of mouth. It was an ad for a product that was

supposed to be a secret—a secret between you, your hairdresser and Clairol.

A few years later, Herbal Essence took a totally different tack… they tried to encourage you

to tell your friends. But while word of mouth works great among the people who use a

product and their immediate friends—if I love your story or hate your service, I’ll tell a few

friends—it dies out fast. There’s no chance a friend of a friend is going to tell you about my

horrible experience on United Airlines or how much I loved flying on Southwest. Word of

mouth fades out after a few exchanges.

But now, aided by the Net and abetted by the incredible clutter in our universe, ideaviruses

are spreading like wildfire. We’re all obsessed with ideas because ideas, not products, are the

engine of our new economy.

I wore Converse sneakers growing up… so did you. But the shareholders of Converse never

profited from the idea of the shoe—they profited from the manufacture of a decent sneaker.

If two sneakers were for sale, you bought the cheaper one.

Unleashing the Ideavirus 15 http://www.ideavirus.com

It took Converse generations to build a brand and years to amortize a factory and they were

quite happy to extract a modest profit from every pair of sneakers sold, because Converse

knew their factory would be around tomorrow and the day after that. So sneakers, like

everything else, were priced by how much they cost, and sold one pair at a time by earnest

shoe salesmen who cared about things like how well the shoes fit.

Converse could take their time. They were in this for the long haul. Those days are long

gone. Twenty years later, it’s the idea of Air Jordan sneakers, not the shoe, that permits Nike

to sell them for more than $100. It’s the sizzle, not the fit. The idea makes Nike outsized

profits. And Nike knows that idea won’t last long, so they better hurry—they need another

ideavirus, fast.

In the old days, we used to sneer at this and call it a fad. Today, everything from presidential

politics to music to dentistry is driven by fads—and success belongs to marketers who

embrace this fact.

Source: Forrester Research

It took 40 years for radio to have ten million users. By then, an industry had grown that

could profit from the mass audience. It took 15 years for TV to have ten million users. It

Unleashing the Ideavirus 16 http://www.ideavirus.com

only took 3 years for Netscape to get to 10 million, and it took Hotmail and Napster less

than a year. By aggregating mass audiences to themselves (and not having to share them with

an entire industry), companies like Netscape and Hotmail are able to realize huge profits,

seemingly overnight. And they do it by spreading ideaviruses.

Ideas can now be carried in the ether. Because the medium for carrying ideas is fast and

cheap, ideas move faster and cheaper! Whether it’s the image of the new VW Beetle (how

long did it take for the idea of that car to find a place in your brain?) or the words of a new

Stephen King novel (more than 600,000 people read it in the first week it was available

online), the time it takes for an idea to circulate is approaching zero.

Why should we care? Why does it matter that ideas can instantly cross international

boundaries, change discussions about politics, crime and justice or even get us to buy

something? Because the currency of our future is ideas, and the ideavirus mechanism is the

way those ideas propagate. And the science and art of creating ideaviruses and using them for

profit is new and powerful. You don’t have to wait for an ideavirus to happen organically or

accidentally. You can plan for it and optimize for it and make it happen.

Sure, some ideaviruses are organic. They happen and spread through no overt action or

intent on the part of the person who creates them (the Macarena wasn’t an organized plot…

it just happened). Others, though, are the intentional acts of smart entrepreneurs and

politicians who know that launching and nurturing an ideavirus can help them accomplish

their goals.

In the old days, the way we sold a product was through interruption marketing. We’d run

ads, interrupt people with unanticipated, impersonal, irrelevant ads and hope that they’d buy

something. And sometimes, it worked.

The advantage of this branding strategy is that the marketer is in complete and total control.

The disadvantage is that it’s hard and expensive. Every time a catalog clothier (Land’s End,

Eddie Bauer, you name it) wants to sign up a new customer, they need to buy a few hundred

stamps, send out some carefully designed catalogs and hope that one person sends them

money.

Unleashing the Ideavirus 17 http://www.ideavirus.com

What marketers are searching for is a way to circumvent the tyranny of cost-per-thousand

interruptions. They need something that ignites, a way to tap into the invisible currents that

run between and among consumers, and they need to help those currents move in better,

faster, more profitable ways. Instead of always talking to consumers, they have to help

consumers talk to each other.

A beautifully executed commercial on the Super Bowl is an extraordinarily risky bet.

Building a flashy and snazzy website is almost certain to lead to failure. Hiring a celebrity

spokesperson might work on occasion, but more often than not, it won’t break through the

clutter. Whenever advertisers build their business around the strategy of talking directly to

the customer, they become slaves to the math of interruption marketing.

In traditional interruption marketing, the marketer talks directly to as many consumers as possible, with no

intermediary other than the media company. The goal of the consumer is to avoid hearing from the advertiser. The

goal of the marketer is to spend money buying ads that interrupt people who don’t want to be talked to!

Unleashing the Ideavirus 18 http://www.ideavirus.com

In creating an ideavirus, the advertiser creates an environment in which the idea can replicate and spread. It’s the

virus that does the work, not the marketer.

Fortunately, there are already proven techniques you can use to identify, launch and profit

from ideas that can be turned into viruses. There’s a right and a wrong way to create them,

and more important, the care and feeding of your ideavirus can dramatically affect its

potency.

One of the key elements in launching an ideavirus is concentrating the message. If just 1% or

even 15% of a group is excited about your idea, it’s not enough. You only win when you

totally dominate and amaze the group you’ve targeted. That’s why focusing obsessively on a

geographic or demographic or psychographic group is a common trait among successful idea

merchants.

Why are new companies launching on the Net so obsessed with traffic and visitors? Why is a

company like GeoCities sold for more than $2 billion, when it has close to zero revenue and

interesting, but by no means unique, software?

Because infecting large populations with the ideavirus is the first step to building a profitable

business model. The key steps for Internet companies looking to build a virus are:

Unleashing the Ideavirus 19 http://www.ideavirus.com

Create a noteworthy online experience that’s either totally new or makes the user’s life

much better. Or make an offline experience better/faster/cheaper so that switching is

worth the hassle.

Have the idea behind your online experience go viral, bringing you a large chunk of the

group you’re targeting WITHOUT having to spend a fortune advertising the new

service.

Fill the vacuum in the marketplace with YOUR version of the idea, so that competitors

now have a very difficult time of unteaching your virus and starting their own.

Achieve “lock in” by creating larger and larger costs to switching from your service to

someone else’s.

Get permission from users to maintain an ongoing dialogue so you can turn the original

attention into a beneficial experience for users and an ongoing profit stream for you.

Continue creating noteworthy online experiences to further spread new viruses, starting

with your core audience of raving fans.

Unleashing the Ideavirus 20 http://www.ideavirus.com

Why Are Ideaviruses So Important?

We live in a winner-take-almost-all world. (Zipf’s law.)

We used to focus on making food. We used to make stuff. Now we make ideas.

People are more connected than ever. Not only are we more aware that our friends have

friends but we can connect with them faster and more frequently.

There’s a tremendous hunger to understand the new and to remain on the cutting edge.

While early adopters (the nerds who always want to know about the cool new thing in

their field) have always existed, now we’ve got more nerds than ever. If you’re reading this,

you’re a nerd!

The profit from creating and owning an ideavirus is huge.

Unleashing the Ideavirus 21 http://www.ideavirus.com

And Five Things Ideaviruses Have In Common

The most successful ideaviruses sometimes appear to be accidents, but it is possible to

dramatically increase the chances your ideavirus will catch on and spread.

An ideavirus adores a vacuum. (This is a big idea. Read on to see what I mean).

Once an ideavirus spreads, it follows a lifecycle. Ignore the lifecycle and the ideavirus dies

out. Feed it properly and you can extend its useful life and profit from it for a long time.

Ideaviruses are more than just essays and books. Everything from new technology to new

ways of creating new products are winning because of intelligent seeding by their

creators.

Viral marketing is a special case of an ideavirus. Viral marketing is an ideavirus in which

the carrier of the virus IS the product.

Unleashing the Ideavirus 22 http://www.ideavirus.com

Seven Ways An Ideavirus Can Help You:

When everyone in town tells ten friends about your amazing ice cream

shop and a line forms out the door (supercharged word of mouth due to

the virus having dominated the town so completely).

When your company’s new mass storage format catches on and it

becomes the next Zip drive.

When an influential sports writer names your daughter as a high school

All-American basketball player and coaches line up outside the door

with scholarships.

When Steve Jobs commissions the iMac, which spreads the word about

the Mac faster than any advertising ever could, raising market share and

saving your favorite computer company from bankruptcy.

When you write a report for your boss about how your company should

deal with an opportunity in Cuba and it gets passed on, from person to

person, throughout the company, making you a hero and a genius.

When the demo recording you made becomes a bestseller on MP3.com

and you get a call from Sony, who wants to give you a recording

contract.

When you are able to devise a brand-new Internet business plan for a

product that’s useful and also embodies viral marketing…growing from

nothing to a million users in a month and making you rich along the

way.

Unleashing the Ideavirus 23 http://www.ideavirus.com

The Sad Decline of Interruption Marketing

When I first starting writing about Permission Marketing about four years ago, much of

what I said was considered heresy. “What do you mean TV ads are going to decline in

effectiveness?” “How dare you say anything negative about banner ads—of course they

work!” or “Direct mail has never been healthier!”

History, fortunately for me, has borne out my cries of doom and gloom about interruption

marketing. The TV networks are diversifying away from their traditional network TV

business as fast as they can. Banner clickthrough rates are down 85% or more. Ads are

sprouting up on the floors of the supermarket, in the elevator of the Hilton hotel in Chicago

and even in urinals. And everywhere you look, unanticipated, impersonal and irrelevant ads

are getting more expensive and less effective.

There’s a crisis in interruption marketing and it’s going to get much worse. It took more

than thirty pages to build the case against this wasteful, costly ($220 billion a year)

outmoded expense in Permission Marketing, so I’ll only spend a page on it here. If you want

to read the entire jeremiad, send a note to free@permission.com and I’ll send it to you for

free.

Unless you find a more cost-effective way to get your message out, your business is doomed.

You can no longer survive by interrupting strangers with a message they don’t want to hear,

about a product they’ve never heard of, using methods that annoy them. Consumers have

too little time and too much power to stand for this any longer.

Unleashing the Ideavirus 24 http://www.ideavirus.com

We Live In A Winner-Take-Almost-All World

Quick! Name an oil painting hanging in a museum somewhere in the world.

Did you say, “the Mona Lisa”?

As I walk through the Louvre, arguably one of the top ten most packed-with-high-qualitypaintings

museums on the planet, I pass one empty room after another, then come to an

alcove packed with people. Why? Why are these people clawing all over each other in order

to see a painting poorly displayed behind many inches of bullet-proof glass?

The reason the Mona Lisa is the most famous painting in the world is

that something had to be the most famous painting in the world and it

might as well be the Mona Lisa.

Busy people don’t have time to look at every painting. They only have

room in their overcrowded, media-hyped brains for a few paintings.

And when you come right down to it, most people would like to see only the “celebrity”

paintings. And just as there can only be one “My most favorite famous actress” (Julia

Roberts) and one “this site equals the Internet” (Yahoo!), there’s only room for one “most

famous painting in the world” and the safe choice is the Mona Lisa.

There’s a name for this effect. It’s called Zipf’s law, after George Kingsley Zipf (1902-1950),

a philologist and professor at Harvard University. He discovered that the most popular word

in the English language (“the”) is used ten times more than the tenth most popular word,

100 times more than the 100th most popular word and 1,000 times more than the 1,000th

Script Convert-WindowsImage.ps1 – WIM2VHD for Windows 8!

Posted on 14 Dec 2012 by escapebusinesssolutions in Uncategorized

Script Convert-WindowsImage.ps1 – WIM2VHD for Windows 8!.

via Script Convert-WindowsImage.ps1 – WIM2VHD for Windows 8!.

Whats Coming in SharePoint 2013 — Redmond Developer News

Posted on 30 Oct 2012 by escapebusinesssolutions in Uncategorized

What’s Coming in SharePoint 2013

Many SharePoint 2013 features are already available for testing in the Office 365 previews.

By Kurt Mackie
08/22/2012

Microsoft offered more details on the improvements in its SharePoint collaboration platform, which is slated to be released as a service and a server in 2013.

Many SharePoint 2013 features are already available for testing in the Office 365 previews, which the company released last month.

Jared Spataro, senior director for SharePoint product management at Microsoft, offered a quick tour of some highlights in the new SharePoint, during a demonstration for technology reviewers on Tuesday. According to Spataro, the underlying architecture hasn’t changed very much with this release, but the company has added some upgrades and I/O performance improvements.

The user experience has also been updated. Users of the new SharePoint will see a flat, spare “modern” UI, with a narrow menu bar at the top.

Microsoft also highlighted the collaboration and social networking aspects of SharePoint, which are among the product’s top uses, according to a Forrester Research survey. However, nothing was really said during the talk about Microsoft’s Yammer acquisition, which will bring Yammer’s enterprise social networking technologies across SharePoint, Office 365, Microsoft Dynamics and Skype.

Better Tagging
In general, Microsoft has improved the metadata aspects in the new SharePoint, allowing users to tag content while posting, Spataro said. People are considered first-class objects in SharePoint. They can be followed, by SharePoint users, but it’s also possible to follow documents, sites and tags across a Web site. SharePoint also points users to content based on a “suggested sites” feature. Users can hover over user profiles and get access to their contact cards, which bring in profile information, including info from LinkedIn and Facebook social networking pages.

My Site in the new SharePoint has its functionality split into three hubs: Newsfeed, SkyDrive Pro and Sites, as explained in this SharePoint team blog. The Newsfeed application has a sort of Facebook-like appearance with photos and e-mail threads, as well as a “Like” button. The Sites application is a tracker of site locations that are important to the user. SkyDrive Pro is a cloud-based storage place for files that works with SharePoint. Spataro said that SkyDrive Pro replaces what used to be called “SharePoint Documents” or “My Documents” in earlier editions, adding that it had been renamed to highlight Microsoft’s investments in consumer cloud storage. Microsoft also offers a free SkyDrive service for consumers.

SkyDrive Pro Replacing SharePoint Workspaces
SkyDrive Pro provides storage, synchronization and sharing capabilities for users. Cloud-based apps will sync to the desktop app by just clicking on the desktop. There’s also drag-and-drop file uploading capabilities from the desktop to the browser-based app, and even drag-and-drop capabilities within the browser-based app, which Spataro called “a new modality for people.” He claimed that he works more in Web apps these days because of the richness of the applications. SkyDrive Pro works with various Office Web Apps, such as Word, Excel, PowerPoint and OneNote.

SkyDrive Pro has access to all of the new SharePoint capabilities. “All of the content manageable in SharePoint can be managed in SkyDrive Pro,” Spataro said.

The fate of SharePoint Workspace (previously known as “Groove”) in SharePoint 2013 got cleared up during the Q&A session. Groove was the invention of former Microsoft Chief Software Architect Ray Ozzie, whose retirement was announced in October 2010.

“SharePoint Workspace was the way that we did document sync and offline access with the previous version of SharePoint,” Spataro explained. “And in fact, SharePoint Workspace was the evolution of the Groove client. The document store, share and sync capabilities that I showed you are actually based on the next evolution of that SharePoint Workspace. We actually used the underlying component that came from Groove, part of the sync engine, to do it. And going forward, our strategy will be to focus on SkyDrive Pro that I showed you today.”

He added that people can still get access to SharePoint Workspace, “but our go-forward strategy investment will be focused on SkyDrive Pro.”

Team Site Gets OneNote
The Team Site is considered the “center of gravity for people in SharePoint,” Spataro said, and Microsoft has enhanced it by adding a centralized OneNote built into it. OneNote is a Microsoft Office application that lets users store photos and text in a sort of digital scrapbook. The OneNote that’s part of Team Site is capable of synchronization, and it can be viewed on various mobile devices with “the same rich view,” Spataro contended. The Team Site also has its own newsfeed, which will sync up with a user’s main Newsfeed. Users tend to use this newsfeed service as a replacement for e-mail, he added.

Spataro said that the new SharePoint is about task completion and using social interactions to do work, so there’s a My Tasks interface that users can plot against a timeline. It’s capable of drag-and-drop operations, so users can create a list of tasks in Excel and drop the file into tasks lists. It’s possible to edit in real time and assign tasks to different people. The whole timeline is viewable in a “project summary” page. Spataro suggested this approach is an improvement over past SharePoint releases where it was “tough to track things.”

There are some SharePoint business intelligence improvements enabled by SQL Server 2012. For instance, the Excel Web App can be used to display a Power View executive dashboard, which graphically displays data. It allows slice-and-dice operations to be performed using the data or the data can be plotted over time. With these capabilities, Spataro said that Microsoft is bringing together social, task management and business insights.

Lastly, Spataro pointed to the Microsoft partner ecosystem and the extra support users can get though SharePoint apps. The apps are available in the SharePoint library or they can be downloaded from the SharePoint Store.

Spataro said he left out a lot in his presentation, noting that FAST search in the new SharePoint now has e-discovery capabilities across SharePoint, Exchange and Lync file shares. Search was one of the SharePoint features that participants in Forrester’s survey said they least liked. However, it’s apparently improved in the new SharePoint.

An overview of the new SharePoint features was described earlier in this blog post by Jeff Teper, corporate vice president of SharePoint.

About the Author

Kurt Mackie is online news editor, Enterprise Group, at 1105 Media Inc.

• Deployment guide for Microsoft SharePoint 2013

Posted on 30 Oct 201230 Oct 2012 by escapebusinesssolutions in Uncategorized

Deployment guide for
Microsoft SharePoint 2013

Microsoft Corporation

Published: October 2012

Author: Microsoft Office System and Servers Team (itspdocs@microsoft.com)
- Abstract
This book provides deployment instructions for SharePoint 2013. The audiences for this book include application specialists, line-of-business application specialists, and IT administrators who are ready to deploy SharePoint 2013.

The content in this book is a copy of selected content in the SharePoint 2013 technical library as of the publication date. For the most current content, see the technical library on the web.

This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

© 2012 Microsoft Corporation. All rights reserved.

Microsoft, Access, Active Directory, Backstage, Bing, Excel, Groove, Hotmail, Hyper-V, InfoPath, Internet Explorer, Office 365, OneNote, Outlook, PerformancePoint, PowerPoint, SharePoint, Silverlight, SkyDrive, Visio, Visio Studio, Windows, Windows Live, Windows Mobile, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

Contents

Getting help    xxvi

Overview of SharePoint 2013 installation and configuration    1

Physical architecture    2

Size    2

Installation and configuration    3

Prepare the servers    3

Create the farm    4

Configure settings, services, solutions, and sites    5

Deployment stages    5

Planning    5

Development    6

Proof of concept    6

Pilot    7

User acceptance test (UAT)    7

Production    7

Prepare for installation of SharePoint 2013    9

TechNet articles about how to prepare for SharePoint 2013 installation and initial configuration    9

Additional resources about SharePoint 2013 installation and initial configuration    10

Initial deployment administrative and service accounts in SharePoint 2013    11

Required permissions    11

Account permissions and security settings in SharePoint 2013    14

About account permissions and security settings    14

SharePoint administrative accounts    14

Setup user administrator account    14

SharePoint farm service account    15

SharePoint service application accounts    16

Application pool account    16

Default content access account    16

Content access accounts    17

Excel Services unattended service account    17

My Sites application pool account    17

Other application pool accounts    18

SharePoint database roles    18

WSS_CONTENT_APPLICATION_POOLS database role    18

WSS_SHELL_ACCESS database role    19

SP_READ_ONLY database role    19

SP_DATA_ACCESS database role    19

Group permissions    20

WSS_ADMIN_WPG    20

WSS_WPG    28

Local service    35

Local system    36

Network service    40

Administrators    40

WSS_RESTRICTED_WPG    44

Users group    44

All SharePoint 2013 service accounts    46

Configure SQL Server security for SharePoint 2013 environments    47

Before you begin    47

Configuring a SQL Server instance to listen on a non-default port    48

Blocking default SQL Server listening ports    49

Configuring Windows Firewall to open manually assigned ports    50

Configuring SQL Server client aliases    50

Install prerequisites for SharePoint 2013 from a network share    52

Installer switches and arguments    52

Download and combine the SharePoint 2013 prerequisites on a file share    53

Install the SharePoint 2013 prerequisites at the command prompt    54

Install the SharePoint 2013 prerequisites by using an arguments file    54

Known issues    56

Install SharePoint 2013    58

TechNet articles about how to install and configure SharePoint 2013    58

Additional resources about how to install and configure SharePoint 2013    59

Install SharePoint 2013 on a single server with a built-in database    61

Overview    61

Before you begin    62

Install SharePoint 2013    62

Run the Microsoft SharePoint Products Preparation Tool    63

Run Setup    63

Run the SharePoint Products Configuration Wizard    64

Configure browser settings    65

Post-installation steps    66

Install SharePoint 2013 on a single server with SQL Server    68

Overview    68

Before you install SharePoint 2013 on a single server    68

Install SharePoint 2013 on a single server    69

Run the Microsoft SharePoint Products Preparation Tool    70

Run Setup    70

Run the SharePoint Products Configuration Wizard    71

Configure browser settings    73

Run the Farm Configuration Wizard    74

Post-installation steps    75

Install SharePoint 2013 across multiple servers for a three-tier farm    77

Overview    77

Before you install SharePoint 2013 on multiple servers for a three-tier farm    79

Using the Microsoft SharePoint Products Preparation Tool    79

Database server    79

Public updates and hotfix packages    80

Prepare the farm servers    80

Install SharePoint 2013 on the farm servers    80

Create and configure the farm    81

Add web servers to the farm    83

Post-installation steps    84

Install or uninstall language packs for SharePoint 2013    85

About language IDs and language packs    85

Downloading language packs    87

Installing language packs on the web and application servers    87

Uninstalling language packs    88

Add web or application servers to farms in SharePoint 2013    89

Before you add a web or application server to a SharePoint farm    89

Determine server role    90

Front-end web server role    91

Application server role    91

Additional tasks    92

Install prerequisite software    92

Install the SharePoint software    93

Add the new SharePoint server to the farm    93

Configure the new server    96

Remove a server from a farm in SharePoint 2013    97

Removing a web server or application server from a SharePoint farm    97

Remove a web server or an application server from a farm by using Control Panel    98

Removing a database server from a SharePoint farm    99

Remove a database server, web server, or application server from a SharePoint farm by using Central Administration    99

Uninstall SharePoint 2013    101

Before you begin    101

Uninstall SharePoint 2013    102

Install and configure a virtual environment for SharePoint 2013    103

TechNet articles about SharePoint 2013 virtualization with Hyper-V    103

Additional resources about Hyper-V installation and initial configuration    103

Use best practice configurations for the SharePoint 2013 virtual machines and Hyper-V environment    105

Introduction and scope    106

Article scope    106

Review the general best practice guidance for virtualization    106

Best practice guidance for virtualization    107

Configure the Hyper-V host computer    108

Install and configure virtual networking    109

Hyper-V virtual networks    109

Virtual network types    109

Virtual local area networks (VLANs)    110

Network adapters and virtual network switches    111

Create and configure the virtual machines    112

Configure the memory for the virtual machines    112

Configure the processors for the virtual machines    113

Configure the controllers and hard disks for the virtual machines    114

Configure services and general settings    115

Integration services    115

Automatic stop and start    115

Configure SharePoint 2013    117

TechNet articles about how to configure settings for the server farm    117

Additional resources about how to configure settings for the server farm    119

Configure authentication infrastructure in SharePoint 2013    120

TechNet articles about how to configure authentication infrastructure    120

Configure forms-based authentication for a claims-based web application in SharePoint 2013    122

Before you begin    122

Process overview    123

Phase 1: Create a new web application that uses forms-based authentication with Central Administration    123

Phase 2: Configure the Web.Config files for an LDAP membership provider    124

Configure the Central Administration Web.Config file    124

Configure the Security Token Service Web.Config file    126

Configure the new web application Web.Config file    127

Create a new web application that uses forms-based authentication with Windows PowerShell    128

Configure a forms-based authentication web application for Windows Azure autohosted apps    130

Configure SAML-based claims authentication with AD FS in SharePoint 2013    132

Before you begin    132

Process overview    133

Phase 1: Install and configure an AD FS server    133

Phase 2: Configure AD FS with the web application as a relying party    133

Configure AD FS for a relying party    133

Configure the claim rule    134

Export the token signing certificate    135

Phase 3: Configure SharePoint 2013 to trust AD FS as an identity provider    135

Exporting multiple parent certificates    136

Import a token signing certificate by using Windows PowerShell    136

Define a unique identifier for claims mapping by using Windows PowerShell    138

Create a new authentication provider    138

Phase 4: Configure web applications to use claims-based authentication and AD FS as the trusted identity provider    139

Associate an existing web application with the AD FS identity provider    139

Create a new web application with the AD FS identity provider    140

Configure server-to-server authentication in SharePoint 2013    141

TechNet articles about how to configure server-to-server authentication    141

Configure server-to-server authentication between SharePoint 2013 farms    142

Configure a SharePoint 2013 trust relationship with another farm    142

Configure server-to-server authentication between SharePoint 2013 and Exchange Server 2013    146

Process overview    147

Configure server-to-server authentication between SharePoint 2013 and Lync Server 2013    149

Process overview    150

Configure app authentication in SharePoint Server 2013    152

Process overview    152

Step 1. Configure the SharePoint Server 2013 app authentication trust    153

Configure SharePoint Server 2013 to trust ACS    153

Configure SharePoint Server 2013 to trust the app    154

Step 2. Register the app with the Application Management service    156

Step 3. Configure app permissions    156

Configure client certificate authentication for SharePoint 2013    157

Configure client certificate authentication    158

Configure availability and recovery solutions for SharePoint 2013    160

TechNet articles about installing and configuring high availability and disaster recovery solutions    160

Configure SQL Server 2012 AlwaysOn Availability Groups for SharePoint 2013    161

Process overview    161

Before you begin    162

Knowledge and skill requirements    162

SQL Server AlwaysOn Availability Group concepts    162

Windows Server Failover Clustering    164

SharePoint Foundation 2013 and SharePoint Server 2013    164

Detailed steps to configure an AlwaysOn Availability Group for SharePoint    164

Prepare the Windows Server cluster environment    165

Prepare the SQL Server environment    166

Install SQL Server 2012    166

Enable Named Pipes    166

Enable AlwaysOn    167

Create and configure the availability group    167

About replicas and data synchronization    168

Replica configuration requirements    169

Create and configure the availability group    171

Create the availability group    171

Install and configure SharePoint 2013    172

Add SharePoint databases to the availability group    173

Use failover tests to validate the AlwaysOn installation    174

Monitor the AlwaysOn environment    174

Configure email integration for a SharePoint 2013 farm    176

TechNet articles about email integration    176

Configure incoming email for a SharePoint 2013 farm    178

Before you begin    178

Install and configure the SMTP service    179

Install the SMTP service    179

Install IIS 6.0 Management tools    180

Configure the SMTP service    180

Configure incoming email in a basic scenario    181

Configure incoming email in an advanced scenario    181

Prepare your environment for incoming email in an advanced scenario    184

Configure AD DS to be used with Directory Management Service    184

Configure DNS Manager    187

Add an SMTP connector in Microsoft Exchange Server 2010    188

Configure permissions to the email drop folder    189

Configure email drop folder permissions for the application pool identity account for a web application    189

Configure email drop folder permissions for the logon account for the SharePoint Timer service    190

Are attachments missing from email messages that are sent to a SharePoint document library?    191

Configure outgoing email for a SharePoint 2013 farm    192

Before you begin    193

Install and configure the SMTP service    193

Install the SMTP service    193

Configure the SMTP service    194

Configure outgoing email for a farm    195

Configure outgoing email for a specific web application    196

Configure services and service applications in SharePoint 2013    198

TechNet articles about how to configure services for SharePoint 2013    198

Additional resources about how to configure services for SharePoint 2013    200

Configure the Secure Store Service in SharePoint 2013    201

Configure Secure Store    201

Work with encryption keys    203

Generate an encryption key    203

Refresh the encryption key    204

Store credentials in Secure Store    204

Create a target application    205

Field    206

Set credentials for a target application    207

Enable the audit log    207

Video demonstration    208

Create and configure a Search service application in SharePoint Server 2013    209

Before you begin    209

How to create and configure a SharePoint Search service application    209

Step 1: Create accounts that are required for a SharePoint Search service application    210

Step 2: Create a SharePoint Search service application    211

Step 3: Configure the SharePoint Search service application    212

Specify the default content access account    212

Specify the contact email address    213

Create content sources in a SharePoint Search service application    213

Step 4: Configure the SharePoint Search service application topology    214

Create a Search Center site in SharePoint Server 2013    215

Before you begin    215

Deploy people search in SharePoint Server 2013    218

Before you begin    218

People search prerequisites    218

Set up people search    219

Configure My Sites settings    219

Configure crawling    219

Add data for people search    222

Add user profiles to the profile store    222

Add information to My Sites    223

Crawl the profile store    223

Configure result sources for search in SharePoint Server 2013    225

Before you begin    225

Create a result source    225

Levels and permissions for result sources    226

On the BASICS tab    227

On the SORTING tab    228

On the TEST tab    228

Set a result source as default    228

Create and configure Machine Translation services in SharePoint Server 2013    230

Before you begin    230

Create a SharePoint Machine Translation service application    231

Database section properties    232

Configure the Machine Translation Service    234

Additional steps    237

Configure Request Manager in SharePoint Server 2013    238

Overview    238

Scenarios    238

Setup and Deployment    239

Dedicated mode    240

Integrated mode    241

Configuration    242

General settings    242

Windows PowerShell examples to enable routing and throttling    242

Decision information    243

Routing targets    243

Windows PowerShell examples routing target tasks    243

Routing and throttling rules    244

Request Routing    245

Incoming request handler    245

Request routing    245

Request rule matching    245

Front-end web server selection    246

Request routing and prioritizing    246

Request load balancing    247

Monitoring and maintenance    247

Configure Business Connectivity Services solutions for SharePoint 2013    249

About Business Connectivity Services installation scenarios    249

Prerequisites    249

On-premises deployment    249

Deploy a Business Connectivity Services on-premises solution in SharePoint 2013    251

What these procedures help you deploy    251

How to use these procedures and a roadmap of the procedures    253

Prerequisites for deploying a Business Connectivity Services on-premises solution in SharePoint 2013    255

On-premises scenario prerequisites    255

Preparing the environment    256

How to download and install the AdventureWorks sample database    256

Create database logins for a Business Connectivity Services on-premises solution in SharePoint 2013    257

Create a SQL Server login    257

Create a SQL Server user on the AdventureWorks database    258

Start the Business Data Connectivity service for a Business Connectivity Services on-premises solution in SharePoint 2013    259

Start the Business Data Connectivity service    259

Create the Business Data Connectivity service application in SharePoint 2013    260

Create a new Business Data Connectivity Services service application    260

Set permissions on the BCS Metadata Store for a Business Connectivity Services on-premises solution in SharePoint 2013    262

Set permissions on the Business Connectivity Services Metadata Store    262

Configure the Secure Store Service for a Business Connectivity Services on-premises solution in SharePoint 2013    264

Parameters for configuring the Secure Store Service for a Microsoft Business Connectivity Services on-premises configuration    264

Configure Secure Store Service for on-premises Business Connectivity Services    264

Create an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013    267

Create and configure an external content type with SharePoint Designer 2013    267

Define general information    267

Define general and Office behaviors    268

Create a connection to the external data    268

Select a table, view, or routine and Define Operation    268

Add columns    269

Map Outlook fields and set up the external item picker control    269

Define filters    269

Set the Title field for an external list and complete the external content type    269

Configure permission on an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013    271

Set up permissions to the external content type    271

Create an external list for a Business Connectivity Services on-premises solution in SharePoint 2013    273

Create an external list    273

Create a view of an external list    273

Manage user permissions on an external list for a Business Connectivity Services on-premises solution in SharePoint 2013    275

Manage user permissions to the external list    275

Connect an external list to Outlook for a Business Connectivity Services on-premises solution in SharePoint 2013    277

Synchronize the external list with Outlook    277

Link to    277

Verify offline access and synchronization of external data in Outlook for a Business Connectivity Services on-premises solution in SharePoint 2013    278

Update customer data offline and refresh it online    278

Configure eDiscovery in SharePoint Server 2013    279

Configure communication between SharePoint Server 2013 and Exchange Server 2013    279

Configure Search to crawl all discoverable content    280

Grant permissions    280

Create an eDiscovery center    281

Configure site mailboxes in SharePoint Server 2013    282

Before you begin    282

Configure SharePoint for Site Mailboxes in SharePoint Server 2013    283

Install Exchange Web Services API on SharePoint Server    284

Establish OAuth Trust and Service Permissions on SharePoint Server 2013    284

Configure Exchange Server 2013 for Site Mailboxes    293

Establish OAuth Trust and Service Permission on Exchange    293

Troubleshooting    293

Table of Error Codes for Reference When Running Configuration Checklist Script    293

Configure Exchange task synchronization in SharePoint Server 2013    297

Before you begin    297

Configure SharePoint for Task Synchronization in SharePoint Server 2013    298

Install Exchange Web Services API on SharePoint Server    298

Configure Exchange Server 2013 for Task Synchronization    299

Establish OAuth Trust and Service Permission on Exchange    299

Configure social computing features in SharePoint Server 2013    300

TechNet articles about configuring social computing features    300

Additional resources about configuring social computing features    301

Configure My Sites in SharePoint Server 2013    302

Prerequisites    302

Web application    303

User Profile service application and profile synchronization    303

Create a My Site host site collection    303

Add a wildcard inclusion managed path to the web application    304

Connect the web application to service applications    305

Enable self-service site creation for the web application    305

Configure My Site settings for the User Profile service application    307

Enable the User Profile Service Application – Activity Feed Job    309

Next steps    310

Configure trusted My Site host locations    310

Configure links to Office client applications    310

Add personalization site links on My Sites    310

Start related services    311

Configure microblogging    311

Create and configure communities in SharePoint Server 2013    312

Before you begin    312

Create a Community Site    313

Create a Community Portal    313

Additional steps    314

Configure microblogging in SharePoint Server 2013    315

TechNet articles about microblogging    315

Configure Following settings in SharePoint Server 2013    316

Configure Following settings for My Sites    316

Manage Feed Cache and Last Modified Time Cache repopulation in SharePoint Server 2013    318

Repopulate the Last Modified Time Cache by using timer jobs in Central Administration    319

Repopulate the Feed Cache and Last Modified Time Cache by using Windows PowerShell cmdlets    320

Manage the Distributed Cache service in SharePoint Server 2013    321

Start and stop the Distributed Cache service    321

Change the memory allocation of the Distributed Cache service    322

Change the memory allocation of the Distributed Cache by using Windows PowerShell    323

Add or remove a server in a Distributed Cache cluster    324

Add a server to the cache cluster and starting the Distributed Cache service by using a Windows PowerShell    324

Remove a server from the cache cluster by using a Windows PowerShell    324

Perform a graceful shutdown of the Distributed Cache service    325

Change the service account    325

Enable or disable personal and social features for users or groups in SharePoint Server 2013    327

Enable users or groups to use personal and social features    327

Configure web content management solutions in SharePoint Server 2013    329

The articles that are listed in the following table describe how to set up cross-site publishing features in a SharePoint Server 2013 environment.    329

Configure cross-site publishing in SharePoint Server 2013    331

Before you begin    331

Create site collections for cross-site publishing    332

Activate the Cross-Site Collection Publishing feature    332

Create content for authoring sites    332

Create and manage term sets for tagging content on authoring sites    332

Create catalog content by using SharePoint lists    333

Share a library or list as a catalog    334

Make a term set available to other site collections    336

Configure search for cross-site publishing    336

Reindex catalog content    337

Connect a publishing site to a catalog in SharePoint Server 2013    338

Before you begin    338

Connect a publishing site to a catalog    339

Configure Search Web Parts in SharePoint Server 2013    342

Before you begin    343

Add a Content Search Web Part to a page    343

Configure the query for a Content Search Web Part    343

Quick Mode (default)    344

Advanced Mode    345

Query text    348

Configure the display templates for the Content Search Web Part    348

Add a Refinement Web Part to a page    348

Configure the Refinement Web Part    349

Change the refiner display name    350

Display refiner counts in a Refinement Web Part    350

Configure the display templates for the Refinement Web Part    351

Add a Taxonomy Refinement Panel Web Part to a page    351

Configure the Taxonomy Refinement Panel Web Part    352

Add a Recommended Items Web Part to a page    352

Configure the Recommended Items Web Part    353

Get recommended items for    353

Query Rules    354

Query text    354

Refined by    354

{RecsURL}*    355

Query text    355

Configure the display templates for the Recommended Items Web Part    355

Configure refiners and faceted navigation in SharePoint Server 2013    356

Before you begin    356

Enable a managed property as refiner    357

Managed properties that are enabled as refiners by default    357

Map a crawled property to a refinable managed property in SharePoint site collection administration    358

Enable a managed property as a refiner in SharePoint Central Administration    359

Configure refiners for faceted navigation    360

Enable a term set for faceted navigation    360

Add refiners to a term set    360

Set intervals for refiner values    361

Additional steps    361

Configure result sources for web content management in SharePoint Server 2013    362

Before you begin    362

Create a result source    363

Levels and permissions for result sources    363

On the BASICS tab    364

On the SORTING tab    365

On the TEST tab    365

Set a result source as default    366

Configure recommendations and usage event types in SharePoint Server 2013    367

Before you begin    367

Create a custom usage event type    368

Record a custom usage event    369

Record a default usage event    373

Change the level of importance of a usage event type    376

Change the Recent time period for a usage event type    378

Enable and disable the logging of usage events of anonymous users    379

Configure workflow in SharePoint Server 2013    383

Installing and configuring workflow for SharePoint Server 2013    384

Overview    384

Workflow Platform types available in SharePoint Server 2013    385

Before you begin    386

Install and configure SharePoint Server 2013    386

Install and configure Workflow Manager    386

Configure Workflow Manager to work with the SharePoint Server 2013 farm    386

Validate the installation    389

Troubleshooting    389

Installing Workflow Manager certificates in SharePoint Server 2013    391

Configuration steps    391

Enable SSL    391

Install Workflow Manager certificates in SharePoint    391

Create a web application in SharePoint 2013    393

TechNet articles about how to create web applications    393

Create web applications that use classic mode authentication in SharePoint 2013    395

Before you begin    395

Create a web application that uses classic mode authentication with Windows PowerShell    396

Create claims-based web applications in SharePoint 2013    399

Create a claims-based web application by using Central Administration    400

Item    403

Create a claims-based web application by using Windows PowerShell    404

Create a classic-mode web application by using Windows PowerShell    405

Configure basic authentication for a claims-based web application in SharePoint 2013    407

Before you begin    407

Configure IIS to enable basic authentication    408

Configure digest authentication for a claims-based web application in SharePoint 2013    410

Before you begin    410

Configure IIS to enable digest authentication    411

Install and manage solutions for SharePoint 2013    412

TechNet articles about how to install and manage solutions    412

Additional resources about how to install and manage solutions    413

Install and manage apps for SharePoint 2013    414

Downloadable resources about apps for SharePoint    414

TechNet articles about apps for SharePoint    414

Additional resources about apps for SharePoint    415

Overview of apps for SharePoint 2013    417

Where are apps for SharePoint hosted?    417

How are apps for SharePoint and SharePoint sites related?    418

What is the URL for an app for SharePoint?    419

Use and benefits of apps for SharePoint    420

Impacts of apps for SharePoint    420

Plan for apps for SharePoint 2013    421

Governance: determine the app for SharePoint policy for your organization    421

Plan app configuration settings    422

Determine the domain name to use    424

Plan App Catalog    425

Plan to monitor apps    425

Plan for app licenses    426

Plan app permissions management in SharePoint 2013    427

Introduction    427

App permission request scopes    428

App permission requests    428

App authorization policies    430

Configure an environment for apps for SharePoint 2013    431

Before you begin    432

Configure the domain names in DNS (all hosting options)    433

Create a new wildcard SSL certificate    437

Configure the Subscription Settings and App Management service applications    437

Configure the app URLs to use    442

Configure the Internet-facing endpoints feature (Optional)    444

Manage the App Catalog in SharePoint 2013    445

Before you begin    445

Configure the App Catalog site for a web application    446

Configure app requests and SharePoint Store settings    447

Add apps to the App Catalog    449

Remove apps from the App Catalog    450

Add apps for SharePoint to a SharePoint 2013 site    451

Before you begin    451

Add apps for SharePoint to SharePoint sites    452

Remove an app for SharePoint from a SharePoint 2013 site    455

Before you begin    455

Remove an app from a SharePoint site    455

Monitor apps for SharePoint for SharePoint Server 2013    457

Before you begin    457

Selecting apps to monitor in Central Administration    458

Monitoring app details in Central Administration    459

Monitoring app details in a SharePoint site    460

Monitor and manage app licenses in SharePoint Server 2013    462

Before you begin    462

Monitoring and managing app licenses    463

Upgrade to SharePoint 2013    466

Downloadable resources about upgrade    466

TechNet articles about upgrade    466

Additional resources about upgrade    467

Get started with upgrades to SharePoint 2013    468

Downloadable resources about upgrade to SharePoint 2013    468

TechNet articles about understanding upgrade    468

Additional resources about upgrade to SharePoint 2013    470

What’s new in SharePoint 2013 upgrade    471

In-place upgrade of the farm is not supported    471

Database-attach upgrade is available for some service application databases    471

Deferred site collection upgrade    472

Site collection health checker    472

Upgrade evaluation site collections    472

Notifications for life-cycle events    473

Throttles for site collection upgrade    473

True “SharePoint 2010” instead of visual upgrade    473

Log files now in ULS format    474

Overview of the upgrade process to SharePoint 2013    475

Create the SharePoint 2013 farm    476

Copy the SharePoint 2010 Products databases    476

Upgrade SharePoint 2010 Products databases and service applications    477

Upgrade SharePoint 2010 Products site collections    479

Upgrade My Sites    479

Upgrade other SharePoint 2010 Products site collections    481

Services upgrade overview for SharePoint Server 2013    483

Database attach upgrade with services    483

Considerations for specific services    485

Upgrade farms that share services (parent and child farms) to SharePoint 2013    487

Process for upgrading farms that share services    487

Best practices for upgrading to SharePoint 2013    494

Best practices for testing upgrade    494

Best practices for upgrading to SharePoint 2013    495

Review supported editions and products for upgrading to SharePoint 2013    497

Supported topologies    497

Physical topology guidance    498

Supported editions for upgrade    498

Supported cross-product upgrades    499

Plan for upgrade to SharePoint 2013    500

TechNet articles about how to plan for upgrade    500

Additional resources about how to plan for upgrade to SharePoint 2013    501

Determine strategy for upgrade to SharePoint 2013    502

How to minimize downtime during upgrade    502

Special cases    503

Create a plan for current customizations during upgrade to SharePoint 2013    505

Identify customizations in your environment    505

Evaluate the customizations    505

Considerations for specific customizations    507

Ensure that future customizations follow best practices    510

Plan for site collection upgrades in SharePoint 2013    511

Determine the site collections that farm administrators should upgrade    511

Plan settings for upgrade notifications, self-service upgrade, and site collection creation    512

Properties that control site collection upgrade and site creation    512

Properties that control upgrade notifications    513

Plan for upgrade evaluation sites    514

Timer jobs for upgrade evaluation site collections    515

How the upgrade evaluation site collections are created    515

Plan site collection upgrade throttling and queues    515

Throttle levels for site collection upgrade    516

About site collection modes    518

Train site collection administrators    518

Plan for performance during upgrade to SharePoint 2013    520

About upgrade performance for SharePoint 2013    520

Estimate the space that you must have for the upgrade    521

Database growth    521

Transaction log growth    522

Estimate how long the upgrade will take    522

Environment performance after upgrade    526

Create a communication plan for the upgrade to SharePoint 2013    527

Who is a member of the upgrade team?    527

When and what to communicate to the upgrade team    528

When and what to communicate to site users    529

Clean up an environment before an upgrade to SharePoint 2013    530

Items to clean up    530

Delete unused or underused site collections and subwebs    530

Check large lists (lists with lots of data)    531

Delete excess columns from wide lists (lists with too many columns) or remove wide lists    531

Consider moving site collections into separate databases    531

Remove extraneous document versions    531

Remove unused templates, features, and Web Parts    532

Remove PowerPoint Broadcast sites    532

Finish Visual Upgrades in SharePoint 2010 Products    532

Repair data issues    534

How to make structural changes    534

Test and troubleshoot an upgrade to SharePoint 2013    536

Downloadable resources about how to test and troubleshoot upgrade    536

TechNet articles about how to test and troubleshoot upgrade    537

Additional resources about how to test and troubleshoot upgrade    537

Use a trial upgrade to SharePoint 2013 to find potential issues    539

Set up a test environment    540

Using a virtual test environment    541

Using a physical test environment    541

Identify and install customizations    542

Copy real data to the test environment and upgrade databases    543

Review results after you upgrade databases    544

Review the log files    544

Review sites in 2010 mode    544

Run upgrade again, if it is necessary    544

Upgrade site collections and My Sites    544

Review results after you upgrade site collections    545

Adjust your plans and test again    545

Troubleshoot database upgrade issues in SharePoint 2013    546

General principles to identify issues    546

First, check upgrade status and log files    546

Then, address issues in order    547

Common issues    547

Q: I want to upgrade from a pre-release version of SharePoint 2013    547

Q: The log says I have missing templates, features, or other server-side customizations    547

Q: The log file says that something is not right with my farm, web application, or service application configuration settings    548

Q: I see errors and warnings during upgrade about connectivity or corruption    549

Q: I ran out of disk space    549

Q: I see an error about authentication    549

Q: SQL Server says I don’t have permissions    550

Q: A database will not upgrade    550

Q: I changed a database name during restore, but I cannot find the files that have that name    550

Q: I cannot back up the Search service application Administration database    550

Q: Trusted connections are not working for Excel Services after upgrade    550

Q: My workflows are no longer associated correctly    551

Troubleshoot site collection upgrade issues in SharePoint 2013    552

Check upgrade status and log files    552

Common issues    553

Q: I don’t see a UI control on the page that used to be there    553

Q: The view on a large list is not working any longer    553

Q: I see an error about a duplicate content type name    553

Q: My site looks ugly, doesn’t behave as expected, or I see script errors    553

Q: Custom content in my site disappeared or doesn’t work    554

Q: I receive an error that says a control or page cannot render    554

Q: I receive an error that I cannot create a subsite based on a site template because the site template uses the 2010 experience version and my site collection is in the 2013 experience version    554

Restart a database-attach upgrade or a site collection upgrade to SharePoint 2013    555

Restart upgrade for a database by using Windows PowerShell    555

Restart upgrade for a site collection    556

Upgrade databases from SharePoint 2010 to SharePoint 2013    558

Downloadable resources about upgrading databases    558

TechNet articles about upgrading databases    558

Additional resources about upgrade    559

Checklist for database-attach upgrade (SharePoint 2013)    561

Prepare for upgrade    561

Pre-upgrade steps    561

Complete the database attach upgrade    562

Prepare the new environment    562

Back up and restore databases    564

Upgrade service application databases    565

Create web applications    567

Attach and upgrade content databases    568

Complete post-upgrade steps    569

Post upgrade steps for database attach upgrade    569

Attach databases and upgrade to SharePoint 2013    572

Before you begin    572

Install SharePoint 2013 in a new environment    574

Configure service applications and farm settings    574

Record the passphrase for the Secure Store service application    576

Set the previous version databases to be read-only    576

Back up the SharePoint 2010 Products databases by using SQL Server tools    577

Service application    577

Export the encryption key for the User Profile service application    578

Restore a backup copy of the database    579

Set the databases to read-write    580

About upgrading the service application databases    581

Start the service instances    581

Upgrade the Secure Store service application    583

Upgrade the Business Data Connectivity service application    585

Upgrade the Managed Metadata service application    587

Upgrade the User Profile service application    588

Start the User Profile Synchronization service    591

Upgrade the PerformancePoint Services service application    592

Upgrade the Search service application    593

Verify that all of the new proxies are in the default proxy group    596

Create web applications    597

Reapply customizations    598

Verify custom components    599

Attach a content database to a web application and upgrade the database    600

Verification: Verify upgrade for the first database    603

Attach the remaining databases    604

Verification: Verify upgrade for additional databases    604

Next steps    605

Verify database upgrades in SharePoint 2013    606

Verify upgrade status for databases    606

Review the log files for database attach upgrade    606

Check upgrade status for databases    607

Validate the upgraded environment    607

Migrate from classic-mode to claims-based authentication in SharePoint 2013    608

Convert SharePoint 2010 Products classic-mode web applications to claims-based authentication in SharePoint 2010 Products and then upgrade to SharePoint 2013    608

Convert SharePoint 2010 Products classic-mode web applications to SharePoint 2013 claims-based web applications    610

Convert SharePoint 2013 classic-mode web applications to claims-based web applications    612

Migrate SharePoint 2010 Products classic-mode web applications to SharePoint 2013 classic-mode web applications    614

Upgrade site collections to SharePoint 2013    616

Downloadable resources how to upgrade site collections    616

TechNet articles about how to upgrade site collections    616

Additional resources about how to upgrade to SharePoint 2013    617

Run site collection health checks in SharePoint 2013    618

Site collection health check rules    619

Before you begin    620

Run the site collection pre-upgrade health checks by using Site Settings    620

Run the site collection pre-upgrade health checks by using Windows PowerShell    620

Additional steps    622

Upgrade a site collection to SharePoint 2013    623

Create an upgrade evaluation site (Optional)    625

Upgrade a site collection    625

Verification    626

View upgrade status in Site Settings    626

Additional steps    627

Review site collections upgraded to SharePoint 2013    628

Checklists for reviewing upgraded sites    629

Web Parts    629

Large lists    630

Styles and appearance    631

Customized (unghosted) pages    631

Manage site collection upgrades to SharePoint 2013    633

Before you begin to upgrade site collections to SharePoint 2013    633

Control upgrade notifications and self-service upgrade    634

Control the compatibility range for site creation modes    636

Control the queue for upgrades of sites to SharePoint 2013    638

Control site throttle settings for upgrade to SharePoint 2013    640

Create upgrade evaluation site collections by using Windows PowerShell    644

Upgrade site collections by using Windows PowerShell    645

View upgrade status by using Windows PowerShell    646
Getting help

Every effort has been made to ensure the accuracy of this book. This content is also available online in the Office System TechNet Library, so if you run into problems you can check for updates at:

http://technet.microsoft.com/office

If you do not find your answer in our online content, you can send an email message to the Microsoft Office System and Servers content team at:

itspdocs@microsoft.com

If your question is about Microsoft Office products, and not about the content of this book, please search the Microsoft Help and Support Center or the Microsoft Knowledge Base at:

http://support.microsoft.com

Overview of SharePoint 2013 installation and configuration

Published: July 16, 2012

Summary: Learn about how to install and configure SharePoint Server 2013 or SharePoint Foundation 2013 in a farm.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Although SharePoint products farms vary in complexity and size, a combination of careful planning and a phased deployment that includes ongoing testing and evaluation significantly reduces the risk of unexpected outcomes. This article provides an overview for all types of SharePoint 2013 farm deployment.

For a visual representation of the information in this article, see the SharePoint 2013 Products Deployment model in the Technical diagrams (SharePoint 2013) topic. Related technical diagrams include “Topologies for SharePoint 2013 and Services inSharePoint Server 2013″.

In this article:
The logical result of SharePoint 2013’s flexibility and richness can be a high degree of complexity around installing and configuring SharePoint 2013 correctly. A fundamental understanding of the following key structural elements in a SharePoint 2013 environment is required in order to correctly deploy and support SharePoint 2013:
- Server farm: The top-level element of a logical architecture design for SharePoint 2013.
- Web application: An IIS Web site that is created and used by SharePoint 2013.
- Content database: Provides storage Web application content. You can separate content into multiple content databases at the site collection level.
- Site collection: A set of Web sites that have the same owner and share administration settings.
- Site: One or more related Web pages and other items (such as lists, libraries, and documents) that are hosted inside a site collection.
For more information about these and other architectural components, see Plan logical architectures for SharePoint 2013.

In addition to understanding the elements of a SharePoint 2013 environment and how they have to be configured for your solution, you must consider the following additional factors: physical architecture, installation and configuration, and the various stages of deployment.
Physical architecture
The physical architecture, which consists of one or more servers and the network infrastructure, enables you to implement the logical architecture for a SharePoint 2013 solution. The physical architecture is typically described in two ways: by its size and by its topology. Size, which can be measured in several ways, such as the number of users or the number of documents, is used to categorize a farm as small, medium, or large. Topology uses the idea of tiers or server groups to define a logical arrangement of farm servers.
- Size
Size uses the number of users and number of content items as a fundamental measure to indicate whether a server farm is small, medium, and large, as follows:
- A small server farm typically consists of at least two Web servers and a database server. One of the Web servers hosts the Central Administration site and the other handles additional farm-related tasks, such as serving content to users.
  
  The small farm can be scaled out to three tiers using a dedicated application server in response to the number of users, the number of content items, and the number of services that are required.
- A medium server farm typically consists of two or more Web servers, two application servers, and more than one database servers. We recommend that you start with the preceding configuration and then scale out to accommodate the workload placed on the servers.
  
  In scenarios where services are known to use a disproportionate amount of resources, you can scale out the application tier. Performance data will indicate which services you should consider off-loading to a dedicated server.
- A large server farm can be the logical result of scaling out a medium farm to meet capacity and performance requirements or by design before a SharePoint 2013 solution is implemented. A three-tier topology environment typically uses dedicated servers on all the tiers. Additionally, these servers are often grouped according to their role in the farm. For example, all client-related services can be grouped onto one or two servers and then scaled out by adding servers to this group as needed in response to user demand for these services.
Note:

The recommendation for scaling out a farm is to group services or databases with similar performance characteristics onto dedicated servers and then scale out the servers as a group. In large environments, the specific groups that evolve for a farm depend on the specific demands for each service in a farm.
For specific numbers related to small, medium, and large farms, see Performance and capacity management for SharePoint 2013 Products.

Topology

Topology uses tiers as a model for logically arranging farm servers according to the components that they host or their roles in a server farm. A SharePoint 2013 farm is deployed on one, two, or three tiers, as follows:
- In a single-tier deployment, SharePoint 2013 and the database server are installed on one computer.
- In a two-tier deployment, SharePoint 2013 components and the database are installed on separate servers. This kind of deployment maps to what is called a small farm. The front-end Web servers are on the first tier and the database server is located on the second tier. In the computer industry, the first tier is known as the Web tier. The database server is known as the database tier or database back-end.
- In a three-tier deployment, the front-end Web servers are on the first tier, the application servers are on the second tier, which is known as the application tier, and the database server is located on the third tier. A three-tier deployment is used for medium and large farms.
Installation and configuration

After you finish planning your solution you can create a SharePoint 2013 farm to host the solution. The first step is to install SharePoint 2013 and create the farm that is required for the solution. The process of preparing your environment consists of the following phases:

Prepare the servers
Create the farm
Configure settings, services, solutions, and sites

Note:

The farm that you create and deploy will undergo significant changes in size, topology, and complexity as you move through the different deployment stages illustrated in the SharePoint 2013 Products Deployment model. This is typical and the expected result of a phased deployment. This is why we recommend that you follow all of the stages described in the “Deployment stages” section of this article.

Prepare the servers

In this phase, you get your servers ready to host the product. This includes the supporting servers and the servers that will have SharePoint 2013 installed. The following servers must be configured to support and host a farm:

Database server: The required version of SQL Server, including service packs and cumulative updates must be installed on the database server. The installation must include any additional features, such as SQL Analysis Services, and the appropriate SharePoint 2013 logins have to be added and configured. The database server must be hardened and, if it is required, databases must be created by the DBA. For more information, see:

Hardware and software requirements (SharePoint 2013)

Configure SQL Server security for SharePoint 2013 environments
Application servers and front-end Web servers: The farm servers that will have SharePoint 2013 installed must be prepared as follows: verify that they meet the hardware requirements, have the operating system hardened, have the required networking and security protocols configured, have the SharePoint 2013 software prerequisites installed and hardened, and have the required authentication configured. For more information, see:
- System requirements (SharePoint 2013)
- “Installing software prerequisites” in Hardware and software requirements (SharePoint 2013)
- Plan security hardening (SharePoint Server 2013)
- Plan authentication in SharePoint 2013
Domain controller: The required farm accounts have to be configured for the domain and directory synchronization must be configured.

Important:

SharePoint 2013 does not support installation on to a domain controller in a production environment. A single label domain (SLD) names or single label forests is also not supported. Because the use of SLD names is not a recommended practice, SharePoint 2013 is not tested in this scenario. Therefore, there may be incompatibility issues when SharePoint 2013 are implemented in a single label domain environment. For more information, see Information about configuring Windows for domains with single-label DNS names and the DNS Namespace Planning Solution Center.

For information about required accounts, see:

In this phase, you install the product and configure each server to support its role in the farm. You also create the configuration database and the SharePoint Central Administration Web site. The following servers are required for a SharePoint 2013 farm:

Database server: Unless you plan to use DBA-created databases, the configuration database, content database, and other required databases are created when you run the SharePoint Products Configuration Wizard.
Application server: After you prepare the application server, install any additional components that are required to support functions such as Information Rights Management (IRM) and decision support. Install SharePoint 2013 on the server that will host SharePoint Central Administration Web site and then run the SharePoint Products Configuration Wizard to create and configure the farm.
Front-end Web server: Install SharePoint 2013 on each Web server, install language packs, and then run the SharePoint Products Configuration Wizard to add the Web servers to the farm.

Note:

After you add and configure all the front-end Web servers, you can add any additional application servers that are part of your topology design to the farm.

For more information about supported deployment scenarios, see Install SharePoint 2013.

Configure settings, services, solutions, and sites

In this phase, you prepare the farm to host your site content by completing the following tasks:

Configure services. For more information, see Configure services and service applications in SharePoint 2013
Configure global settings. For more information, see Configure SharePoint 2013
Create and populate the sites. For more information, see Set up Web applications and sites (SharePoint 2013)

Note:

Farm configuration steps are not isolated to a specific tier in the server infrastructure.

Deployment stages
By deploying a SharePoint 2013 solution in stages, you gain the benefits that are provided by a systematic approach, such as collecting performance and usage data that you can use to evaluate your solution. Additional benefits include verifying your capacity management assumptions and identifying issues before the farm is put into production.

We recommend that you deploy your farm in the following stages:
- Planning
- Development
- Proof of concept
- Pilot
- User acceptance test
- Production
  - Planning
Before you can deploy a farm, you must plan the solution that you want to deploy and determine the infrastructure requirements, such as server resources and farm topology. When you finish the planning stage, you should have documented the following:
- An infrastructure design to support your solution
- A detailed description of how you will implement the farm and the solution
- A plan for testing and validating the solution
- A site and solution architecture
- An understanding of the monitoring and sustained engineering requirements to support the solution
- A record of how the solution will be governed
- An understanding of how the solution will be messaged to the user to drive adoption of the solution
We recommend that you use the planning resources and articles described in Plan for SharePoint 2013.

Important:

Resource and time issues may pressure you to be less rigorous during the planning stage. We recommend that you try to be as diligent as possible because missed or lightly touched planning elements can resurface as significant issues after you are in production. These issues can create much additional work, consume unbudgeted resources, and potentially take away from the success of your SharePoint 2013.

After the planning stage, you move through the following deployment stages, updating and revising your plans, configurations, and topologies as you test.
- Development
During the development stage you will deploy SharePoint 2013 on a single server or on multiple servers to develop, test, evaluate, and refine the solution that you intend to implement. This environment is scaled according to your needs during solution development and can be retained as a scaled down environment for future development and testing. This is not a stable environment and there are no service-level agreements.
- Proof of concept
During the proof of concept stage, the objective is two-fold: to understand SharePoint 2013 and to evaluate SharePoint 2013 in the context of how it can address your business needs. The first level of product evaluation can be done by installing all of the product components on a single server. You do a more extensive product evaluation by a proof-of-concept deployment.

A proof-of-concept deployment on a single server or on a small farm enables you to expand the scope of your evaluation. In this deployment, non-IT staff is added to the evaluation team, which provides a broader view of how SharePoint 2013 features might be actually be used in the organization. The benefit of a proof-of-concept deployment is that you can collect data that can be used to refine your original plan. This data—such as page views, user behavior patterns, and server resource consumption—also enables you to start to build a benchmark for sizing your farm. A proof of concept is also good when you evaluate service applications and determining what feature sets that you will offer your end users.

It is important during the proof-of-concept stage that you understand the unique characteristics and functionality of these features because this understanding will help you define your overall topology. Be aware that a proof-of-concept deployment requires additional resources and extends the time required to put SharePoint 2013 into production.

Tip:

Virtualization provides a good platform for evaluating SharePoint 2013 because a virtual environment provides flexibility, rapid deployment capability, and the ability to roll back virtual machines to previous states.
- Pilot
A pilot is used to test your solution on a small scale. There are two approaches to using a pilot deployment. In the first approach, the focus is on functional testing without using real data. By using the second approach you test for production characteristics by using real data and have your pilot users test different kinds of tasks. We recommend the second approach because of the broader scope and real-world data that you can collect and use to refine your solution design.

A pilot deployment provides many benefits. It enables you to collect data that you can use to validate the following aspects of your farm design:
- Infrastructure design
- Capacity management assumptions
- Site and solution architecture
- Solution usage assumptions
The pilot stage also enables you to determine additional data that should be collected to increase the breadth and depth of your benchmarks. This is important if you want to assess the potential effect of additional features or services that you want to add to the farm before the user acceptance test.

At the conclusion of the pilot deployment, you can use the data that you collect to adjust the various components of the solution and its supporting infrastructure.
- User acceptance test (UAT)
A user acceptance test deployment—also known as a pre-production environment—is used by organizations as a transitional step from the pilot deployment to a production deployment. An organization’s business processes determine the scope, scale, and duration of user accept testing.

The topology of the pre-production environment should be the same as, or very similar to the planned production topology. During user acceptance testing, the SharePoint 2013 solution is tested against a subset or a complete copy of production data. This deployment stage provides a final opportunity for performance tuning and validating operational procedures such as backups and restores.
- Production
The final stage is rolling your farm into a production environment. At this stage, you will have incorporated the necessary solution and infrastructure adjustments that were identified during the user acceptance test stage.

Putting the farm into production requires you to complete the following tasks:
- Deploy the farm.
- Deploy the solution.
- Implement the operations plan.
- If required, deploy additional environments such as authoring and staging farms, and services farms.
Prepare for installation of SharePoint 2013

Published: July 16, 2012

Summary: Learn about permissions, accounts, security settings, and what you have to do to prepare your environment for SharePoint 2013.

The following downloadable resources, articles on TechNet, video recordings, and related resources provide information about how to prepare for SharePoint 2013 installation and initial configuration.

TechNet articles about how to prepare for SharePoint 2013 installation and initial configuration

The following articles about how to prepare for SharePoint 2013 installation and initial configuration are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Initial deployment administrative and service accounts in SharePoint 2013	Provides information about the administrative and service accounts that are required for an initial SharePoint 2013 installation.
	Account permissions and security settings in SharePoint 2013	Describes SharePoint 2013 administrative and services account permissions. This article discusses the following areas: Microsoft SQL Server, the file system, file shares, and registry entries.
	Configure SQL Server security for SharePoint 2013 environments	Learn how to harden SQL Server for SharePoint 2013 environments by using SQL Server tools and Windows Firewall.
	Install prerequisites for SharePoint 2013 from a network share	Describes how to install SharePoint 2013 prerequisites from an offline shared network location using the prerequisite installer (PrerequisiteInstaller.exe) tool.

Additional resources about SharePoint 2013 installation and initial configuration

The following resources about SharePoint 2013 installation and initial configuration are available from other subject matter experts.

	Content	Description
	Installation and Deployment for SharePoint 2013 Resource Center Capabilities and features in SharePoint 2013 Resource Center	Visit the Resource Center to access videos, Community Sites, documentation, and more.

Initial deployment administrative and service accounts in SharePoint 2013

Updated: October 2, 2012

Summary: Learn about the administrative and service accounts that are required to initially install SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

This article provides information about the administrative and service accounts that are required for an initial SharePoint 2013 deployment. Additional accounts and permissions are required to fully implement all aspects of a production farm.

Note:

For a complete list of permissions, see Account permissions and security settings in SharePoint 2013.

Required permissions

To deploy SharePoint 2013 on a server farm, you must provide credentials for several different accounts.

The following table describes the accounts that are used to install and configure SharePoint 2013.

Account	Purpose	Requirements
SQL Server service account	The SQL Server service account is used to run SQL Server. It is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT If you do not use the default SQL Server instance, in the Windows Services console, these services will be shown as the following: MSSQL<InstanceName> SQLAgent<InstanceName>	Use either a Local System account or a domain user account. If you plan to back up to or restore from an external resource, permissions to the external resource must be granted to the appropriate account. If you use a domain user account for the SQL Server service account, grant permissions to that domain user account. However, if you use the Network Service or the Local System account, grant permissions to the external resource to the machine account (<domain_name>\<SQL_hostname>). The instance name is arbitrary and was created when SQL Server was installed.
Setup user account	The Setup user account is used to run the following: Setup SharePoint Products Configuration Wizard	Domain user account. Member of the Administrators group on each server on which Setup is run. SQL Server login on the computer that runs SQL Server. Member of the following SQL Server roles: securityadmin fixed server role dbcreator fixed server role If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database.
Server farm account or database access account	The server farm account is used to perform the following tasks: Configure and manage the server farm. Act as the application pool identity for the SharePoint Central Administration Web site. Run the Microsoft SharePoint Foundation Workflow Timer Service.	Domain user account. Additional permissions are automatically granted for the server farm account on Web servers and application servers that are joined to a server farm. The server farm account is automatically added as a SQL Server login on the computer that runs SQL Server. The account is added to the following SQL Server security roles: dbcreator fixed server role securityadmin fixed server role db_owner fixed database role for all SharePoint databases in the server farm

Note:

We recommend that you install SharePoint 2013 by using least-privilege administration.

Account permissions and security settings in SharePoint 2013

Published: September 4, 2012

Summary: Learn about the permissions and security settings to use with a deployment of SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

This article describes SharePoint administrative and services account permissions for the following areas: Microsoft SQL Server, the file system, file shares, and registry entries.

In this article:
About account permissions and security settings

The SharePoint Configuration Wizard (Psconfig) and the Farm Creation Wizard, both of which are run during a Complete installation, configure many of the SharePoint baseline account permissions and security settings.

SharePoint administrative accounts
One of the following SharePoint components automatically configures most of the SharePoint administrative account permissions during the setup process:
- The SharePoint Configuration Wizard (Psconfig).
- The Farm Creation Wizard.
- The SharePoint Central Administration web site.
- Windows PowerShell.
  - Setup user administrator account
This account is used to set up each server in your farm by running the SharePoint Configuration Wizard, the initial Farm Creation Wizard, and Windows PowerShell. For the examples in this article, the setup user administrator account is used for farm administration, and you can use Central Administration to manage it. Some configuration options, for example, configuration of the SharePoint 2013 Search query server, require local administration permissions. The setup user administrator account requires the following permissions:
- It must have domain user account permissions.
- It must be a member of the local administrators group on each server in the SharePoint farm, excluding the server running SQL Server and the Simple Mail Transfer Protocol (SMTP) server.
- This account must have access to the SharePoint databases.
- If you use any Windows PowerShell operations that affect a database, the setup user administrator account must be a member of the db_owner role.
- This account must be assigned to the securityadmin and dbcreatorSQL Server security roles during setup and configuration.
Note:

The securityadmin and dbcreatorSQL Server security roles might be required for this account during a complete version-to-version upgrade because new databases might have to be created and secured for services.

After you run the configuration wizards, machine-level permissions for the setup user administrator account include:
- Membership in the WSS_ADMIN_WPG Windows security group.
- Membership in the IIS_WPG role.
After you run the configuration wizards, database permissions include:
- db_owner on the SharePoint server farm configuration database.
- db_owner on the SharePoint Central Administration content database.
Warning:

If the setup user administrator account cannot a log on to the computer running SQL Server, the configuration wizards will not run correctly. If the account that you use to run the configuration wizards does not have the appropriate special SQL Server role membership or access as db_owner on the databases, the configuration wizards will not run correctly.
- SharePoint farm service account
The server farm account, which is also referred to as the database access account, is used as the application pool identity for Central Administration and as the process account for the SharePoint Foundation 2013 Timer service. The server farm account requires the following permissions:
- It must have domain user account permissions.
Additional permissions are automatically granted to the server farm account on web servers and application servers that are joined to a server farm.

After you run the SharePoint Configuration Wizard, machine-level permissions include:
- Membership in the WSS_ADMIN_WPG Windows security group for the SharePoint Foundation 2013 Timer service.
- Membership in WSS_RESTRICTED_WPG for the Central Administration and Timer service application pools.
- Membership in WSS_WPG for the Central Administration application pool.
After you run the configuration wizards, SQL Server and database permissions include:
- Dbcreator fixed server role.
- Securityadmin fixed server role.
- db_owner for all SharePoint databases.
- Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint server farm configuration database.
- Membership in the WSS_CONTENT_APPLICATION_POOLS role for the SharePoint_Admin content database.

SharePoint service application accounts
This section describes the service application accounts that are set up by default during installation.
- Application pool account
The application pool account is used for application pool identity. The application pool account requires the following permission configuration settings:

The following machine-level permission is configured automatically: The application pool account is a member of WSS_WPG.

The following SQL Server and database permissions for this account are configured automatically:
- The application pool accounts for Web applications are assigned to the SP_DATA_ACCESS role for the content databases.
- This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the farm configuration database.
- This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role associated with the SharePoint_Admin content database.
  - Default content access account
Important:

Information in this section applies to SharePoint Server 2013 only.

The default content access account is used within a specific service application to crawl content, unless a different authentication method is specified by a crawl rule for a URL or URL pattern. This account requires the following permission configuration settings:
- The default content access account must be a domain user account that has read access to external or secure content sources that you want to crawl by using this account.
- For SharePoint Server sites that are not part of the server farm, you have to explicitly grant this account full read permissions to the web applications that host the sites.
- This account must not be a member of the Farm Administrators group.
  - Content access accounts
Important:

Information in this section applies to SharePoint Server 2013 only.

Content access accounts are configured to access content by using the Search administration crawl rules feature. This type of account is optional and you can configure it when you create a new crawl rule. For example, external content (such as a file share) might require this separate content access account. This account requires the following permission configuration settings:
- The content access account must have read access to external or secure content sources that this account is configured to access.
- For SharePoint Server sites that are not part of the server farm, you have to explicitly grant this account full read permissions to the web applications that host the sites.
  - Excel Services unattended service account
Important:

Information in this section applies to SharePoint Server 2013 only.

Excel Services uses the Excel Services unattended service account to connect to external data sources that require a user name and password that are based on operating systems other than Windows for authentication. If this account is not configured, Excel Services will not attempt to connect to these types of data sources. Although account credentials are used to connect to data sources of operating systems other than Windows, if the account is not a member of the domain, Excel Services cannot access them. This account must be a domain user account.
- My Sites application pool account
Important:

Information in this section applies to SharePoint Server 2013 only.

The My Sites application pool account must be a domain user account. This account must not be a member of the Farm Administrators group.

The following machine-level permission is configured automatically: This account is a member of WSS_WPG.

The following SQL Server and database permissions are configured automatically:
- This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the farm configuration database.
- This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the SharePoint_Admin content database.
- The application pool accounts for web applications are assigned to the SP_DATA_ACCESS role for the content databases
  - Other application pool accounts
The other application pool account must be a domain user account. This account must not be a member of the Administrators group on any computer in the server farm.

The following machine-level permission is configured automatically: This account is a member of WSS_WPG.

The following SQL Server and database permissions are configured automatically:
- This account is assigned to the SP_DATA_ACCESS role for the content databases.
- This account is assigned to the SP_DATA_ACCESS role for search database that is associated with the web application.
- This account must have read and write access to the associated service application database.
- This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the farm configuration database.
- This account is assigned to the WSS_CONTENT_APPLICATION_POOLS role that is associated with the SharePoint_Admin content database.

SharePoint database roles
This section describes the database roles that installation sets up by default or that you can configure optionally.
- WSS_CONTENT_APPLICATION_POOLS database role
The WSS_CONTENT_APPLICATION_POOLS database role applies to the application pool account for each web application that is registered in a SharePoint farm. This enables web applications to query and update the site map and have read-only access to other items in the configuration database. Setup assigns the WSS_CONTENT_APPLICATION_POOLS role to the following databases:
- The SharePoint_Config database (the configuration database).
- The SharePoint_AdminContent database.
Members of the WSS_CONTENT_APPLICATION_POOLS role have the execute permission for a subset of the stored procedures for the database. In addition, members of this role have the select permission to the Versions table (dbo.Versions) in the SharePoint_AdminContent database. For other databases, the accounts planning tool indicates that access to read these databases is automatically configured. In some cases, limited access to write to a database is also automatically configured. To provide this access, permissions for stored procedures are configured.
- WSS_SHELL_ACCESS database role
The secure WSS_SHELL_ACCESS database role on the configuration database replaces the need to add an administration account as a db_owner on the configuration database. By default, the setup account is assigned to the WSS_SHELL_ACCESS database role. You can use a Windows PowerShell command to grant or remove memberships to this role. Setup assigns the WSS_SHELL_ACCESS role to the following databases:
- The SharePoint_Config database (the configuration database).
- One or more of the SharePoint Content databases. This is configurable by using the Windows PowerShell command that manages membership and the object that is assigned to this role.
Members of the WSS_SHELL_ACCESS role have the execute permission for all stored procedures for the database. In addition, members of this role have the read and write permissions on all of the database tables.
- SP_READ_ONLY database role
The SP_READ_ONLY role should be used for setting the database to read only mode instead of using sp_dboption. This role as its name suggests should be used when only read access is required for data such as usage and telemetry data.

Note:
The sp_dboption stored procedure is not available in SQL Server 2012. For more information about sp_dboption see sp_dboption.

The SP_READ_ONLY SQL role will have the following permissions:
- Grant SELECT on all SharePoint stored procedures and functions
- Grant SELECT on all SharePoint tables
- Grant EXECUTE on user-defined type where schema is dbo
  - SP_DATA_ACCESS database role
The SP_DATA_ACCESS role is the default role for database access and should be used for all object model level access to databases. Add the application pool account to this role during upgrade or new deployments.

Note:

The SP_DATA_ACCESS role replaces the db_owner role in SharePoint 2013.

The SP_DATA_ACCESS role will have the following permissions:
- Grant EXECUTE or SELECT on all SharePoint stored procedures and functions
- Grant SELECT on all SharePoint tables
- Grant EXECUTE on User-defined type where schema is dbo
- Grant INSERT on AllUserDataJunctions table
- Grant UPDATE on Sites view
- Grant UPDATE on UserData view
- Grant UPDATE on AllUserData table
- Grant INSERT and DELETE on NameValuePair tables
- Grant create table permission

Group permissions

This section describes permissions of groups that the SharePoint 2013 setup and configuration tools create.

WSS_ADMIN_WPG

WSS_ADMIN_WPG has read and write access to local resources. The application pool accounts for the Central Administration and Timer services are in WSS_ADMIN_WPG. The following table shows the WSS_ADMIN_WPG registry entry permissions.

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS		Full control	Not Applicable		Not Applicable
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\15.0\Registration\{90150000-110D-0000-1000-0000000FF1CE}		Read, write	Not Applicable		Not Applicable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server		Read	No		This key is the root of the SharePoint 2013 registry settings tree. If this key is altered, SharePoint 2013 functionality will fail.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\15.0		Full control	No		This key is the root of the SharePoint 2013 registry settings.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LoadBalancerSettings	Read, write		No	This key contains settings for the document conversion service. Altering this key will break document conversion functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LauncherSettings	Read, write		No	This key contains settings for the document conversion service. Altering this key will break document conversion functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\Search	Full control		Not Applicable	Not Applicable
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Search	Full control		Not Applicable	Not Applicable
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure	Full control		No	This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint 2013 installation on the machine will not function.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS		Full control	Yes		This key contains settings used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

The following table shows the WSS_ADMIN_WPG file system permissions.

File system path		Permissions	Inherit		Description
%AllUsersProfile%\ Microsoft\SharePoint		Full control	No		This directory contains the file-system-backed cache of the farm configuration. Processes might fail to start and the administrative actions might fail if this directory is altered or deleted.
C:\Inetpub\wwwroot\wss		Full control	No		This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted, unless custom IIS Web site paths are provided for all IIS Web sites extended with SharePoint 2013.
%ProgramFiles%\Microsoft Office Servers\15.0		Full control	No		This directory is the installation location for SharePoint 2013 binaries and data. The directory can be changed during installation. All SharePoint 2013 functionality will fail if this directory is removed, altered, or removed after installation. Membership in the WSS_ADMIN_WPG Windows security group is required for some SharePoint 2013 services to be able to store data on disk.
%ProgramFiles%\Microsoft Office Servers\15.0\WebServices		Read, write	No		This directory is the root directory where back-end Web services are hosted, for example, Excel and Search. The SharePoint 2013 features that depend on these services will fail if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\15.0\Data		Full control	No		This directory is the root location where local data is stored, including search indexes. Search functionality will fail if this directory is removed or altered. WSS_ADMIN_WPG Windows security group permissions are required to enable search to save and secure data in this folder.
%ProgramFiles%\Microsoft Office Servers\15.0\Logs		Full control	Yes		This directory is the location where the run-time diagnostic logging is generated. Logging functionality will not function properly if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\15.0\Data\Office Server	Full control		Yes	Same as the parent folder.
%windir%\System32\drivers\etc\HOSTS	Read, write		Not Applicable	Not Applicable
%windir%\Tasks	Full control		Not Applicable	Not Applicable
%COMMONPROGRAMFILES%Microsoft Shared\Web Server Extensions\15	Modify		Yes	This directory is the installation directory for core SharePoint 2013 files. If the access control list (ACL) is modified, feature activation, solution deployment, and other features will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\ADMISAPI	Full control		Yes	This directory contains the SOAP services for Central Administration. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\CONFIG		Full control	Yes		This directory contains files used to extend IIS Web sites with SharePoint 2013. If this directory or its contents are altered, web application provisioning will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS		Full control	No		This directory contains setup and runtime tracing logs. If the directory is altered, diagnostic logging will not function correctly.
%windir%\temp		Full control	Yes		This directory is used by platform components on which SharePoint 2013 depends. If the access control list is modified, Web Part rendering and other deserialization operations might fail.
%windir%\System32\logfiles\SharePoint		Full control	No		This directory is used by SharePoint Server usage logging. If this directory is modified, usage logging will not function correctly. This registry key applies only to SharePoint Server.
%systemdrive\program files\Microsoft Office Servers\15 folder on Index servers		Full control	Not Applicable		This permission is granted for a %systemdrive\program files\Microsoft Office Servers\15 folder on Index servers.

WSS_WPG

WSS_WPG has read access to local resources. All application pool and services accounts are in WSS_WPG. The following table shows WSS_WPG registry entry permissions.

Key name	Permissions	Inherit	Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\15.0	Read	No	This key is the root of the SharePoint 2013 registry settings.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\Diagnostics	Read, write	No	This key contains settings for the SharePoint 2013 diagnostic logging. Altering this key will break the logging functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LoadBalancerSettings	Read, write	No	This key contains settings for the document conversion service. Altering this key will break document conversion functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LauncherSettings	Read, write	No	This key contains settings for the document conversion service. Altering this key will break document conversion functionality.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure	Read	No	This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint 2013 installation on the machine will not function.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS	Read	Yes	This key contains settings that are used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

The following table shows the WSS_WPG file system permissions.

File system path		Permissions	Inherit		Description
%AllUsersProfile%\ Microsoft\SharePoint		Read	No		This directory contains the file-system-backed cache of the farm configuration. Processes might fail to start and the administrative actions might fail if this directory is altered or deleted.
C:\Inetpub\wwwroot\wss		Read, execute	No		This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted, unless custom IIS Web site paths are provided for all IIS Web sites extended with SharePoint 2013.
%ProgramFiles%\Microsoft Office Servers\15.0		Read, execute	No		This directory is the installation location for the SharePoint 2013 binaries and data. It can be changed during installation. All SharePoint 2013 functionality will fail if this directory is removed, altered, or moved after installation. WSS_WPG read and execute permissions are required to enable IIS sites to load SharePoint 2013 binaries.
%ProgramFiles%\Microsoft Office Servers\15.0\WebServices		Read	No		This directory is the root directory where back-end Web services are hosted, for example, Excel and Search. The SharePoint 2013 features that depend on these services will fail if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\15.0\Logs		Read, write	Yes		This directory is the location where the runtime diagnostic logging is generated. Logging functionality will not function properly if this directory is removed or altered.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\ADMISAPI		Read	Yes		This directory contains the SOAP services for Central Administration. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\CONFIG	Read		Yes	This directory contains files used to extend IIS Web sites with SharePoint 2013. If this directory or its contents are altered, web application provisioning will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS	Modify		No	This directory contains setup and runtime tracing logs. If the directory is altered, diagnostic logging will not function correctly.
%windir%\temp	Read		Yes	This directory is used by platform components on which SharePoint 2013 depends. If the access control list is modified, Web Part rendering, and other deserialization operations may fail.
%windir%\System32\logfiles\SharePoint	Read		No	This directory is used by SharePoint Server usage logging. If this directory is modified, usage logging will not function correctly. The registry key applies only to SharePoint Server.
%systemdrive\program files\Microsoft Office Servers\15	Read, execute		Not Applicable	The permission is granted for %systemdrive\program files\Microsoft Office Servers\15 folder on Index servers.

Local service

The following table shows the local service registry entry permission:

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LoadBalancerSettings		Read	No		This key contains settings for the document conversion service. Altering this key will break document conversion functionality.

The following table shows the local service file system permission:

File system path		Permissions	Inherit		Description
%ProgramFiles%\Microsoft Office Servers\15.0\Bin		Read, execute	No		This directory is the installed location of the SharePoint 2013 binaries. All the SharePoint 2013 functionality will fail if this directory is removed or altered.

Local system

The following table shows the local system registry entry permissions:

Key name	Permissions	Inherit	Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\LauncherSettings	Read	No	This key contains settings for the document conversion service. Altering this key will break document conversion functionality. This registry key applies only to SharePoint Server.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure	Full control	No	This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint 2013 installation on the machine will not function.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin	Full control	No	This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS	Full control	Yes	This key contains settings that are used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

The following table shows the local file system permissions:

File system path		Permissions	Inherit		Description
%AllUsersProfile%\ Microsoft\SharePoint		Full control	No		This directory contains the file-system-backed cache of the farm configuration. Processes might fail to start and administrative actions might fail if this directory is altered or deleted.
C:\Inetpub\wwwroot\wss		Full control	No		This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted, unless custom IIS Web site paths are provided for all IIS Web sites extended with SharePoint 2013.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\ADMISAPI		Full control	Yes		This directory contains the SOAP services for Central Administration. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\CONFIG		Full control	Yes		If this directory or its contents are altered, Web Application provisioning will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS		Full control	No		This directory contains setup and run-time tracing logs. If the directory is altered, diagnostic logging will not function correctly.
%windir%\temp		Full control	Yes		This directory is used by platform components on which SharePoint 2013 depends. If the access control list is modified, Web Part rendering, and other deserialization operations might fail.
%windir%\System32\logfiles\SharePoint	Full control		No	This directory is used by SharePoint Server for usage logging. If this directory is modified, usage logging will not function correctly. This registry key applies only to SharePoint Server.

Network service

The following table shows the network service registry entry permission:

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Office Server\15.0\Search\Setup		Read	Not Applicable		Not Applicable

Administrators

The following table shows the administrators registry entry permissions:

Key name	Permissions	Inherit	Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure	Full control	No	This key contains the connection string and the ID of the configuration database to which the machine is joined. If this key is altered, the SharePoint 2013 installation on the machine will not function.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin	Full control	No	This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS	Full control	Yes	This key contains settings that are used during setup. If this key is altered, diagnostic logging may fail and setup or post-setup configuration may fail.

The following table shows the administrators file system permissions:

File system path		Permissions	Inherit		Description
%AllUsersProfile%\ Microsoft\SharePoint		Full control	No		This directory contains the file-system-backed cache of the farm configuration. Processes might fail to start and administrative actions might fail if this directory is altered or deleted.
C:\Inetpub\wwwroot\wss		Full Control	No		This directory (or the corresponding directory under the Inetpub root on the server) is used as the default location for IIS Web sites. SharePoint sites will be unavailable and administrative actions might fail if this directory is altered or deleted, unless custom IIS web site paths are provided for all IIS web sites that are extended with SharePoint 2013.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\ADMISAPI		Full control	Yes		This directory contains the SOAP services for Central Administration. If this directory is altered, remote site creation and other methods exposed in the service will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\CONFIG		Full control	Yes		If this directory or its contents are altered, web application provisioning will not function correctly.
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS		Full control	No		This directory contains setup and runtime tracing logs. If the directory is altered, diagnostic logging will not function correctly.
%windir%\temp		Full control	Yes		This directory is used by platform components on which SharePoint 2013 depends. If the ACL is modified, Web Part rendering, and other deserialization operations might fail.
%windir%\System32\logfiles\SharePoint	Full control		No	This directory is used by SharePoint Server for usage logging. If this directory is modified, usage logging will not function correctly. This registry key applies only to SharePoint Server.

WSS_RESTRICTED_WPG

WSS_RESTRICTED_WPG can read the encrypted farm administration credential registry entry. WSS_RESTRICTED_WPG is only used for encryption and decryption of passwords that are stored in the configuration database. The following table shows the WSS_RESTRICTED_WPG registry entry permission:

Key name		Permissions	Inherit		Description
HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\15.0\Secure\FarmAdmin		Full control	No		This key contains the encryption key that is used to store secrets in the configuration database. If this key is altered, service provisioning and other features will fail.

Users group

The following table shows the users group file system permissions:

File system path	Permissions	Inherit	Description
%ProgramFiles%\Microsoft Office Servers\15.0	Read, execute	No	This directory is the installation location for SharePoint 2013 binaries and data. It can be changed during installation. All SharePoint 2013 functionality will fail if this directory is removed, altered, or moved after installation.
%ProgramFiles%\Microsoft Office Servers\15.0\WebServices\Root	Read, execute	No	This directory is the root directory where back-end root Web services are hosted. The only service initially installed on this directory is a search global administration service. Some search administration functionality that uses the server-specific Central Administration Settings page will not work if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\15.0\Logs	Read, write	Yes	This directory is the location where the run-time diagnostic logging is generated. Logging will not function properly if this directory is removed or altered.
%ProgramFiles%\Microsoft Office Servers\15.0\Bin	Read, execute	No	This directory is the installed location of SharePoint 2013 binaries. All of the SharePoint 2013 functionality will fail if this directory is removed or altered.

All SharePoint 2013 service accounts

The following table shows the all SharePoint 2013 service accounts file system permission:

File system path		Permissions	Inherit		Description
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS		Modify	No		This directory contains setup and runtime tracing logs. If this directory is altered, diagnostic logging will not function correctly. All SharePoint 2013 service accounts must have write permission to this directory.

Configure SQL Server security for SharePoint 2013 environments

Published: July 16, 2012

Summary: Learn how to improve the security of SQL Server for SharePoint 2013 environments.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

When you install SQL Server, the default settings help to provide a safe database. In addition, you can use SQL Server tools and Windows Firewall to add additional security to SQL Server for SharePoint 2013 environments.

In this article:
Before you begin
Before you begin this operation, review the following tasks about how to secure your server farm:
- Block UDP port 1434.
- Configure named instances of SQL Server to listen on a nonstandard port (other than TCP port 1433 or UDP port 1434).
- For additional security, block TCP port 1433 and reassign the port that is used by the default instance to a different port.
- Configure SQL Server client aliases on all front-end web servers and application servers in the server farm. After you block TCP port 1433 or UDP port 1434, SQL Server client aliases are necessary on all computers that communicate with the computer that is running SQL Server.
Note:

Because SharePoint 2013 runs as websites in IIS, administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Configuring a SQL Server instance to listen on a non-default port

SQL Server provides the ability to reassign the ports that are used by the default instance and any named instances. In SQL Server 2008 R2, and SQL Server 2012, you reassign the TCP port by using SQL Server Configuration Manager. When you change the default ports, you make the environment more secure against hackers who know default assignments and use them to exploit your SharePoint environment.

To configure a SQL Server instance to listen on a non-default port

Verify that the user account that is performing this procedure is a member of either the sysadmin or the serveradmin fixed server role.
On the computer that is running SQL Server, open SQL Server Configuration Manager.
In the navigation pane, expand SQL Server Network Configuration.
Click the corresponding entry for the instance that you are configuring.

The default instance is listed as Protocols for MSSQLSERVER. Named instances will appear as Protocols for named_instance.
In the main window in the Protocol Name column, right-click TCP/IP, and then click Properties.
Click the IP Addresses tab.

For every IP address that is assigned to the computer that is running SQL Server, there is a corresponding entry on this tab. By default, SQL Server listens on all IP addresses that are assigned to the computer.
To globally change the port that the default instance is listening on, follow these steps:

For each IP address except IPAll, clear all values for both TCP dynamic ports and TCP Port.
For IPAll, clear the value for TCP dynamic ports. In the TCP Port field, enter the port that you want the instance of SQL Server to listen on. For example, enter 40000.

To globally change the port that a named instance is listening on, follow these steps:

For each IP address including IPAll, clear all values for TCP dynamic ports. A value of 0 for this field indicates that SQL Server uses a dynamic TCP port for the IP address. A blank entry for this value means that SQL Server will not use a dynamic TCP port for the IP address.
For each IP address except IPAll, clear all values for TCP Port.
For IPAll, clear the value for TCP dynamic ports. In the TCP Port field, enter the port that you want the instance of SQL Server to listen on. For example, enter 40000.

Click OK.

A message indicates that that the change will not take effect until the SQL Server service is restarted. Click OK.
Close SQL Server Configuration Manager.
Restart the SQL Server service and confirm that the computer that is running SQL Server is listening on the port that you selected.

You can confirm this by looking in the Event Viewer log after you restart the SQL Server service. Look for an information event similar to the following event:

Event Type:Information

Event Source:MSSQL$MSSQLSERVER

Event Category:(2)

Event ID:26022

Date:3/6/2008

Time:1:46:11 PM

User:N/A

Computer:computer_name

Description:

Server is listening on [ ‘any’ <ipv4>50000]
Verification: Optionally, include steps that users should perform to verify that the operation was successful.

Blocking default SQL Server listening ports

Windows Firewall with Advanced Security uses Inbound Rules and Outbound Rules to help secure incoming and outgoing network traffic. Because Windows Firewall blocks all incoming unsolicited network traffic by default, you do not have to explicitly block the default SQL Server listening ports. For more information, see Windows Firewall with Advanced Security and Configuring the Windows Firewall to Allow SQL Server Access.
Configuring Windows Firewall to open manually assigned ports

To access a SQL Server instance through a firewall, you must configure the firewall on the computer that is running SQL Server to allow access. Any ports that you manually assign must be open in Windows Firewall.

To configure Windows Firewall to open manually assigned ports

Verify that the user account that is performing this procedure is a member of either the sysadmin or the serveradmin fixed server role.

In Control Panel, open System and Security.

Click Windows Firewall, and then click Advanced Settings to open the Windows Firewall with Advanced Security dialog box.

In the navigation pane, click Inbound Rules to display the available options in the Actions pane.

Click New Rule to open the New Inbound Rule Wizard.

Use the wizard to complete the steps that are required to allow access to the port that you defined in Configuring a SQL Server instance to listen on a non-default port.

Note:

You can configure the Internet Protocol security (IPsec) to help secure communication to and from your computer that is running SQL Server by configuring the Windows firewall. You do this by selecting Connection Security Rules in the navigation pane of the Windows Firewall with Advanced Security dialog box.

Configuring SQL Server client aliases

If you block UDP port 1434 or TCP port 1433 on the computer that is running SQL Server, you must create a SQL Server client alias on all other computers in the server farm. You can use SQL Server client components to create a SQL Server client alias for computers that connect to SQL Server.

To configure a SQL Server client alias

Verify that the user account that is performing this procedure is a member of either the sysadmin or the serveradmin fixed server role.
Run Setup for SQL Server on the target computer, and install the following client components:

Connectivity Components
Management Tools

Open SQL Server Configuration Manager.
In the navigation pane, click SQL Native Client Configuration.
In the main window under Items, right-click Aliases, and select New Alias.
In the Alias – New dialog box, in the Alias Name field, enter a name for the alias. For example, enter SharePoint_alias.
In the Port No field, enter the port number for the database instance. For example, enter 40000. Make sure that the protocol is set to TCP/IP.
In the Server field, enter the name of the computer that is running SQL Server.
Click Apply, and then click OK.
Verification: You can test the SQL Server client alias by using SQL Server Management Studio, which is available when you install SQL Server client components.
Open SQL ServerManagement Studio.
When you are prompted to enter a server name, enter the name of the alias that you created, and then click Connect. If the connection is successful, SQL ServerManagement Studio is populated with objects that correspond to the remote database.
To check connectivity to additional database instances from SQL ServerManagement Studio, click Connect, and then click Database Engine.

Install prerequisites for SharePoint 2013 from a network share

Published: July 16, 2012

Summary: Learn how to how to install SharePoint 2013 prerequisites from an offline shared network location by using the prerequisite installer (PrerequisiteInstaller.exe) tool.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Installing prerequisites from an offline location is typically required when the servers on which you want to install SharePoint 2013 are isolated from the Internet. Even if this is not the case, installing prerequisites from an offline central location enables you to make sure of farm server consistency by installing a well-known and controlled set of images.

Note:

The Microsoft SharePoint Products Preparation Tool is a user interface built on PrerequisiteInstaller.exe. The Microsoft SharePoint Products Preparation Tool accepts no user input.

In this article:
Important:

The steps in this article apply to SharePoint Foundation 2013 and SharePoint Server 2013.
Installer switches and arguments
By using PrerequisiteInstaller.exe with switches and arguments, you control the versions of the required software that are installed and the location from which they are installed.

PrequisiteInstaller.exe accepts single or multiple switch and argument pairs. A switch identifies the prerequisite and the argument specifies the action and the location of the prerequisite.

A switch and argument pair uses the following format:

/switch: <path>

Where:
- /switch is a valid switch to identify a prerequisite. For example, /SQLNCli: is the switch for the Microsoft SQL Server 2008 R2 SP1 Native Client.
- <path> is expressed as the path of a local file or the path of a file share, for example, “C:\foldername\sqlncli.msi” or “\\<servername>\<sharename>\sqlncli.msi”.
Each switch and its argument are separated by a colon and a space. The argument is enclosed in quotation marks.

The switch and argument pairs can be passed to PrerequisiteInstaller.exe at the command prompt or read from an arguments text file.

Download and combine the SharePoint 2013 prerequisites on a file share

The process for downloading and combining prerequisites consists of the steps that were described in the following procedures.

To identify prerequisites

Refer to Hardware and software requirements (SharePoint 2013), which lists all the required and optional software for SharePoint 2013. Additionally, this document provides the download location for each prerequisite that is available for download on the Internet.
From the command prompt, navigate to the root of the SharePoint 2013 installation media or folder location.
At the command prompt, type the following command and then press ENTER:

PrerequisiteInstaller.exe /?

This displays a list of the command-line options and switches and their corresponding arguments for installing a prerequisite from the command-line.

Tip:

To copy the contents of the active About window to the Clipboard, press CTRL+C.

Verify that you have an accurate list of the required software. Compare the output from the prerequisite installer to the list of prerequisites in step 1.
Download the prerequisites to a computer that has Internet access.

Next, follow these steps to create a central location that you can use for installing SharePoint 2013 prerequisites on all the farm servers.

To combine prerequisites

Create a shared folder on a computer that can be accessed by the servers on which the prerequisites will be installed.
Copy the files that you downloaded from the Internet to the shared folder.

After you finish creating an available network location for the prerequisites, use the procedure in the following section to install SharePoint 2013 prerequisites on a server.

Install the SharePoint 2013 prerequisites at the command prompt

You can install one or more of the prerequisites from the command line using the following procedure.

To install from the command line

From the Start menu, open the Command Prompt window using the Run as administrator option.
Navigate to the SharePoint 2013 source directory.
Type the prerequisite program switch and corresponding argument for the program that you want to install, and then press ENTER, for example:

PrerequisiteInstaller.exe /SQLNCli: “\\o15-sf-admin\SP_prereqs\sqlncli.msi”

Note:

To install more than one prerequisite, type each switch and argument pair. Be sure to separate each pair by a space, for example:

PrerequisiteInstaller.exe /IDFX: “\\<path>\Windows6.1-KB974405-x64.msu” /sqlncli:”\\<path>\sqlncli.msi” /Sync:”\\<path>\Synchronization.msi”

Install the SharePoint 2013 prerequisites by using an arguments file

You can install the prerequisites from the file share using an arguments file that consists of switches and corresponding path statements to the programs that have to be installed.

When you run PrerequisiteInstaller.exe with an arguments file, the following happens:

PrerequisiteInstaller.exe reads the argument file to verify that each switch is valid and that the program identified in the path statement exists.

Note:

If you specify an argument, PrerequisiteInstaller.exe ignores the arguments file and only processes the command-line argument.

PrerequisiteInstaller.exe scans the local system to determine whether any of the prerequisites are already installed.
PrerequisiteInstaller.exe installs the programs in the argument file and returns one of the following exit codes:

0 – Success
1 – Another instance of this application is already running
2 – Invalid command line parameter
1001 – A pending restart blocks installation
3010 – A restart is needed

If a prerequisite requires a restart, a 3010 code is generated and you are prompted to click Finish to restart the system. The behavior of the installer after a 3010 code is different depending on which of the following conditions are true on the computer:

If the component that requires a restart is already installed on the system, the 3010 code is generated and the remaining prerequisites are installed. After the last prerequisite is installed you are prompted to restart the system.

If the component that requires a restart is installed on the system by PrerequisiteInstaller.exe, the installer generates the 3010 code, and the installation of the remaining prerequisites is skipped. You are prompted to restart the system.

After the system restarts, PrerequisiteInstaller.exe starts to run again because the startup file that is created before the restart contains a /continue flag.

Multiple components may require a restart. So PrerequisiteInstaller.exe may have to be restarted several times. After a restart, PrerequisiteInstaller.exe ignores the arguments file and attempts to download and install the remaining prerequisites from the Internet. For more information, see Known issues.

Use the following procedure to create an arguments file.

To create an arguments file

Using a text editor, create a new text document named PrerequisiteInstaller.Arguments.txt. Save this file to the same location as PrerequisiteInstaller.exe. This file will contain the switches and arguments that are used when you run the Microsoft SharePoint Products Preparation Tool.
Using a text editor, edit PrerequisiteInstaller.Arguments.txt and provide file paths to the installation source for each prerequisite switch by using the following syntax:

/switch: <path>

Where /switch is a valid switch and <path> is a path of the installation source.

The following example shows a complete arguments file that uses a file share as a common installation point. Do not include carriage returns in your file.

/PowerShell:”<path>\WINDOWS6.1-KB2506143-x64.msu” /NETFX:”<path>\dotNetFx45_Full_x86_x64.exe” /IDFX:”<path>\Windows6.1-KB974405-x64.msu” /sqlncli:”<path>\sqlncli.msi” /Sync:”<path>\Synchronization.msi” /AppFabric:”<path>\setup.exe” /IDFX11:”<path>\Microsoft Identity Extensions.msi” /MSIPCClient:”<path>\msipc.msi” /WCFDataServices:”<path>\WcfDataServices.exe” /KB2671763:”<path>\AppFabric1.1-RTM-KB2671763-x64-ENU.exe
After you finish editing PrerequisiteInstaller.Arguments.txt, save your edits, and verify that this file is in the same directory as PrerequisiteInstaller.exe.

Use the following procedure to install the prerequisites.

To install the prerequisites using an arguments file

Run PrerequisiteInstaller.exe at the command prompt to install the prerequisites.

Caution:

If you are prompted to click Finish to restart the system, do not do so. Instead, click Cancel. For more information, see Known issues you continue with the next step.

Restart the system manually.
At the command prompt type the following command and then press Enter:

PrerequisiteInstaller.exe

Known issues

There are two known issues that affect the use of an arguments file:

Using line breaks in the arguments file

If you create an arguments file and use line breaks to put each switch and argument on a separate line, the prerequisite installer fails. The workaround is to enter all the switch and argument pairs on a single line.
After a computer restart, the arguments file is not used

After a restart, PrerequisiteInstaller.exe executes the startup command file, which contains a /continue flag. The /continue flag forces the installer to ignore the arguments file.

You must prevent a restart by deleting the startup task in this command file by using one of the following options:

Option 1

Run PrerequisiteInstaller.exe by double-clicking it. The program will display the first screen with the list of prerequisites.
Click Cancel. PrerequisiteInstaller.exe deletes the startup task.

Option 2
From the Start menu, choose Run and then type regedit to open the registry.
Open the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.
Check the value for “Common Startup”. This shows the directory where the startup tasks are listed.
Close the registry editor without making any changes.
Navigate to the startup directory, which is usually <systemdir>\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.
Delete the startup task by deleting “SharePointServerPreparationToolStartup_0FF1CE14-0000-0000-0000-000000000000.cmd”.

Install SharePoint 2013

Published: July 16, 2012

Summary: Introduces articles that describe how to install SharePoint 2013 in various topologies, on both physical and virtual environments.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Testing and implementing SharePoint 2013 solutions at different stages of the deployment life cycle requires deployments in various topologies.

The following articles on TechNet provide information about how to deploy SharePoint 2013 on one or more servers to create different topologies that you can use for testing and implementing SharePoint 2013 solutions at different stages of the deployment life cycle.

TechNet articles about how to install and configure SharePoint 2013

The following articles about how to install and configure SharePoint 2013 are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

Content	Description
Install SharePoint 2013 on a single server with SQL Server	Describes how to install SharePoint 2013 on a single server. This deployment uses SQL Server and can easily be scaled out to create two- and three-tier farm topologies.
Install SharePoint 2013 on a single server with a built-in database	Explains how to install SharePoint 2013 on a single server. This deployment uses SQL Server Express and is typically used for evaluating SharePoint 2013.
Install SharePoint 2013 across multiple servers for a three-tier farm	Describes how to install SharePoint 2013 on multiple servers. This deployment uses SQL Server and the resulting three-tier topology provides the foundation for implementing any solution.
Install and configure a virtual environment for SharePoint 2013	This article describes how to use Windows PowerShell to install SharePoint 2013 in a Hyper-V environment.
Install or uninstall language packs for SharePoint 2013	Describes language packs and how to download, install, and uninstall them.
Add web or application servers to farms in SharePoint 2013	Explains how to add a web or application server to a farm. The procedures in this article apply to a SharePoint 2013 farm that consists of at least two tiers. They should not be used for converting a single server deployment to a multiple server farm.
Add a database server to an existing farm (SharePoint 2013)	Provides information about how to add a new database server to an existing SharePoint 2013 farm.
Remove a server from a farm in SharePoint 2013	Describes how to remove a web server, application server, or a database server from a SharePoint 2013 farm.
Uninstall SharePoint 2013	Describes how to remove SharePoint 2013 from a computer.
Install and configure a virtual environment for SharePoint 2013	Learn about permissions, accounts, security settings, and what you have to do to prepare your Windows Server 2008 Hyper-V environment for SharePoint 2013.

Additional resources about how to install and configure SharePoint 2013

The following resources about how to install and configure SharePoint 2013 are available from other subject matter experts.

	Content	Description
	Installation and Deployment for SharePoint 2013 Resource Center	Visit the Resource Center to access videos, Community Sites, documentation, and more.

Install SharePoint 2013 on a single server with a built-in database

Published: July 16, 2012

Summary: Learn how to install SharePoint 2013 with a built-in database on a single server.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

You can quickly publish a SharePoint site by deploying SharePoint 2013 on a single server that has a built-in database. This configuration is useful if you want to evaluate SharePoint 2013 features and capabilities, such as collaboration, document management, and search. This configuration is also useful if you are deploying only a few websites and you want to minimize administrative overhead.

This article contains required information and procedures to install and configure SharePoint 2013 with a built-in database on a single server.

In this article:
Important:

The steps in this article apply to SharePoint Foundation 2013 and SharePoint Server 2013. The procedures in this topic install Microsoft SQL Server 2008 R2 SP1 Express Edition. However, User Profile synchronization does not work with the Express Edition. If you intend to use User Profile synchronization with SharePoint Server 2013, you must choose a different installation scenario.
Overview

When you deploy SharePoint 2013 on a single server that has a built-in database by using the default settings, Setup installs Microsoft SQL Server 2008 R2 SP1 Express Edition and the SharePoint product. The SharePoint Products Configuration Wizard creates the configuration database and content database for the SharePoint sites. Additionally, the SharePoint Products Configuration Wizard installs the SharePoint Central Administration website and creates your first SharePoint site collection.

Note:

This article does not describe how to install SharePoint 2013 in a farm environment, or how to upgrade from previous releases of SharePoint 2013. For more information about how to install SharePoint 2013 on a single-server farm, see Install SharePoint 2013 on a single server with SQL Server. For more information about how to install SharePoint 2013 on a multiple server farm, see Install SharePoint 2013 across multiple servers for a three-tier farm. For more information about upgrade, see Upgrade to SharePoint 2013.

Note:

The Distributed Cache service gives you a complete social computing experience. For more information about the Distributed Cache service, see Overview of microblog features, feeds, and the Distributed Cache service in SharePoint Server 2013, Manage the Distributed Cache service in SharePoint Server 2013, Plan for feeds and the Distributed Cache service (SharePoint Server 2013), and What’s new in authentication for SharePoint 2013

Consider the following restrictions of this method of installation:
- You cannot use this method on a domain controller or in a workgroup environment.
- This method is not supported for production on a domain controller.
- If your computer is in a workgroup, you cannot install AppFabric for Windows Server.
- A Microsoft SQL Server 2008 R2 SP1 Express Edition database cannot be larger than 10 GB.
- You cannot use user profile synchronization in this type of installation. If you want to use user profile synchronization, you must use a server farm installation of SharePoint 2013. For more information, see Install SharePoint 2013 on a single server with SQL Server or Install SharePoint 2013 across multiple servers for a three-tier farm, and Configure profile synchronization (SharePoint 2013).
Before you begin

Before you begin installation, make sure that you have met all hardware and software requirements. For more information, see Hardware and software requirements (SharePoint 2013). To make sure that you perform a clean installation of SharePoint 2013, you must first remove any earlier version of SharePoint 2013 and any pre-release prerequisites if installed.
Install SharePoint 2013

To install and configure SharePoint 2013, follow these steps:

Run the Microsoft SharePoint Products Preparation Tool.
Run Setup, which installs Microsoft SQL Server 2008 R2 SP1 Express Edition and the SharePoint product.
Run the SharePoint Products Configuration Wizard, which installs and configures the configuration database, the content database, and installs the SharePoint Central Administration website. This wizard also creates your first SharePoint site collection.
Configure browser settings.
Perform post-installation steps.

Important:

To complete the following procedures, you must be a member of the Administrators group on the computer on which you are installing SharePoint 2013.

Run the Microsoft SharePoint Products Preparation Tool

Because the prerequisite installer downloads components from the Microsoft Download Center, you must have Internet access on the computer on which you are running the installer. Use the following procedure to install software prerequisites for SharePoint 2013.

To run the Microsoft SharePoint Products Preparation Tool

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
In the folder where you downloaded the SharePoint 2013 software, locate and then run prerequisiteinstaller.exe.
On the Welcome to the Microsoft SharePoint Products Preparation Tool page, click Next.
On the License Terms for software products page, review the terms, select the I accept the terms of the License Agreement(s) check box, and then click Next.
On the Installation Complete page, click Finish.
After you complete the Microsoft SharePoint Products Preparation Tool, you must also install the following:

The following procedure installs Microsoft SQL Server 2008 R2 SP1 Express Edition and the SharePoint product. At the end of Setup, you can choose to start the SharePoint Products Configuration Wizard, which is described later in this section.

To run Setup

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
On the SharePoint Server 2013 or SharePoint Foundation 2013 Start page, click Install SharePoint Server or Install SharePoint Foundation.
On the Enter Your Product Key page, enter your product key, and then click Continue.
On the Read the Microsoft Software License Terms page, review the terms, select the I accept the terms of this agreement check box, and then click Continue.
On the Server Type tab, click Standalone.
When Setup finishes, a dialog box prompts you to complete the configuration of your server. Ensure that the Run the SharePoint Products Configuration Wizard now check box is selected.
Click Close to start the configuration wizard.

Note:

If Setup fails, check log files in the Temp folder of the user account that you used to run Setup. Ensure that you are logged in using the same user account, and then type %temp% in the location bar in Windows Explorer. If the path in Windows Explorer resolves to a location that ends in a “1” or “2”, you will have to navigate up one level to view the log files. The log file name is SharePoint Server Setup (<time stamp>).

Run the SharePoint Products Configuration Wizard

Use the following procedure to install and configure the configuration database and the content database, and install the SharePoint Central Administration website.

To run the SharePoint Products Configuration Wizard

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
If you have closed the SharePoint Products Configuration Wizard, you can access it by clicking Start, point to All Programs, click SharePoint 2013 Products, and then click SharePoint 2013 Products Configuration Wizard. If the User Account Control dialog box appears, click Continue.
On the Welcome to SharePoint Products page, click Next.
In the dialog box that notifies you that some services might have to be restarted during configuration, click Yes.
On the Configuration Successful page, click Finish.

Note:

If the SharePoint Products Configuration Wizard fails, check the PSCDiagnostics log files, which are located on the drive on which SharePoint 2013 is installed, in the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS folder.

On the Template Selection page, select one of the following options, and then click OK:

In the Template Selection section, click a predefined template.
In the Solutions Gallery section, click Solutions Gallery, and customize your own site template.

On the Set Up Groups for this Site page, specify who should have access to your site, and then either create a new group or use an existing group for these users by doing one of the following:

To create a new group, click Create a new group, and then type the name of the group and the members that you want to be part of this group.
To use an existing group, click Use an existing group, and then select the user group in the Item list.

Click OK.

Note:

If you are prompted for your user name and password, you might have to add the SharePoint Central Administration website to the list of trusted sites and configure user authentication settings in Internet Explorer. You might also want to disable the Internet Explorer Enhanced Security settings. If you see a proxy server error message, you might have to configure proxy server settings so that local addresses bypass the proxy server. For more information about how to configure browser and proxy settings, see Configure browser settings.

Configure browser settings

After you run the SharePoint Products Configuration Wizard, you should confirm that SharePoint 2013 works correctly by configuring additional settings in Internet Explorer.

If you are not using Internet Explorer, you might have to configure additional settings for your browser. For information about supported browsers, see Plan browser support (SharePoint 2013).

To confirm that you have configured browser settings correctly, log on to the server by using an account that has local administrative credentials. Next, connect to the SharePoint Central Administration website. If you are prompted for your user name and password when you connect, perform the following procedures:

Add the SharePoint Central Administration website to the list of trusted sites
Disable Internet Explorer Enhanced Security settings

If you receive a proxy server error message, perform the following procedure:

Configure proxy server settings to bypass the proxy server for local addresses

To add the SharePoint Central Administration website to the list of trusted sites

Verify that the user account that completes this procedure has the following credentials:

The user account is a member of the Administrators group on the computer on which you are performing the procedure.

In Internet Explorer, on the Tools menu, click Internet Options.
On the Security tab, in the Select a zone to view or change security settings area, click Trusted Sites, and then click Sites.
Clear the Require server verification (https:) for all sites in this zone check box.
In the Add this web site to the zone box, type the URL to your site, and then click Add.
Click Close to close the Trusted Sites dialog box.
Click OK to close the Internet Options dialog box.

To disable Internet Explorer Enhanced Security settings

Verify that the user account that completes this procedure has the following credentials:

The user account is a member of the Administrators group on the computer on which you are performing the procedure.

Click Start, point to All Programs, point to Administrative Tools, and then click Server Manager.
In Server Manager, select the root of Server Manager.
In the Security Information section, click Configure IE ESC.

The Internet Explorer Enhanced Security Configuration dialog box appears.
In the Administrators section, click Off to disable the Internet Explorer Enhanced Security settings, and then click OK.

To configure proxy server settings to bypass the proxy server for local addresses

Verify that the user account that completes this procedure has the following credentials:

The user account is a member of the Administrators group on the computer on which you are performing the procedure.

In Internet Explorer, on the Tools menu, click Internet Options.
On the Connections tab, in the Local Area Network (LAN) settings area, click LAN Settings.
In the Automatic configuration area, clear the Automatically detect settings check box.
In the Proxy Server area, select the Use a proxy server for your LAN check box.
Type the address of the proxy server in the Address box.
Type the port number of the proxy server in the Port box.
Select the Bypass proxy server for local addresses check box.
Click OK to close the Local Area Network (LAN) Settings dialog box.
Click OK to close the Internet Options dialog box.

Post-installation steps

After you install SharePoint 2013, your browser window opens to the SharePoint Central Administration website of your new SharePoint site. Although you can start to add content to the site or customize the site, we recommend that you first perform the following administrative tasks:
- Configure usage and health data collection You can configure usage and health data collection in your server farm. The system writes usage and health data to the logging folder and to the logging database. For more information, see Configure usage and health data collection (SharePoint 2013).
- Configure diagnostic logging You can configure diagnostic logging that might be required after initial deployment or upgrade. The default settings are sufficient for most situations, but depending on the business needs and life cycle of the farm, you might want to change these settings. For more information, see Configure diagnostic logging (SharePoint 2013).
- Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-mail discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In addition, you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and administration. For more information, see Configure incoming email for a SharePoint 2013 farm.
- Configure outgoing e-mail You can configure outgoing e-mail so that your Simple Mail Transfer Protocol (SMTP) server sends e-mail alerts to site users and notifications to site administrators. You can configure both the “From” e-mail address and the “Reply” e-mail address that appear in outgoing alerts. For more information, see Configure outgoing email for a SharePoint 2013 farm.
- Configure search settings You can configure search settings to crawl the content in SharePoint 2013.
Install SharePoint 2013 on a single server with SQL Server

Published: July 16, 2012

Summary: Learn how to install SharePoint 2013 on a single server.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

A single server installation consists of one server that runs both SQL Server and SharePoint 2013. You can install and configure SharePoint 2013 on a single server if you are hosting only a few sites for a limited number of users or if you want to create a trial or development environment. This configuration is also useful if you want to configure a farm to meet your needs first, and then add servers to the farm at a later stage.

In this article:
Important:

The steps in this article apply to SharePoint Foundation 2013 and SharePoint Server 2013.
Overview

When you install SharePoint 2013 on a single server, you can configure SharePoint 2013 to meet your specific needs. After you have completed setup and the SharePoint Products Configuration Wizard, you will have installed binaries, configured security permissions, configured registry settings, configured the configuration database, configured the content database, and installed the SharePoint Central Administration web site. Next, you can choose to run the Farm Configuration Wizard to configure the farm, select the services that you want to use in the farm, and create the first site collection, or you can manually perform the farm configuration at your own pace.
Before you install SharePoint 2013 on a single server

Before you begin to install and configure SharePoint 2013, do the following:
- Ensure that you are familiar with the operating-system guidelines described in Performance Tuning Guidelines for Windows Server 2008 and Performance Tuning Guidelines for Windows Server 2008 R2.
- Ensure that you have met all hardware and software requirements. You must have a 64-bit version of Windows Server 2008 R2 SP1. For server farms, you must also have a 64-bit version of SQL Server 2008 R2 SP1. For more information about these requirements, such as specific updates that you must install, see Hardware and software requirements (SharePoint 2013).
- Ensure that you perform a clean installation of SharePoint 2013.
- Ensure that you are prepared to set up the required accounts by using appropriate permissions. For detailed information, see Initial deployment administrative and service accounts in SharePoint 2013.
- Ensure the Max degree of parallelism is set to 1. For additional information about max degree of parallelism see, Configure the max degree of parallism Server Configuration option and Degree of Parallelism
Note:

The Distributed Cache service gives you a complete social computing experience. For more information about the Distributed Cache service, see Overview of microblog features, feeds, and the Distributed Cache service in SharePoint Server 2013, Manage the Distributed Cache service in SharePoint Server 2013, Plan for feeds and the Distributed Cache service (SharePoint Server 2013), and What’s new in authentication for SharePoint 2013

Security

As a security best practice, we recommend that you install SharePoint 2013 by using least-privilege administration.
Install SharePoint 2013 on a single server

To install and configure SharePoint 2013 on a single server, you will follow these steps:

Run the Microsoft SharePoint Products Preparation Tool, which installs all prerequisites to use SharePoint 2013.
Run Setup, which installs binaries, configures security permissions, and edits registry settings for SharePoint 2013.
Run SharePoint Products Configuration Wizard, which installs and configures the configuration database, installs and configures the content database, and installs the SharePoint Central Administration web site.
Configure browser settings.
Run the Farm Configuration Wizard, which configures the farm, creates the first site collection, and selects the services that you want to use in the farm.
Perform post-installation steps.

Important:

To complete the following procedures, the account that you use must be a member of the Administrators group on the computer on which you are installing SharePoint 2013. For information about user accounts, see Initial deployment administrative and service accounts in SharePoint 2013.

Run the Microsoft SharePoint Products Preparation Tool

To run the Microsoft SharePoint Products Preparation Tool

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
In the folder where you downloaded the SharePoint 2013 software, locate and then run prerequisiteinstaller.exe.
On the Welcome to the Microsoft SharePoint Products Preparation Tool page, click Next.
On the License Terms for software products page, review the terms, select the I accept the terms of the License Agreement(s) check box, and then click Next.
On the Installation Complete page, click Finish.
After you complete the Microsoft SharePoint Products Preparation Tool, you must also install the following:

The following procedure installs binaries, configures security permissions, and edits registry settings for SharePoint 2013. At the end of Setup, you can choose to start the SharePoint Products Configuration Wizard, which is described later in this section.

To run Setup

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
On the SharePoint Server 2013 Start page, click Install SharePoint Server.
On the Enter Your Product Key page, enter your product key, and then click Continue.
On the Read the Microsoft Software License Terms page, review the terms, select the I accept the terms of this agreement check box, and then click Continue.
On the Server Type tab, click Complete.

The stand-alone option is used to install a single server that has a built-in database.
Optional: To install SharePoint 2013 at a custom location, click the File Location tab, and then either type the location or click Browse to find the location.
Click Install Now.
When Setup finishes, a dialog box prompts you to complete the configuration of your server. Ensure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected.
Click Close to start the configuration wizard.

Note:

If Setup fails, check log files in the Temp folder of the user account you used to run Setup. Ensure that you are logged in using the same user account and then type %temp% in the location bar in Windows Explorer. If the path in Windows Explorer resolves to a location that ends in a “1” or “2”, you have to navigate up one level to view the log files. The log file name is SharePoint Server Setup (<time stamp>).

Run the SharePoint Products Configuration Wizard

Use the following procedure to install and configure the configuration database and the content database, and to install the SharePoint Central Administration website.

To run the SharePoint Products Configuration Wizard

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
If you have closed the SharePoint Products Configuration Wizard, you can access it by clicking Start, point to All Programs, click SharePoint 2013 Products, and then click SharePoint 2013 Products Configuration Wizard. If the User Account Control dialog box appears, click Continue.
On the Welcome to SharePoint Products page, click Next.
In the dialog box that notifies you that some services might have to be restarted during configuration, click Yes.
On the Connect to a server farm page, click Create a new server farm, and then click Next.
On the Specify Configuration Database Settings page, do the following:
1. In the Database server box, type the name of the computer that is running SQL Server.
2. In the Database name box, type a name for your configuration database or use the default database name. The default name is SharePoint_Config.
3. In the Username box, type the user name of the server farm account. Ensure that you type the user name in the format DOMAIN\user name.

Security

The server farm account is used to create and access your configuration database. It also acts as the application pool identity account for the SharePoint Central Administration application pool, and it is the account under which the Microsoft SharePoint Foundation Workflow Timer service runs. The SharePoint Products Configuration Wizard adds this account to the SQL Server Login accounts, the SQL Serverdbcreator server role, and the SQL Serversecurityadmin server role. The user account that you specify as the service account has to be a domain user account. However, it does not have to be a member of any specific security group on your front-end web servers or your database servers. We recommend that you follow the principle of least-privilege and specify a user account that is not a member of the Administrators group on your front-end web servers or your database servers.

In the Password box, type the user password.

Click Next.
On the Specify Farm Security Settings page, type a passphrase, and then click Next.

Although a passphrase resembles a password, it is usually longer to improve security. It is used to encrypt credentials of accounts that are registered in SharePoint 2013. For example, the SharePoint 2013 system account that you provide when you run the SharePoint Products Configuration Wizard. Ensure that you remember the passphrase, because you must use it every time that you add a server to the farm.

Ensure that the passphrase meets the following criteria:

Contains at least eight characters
Contains at least three of the following four character groups:
- English uppercase characters (from A through Z)
- English lowercase characters (from a through z)
- Numerals (from 0 through 9)
- Nonalphabetic characters (such as !, $, #, %)

On the Configure SharePoint Central Administration Web Application page, do the following:
1. Either select the Specify port number check box and type the port number that you want the SharePoint Central Administration web application to use, or leave the Specify port number check box cleared if you want to use the default port number.
2. Click either NTLM or Negotiate (Kerberos).
Click Next.
After you complete the SharePoint Products Configuration Wizard page, review your configuration settings to verify that they are correct, and then click Next.

Note:

The Advanced Settings option is not available in SharePoint 2013.

On the Configuration Successful page, click Finish. When the wizard closes, setup opens the web browser and connects to Central Administration.

If the SharePoint Products Configuration Wizard fails, check the PSCDiagnostics log files, which are located on the drive on which SharePoint 2013 is installed, in the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS folder.

If you are prompted for your user name and password, you might have to add the SharePoint Central Administration web site to the list of trusted sites and configure user authentication settings in Internet Explorer. You might also want to disable the Internet Explorer Enhanced Security settings. If you see a proxy server error message, you might have to configure proxy server settings so that local addresses bypass the proxy server. Instructions for configuring proxy server settings are provided in the following section. For more information about how to configure browser and proxy settings, see Configure browser settings.

Configure browser settings

After you run the SharePoint Products Configuration Wizard, you should confirm that SharePoint 2013 works correctly by configuring additional settings in Internet Explorer.

If you are not using Internet Explorer, you might have to configure additional settings for your browser. For information about supported browsers, see Plan browser support (SharePoint 2013).

To confirm that you have configured browser settings correctly, log on to the server by using an account that has local administrative credentials. Next, connect to the SharePoint Central Administration web site. If you are prompted for your user name and password when you connect, perform the following procedures:

Add the SharePoint Central Administration website to the list of trusted sites
Disable Internet Explorer Enhanced Security settings

If you receive a proxy server error message, perform the following procedure:

Configure proxy server settings to bypass the proxy server for local addresses

To add the SharePoint Central Administration website to the list of trusted sites

Verify that the user account that completes this procedure has the following credentials:

The user account is a member of the Administrators group on the computer on which you are performing the procedure.

In Internet Explorer, on the Tools menu, click Internet Options.
On the Security tab, in the Select a zone to view or change security settings area, click Trusted Sites, and then click Sites.
Clear the Require server verification (https:) for all sites in this zone check box.
In the Add this web site to the zone box, type the URL to your site, and then click Add.
Click Close to close the Trusted Sites dialog box.
Click OK to close the Internet Options dialog box.

To disable Internet Explorer Enhanced Security settings

Verify that the user account that completes this procedure has the following credentials:

The user account is a member of the Administrators group on the computer on which you are performing the procedure.

Click Start, point to All Programs, point to Administrative Tools, and then click Server Manager.
In Server Manager, select the root of Server Manager.
In the Security Information section, click Configure IE ESC.

The Internet Explorer Enhanced Security Configuration dialog box appears.
In the Administrators section, click Off to disable the Internet Explorer Enhanced Security settings, and then click OK.

To configure proxy server settings to bypass the proxy server for local addresses

Verify that the user account that completes this procedure has the following credentials:

The user account is a member of the Administrators group on the computer on which you are performing the procedure.

In Internet Explorer, on the Tools menu, click Internet Options.
On the Connections tab, in the Local Area Network (LAN) settings area, click LAN Settings.
In the Automatic configuration area, clear the Automatically detect settings check box.
In the Proxy Server area, select the Use a proxy server for your LAN check box.
Type the address of the proxy server in the Address box.
Type the port number of the proxy server in the Port box.
Select the Bypass proxy server for local addresses check box.
Click OK to close the Local Area Network (LAN) Settings dialog box.
Click OK to close the Internet Options dialog box.

Run the Farm Configuration Wizard

You have now completed setup and the initial configuration of SharePoint 2013. You have created the SharePoint Central Administration web site. You can now create your farm and sites, and you can select services by using the Farm Configuration Wizard.

To run the Farm Configuration Wizard

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
On the SharePoint Central Administration home page, on the Quick Launch, click Configuration Wizards, and then click Launch the Farm Configuration Wizard.
On the Help Make SharePoint Better page, click one of the following options, and then click OK:

Yes, I am willing to participate (Recommended.)
No, I don’t want to participate.

On the Configure your SharePoint farm page, next to Yes, walk me through the configuration of my farm using this wizard, click Start the Wizard.
On the Configure your SharePoint farm page, in the Service Account section, click the service account option that you want to use to configure your services.

Security

For security reasons, we recommend that you use a different account from the farm administrator account to configure services in the farm.

If you decide to use an existing managed account — that is, an account of which SharePoint 2013 is aware — make sure that you click that option before you continue.

In the Services section, review the services that you want to use in the farm, and then click Next.

Note:

For more information, see Configure services and service applications in SharePoint 2013. If you are using Office Web Apps, see Office Web Apps (SharePoint 2013).

On the Create Site Collection page, do the following:
1. In the Title and Description section, in the Title box, type the name of your new site.
2. Optional: In the Description box, type a description of what the site contains.
3. In the Web Site Address section, select a URL path for the site.
4. In the Template Selection section, in the Select a template list, select the template that you want to use for the top-level site in the site collection.

Note:

To view a template or a description of a template, click any template in the Select a template list.

Click OK.
On the Configure your SharePoint farm page, review the summary of the farm configuration, and then click Finish.

Post-installation steps

After you install and configure SharePoint 2013, your browser window opens to the Central Administration web site of your new SharePoint site. Although you can start adding content to the site or customizing the site, we recommend that you first perform the following administrative tasks.
- Configure usage and health data collection You can configure usage and health data collection in your server farm. The system writes usage and health data to the logging folder and to the logging database. For more information, see Configure usage and health data collection (SharePoint 2013).
- Configure diagnostic logging You can configure diagnostic logging that might be required after initial installation or upgrade. The default settings are sufficient for most situations. Depending upon the business needs and life-cycle of the farm, you might want to change these settings. For more information, see Configure diagnostic logging (SharePoint 2013).
- Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-mail discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In addition, you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and administration. For more information, see Configure incoming email for a SharePoint 2013 farm.
- Configure outgoing email You can configure outgoing email so that your Simple Mail Transfer Protocol (SMTP) server sends email alerts to site users and notifications to site administrators. You can configure both the “From” email address and the “Reply” email address that appear in outgoing alerts. For more information, see Configure outgoing email for a SharePoint 2013 farm.
- Configure Search settings You can configure Search settings to crawl the content in SharePoint 2013.
Install SharePoint 2013 across multiple servers for a three-tier farm

Published: July 16, 2012

Summary: Learn how to install SharePoint 2013 to create a server farm that includes web servers, an application server, and a database server.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

A three-tier farm configuration consists of two front-end web servers, an application server, and a database server. The deployment sequence and configurations that are described in this article are based on recommended best practices. While the farm configuration is not complex, it provides a fundamental infrastructure to implement a SharePoint 2013 solution on similar — or more complex farms.

In this article:
Overview
The basic steps in this deployment are as follows:
- Ensure that you are familiar with the concept of a three-tier topology.
- Ensure that you have done all the planning and preparatory work, such as verifying hardware and software requirements.
- Install the required software updates on all servers that will be part of the farm.
- Install the SharePoint 2013 prerequisites on servers in the application and web tiers.
- Install SharePoint 2013 on the application server and the web servers.
- Create and configure the SharePoint farm.
- Provision services.
- Complete post-deployment tasks as required.
Topology overview
This topology is typically used for the medium and large farms described in Overview of SharePoint 2013 installation and configuration. In terms of performance, capacity, and scalability, a three-tier topology is recommended over a two-tier topology. A three-tier topology provides the most efficient physical and logical layout to support scaling out or scaling up, and it provides better distribution of services across the member servers of the farm. The following illustration shows the three-tier deployment that is described in this article.

Three-tier farm configuration

In the previous illustration, note the following:
- You can add web servers to the web tier. These servers can be configured as conventional web servers to handle user requests, or they can be configured to host dedicated query components or other service components.
- You can add farm servers to the application tier and configure them as dedicated servers that will host the SharePoint Central Administration website or other services on the farm that require dedicated resources or isolation from the web tier — for example, crawl components, query components, and profile pages.
- You can add database servers to the database tier to implement a stand-alone instance, database mirroring, or a failover cluster. To configure the farm for high availability, database mirroring or a failover cluster is required on the database tier.
  - Before you install SharePoint 2013 on multiple servers for a three-tier farm
Before you begin to install and configure SharePoint 2013, do the following:
- Ensure that you are familiar with the operating-system guidelines described in Performance Tuning Guidelines for Windows Server 2008 and Performance Tuning Guidelines for Windows Server 2008 R2.
- Ensure that you have met all hardware and software requirements. You must have a 64-bit version of Windows Server 2008 R2 SP1. For server farms, you must also have a supported 64-bit version of SQL Server. For more information about these requirements, such as specific updates that you must install, see Hardware and software requirements (SharePoint 2013).
- Ensure that you perform a clean installation of SharePoint 2013.
- Ensure that you are prepared to set up the required accounts by using appropriate permissions. For detailed information, see Initial deployment administrative and service accounts in SharePoint 2013.
Note:

If your computer is in a Workgroup, you cannot install AppFabric for Windows Server.

Note:

The Distributed Cache service gives you a complete social computing experience. For more information about the Distributed Cache service, see Overview of microblog features, feeds, and the Distributed Cache service in SharePoint Server 2013, Manage the Distributed Cache service in SharePoint Server 2013, Plan for feeds and the Distributed Cache service (SharePoint Server 2013), and What’s new in authentication for SharePoint 2013
- Using the Microsoft SharePoint Products Preparation Tool
The Microsoft SharePoint Products Preparation Tool checks for the presence of prerequisites, and installs and configures all required programs. The Microsoft SharePoint Products Preparation Tool requires an Internet connection to download and configure SharePoint 2013 prerequisites. The Microsoft SharePoint Products Preparation Tool runs when you start to install SharePoint 2013.
- Database server
Ensure that SQL Server is updated to the required level and the TCP/IP protocol is enabled for the network configuration.

Organizations whose database administrators operate independently from SharePoint administrators will have to make sure that the correct version of SQL Server is available and updated to the required level. In addition, you will have to request a DBA-created database that is configured for your farm.

Ensure the Max degree of parallelism is set to 1. For additional information about max degree of parallelism see, Configure the max degree of parallism Server Configuration option and Degree of Parallelism.
- Public updates and hotfix packages
Ensure that public updates and the required hotfix packages are installed for the operating system, SQL Server, and SharePoint 2013. We recommend that all servers be updated to the same software version before you apply the public updates.
Prepare the farm servers

Before you install SharePoint 2013 , you must check for and install all the prerequisites on the application server and the web servers by using the Microsoft SharePoint Products Preparation Tool.

Tip:

If you decide to install prerequisites manually, you can still run the Microsoft SharePoint Products Preparation Tool to verify which prerequisites are required on each server.

Use the following procedure to install prerequisites on each server in the farm.

To run the Microsoft SharePoint Products Preparation Tool

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
In the folder where you downloaded the SharePoint 2013 software, locate and then run prerequisiteinstaller.exe.
On the Welcome to the Microsoft SharePoint Products Preparation Tool page, click Next.

Note:

The preparation tool may have to restart the local server to complete the installation of some prerequisites. The installer will continue to run after the server is restarted without manual intervention. However, you will have to log on to the server again.

On the License Terms for software products page, review the terms, select the I accept the terms of the License Agreement(s) check box, and then click Next.
On the Installation Complete page, click Finish.
After you complete the Microsoft SharePoint Products Preparation Tool, you must also install the following:

Install SharePoint 2013 on the farm servers

After the prerequisites are installed, follow these steps to install SharePoint 2013 on each farm server.

The following procedure installs binaries, configures security permissions, and edits registry settings for SharePoint 2013. At the end of Setup, you can choose to start the SharePoint Products Configuration Wizard, which is described later in this article.

To run Setup

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
On the SharePoint 2013 Start page, click Install SharePoint Server.
On the Enter Your Product Key page, enter your product key, and then click Continue.
On the Read the Microsoft Software License Terms page, review the terms, select the I accept the terms of this agreement check box, and then click Continue.
On the Choose the installation you want page, click Server Farm.
On the Server Type tab, click Complete.
On the File Location tab, accept the default location or change the installation path, and then click Install Now.

Note:

As a best practice, we recommend that you install SharePoint 2013 on a non-system drive.

When the Setup program is finished, a dialog box prompts you to complete the configuration of your server. Clear the Run the SharePoint Products and Technologies Configuration Wizard now check box.

Note:

For consistency of approach, we recommend that you do not run the configuration wizard until you have installed SharePoint 2013 all application and front-end web servers that will participate in the server farm.

Click Close to finish Setup.

Create and configure the farm

To create and configure the farm, you run the SharePoint Products Configuration Wizard. This wizard automates several configuration tasks, such as creating the configuration database, installing services, and creating the Central Administration website. We recommend that you run the SharePoint Products Configuration Wizard on the server that will host the SharePoint Central Administration website before you run the wizard on the other servers in the farm.

To run the SharePoint Products Configuration Wizard and configure the farm

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
On the server that will host Central Administration (the application server), click Start, point to All Programs, and then click SharePoint 2013 Products, and then click SharePoint 2013 Products Configuration Wizard. If the User Account Control dialog box appears, click Continue.
On the Welcome to SharePoint Products page, click Next.
In the dialog box that notifies you that some services might have to be restarted during configuration, click Yes.
On the Connect to a server farm page, click Create a new server farm, and then click Next.
On the Specify Configuration Database Settings page, do the following:
1. In the Database server box, type the name of the computer that is running SQL Server.
2. In the Database name box, type a name for your configuration database, or use the default database name. The default name is SharePoint_Config.
3. In the Username box, type the user name of the server farm account in DOMAIN\user name format.

Important:

The server farm account is used to create and access your configuration database. It also acts as the application pool identity account for the SharePoint Central Administration application pool, and it is the account under which the SharePoint Timer service runs. The SharePoint Products Configuration Wizard adds this account to the SQL Server Login accounts, the SQL Serverdbcreator server role, and the SQL Serversecurityadmin server role. The user account that you specify as the service account has to be a domain user account. However, it does not have to be a member of any specific security group on your web servers or your database servers. We recommend that you follow the principle of least-privilege, and specify a user account that is not a member of the Administrators group on your front-end web servers or your database servers.

In the Password box, type the user password.

Click Next.
On the Specify Farm Security Settings page, type a passphrase, and then click Next.

Although a passphrase resembles a password, it is usually longer to improve security. It is used to encrypt credentials of accounts that are registered in SharePoint 2013. For example, the SharePoint 2013 system account that you provide when you run the SharePoint Products Configuration Wizard. Ensure that you remember the passphrase, because you must use it every time that you add a server to the farm.

Ensure that the passphrase meets the following criteria:

Contains at least eight characters
Contains at least three of the following four character groups:
- English uppercase characters (from A through Z)
- English lowercase characters (from a through z)
- Numerals (from 0 through 9)
- Nonalphabetic characters (such as !, $, #, %)

On the Configure SharePoint Central Administration Web Application page, do the following:
1. Either select the Specify port number check box and type the port number that you want the SharePoint Central Administration web application to use, or leave the Specify port number check box cleared if you want to use the default port number.

Note:

If you want to access the SharePoint Central Administration website from a remote computer, make sure that you allow access to the port number that you configure in this step. You do this by configuring the inbound rule for SharePoint Central Administration v4 in Windows Firewall with Advanced Security.

Click either NTLM or Negotiate (Kerberos).

Click Next.
On the Completing the SharePoint Products Configuration Wizard page, click Next.
On the Configuration Successful page, click Finish.

Note:

If the SharePoint Products Configuration Wizard fails, check the log files on the drive on which SharePoint 2013 is installed, which are located in the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS folder.

The Central Administration website will open in a new browser window.

On the Help Make SharePoint Better page, click one of the following options and then click OK.
1. Yes, I am willing to participate (Recommended).
2. No, I don’t wish to participate.
On the Initial Farm Configuration Wizard page, you have the option to use a wizard to configure services or you can decide to configure services manually. For the purpose of this article, we use the manual option. Click Cancel.

The choice that you make here is a matter of personal preference. The Farm Configuration Wizard will configure some services automatically when you run it. However, if you configure services manually, you have greater flexibility in designing your logical architecture.

For information about how to use the wizard to configure services, see Configure services and service applications in SharePoint 2013. If you are using Microsoft Office Web Apps, see Office Web Apps overview (Installed on SharePoint 2013).

Important:

If you are using a DBA-created database, you cannot use the Farm Configuration Wizard, you must use SharePoint Products Configuration Wizard.

Add web servers to the farm

After you create the farm on the application server, you can add the servers for the web tier by following the same process described earlier in this topic for installing SharePoint 2013 on the server that hosts Central Administration. The only difference is that during setup, you are prompted to join an existing farm. Follow the wizard steps to join the farm.

For additional information about how to add servers to a farm, see Add web or application servers to farms in SharePoint 2013. This article also provides detailed information for the steps in the following procedure.
Post-installation steps

After you install and configure SharePoint 2013, your browser window opens to the Central Administration web site of your new SharePoint site. Although you can start adding content to the site or customizing the site, we recommend that you first perform the following administrative tasks.
- Configure usage and health data collection You can configure usage and health data collection in your server farm. The system writes usage and health data to the logging folder and to the logging database. For more information, see Configure usage and health data collection (SharePoint 2013).
- Configure diagnostic logging You can configure diagnostic logging that might be required after initial installation or upgrade. The default settings are sufficient for most situations. Depending upon the business needs and life-cycle of the farm, you might want to change these settings. For more information, see Configure diagnostic logging (SharePoint 2013).
- Configure incoming e-mail You can configure incoming e-mail so that SharePoint sites accept and archive incoming e-mail. You can also configure incoming e-mail so that SharePoint sites can archive e-mail discussions as they occur, save e-mailed documents, and show e-mailed meetings on site calendars. In addition, you can configure the SharePoint Directory Management Service to provide support for e-mail distribution list creation and administration. For more information, see Configure incoming email for a SharePoint 2013 farm.
- Configure outgoing email You can configure outgoing email so that your Simple Mail Transfer Protocol (SMTP) server sends email alerts to site users and notifications to site administrators. You can configure both the “From” email address and the “Reply” email address that appear in outgoing alerts. For more information, see Configure outgoing email for a SharePoint 2013 farm.
- Configure Search settings You can configure Search settings to crawl the content in SharePoint 2013.
Install or uninstall language packs for SharePoint 2013

Published: July 16, 2012

Summary: Learn how to download, install, and uninstall language packs for SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Language packs enable site owners and site collection administrators to create SharePoint sites and site collections in multiple languages without requiring separate installations of SharePoint 2013. You install language packs, which contain language-specific site templates, on web and application servers. When an administrator creates a site or a site collection that is based on a language-specific site template, the text that appears on the site or the site collection is displayed in the site template’s language. Language packs are typically used in multinational deployments where a single server farm supports users in different locations, or when sites and web pages must be duplicated in one or more languages.

If users are accessing Project Server 2013 in the SharePoint farm and have to view their project data in another language, they will also have to install a corresponding Project Server 2013 language pack. For more information about Project Server 2013 language packs, see Deploy language packs in Project Server 2013

Word breakers and stemmers enable you to search efficiently and effectively across content on SharePoint sites and site collections in multiple languages without requiring separate installations of SharePoint 2013. Word breakers and stemmers are automatically installed on web and application servers by Setup.

Important:

If you are uninstalling SharePoint 2013, you must uninstall all language packs before you uninstall SharePoint 2013.

In this article:
About language IDs and language packs

Site owners or site collection administrators who create sites or site collections can select a language for each site or site collection.

The language that they select has a language identifier (ID). The language ID determines the language that is used to display and interpret text that is on the site or site collection. For example, when a site owner creates a site in French, the site’s toolbars, navigation bars, lists, and column headings appear in French. Similarly, if a site owner creates a site in Arabic, the site’s toolbars, navigation bars, lists, and column headings appear in Arabic. In addition, the default left-to-right orientation of the site changes to a right-to-left orientation to correctly display Arabic text.

The language packs that are installed on the web and application servers determine the list of available languages that you can use to create a site or site collection. By default, sites and site collections are created in the language in which SharePoint 2013 was installed. For example, if you install the Spanish version of SharePoint 2013, the default language for sites, site collections, and web pages is Spanish. If someone has to create sites, site collections, or web pages in a language other than the default SharePoint 2013 language, you must install the language pack for that language on the web and application servers. For example, if you are running the French version of SharePoint 2013, and a site owner wants to create sites in French, English, and Spanish, you must install the English and Spanish language packs on the web and application servers.

By default, when a site owner creates a new web page in a site, the site displays text in the language that is specified by the language ID.

Language packs are not bundled into multilingual installation packages. You must install a specific language pack for each language that you want to support. Also, language packs must be installed on each web and application server to make sure that that each web and application server can display content in the specified language.

Important:

You cannot change an existing site, site collection, or web page from one language to another by applying different language-specific site templates. After you use a language-specific site template for a site or a site collection, the site or site collection always displays content in the language of the original site template.

Only a limited set of language packs are available for SharePoint 2013.

Although a site owner specifies a language ID for a site, some user interface elements such as error messages, notifications, and dialog boxes do not display in the language that was specified. This is because SharePoint 2013 relies on several supporting technologies — for example, the Microsoft .NET Framework, Microsoft Windows Workflow Foundation, Microsoft ASP.NET, and SQL Server — some of which are localized into only a limited number of languages. If a user interface element is generated by any of the supporting technologies that are not localized into the language that the site owner specified for the site, the user interface element appears in English. For example, if a site owner creates a site in Hebrew, and the .NET Framework component displays a notification message, the notification message will not display in Hebrew because the .NET Framework is not localized into Hebrew. This situation can occur when sites are created in any language except the following: Chinese, French, German, Italian, Japanese, Korean, and Spanish.

Each language pack that you install creates a folder at %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\15\LAYOUTS\Locale_ID that contains language-specific data. In each locale_ID folder, you must have only one HTML error file that contains the error information that is used when a file cannot be found. Anytime a file cannot be found for any site in that language, this file will be used. You can specify the file to use by setting the FileNotFoundPage for each web application.

In some cases, some text might originate from the original installation language, which can create a mixed-language experience. This kind of mixed-language experience is typically seen only by content creators or site owners and is not seen by site users.
Downloading language packs

Follow these steps for each language that you want to support. If you decide to download more than one language, please be aware that a unique file that has a common name is downloaded for each language. Therefore, make sure that you download each language pack to a separate folder on the hard disk so that you do not overwrite a language pack of a different language.

Important:

By default, the Windows PowerShell Help files are installed in English (en-us). To view these files in the same language as the operating system, install the language pack for the same language in which the operating system was installed.

You can download language packs from the same location where you downloaded SharePoint 2013.
Installing language packs on the web and application servers

After you install the necessary language files on the web and application servers, you can install the language packs. Language packs are available as individual downloads (one download for each supported language). If you have a server farm environment and you are installing language packs to support multiple languages, you must install the language packs on each web and application server.

Important:

The language pack is installed in its native language. The procedure that follows is for the English language pack.

To install a language pack

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
In the folder where you downloaded the language pack, run setup.exe.
On the Read the Microsoft Software License Terms page, review the terms, select the I accept the terms of this agreement check box, and then click Continue.
The Setup wizard runs and installs the language pack.
Rerun the SharePoint Products Configuration Wizard by using the default settings. If you do not run the SharePoint Products Configuration Wizard after you install a language pack, the language pack will not be installed correctly.

The SharePoint Products Configuration Wizard runs in the language of the base installation of SharePoint 2013, not in the language of the language pack that you just installed.

To rerun the SharePoint 2013 Configuration Wizard

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
Click Start, point to All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Products Configuration Wizard.
On the Welcome to SharePoint Products page, click Next.
Click Yes in the dialog box that alerts you that some services might have to be restarted during configuration.
On the Modify Server Farm Settings page, click Do not disconnect from this server farm, and then click Next.
If the Modify SharePoint Central Administration Web Administration Settings page appears, do not change any of the default settings, and then click Next.
After you complete the Completing the SharePoint Products and Technologies Configuration Wizard, click Next.
On the Configuration Successful page, click Finish.
After you install a new language pack and rerun the Rerun the SharePoint 2013 Configuration Wizard, you must deactivate and then reactivate any language-specific features before you use the new language pack.

When you install language packs, the language-specific site templates are installed in the %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\15\TEMPLATE\LanguageID directory, where LanguageID is the Language ID number for the language that you are installing. For example, the United States English language pack installs to the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\TEMPLATE\1033 directory. After you install a language pack, site owners and site collection administrators can create sites and site collections based on the language-specific site templates by specifying a language when they are creating a new SharePoint site or site collection.

Uninstalling language packs

If you no longer have to support a language for which you have installed a language pack, you can remove the language pack by using the Control Panel. Removing a language pack removes the language-specific site templates from the computer. All sites that were created that have those language-specific site templates will no longer work (the URL will produce a HTTP 500 – Internal server error page). Reinstalling the language pack will make the site functional again.

You cannot remove the language pack for the version of SharePoint 2013 that you have installed on the server. For example, if you are running the Japanese version of SharePoint 2013, you cannot uninstall the Japanese language support for SharePoint 2013.
Add web or application servers to farms in SharePoint 2013

Published: July 16, 2012

Summary: Learn how to add a server to an existing SharePoint 2013 farm so the server can later be configured for use as a front-end web server or as an application server.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The procedures in this article apply to a SharePoint 2013 farm that consists of at least two tiers. This article does not describe how to convert a single-server deployment to a multiple-server farm.

In this article:
Before you add a web or application server to a SharePoint farm

Note:

Administrators typically use the SharePoint Central Administration website and the SharePoint Management Shell to manage deployments. For information about accessibility for administrators, see Accessibility for SharePoint Products.

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
- Plan browser support
- Accessibility for SharePoint Products
- Accessibility features in SharePoint 15 Products
- Keyboard shortcuts
- Touch
- Determine server role
To add a new server to the farm, you must know its intended role to plan for additional or specialized configurations and assess the potential effect of adding the server to a production environment.

Note:

A typical three-tier farm includes front-end web servers, an application server that also hosts Central Administration, and a database server. The scope of this article is the front-end web server and application server roles.

After you determine the role of the server in your farm topology, you must identify the services and features that must be configured for the server to meet this role. This information will determine how SharePoint 2013 is configured to provision the server for its role in either the web tier or the application tier. For more information, see Manage service applications in SharePoint 2013.

The following illustration shows a SharePoint 2013 farm with two front-end web servers (Web-1 and Web-2) that serve content and host the search query component. The only application server (App-1) hosts Central Administration and the search crawl component for the farm.

Options for adding a server to a farm

The following sections provide information about the general characteristics of the front-end web server and application server roles.
- Front-end web server role
The fundamental role of a front-end web server is to host web pages, web services, and the Web Parts that are required to process requests from users. The web server directs these requests to the application server, which returns the results to the front-end web server.

Depending on farm requirements, the front-end web server may also be configured to support search in scenarios where there are no dedicated search servers.

Note:

Distributing search is not an option for SharePoint 2013, where only a single search instance is permitted for each content database.

SharePoint 2013 provides more flexibility by letting you to install different search components, typically query components, on one or more front-end web servers. This is option A in the previous farm illustration. A third server also improves load balancing and increases front-end web server availability. Three servers on the web-tier is called a stretched farm.
- Application server role
By default, the server that hosts Central Administration in a three-tier farm is an application server. You can add application servers to host services that can be deployed to a single server and used by all the servers in a farm.

Services with similar usage and performance characteristics can be logically grouped on a server, and if it is necessary, hosted on multiple servers if a scale out is required to respond to performance or capacity requirements. For example, client-related farm services such as Word Services and Word Viewer can be combined into a service group and hosted on a dedicated server. In addition, some services, such as the Managed Metadata service, can be configured as service application that can be used by other farms.

In the farm illustration, there are two options to add an application server.
- In option B an additional server is configured to host all queries for the farm. The query component is removed from the front-end web servers.
- In option C an additional server is configured as a dedicated crawl server, which offloads farm indexing from the server that hosts Central Administration. The front-end web servers continue to host the query component for the farm.
In a three-tier farm that is running enterprise search, dedicated application servers are typically configured to host individual enterprise search components. Servers hosting a query component are known as query servers and servers hosting a crawl component are known as index servers. For more information, see Manage search topology (SharePoint Server 2013).
- Additional tasks
Before you start to install prerequisite software, you have to complete the following:
- Verify that the new server meets the hardware and software requirements described in Hardware and software requirements for SharePoint 2013.
- Verify that you have the minimum level of permissions that are required to install and configure SharePoint 2013 on a new server. You must be a member of the Farm Administrators SharePoint group and the Administrators group on the local server to complete the procedures in this article. For more information, see Initial deployment administrative and service accounts in SharePoint 2013.
- Verify that you know the name of the database server on the farm to which you are connecting, and the name of the configuration database if you are adding the server by using Windows PowerShell commands.
- If you intend to use Windows PowerShell commands to add the server, verify that you meet the following minimum memberships: SharePoint 2013 is installed.
- Securityadmin fixed server role on the SQL Server instance.
- db_owner fixed database role on all databases that are to be updated.
- Administrators group on the server on which you are running the Windows PowerShell cmdlets.
- An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.
Note:

If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
- Document the location of the SharePoint 2013 binary and log files on the existing farm servers. We recommend that the location of these files on the new server map to the locations used on the other servers in the farm. For more information, see Configure diagnostic logging in SharePoint 2013.
Important:

If you change the location of the trace log to a non-system drive, change the location on all the servers in the farm. Existing or new servers cannot log data if the location does not exist. In addition, you will be unable to add new servers unless the path that you specify exists on the new server. You cannot use a network share for logging purposes.
Install prerequisite software

Before you can install SharePoint 2013 and add a server to the farm, you must check for and install all the prerequisite software on the new server. You do this by using the Microsoft SharePoint Products Preparation Tool, which requires an Internet connection to download and configure SharePoint 2013 prerequisites. If you do not have an Internet connection for the farm servers, you can still use the tool to determine the software that is required. You will have to obtain installable images for the required software. For download locations, see Access to applicable software in “Hardware and software requirements (SharePoint 2013).”

Tip:

After you obtain a copy of the required software, we recommend that you create an installation point that you can use to store the images. You can use this installation point to install future software updates.

For detailed instructions about how to install the prerequisites, see Prepare the farm servers in the article, Install SharePoint 2013 across multiple servers for a three-tier farm.
Install the SharePoint software

After you install the prerequisites, follow these steps to install SharePoint 2013 on the new server. For detailed instructions about how to install SharePoint 2013, see Install SharePoint 2013 on a single server with SQL Server.

To install SharePoint 2013

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
From the product media or a file share that contains the SharePoint 2013 Products installation files, run Setup.exe.
On the Start page, click the link to install SharePoint 2013.
Review and accept the Microsoft License Terms.
On the Server Type tab, select Complete.

Note:

You can choose to install only the components that are required for a front-end web server. However, if you perform a complete installation, you have more flexibility to re-purpose the server role in the farm in the future.

Accept the default file location where SharePoint 2013 will be installed or change the installation path in order to suit your requirements.

Tip:

As a best practice, we recommend that you install SharePoint 2013 on a drive that does not contain the operating system.

When Setup finishes, a dialog box prompts you to run the SharePoint Products Configuration Wizard. You can start the wizard immediately or from the Windows command prompt later.

Add the new SharePoint server to the farm

You add the new server to the farm by using one of the following procedures:
- To add a new SharePoint 2013 server to the farm by using the SharePoint Products Configuration Wizard
- To add a new SharePoint 2013 server to the farm by using Windows PowerShell
To add a new SharePoint 2013 server to the farm by using the SharePoint Products Configuration Wizard

Verify that the user account that is performing this procedure is the Setup user account. For information about the Setup user account, see Initial deployment administrative and service accounts in SharePoint 2013.
Start the SharePoint 2013 Products Configuration Wizard.

For Windows Server 2008 R2:
- On the new server, click Start, point to All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Products Configuration Wizard.
For Windows Server 2012:
- On the new server, on the Start screen, click SharePoint 2013 Products Configuration Wizard.
  
  If SharePoint 2013 Products Configuration Wizard is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Products Configuration Wizard.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

On the Welcome to SharePoint Products page, click Next.
On the Connect to a server farm page, click Connect to an existing server farm.
Click Next.
On the Specify Configuration Database settings page, type the name of the instance of SQL Server in the Database server box, and then click Retrieve Database Names.
Select the name of the configuration database in the Database name list, and then click Next.
On the Specify Farm Security Settings page, type the name of the farm passphrase in the Passphrase box, and then click Next.
On the Completing the SharePoint Products Configuration Wizard page, click Next.
On the server that hosts Central Administration, click Manage servers in this farm to verify that the new server is part of the farm.

Note:

You can also verify a successful server addition or troubleshoot a failed addition by examining the log files. These files are located on the drive on which SharePoint 2013 is installed, in the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS folder. For more information, see Monitor health in SharePoint 2013.

On the Servers in Farm page, click the name of the new server. Use the list of available services on the Services on Server page to start the services that you want to run on the new server.
Configure SharePoint 2013 so that the new server can accommodate the role for which it was intended. For more information, see Configure the new server.

To add a new SharePoint 2013 server to the farm by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:Right-click
- Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command to connect the server to a configuration database:

Connect-SPConfigurationDatabase -DatabaseServer “<$DatabaseServer>” -DatabaseName “<$RunSettings.ConfigurationDatabaseName>” -Passphrase “<$Passphrase>“

Where:

<$DatabaseServer> is the name of the server that hosts the configuration database
<$RunSettings.ConfigurationDatabaseName> is the name of the configuration database
<$Passphrase> is the passphrase for the farm

At the Windows PowerShell command prompt, type the following command to install the Help File Collections:

Install-SPHelpCollection -All
At the Windows PowerShell command prompt, type the following command to install the Security Resource for SharePoint 2013:

Initialize-SPResourceSecurity
At the Windows PowerShell command prompt, type the following command to install the basic services:

Install-SPService
At the Windows PowerShell command prompt, type the following command to install all the features:

Install-SPFeature -AllExistingFeatures
At the Windows PowerShell command prompt, type the following command to install application content:

Install-SPApplicationContent
At the Windows PowerShell command prompt, type the following command to get a list of servers in the farm.

Get-SPFarm | select Servers

Note:

Configure SharePoint 2013 so that the new server can accommodate the role for which it was intended. For more information, see Configure the new server.

Configure the new server

The new server has no real functionality in the farm until you configure the services that are required to support the role that you planned for the new server. For more information, see Configure services and service applications in SharePoint 2013.
Remove a server from a farm in SharePoint 2013

Published: July 16, 2012

Summary: Learn how to remove a web server, application server, or database server from a SharePoint 2013 farm.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

There are three types of servers in a server farm running SharePoint 2013: web servers, application servers, and database servers. The method that you use to remove a server from a SharePoint farm varies depending on the type of server that you are removing from the farm.

In this article:
Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Removing a web server or application server from a SharePoint farm

For information about uninstallation procedures that SharePoint 2013 supports, see Uninstall SharePoint 2013.

Removing a server that contains a search topology component can affect future search activities. The extent of that effect depends on the farm search topology. We recommend that you remove or relocate any search topology components from a server before removing the server from the farm.

If you remove a server that hosts a crawl component, no index files are lost. However, you might reduce or remove the capacity to crawl content.

You can lose index files in the following situations:
- The farm has only one query component, and you remove the server that hosts the query component.
- You have configured the index to be partitioned and you delete the last query component in one of the partitions. In this case, you will lose a portion of the index.
In either of these cases, a full crawl will have to be performed to re-create the index files.

You can deploy specific techniques to build fault tolerance into the search topology. If these techniques are followed, the deliberate or unplanned removal of a server from the topology can be absorbed without losing data and without affecting the ability to crawl or serve queries. (However, performance can still be affected.) For more information, see Technical diagrams (SharePoint 2013).

Make sure that the server that you want to remove is not running any important site components. If important services or components (such as a custom Web Part) are running on the server and are not available on another server in the farm, removing the server can damage sites in the farm. For example, if the server that you want to remove is the only application server in the farm that is running the Business Data Connectivity service, removing the server can make any sites that rely on that service stop working correctly.
- Remove a web server or an application server from a farm by using Control Panel
You can remove a web server or an application server from the server farm by uninstalling SharePoint 2013 from the server through Control Panel. When you uninstall SharePoint 2013 by using Control Panel, you remove the program files and other information from the server.

To remove a web server or an application server from a farm by using Control Panel

Verify that the user account that completes this procedure has the following credentials:

The user account that performs this procedure is a member of the Administrators group on the server.

Stop the services that are running on the server. For information about how to determine which services are running on a specific server and stopping services, see Start or Stop a service (SharePoint 2013).
On the server that you want to remove from the farm, click Start, click Control Panel, and then double-click Programs and Features.
In the list of currently installed programs, click SharePoint 2013, and then click Uninstall.
Click Continue at the confirmation prompt to uninstall the program.

Removing a database server from a SharePoint farm

To remove a database server from a farm without uninstalling SharePoint and therefore deleting the data that was stored in the database, you must first move any databases that are hosted by that server to another database server in the farm and then use Central Administration to remove the database server from the farm.

You cannot remove a database server if it is the only database server available in the farm, or if it is the database server that hosts the configuration database.

Caution:

If you uninstall SharePoint 2013 from the server that is running Central Administration, you will be unable to administer the server farm until you configure another server in the farm to host the Central Administration site.

Remove a database server, web server, or application server from a SharePoint farm by using Central Administration

If a web server or application server is no longer available, or if uninstalling SharePoint 2013 from Control Panel is not possible, you can remove the web server or application server from the farm by using the SharePoint Central Administration website. Removing a server from the farm by using Central Administration does not uninstall SharePoint 2013 from the server, nor does it make any sites on that server inaccessible. We recommend that you use the process described in Remove a web server or an application server from a farm by using Control Panel to uninstall SharePoint 2013 instead of using Central Administration to remove the server.

Removing the server from the farm by using Central Administration does not delete this information from the server. Use the Central Administration procedure for removing database servers only, or for removing a web server or an application server from the farm when the server is no longer available to uninstall through Control Panel.

You can follow these steps to remove a web server, application server, or database server from the farm. However, we recommend that you remove web servers and application servers from a farm by using Control Panel, instead of by using Central Administration. For information, see To remove a web server or an application server from a farm by using Control Panel.

Before you remove a database server from a farm, make sure that you have moved any databases stored on that server to a different database server in your farm.

To remove a database server, web server, or application server from a SharePoint farm by using Central Administration

Verify that the user account that completes this procedure has the following credentials:

The user account that performs this procedure is a member of the Farm Administrators SharePoint group.
The user account that performs this procedure is a member of the Administrators group on the server.

Stop the services that are running on the server. For information about how to determine which services are running on a specific server and stopping services, see Start or Stop a service (SharePoint 2013).
On the SharePoint Central Administration website, in the System Settings section, click Manage servers in this farm.
On the Servers in Farm page, locate the row that contains the name of the server that you want to remove, and then click Remove Server.
In the warning that appears, click OK to remove the server or click Cancel to stop the operation.

The page updates, and the server that you removed no longer appears in the list of servers.

Uninstall SharePoint 2013
Published: July 16, 2012

Summary: SharePoint Server 2013 and SharePoint Foundation 2013 support a limited set of methods to uninstall.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 .

You remove SharePoint 2013 by uninstalling it from Control Panel. When you uninstall SharePoint 2013, most files and subfolders in the installation folders are removed. However, some files are not removed. Also,
- Web.config files, index files, log files, and customizations that you might have are not automatically removed when you uninstall SharePoint 2013.
- SQL Server databases are detached but are not removed from the database server.
- If you uninstall a single server that has a built-in database, SQL Server Express is not removed.
- When you uninstall SharePoint 2013, all user data remains in the database files.

Before you begin

Before you begin this operation, confirm that you have uninstalled all language packs that are on the server.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Plan browser support

Accessibility for SharePoint Products

Accessibility features in SharePoint 2013 Products

Keyboard shortcuts

Touch
Uninstall SharePoint 2013

Use this procedure to uninstall SharePoint 2013.

To uninstall SharePoint 2013

Verify that you are a member of the Farm Administrators group or a member of the Administrators group on the local computer.
On the computer that runs SharePoint 2013, log on as a local or domain administrator.
Start Control Panel.

For Windows Server 2008 R2:
- Click Start, and then click Control Panel.
For Windows Server 2012:
- On the Start screen, click Control Panel.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

In the Programs area, click Uninstall a program.
In the Uninstall or change a program dialog box, click Microsoft SharePoint Server 2013.
Click Change.
On the Change your installation of Microsoft SharePoint Server 2013 page, click Remove, and then click Continue.

A confirmation message appears.
Click Yes to remove SharePoint 2013.

A warning message appears.
Click OK to continue.

A confirmation message appears.
Click OK.

You might be prompted to restart the server.

Note:

If you did not remove the language template packs before you uninstalled and then reinstalled SharePoint 2013, you must run Repair from the SharePoint Products Configuration Wizard for each language template pack on the server. After the repair operation is complete, you must restart the server. Finally, complete the language template pack configuration by running the SharePoint Products Configuration Wizard.

Install and configure a virtual environment for SharePoint 2013

Published: July 16, 2012

Summary: Learn about permissions, accounts, security settings, and what you have to do to prepare your Windows Server 2008 Hyper-V environment for SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The following downloadable resources, articles on TechNet, and related resources provide information about how to prepare Hyper-V to support a SharePoint 2013 virtual farm.

TechNet articles about SharePoint 2013 virtualization with Hyper-V

The following articles about virtualization in SharePoint 2013 are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Provides
	Use best practice configurations for the SharePoint 2013 virtual machines and Hyper-V environment	Provides best practice guidance to install and configure virtual machines for a SharePoint 2013 farm and the Hyper-V virtualization host computer.

Additional resources about Hyper-V installation and initial configuration

The following resources about Hyper-V are available from other subject matter experts.

Content		Description
Getting Business Done With Virtualization	Visit the TechCenter to access videos, community sites, documentation, and more.
Virtualization: Prepare to Virtualize	This TechNet Magazine article provides an overview of the preparation required to shift applications to a virtual environment.

Use best practice configurations for the SharePoint 2013 virtual machines and Hyper-V environment

Published: July 16, 2012

Summary: Follow best practice recommendations to configure the SharePoint 2013 virtual machines and the Windows Server 2008 Hyper-V infrastructure.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

After you create a detailed architecture design and system specifications, you are ready to install and configure the virtual environment for the SharePoint 2013 farm. To achieve the performance and capacity goals that you identify in your detailed design and system specifications, you must have a correctly configured virtual environment. One or more badly configured virtual machines or virtualization hosts can significantly reduce performance.

This article discusses Windows Server 2008 Hyper-V technology configuration options and their potential impact on the performance of the virtualization host computer, the virtual machines, and the SharePoint 2013 farm in general. Key decision points and best practice configurations provide guidance when you set up the virtual environment.

Important:

A wide range of features and installation options are available to set up and configure a Hyper-V environment. Measurements focus on testing and guidance on the features and configurations that provide quantifiable benefits and consider the known performance characteristics of server roles in a SharePoint products farm.

In this article:
Introduction and scope

We recommend that you use a bottom up approach to configure the Hyper-V environment for the SharePoint 2013 farm. Start with the Hyper-V host computer configuration and then work up to the virtual layer to configure the virtual network components and the virtual machines.

Before you install and configure the Hyper-V environment, we recommend that you review the following articles:
Several aspects about how to configure a virtual environment that are not discussed in detail are documented in separate articles. Detailed information about the following subjects is out of scope for this article:
- Business Continuity Management (high availability and disaster recovery) for a virtual environment
- Securing a virtual environment (options and best practices)
Note:

SharePoint 2013does not support the virtualization changes and features in Windows Server 2012.

Review the general best practice guidance for virtualization

When you install and configure virtualization for a SharePoint 2013 farm, every configuration choice that you make and implement has an effect on all other parts of the virtual environment. Your primary goal is to create intended consequences and positive effects. To achieve this goal you have to understand the interaction between the virtual and the physical, the inherent constraints. You also have to follow best practice guidance when you set up the virtual farm.

The first thing that you have to do before you install and configure your virtual environment is to make sure that you install the latest version of the Hyper-V Best Practices Analyzer (BPA). You can get this update from Update for Best Practices Analyzer for HYPER-V for Windows Server 2008 R2 x64 Edition (KB977238).

You can use Hyper-V Best Practices Analyzer to scan a server that is running the Hyper-V role and help identify configurations that do not comply with the best practices of Microsoft for this role. BPA scans the configuration of the physical computer, the virtual machines, and other resources, such as virtual networking and virtual storage. No configuration changes are made by running the scan.

The scan results display the following information:

A list of issues that you can sort by severity
Recommended fixes for issues
Links to instructions

The best practices in the following table explain several aspects of virtualization and are not necessarily specific to any virtualization technology.

Note:

Hyper-V partition terminology

Hyper-V provides three types of partitions: the root partition, the parent partition, and the child partition. Each partition has its resources (memory and processor) and policies for device use. The root partition is the original partition and it starts the hypervisor. The parent partition calls the hypervisor to request the creation of new child partitions—the virtual machines.

Best practice guidance for virtualization

Best practice	Description
Leave adequate memory for the Hyper-V partitions.	Calculate the total memory requirements for all the virtual machines on the host and ensure that there is enough available memory to meet Hyper-V partition requirements. Important: For SharePoint products virtual machines, we recommend 4 GB of RAM or more for host computer operations.
Do not use the parent partition for services other than Hyper-V.	Do not run additional roles or services on the parent partition. Run them on the virtual machines instead because the parent is differentiated for scheduling.
Do not store host computer system files on drives that are used for Hyper-V storage.	To reduce disk contention, do not store system files (for example, Pagefile.sys) on hard disks that are dedicated to storing virtual machine data.
Use a minimum of two physical network adapters.	For better network management and performance, dedicate one adapter to virtual machine network traffic and use the other adapter for virtualization host network traffic.
Do not oversubscribe the CPU on the virtualization host computer.	Review the supported ratio of virtual processors per logical processor and avoid oversubscribing the host computer CPU. The optimum virtual processor:logical processor ratio is 1:1. For more information, see Configure the processors for the virtual machines.
Do not cross Non-uniform memory access (NUMA) boundaries.	Hyper-V spans NUMA nodes to assign physical memory to a virtual machine; however, this does reduce performance on the virtual machine. For more information, see Configure the memory for the virtual machines
Do not use snapshots in a production environment.	Do not use snapshots for the virtual machines in a SharePoint products production environment. When you create a snapshot, Hyper-V creates a new secondary drive for the virtual machine. Write operations occur on the new drive and read operations occur on both drives, which has the same net affect as a differencing disk. Every snapshot that you add reduces disk performance further.

Configure the Hyper-V host computer

When you configure the Hyper-V host computer, we recommend that you consider the following configuration options and best practices:
- Use hardware that supports Second Level Address Translation (SLAT).
  
  SLAT is hardware that is optimized for virtualization improves virtual machine performance, and reduces processing load on the Windows hypervisor. For more information, see Hyper-V: List of SLAT-Capable CPUs for Hosts.
- If your hardware supports Hyper-Threading, enable it.
  
  Hyper-Threading splits the CPU pipeline in two and makes a single core look like two cores.

Install and configure virtual networking

Hyper-V provides the level of networking robustness and configuration options that you expect to see in a physical networking environment. There are, of course, some limitations because you are dealing with virtual devices.

We recommend that you refer to the following documentation to prepare to install and configure virtual networking.

You can create and configure a Hyper-V virtual network before you install and configure virtual machines. In addition, you can create more than one virtual network on a Hyper-V host computer.

Note:

You cannot create more than one virtual network on a Hyper-V host computer if the computer is running a Server Core installation of Windows Server 2008 or Windows Server 2008 R2.

Hyper-V provides three types of virtual networks that you can configure for virtual machines. The following table provides a summary of these virtual networks and their characteristics.

Virtual network types

Type	Description
External	Provides a communication link between virtual machines and a physical network by creating an association to a physical network adapter on the host computer. Dedicate one physical adapter to this type of network. For security purposes you can isolate traffic between virtual machines and other computers on the physical network by clearing the Allow management operating system to share this network adapter setting. However, you will be unable to connect to the management operating system remotely.
Internal	Provides a communications link between the host computer and the virtual machines. This provides a degree of isolation from external network traffic and is typically used in a test environment where you want to connect to the virtual machines by using the management operating system.
Private	Provides a communications link between the virtual machines. They are completely isolated from the host computer and this type of virtual network is often used to set isolated test domains.

Important:

In a scenario where two internal (or private) virtual networks are created in Hyper-V and two virtual machines are created on a separate IP subnet, these virtual machines cannot communicate with one another. Because the virtual switch operates at layer 2 of the ISO/OSI Network Model, you have to have a router to achieve routing at a higher level.

After you create your virtual network, you can specify the range of media access control (MAC) addresses that are automatically assigned to the virtual network adapters. Hyper-V enables you to provide static MAC addresses to a virtual adapter to avoid collisions on the network.

Tip:

John Howard’s blog post, Hyper-V: MAC Address allocation and apparent network issues MAC collisions can cause provides a very good explanation about MAC Address allocation and associated network issues.

Windows Server 2008 R2 adds the option to configure MAC address spoofing (Enable Spoofing Of MAC Addresses) in the virtual network adapter settings. For more information, see Configure MAC Address Spoofing for Virtual Network Adapters.

Virtual local area networks (VLANs)

From a performance perspective, the ability to create virtual local area networks (VLANs) can provide significant throughput gains. Because virtual machines on the same VLAN can communicate through the virtual switch, network traffic is faster because it does not have to use the physical network adapter. Another benefit of a VLAN configuration is the fact that, because it is software-based, a virtual machine can easily be moved between hosts and still keeps its network configuration.

When you enable virtual LAN identification for the management operating system, you can assign a VLAN identifier (ID), which is an integer that uniquely identifies a node that belongs to a particular VLAN. If you use virtual LAN feature and a VLAN ID, note the following:

The physical adapters must support VLAN tagging and this feature has to be enabled.
Set the VLAN ID on either the virtual switch or on the virtual machine’s network adapter instead of the physical adapter.
You can assign only one VLAN ID on the virtual switch.
- Network adapters and virtual network switches

Hyper-V provides two kinds of virtual network adapters that you can configure for a virtual machine: a network adapter and a legacy network adapter.

A network adapter, also known as a synthetic adapter, is the preferred option for most virtual machine configurations. The driver for this adapter is included with the integration services that are installed with the Windows Server 2008 R2 guest operating system.
A legacy adapter emulates an Intel 21140-based PCI Fast Ethernet Adapter, which results in a lower data transfer than the network adapter. A legacy network adapter also supports network-based installations because it can boot to the Pre-Boot Execution Environment (PXE).

Unless you have to use a legacy adapter until you can install the virtual machine driver or have to do a network boot, we recommend that you configure a virtual machine with a network adapter. If you do have to use a legacy adapter for a network installation, you can always add a network adapter later, and then delete the legacy adapter.

NIC teaming is the process of grouping several physical NICs into one logical NIC, which can be used for network fault tolerance and transmit load balance. The process of grouping NICs is called teaming. Teaming has two purposes:

Fault tolerance. Teaming more than one physical NIC to a logical NIC maximizes high availability. Even if one NIC fails, the network connection does not stop and continues to operate on other NICs.
Load balancing. Balancing the network traffic load on a server can enhance the functionality of the server and the network. Load balancing within network interconnect controller (NIC) teams enables distributing traffic among the members of a NIC team so that traffic is routed among all available paths.

Note:

Windows Server 2008 Service Pack 2 (SP2) and Windows Server 2008 R2 have no restrictions that are associated with NIC Teaming and the Failover Clustering feature. In Windows Server 2008, the Microsoft Failover Cluster Virtual Adapter is compatible with NIC Teaming and enables it to be used on any network interface in a Failover Cluster.

Windows Server 2008 R2 adds important new capabilities that you should use in your Hyper-V environment if your servers and network hardware support them. We recommend that you investigate the following networking options:

Large Send Offload (LSO) and Checksum Offload (CSO). The virtual networks in Hyper-V support LSO and CSO. In addition, if your physical network adapters support these capabilities, the virtual traffic is offloaded to the physical network as necessary. Most network adapters support LSO and CSO.
Jumbo frames. With Windows Server 2008 R2, jumbo frame improvements converge to support up to 6 times the payload per packet. This increases overall throughput and reduces CPU utilization for large file transfers. Physical networks and virtual networks support jumbo frames. This includes switches and adapters.

Note:

For physical networks, all intervening network hardware such as switches must have jumbo frame support enabled also.

TCP chimney. This lets virtual NICs in child partitions to offload TCP connections to physical adapters that support it, which reduces CPU utilization and other overhead.
Virtual machine queue (VMQ). VMQ improves network throughput by distributing network traffic for multiple VMs across multiple processors. This process reduces processor utilization by offloading packet classification to the hardware and avoiding both network data copy and route lookup on transmit paths. VMQ is compatible with most other task offloads and can coexist with large send offload and jumbo frames.

Create and configure the virtual machines

Although Hyper-V supports several guest operating systems, SharePoint 2013 requires the 64-bit edition of Windows Server 2008 R2 Service Pack 1 (SP1) Standard, Enterprise, or Data Center. For more information about supported guest operating systems, see About Virtual Machines and Guest Operating Systems

Hyper-V provides many configuration options and you can change a configuration, the amount of memory for example, after the virtual machine is running as a SharePoint products farm server. With the exception of adding a virtual hard disk drive for a SCSI controller, you have to shut down a virtual machine before you can change its configuration.

Configure each virtual machine according to the requirements in Capacity management and high availability in a virtual environment (SharePoint Server 2010). Configure the following for each virtual machine:
- The BIOS setting to set the boot sequence (legacy network adapter, CD, IDE, or floppy disk)
- The amount of memory
- The number of virtual processors
- The type and number of controllers
- The type and number of hard disks
- The type and number of network adapters
In addition to the previous configurations, you also have the option to configure a DVD drive, COM ports, and a virtual floppy disk.

From a SharePoint products perspective, the primary configuration considerations are the memory, processor, and hard disks.
Configure the memory for the virtual machines

Configure memory on a virtual machine as you typically do for an application that runs on a physical server. The memory allocation must be sufficient to reasonably handle the load at ordinary and peak times. For SharePoint virtual machines, insufficient memory is the main cause of performance issues.

Before you install and configure the virtual machines on a Hyper-V host computer, calculate how much memory is available for the virtual machines. The root partition must have sufficient memory to provide services such as I/O virtualization and management to support the child partitions. For SharePoint products, we recommend that you allow a minimum of 4 GB of RAM for overhead on a Hyper-V virtualization host computer.

After you factor in the 4 GB RAM reserve for the virtualization host, configure the virtual machines to use the remaining memory.

Dynamic memory

Windows Server 2008 R2 SP1 has the option of configuring dynamic memory (with a minimum value and maximum value) for virtual machines.

We do not support this option for virtual machines that run in a SharePoint 2013 environment. The reason is that this implementation of dynamic memory does not work with every SharePoint feature. For example, Distributed Cache and Search do not resize their caches when the allocated memory for a virtual machine is dynamically changed. This can cause performance degradation, especially when assigned memory is reduced.

Non-uniform memory access (NUMA)

A very import aspect of virtual machine memory configuration is Non-uniform memory access (NUMA). NUMA is a memory design that speeds up memory access by partitioning physical memory so each processor in a multi-CPU has its own memory. For example, in a system with 8 cores and 32 GB of RAM, each core or node has 4 GB of physical memory. If a virtual machine is configured to use 8 GB of RAM, the system has to use memory in another node. Because crossing the NUMA boundary can reduce virtual performance by as much as 8%, it is a best practice to configure a virtual machine to use resources from a single NUMA node. For more information about NUMA, refer to the following articles:
Configure the processors for the virtual machines

You can configure multiple virtual processors for a virtual machine, up to a limit of four processors. You cannot configure more processors per virtual machine than there are logical (cores) processors on the virtualization host. For example, given a dual core physical server, the limit is two virtual processors for a virtual machine. Although Hyper-V supports up to eight virtual processors per core or per thread, a configuration that exceeds this ratio (8:1) is known as being oversubscribed. For any virtual machine that you use in a SharePoint 2013 farm, we recommend a ratio of 1:1. Oversubscribing the CPU on the virtualization host can decrease performance, depending on how much the CPU is oversubscribed. For more information, see Hyper-V VM Density, VP:LP Ratio, Cores and Threads
Configure the controllers and hard disks for the virtual machines

You can use two controller options and several hard disk configurations for a virtual machine. Before you configure storage for your virtual machines, read the following posts written by Jose Barreto, who is a member of the File Server Team at Microsoft.
- Storage options for Windows Server 2008 Hyper-V
- More on Storage Options for Windows Server 2008 Hyper-V
You can select either Integrated Device Electronics or SCSI devices on virtual machines, as follows:
- IDE devices: Hyper-V uses emulated devices with IDE controllers. You can have up to two IDE controllers with two disks on each controller. The startup disk (also known as the boot disk) must be attached to one of the IDE devices. The startup disk can be either a virtual hard disk or a physical disk. Although a virtual machine must use an IDE device as the startup disk to start the guest operating system, you have many options to choose from when you select the physical device that will provide the storage for the IDE device.
- SCSI devices: Each virtual machine supports up to 256 SCSI disks (four SCSI controllers with each controller supporting up to 64 disks). SCSI controllers use a type of device that was developed specifically for use with virtual machines and use the virtual machine bus to communicate. The virtual machine bus must be available when the guest operating system is started. Therefore, virtual hard disks that are attached to SCSI controllers cannot be used as startup disks.
Note:

Physical SCSI devices typically provide better I/O performance than physical IDE devices. However, this is not the case for virtualized SCSI and IDE devices in Hyper-V. Support for hot swappable hard disk drives, which the Hyper-V implementation of SCSI supports, is a better reason for selecting SCSI drives than performance gains.

The version of Hyper-V released with Windows Server 2008 R2 provides significant improvements in virtual hard disk performance. For more information, see Virtual Hard Disk Performance: Windows Server 2008 / Windows Server 2008 R2 / Windows 7. For a summary of virtual machine drive options, see the “How to choose your Hyper-V and VHD Storage Container Format” section of ” Virtual Hard Disk Performance: Windows Server 2008 / Windows Server 2008 R2 / Windows 7″.

Hyper-V supports many storage options. For more information about the storage options, see Planning for Disks and Storage.

You can use the following types of physical storage with a server that runs Hyper-V:
- Direct-attached storage: You can use Serial Advanced Technology Attachment (SATA), external Serial Advanced Technology Attachment (eSATA), Parallel Advanced Technology Attachment (PATA), Serial Attached SCSI (SAS), SCSI, USB, and Firewire.
- Storage area networks (SANs): You can use Internet SCSI (iSCSI), Fibre Channel, and SAS technologies.
For more information, see Configuring Pass-through Disks in Hyper-V.

There is no generic storage solution for every virtual environment. Selecting the optimal virtual machine drive option for your SharePoint 2013 servers requires research and extensive testing to implement the best storage solution for your virtual environment. When you pick a storage solution you must consider access performance, storage needs, and how much memory is used for the advanced caching of virtual hard disk images.
Configure services and general settings
In a Hyper-V environment, you can specify the configuration of virtual networking and the configuration for each virtual machine. Additionally, you can configure how each virtual machine interacts with the Hyper-V host computer, and also the stop and restart behavior if the running state of the virtual machine is interrupted.
- Integration services
Hyper-V includes a software package for supported guest operating systems that improves integration between the physical computer and the virtual machine. This package is known as integration services. You should verify that the management operating system (which runs the Hyper-V role) and virtual machines are running the same version of integration services. For more information, see Version Compatibility for Integration Services.

For each virtual machine you can configure the following integration items between the virtual machine and the virtualization host computer:
- Operating system shutdown
- Time synchronization
- Data exchange
- Heartbeat
- Backup (volume snapshot)
Important:

Disable the time synchronization for each SharePoint virtual machine. SharePoint 2013 implements timer jobs extensively and the latency during time synchronization will cause unpredictable results in the SharePoint environment.
- Automatic stop and start
For each virtual machine you can configure automatic stop and start behavior if a physical computer shuts down.

The options for stop are as follows:
- Save the virtual machine state.
  
  The current state of the virtual machine is saved. When the virtual machine is started, Hyper-V attempts to restore the virtual machine to the state it was in.
- Turn off the virtual machine.
  
  This is the equivalent of pulling the power plug on a server.
- Shut down the guest (virtual machine) operating system.
  
  This is the equivalent of shutting down a computer by using the Windows Shut down option.
For a SharePoint products virtual machine, do not configure the virtual machine to save state. Virtual machines that start from saved state will be out of synchronization with the other servers in the farm. We recommend that you configure the virtual machine to use a shutdown because it minimizes that chances that the virtual machine can be corrupted. When a shutdown happens, all timer jobs that are running can finish, and there will be no synchronization issues when the virtual machine restarts.

The opposite of an automatic stop is an automatic start. Hyper-V provides the following startup options when the physical server restarts:
- Do nothing.
  
  You have to start the virtual machine manually regardless of its state when the physical server shut down.
- Automatically start if the virtual machine was running when the service stopped.
- Always start this virtual machine automatically.
  
  Hyper-V starts the virtual machine regardless of its state when the physical server shut down.
We recommend that you select either of the first two options. Both options are acceptable. However, the decision is ultimately up to the IT team that manages and maintains the virtual environment.

In addition to the previous start options, you can configure a startup time delay for a virtual machine. We recommend that you do this to reduce resource contention on a virtualization host. However, if your start option is to do nothing, this is not an issue.
Configure SharePoint 2013

Published: July 16, 2012

Summary: Lists articles that describe how to configure settings (such as services, authentication, and specific features) after you install SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

After you install SharePoint 2013, you must configure several additional settings to enable key features in your farm. The articles in this section provide steps for configuring these settings.

TechNet articles about how to configure settings for the server farm

The following articles about how to configure settings for the server farm are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Configure authentication infrastructure in SharePoint 2013	These articles describe how to configure the infrastructure for user, server-to-server, and app authentication.
	Configure availability and recovery solutions for SharePoint 2013	Learn about the options for providing high availability and disaster recovery solutions for SharePoint 2013.
	Configure email integration for a SharePoint 2013 farm	These articles describe how to configure incoming and outgoing e-mail in the server farm.
	Configure licensing in SharePoint Server 2013	Learn about new licensing functionality and how to configure licensing in SharePoint Server 2013.
	Configure mobile accounts in SharePoint 2013	Learn how to subscribe to SMS alerts for your mobile device in SharePoint Server 2013.
	Configure Request Manager in SharePoint Server 2013	Learn how Request Manager can route and throttle incoming requests to help improve performance and availability.
	Configure services and service applications in SharePoint 2013	These articles describe how to configure services and service applications.
	Configure usage and health data collection (SharePoint 2013)	Learn how to configure usage and health data collection.
	Configure Business Connectivity Services solutions for SharePoint 2013	Find links to procedures to help you install and configure Business Connectivity Services for SharePoint 2013 on-premises and other scenarios.
	Configure eDiscovery in SharePoint Server 2013	Learn the steps to set up and configure eDiscovery in SharePoint Server 2013 and Exchange Server 2013.
	Configure Exchange task synchronization in SharePoint Server 2013	Configure Exchange Server 2013 and SharePoint Server 2013 for task synchronization by using the SharePoint Server 2013 Task Synchronization feature.
	Configure site mailboxes in SharePoint Server 2013	Configure Exchange Server 2013 and SharePoint Server 2013 for team email by using the SharePoint Server 2013 Site Mailboxes feature.
	Configure social computing features in SharePoint Server 2013	These articles describe how to configure social computing features. This includes My Sites, Community Sites, and microblogging in SharePoint Server 2013.
	Configure web content management solutions in SharePoint Server 2013	Learn how to configure SharePoint web content management solutions that use cross-site collection publishing in SharePoint Server 2013.
	Configure workflow in SharePoint Server 2013	Learn how to install and configure Workflow Manager in SharePoint Server 2013.

Additional resources about how to configure settings for the server farm

The following resources about how to configure settings for the server farm are available from other subject matter experts.

	Content	Description
	Installation and Deployment for SharePoint 2013 Resource Center	Visit the Resource Center to access videos, community sites, documentation, and more.

Configure authentication infrastructure in SharePoint 2013

Published: July 16, 2012

Summary: Find resources to help you configure the infrastructure for user, server-to-server, and app authentication in SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The following articles on TechNet and related resources provide information about how to configure authentication infrastructure.

TechNet articles about how to configure authentication infrastructure

The following articles about how to configure authentication infrastructure in SharePoint 2013 are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Configure forms-based authentication for a claims-based web application in SharePoint 2013	Describes the steps to configure forms-based authentication using a Lightweight Directory Access Protocol (LDAP) membership provider.
	Configure SAML-based claims authentication with AD FS in SharePoint 2013	Describes the steps to configure Security Assertion Markup Language (SAML)-based claims authentication using Active Directory Federation Services (AD FS) 2.0.
	Configure server-to-server authentication in SharePoint 2013	These articles describe the steps to configure server-to-server authentication.
	Configure app authentication in SharePoint Server 2013	Describes the steps to configure app authentication for SharePoint Server 2013.
	Configure client certificate authentication for SharePoint 2013	Describes how to configure user authentication with client certificates.

Configure forms-based authentication for a claims-based web application in SharePoint 2013

Updated: October 2, 2012

Summary: Learn how to configure forms-based authentication with an LDAP provider for a new SharePoint 2013 web application.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

This article provides guidance for configuring forms-based authentication for a SharePoint 2013 web application that uses a Lightweight Directory Access Protocol (LDAP) membership provider. Forms-based authentication is an identity management system that is based on ASP.NET membership and role provider authentication. Forms-based authentication in SharePoint 2013 is a claims-based authentication method. For more information about the use of forms-based authentication, see the “Implementing forms-based authentication“ section of Plan for user authentication methods.

Important:

The steps in this article apply to SharePoint Server 2013.

For a version of these procedures that are configured in a standardized test lab, see Test Lab Guide: Demonstrate forms-based claims authentication for SharePoint Server 2013.
Before you begin

Before you begin this operation, you should be familiar with the concepts in Plan for user authentication methods.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Process overview

This configuration has the following phases that must be performed in consecutive order:
- Phase 1: Create a new web application that uses forms-based authentication with Central Administration
- Phase 2: Configure the Web.Config files for an LDAP membership provider
Within each phase, the set of procedures must also be performed in consecutive order.

For an alternative to creating the new web application by using Central Administration, see Create a new web application that uses forms-based authentication with Windows PowerShell.

If you are using iFrame-based Windows Azure autohosted apps within the web application, see Configure a forms-based authentication web application for Windows Azure autohosted apps.
Phase 1: Create a new web application that uses forms-based authentication with Central Administration

Perform the steps in the following procedure to create a web application that uses forms-based authentication with Central Administration.

To create a new web application that uses forms-based authentication with Central Administration

Verify that the user account that is performing this procedure is a site collection administrator.
Start SharePoint 2013 Central Administration.

For Windows Server 2008 R2:
- Click Start, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Central Administration.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Central Administration.
  
  If SharePoint 2013 Central Administration is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Central Administration.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

In Central Administration, in the Application Management section, click Manage web applications.
In the Contribute group of the ribbon, click New.
In the Claims Authentication Types section of the Create New Web Application dialog box, select Enable Forms Based Authentication (FBA).
Type a membership provider name in ASP.NET Membership provider name and a role manager name in ASP.NET Role manager name.

In the example Web.Config files depicted in this article, the membership provider is membership and the role manager is rolemanager.
Configure the other settings for this new web application as needed, and then click OK to create it.
When prompted with the Application Created dialog box, click OK.

Phase 2: Configure the Web.Config files for an LDAP membership provider

After you successfully create the new web application, modify the following Web.Config files in every web front-end server in the farm:
- To configure the Central Administration Web.Config file
- To configure the Security Token Service Web.Config file
- To configure the new web application Web.Config file
  - Configure the Central Administration Web.Config file
The following procedure configures the Central Administration web site to recognize and use the new forms-based membership provider and role manager.

To configure the Central Administration Web.Config file

Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
In the console tree, open the server name, and then Sites.
Right-click the SharePoint Central Administration v4 site, and then click Explore.
In the folder window, double-click the Web.Config file.
In the <Configuration> section, find the <system.web> section and add the following example entry:

<membership defaultProvider=”AspNetSqlMembershipProvider”>
<providers>
<add name=”membership”
type=”Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”
server=”yourserver.com”
port=”389″
useSSL=”false”
userDNAttribute=”distinguishedName”
userNameAttribute=”sAMAccountName”
userContainer=”OU=UserAccounts,DC=internal,DC=yourcompany,DC=distinguishedName (of your userContainer)”
userObjectClass=”person”
userFilter=”(ObjectClass=person)”
scope=”Subtree”
otherRequiredUserAttributes=”sn,givenname,cn” />
</providers>
</membership>
<roleManager enabled=”true” defaultProvider=”AspNetWindowsTokenRoleProvider” >
<providers>
<add name=”roleManager”
type=”Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”
server=”yourserver.com”
port=”389″
useSSL=”false”
groupContainer=”DC=internal,DC=yourcompany,DC=distinguishedName (of your groupContainer)”
groupNameAttribute=”cn”
groupNameAlternateSearchAttribute=”samAccountName”
groupMemberAttribute=”member”
userNameAttribute=”sAMAccountName”
dnAttribute=”distinguishedName”
groupFilter=”((ObjectClass=group)”
userFilter=”((ObjectClass=person)”
scope=”Subtree” />
</providers>
</roleManager>

In the preceding entry, substitute the following:

The name of your membership provider in <add name=”membership”.
The fully qualified domain name (FQDN) of your domain controller (your LDAP server) in server=”yourserver.com”.
The distinguished name of your user container in userContainer=”OU=UserAccounts,DC=internal,DC=yourcompany,DC=distinguishedName (of your userContainer)”.
The name of your role manager in <add name=”roleManager”.
The distinguished name of your group container in groupContainer=”DC=internal,DC=yourcompany,DC=distinguishedName (of your groupContainer)”.

After you add this entry, save and close the Web.Config file.

Configure the Security Token Service Web.Config file

The following procedure configures the Security Token Service to recognize and use the new forms-based membership provider and role manager.

To configure the Security Token Service Web.Config file

In the console tree of Internet Information Services (IIS) Manager, open the SharePoint Web Services site.
In the console tree, right-click SecurityTokenServiceApplication, and then click Explore.
In the folder window, double-click the Web.Config file.
In the <Configuration> section, create a new <system.web> section and add the following example entry:

<membership>
<providers>
<add name=”membership”
type=”Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”
server=”yourserver.com”
port=”389″
useSSL=”false”
userDNAttribute=”distinguishedName”
userNameAttribute=”sAMAccountName”
userContainer=”OU=UserAccounts,DC=internal,DC=yourcompany,DC=com”
userObjectClass=”person”
userFilter=”(&(ObjectClass=person))”
scope=”Subtree”
otherRequiredUserAttributes=”sn,givenname,cn” />
</providers>
</membership>
<roleManager enabled=”true” >
<providers>
<add name=”rolemanager”
type=”Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”
server=”yourserver.com”
port=”389″
useSSL=”false”
groupContainer=”DC=internal,DC=yourcompany,DC=com”
groupNameAttribute=”cn”
groupNameAlternateSearchAttribute=”samAccountName”
groupMemberAttribute=”member”
userNameAttribute=”sAMAccountName”
dnAttribute=”distinguishedName”
groupFilter=”(&(ObjectClass=group))”
userFilter=”(&(ObjectClass=person))”
scope=”Subtree” />
</providers>
</roleManager>

In the preceding entry, substitute the following:

The name of your membership provider in <add name=”membership”.
The FQDN of your domain controller (your LDAP server) in server=”yourserver.com”.
The distinguished name of your user container in userContainer=”OU=UserAccounts,DC=internal,DC=yourcompany,DC=com”.
The name of your role manager in <add name=”roleManager”.
The distinguished name of your group container in groupContainer=”DC=internal,DC=yourcompany,DC=com”.

After you add this entry, save and close the Web.Config file.

Configure the new web application Web.Config file

The following procedure configures the new web application to recognize and use the new forms-based membership provider and role manager.

To configure the new web application Web.Config file

In the console tree of Internet Information Services (IIS) Manager, right-click the site that corresponds to the name of the web applications that you just created, and then click Explore.
In the folder window, double-click the Web.Config file.
In the <Configuration> section, find the <system.web> section.
Find the <membership defaultProvider=”i”> section and add the following example entry to the <Providers> section:

<add name=”membership”
type=”Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c”
server=”yourserver.com”
port=”389″
useSSL=”false”
userDNAttribute=”distinguishedName”
userNameAttribute=”sAMAccountName”
userContainer=”OU=UserAccounts,DC=internal,DC=yourcompany,DC=com”
userObjectClass=”person”
userFilter=”(&(ObjectClass=person))”
scope=”Subtree”
otherRequiredUserAttributes=”sn,givenname,cn” />

In the preceding entry, substitute the following:

The name of your membership provider in <add name=”membership”.
The FQDN of your domain controller (your LDAP server) in server=”yourserver.com”.
The distinguished name of your user container in userContainer=”OU=UserAccounts,DC=internal,DC=yourcompany,DC=com”.

Find the <roleManager defaultProvider=”c” enabled=”true” cacheRolesInCookie=”false”> section and add the following example entry to the <Providers> section:

In the preceding entry, substitute the following:

The name of your role manager in <add name=”roleManager”.
The FQDN of your domain controller (your LDAP server) in server=”yourserver.com”.
The distinguished name of your group container in groupContainer=”DC=internal,DC=yourcompany,DC=com”.

After you add the preceding entry, save and close the Web.Config file.

Warning:

Do not overwrite any existing entries in this Web.Config file.

Create a new web application that uses forms-based authentication with Windows PowerShell

Perform the following procedure to create a web application that uses forms-based authentication with Windows PowerShell.

To create a new web application that uses forms-based authentication with Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 Products cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

From the Windows PowerShell command prompt, type the following:

$ap = New-SPAuthenticationProvider -Name <Name> -ASPNETMembershipProvider <Membership Provider Name> -ASPNETRoleProviderName <Role Manager Name>
$wa = New-SPWebApplication -Name <Name> -ApplicationPool <ApplicationPool> -ApplicationPoolAccount <ApplicationPoolAccount> -Url <URL> -Port <Port> -AuthenticationProvider $ap

Example

$ap = New-SPAuthenticationProvider -Name “ClaimsForms” -ASPNETMembershipProvider “membership” -ASPNETRoleProviderName “rolemanager”
$wa = New-SPWebApplication -Name “FBA Web App” -ApplicationPool “Claims App Pool” -ApplicationPoolAccount “internal\appool” -Url http://contoso.com -Port 1234 -AuthenticationProvider $ap

Note:

The value of the ApplicationPoolAccount parameter must be a managed account on the farm.

After you successfully create the new web application, modify the following Web.Config files:

To configure the Central Administration Web.Config file
To configure the Security Token Service Web.Config file
To configure the new web application Web.Config file

After you change the Web.Config files, create a SPClaimsPrincipal and a site collection, as shown in the following example:

$cp = New-SPClaimsPrincipal -Identity “membership:SiteOwner” -IdentityType FormsUser
$sp = New-SPSite http://servername:port -OwnerAlias $cp.Encode() -Template “STS#0”

For more information, see New-SPClaimsPrincipal.

Note:

Configure a forms-based authentication web application for Windows Azure autohosted apps

To support iFrame-based Windows Azure autohosted apps from a SharePoint 2013 web application that is configured for forms-based authentication, you must complete the following procedure. For more information about apps for SharePoint, see Overview of apps for SharePoint 2013.

To configure a forms-based authentication web application to support Windows Azure autohosted apps

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 Products cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

From the Windows PowerShell command prompt, type the following:

$svc = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
$svc.MembershipUserKeyType=[Microsoft.SharePoint.Administration.SPMembershipUserKeyType]::ProviderUserKey
$svc.Update()

Configure SAML-based claims authentication with AD FS in SharePoint 2013

Updated: October 16, 2012

Summary: Learn how to configure Security Assertion Markup Language (SAML)-based claims authentication using Active Directory Federation Services version 2.0 (AD FS).

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The procedures in this article describe how to configure AD FS to act as an Identity Provider Security Token Service (IP-STS) for a SharePoint 2013 web application. In this configuration, AD FS issues SAML-based security tokens consisting of claims so that client computers can access web applications that use claims-based authentication. You can use an alternative identity provider than AD FS, but it must support the WS-Federation standard.

For information about why you would use SAML-based authentication, see Plan for user authentication methods.

You can use AD FS with the Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 operating systems to build a federated identity management solution that extends distributed identification, authentication, and authorization services to web-based applications across organization and platform boundaries. By deploying AD FS, you can extend your organization‘s existing identity management capabilities to the Internet.

For a version of these procedures that are configured in a standardized test lab, see Test Lab Guide: Demonstrate SAML-based Claims Authentication with SharePoint Server 2013.
Before you begin

Before you begin this operation, you should be familiar with the concepts in the following article:
- Plan for user authentication methods
Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Process overview

This configuration has the following phases that must be performed in consecutive order:
Within each phase, the set of procedures must also be performed in consecutive order.
Phase 1: Install and configure an AD FS server

You must install and configure a server that runs AD FS 2.0. For more information, see the AD FS 2.0 Deployment Guide (http://go.microsoft.com/fwlink/p/?LinkId=191723).
Phase 2: Configure AD FS with the web application as a relying party

This phase has the following procedures:

Configure AD FS for a relying party
Configure the claim rule
Export the token signing certificate

Configure AD FS for a relying party

Use the procedure in this section to configure a relying party. The relying party defines how the AD FS recognizes the relying party application and issues claims to it.

To configure AD FS for a relying party

Verify that the user account that is performing this procedure is a member of the Administrators group on the local computer. For additional information about accounts and group memberships, see Local and Domain Default Groups
On the AD FS server, open the Active Directory Federation Services (AD FS) 2.0 Management console.
In the navigation pane, expand Trust Relationships, and then double-click the Relying Party Trusts folder.
In the right pane, click Add Relying Party Trust.

This opens the Active Directory Federation Services (AD FS) 2.0 configuration wizard.
On the Welcome to the Add Relying Party Trust Wizard page, click Start.
Select Enter data about the relying party manually, and then click next.
Type a relying party name and then click Next.
Make sure Active Directory Federation Services (AD FS) 2.0 Profile is selected, and then click Next.
Do not use an encryption certificate. Click Next.
Click to select the Enable support for the WS-Federation Passive protocol check box.
In the WS-Federation Passive protocol URL field, type the name of the web application URL, and append /_trust/ (for example, https://WebAppName/_trust/). Click Next.

Note:

The name of the URL has to use Secure Sockets Layer (SSL).

Type the name of the relying party trust identifier (for example, urn:sharepoint:WebAppName), and then click Add. Click Next. Note that this will be the realm value when you configure a new SPTrustedIdentityTokenIssuer in Phase 3.
Select Permit all users to access this relying party. Click Next.
On the Ready to Add Trust page, there is no action required, click Next.
On the Finish page, click Close. This opens the Rules Editor Management console. Use this console and the next procedure to configure the mapping of claims from your chosen directory source to SharePoint 2013.

Configure the claim rule

Use the procedure in this step to send values of a Lightweight Directory Access Protocol (LDAP) attribute as claims and specify how the attributes will map to the outgoing claim type.

To configure a claim rule

Verify that the user account that is performing this procedure is a member of the Administrators group on the local computer. For additional information about accounts and group memberships, see Local and Domain Default Groups
On the Issuance Transform Rules tab, click Add Rule.
On the Select Rule Template page, select Send LDAP Attributes as Claims. Click Next.
On the Configure Rule page, type the name of the claim rule in the Claim rule name field.
From the Attribute Store drop-down list, select Active Directory.
In the Mapping of LDAP attributes to outgoing claim types section, under LDAP Attribute, select SAM-Account-Name.
Under Outgoing Claim Type, select E-Mail Address.
Under LDAP Attribute, select User-Principal-Name.
Under Outgoing Claim Type, select UPN.
Click Finish, and then click OK.

Export the token signing certificate

Use the procedure in this section to export the token signing certificate of the AD FS server with which you want to establish a trust relationship, and then copy the certificate to a location that SharePoint 2013 can access.

To export a token signing certificate

Verify that the user account that is performing this procedure is a member of the Administrators group on the local computer. For additional information about accounts and group memberships, see Local and Domain Default Groups
On the AD FS server, open the Active Directory Federation Services (AD FS) 2.0 Management console.
In the navigation pane, expand Service, and then click the Certificates folder.
Under Token signing, click the primary token certificate as indicated in the Primary column.
In the right pane, click View Certificate link. This displays the properties of the certificate.
Click the Details tab.
Click Copy to File. This starts the Certificate Export Wizard.
On the Welcome to the Certificate Export Wizard page, click Next.
On the Export Private Key page, click No, do not export the private key, and then click Next.
On the Export File Format page, select DER encoded binary X.509 (.CER), and then click Next.
On the File to Export page, type the name and location of the file that you want to export, and then click Next. For example, enter C:\ADFS.cer.
On the Completing the Certificate Export Wizard page, click Finish.

Phase 3: Configure SharePoint 2013 to trust AD FS as an identity provider

This phase has the following procedures:

Exporting multiple parent certificates
Import a token signing certificate by using Windows PowerShell
Define a unique identifier for claims mapping by using Windows PowerShell
Create a new authentication provider

Exporting multiple parent certificates

To complete the configuration of the AD FS server, copy the .CER file to the computer that is running AD FS.

The token signing certificate may have one or more parent certificates in its chain. If it does, every certificate in that chain has to be added to the SharePoint 2013 list of trusted root authorities.

To determine whether one or more parent certificates exist, follow these steps.

Note:

These steps should be repeated until all certificates are exported up to the root authority certificate.

To export multiple parent certificates

Verify that the user account that is performing this procedure is a member of the Administrators group on the local computer. For additional information about accounts and group memberships, see Local and Domain Default Groups
Open the Active Directory Federation Services (AD FS) 2.0 Management console.
In the navigation pane, expand Service, and then click the Certificates folder.
Under Token signing, click the primary token certificate as indicated in the Primary column.
In the right pane, click View Certificate link. This displays the properties of the certificate.
Click the Certification tab. This displays any other certificate(s) in the chain.
Click the Details tab.
Click Copy to File. This starts the Certificate Export Wizard.
On the Welcome to the Certificate Export Wizard page, click Next.
On the Export Private Key page, click No, do not export the private key, and then click Next.
On the Export File Format page, select DER encoded binary X.509 (.CER), and then click Next.
On the File to Export page, type the name and location of the file that you want to export, and then click Next. For example, enter C:\adfsParent.cer.
On the Completing the Certificate Export Wizard page, click Finish.

Import a token signing certificate by using Windows PowerShell

Use this section to import the token signing certificates to the trusted root authority list that resides on the SharePoint Server. This step must be repeated for every token signing certificate in the chain until the root certification authority is reached.

To import a token signing certificate by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 Products cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

From the Windows PowerShell command prompt, import the parent certificate of the token signing certificate (that is, the root authority certificate), as shown in the following syntax:

$root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“<PathToParentCert>“)

New-SPTrustedRootAuthority -Name “Token Signing Cert Parent” -Certificate $root
From the Windows PowerShell command prompt, import the token signing certificate that was copied from the AD FS server, as shown in the following syntax:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“<PathToSigningCert>“)

New-SPTrustedRootAuthority -Name “Token Signing Cert” -Certificate $cert

For additional information about the New-SPTrustedRootAuthority cmdlet, see New-SPTrustedRootAuthority

Define a unique identifier for claims mapping by using Windows PowerShell

Use the procedure in this section to define a unique identifier for claims mapping. Typically, this information is in the form of an e-mail address and the administrator of the trusted STS will have to provide this information because only the owner of the STS knows which claim type will be always unique for each user.

To define a unique identifier for claims mapping by using Windows PowerShell

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:

In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

For Windows Server 2012:

In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.

If SharePoint 2013 Management Shell is not on the Start screen:

Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

From the Windows PowerShell command prompt, create an identity claim mapping, as shown in the following syntax:

$emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress” -IncomingClaimTypeDisplayName “EmailAddress” -SameAsIncoming
From the Windows PowerShell command prompt, create the UPN claim mapping as shown in the following syntax:

$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn” -IncomingClaimTypeDisplayName “UPN” -SameAsIncoming

For additional information about the New-SPClaimTypeMapping cmdlet, see New-SPClaimTypeMapping

Create a new authentication provider

Use the procedure in this section to create a new SPTrustedIdentityTokenIssuer.

To create a new authentication provider by using Windows PowerShell

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:

In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

For Windows Server 2012:

In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.

If SharePoint 2013 Management Shell is not on the Start screen:

Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

From the Windows PowerShell command prompt, create a new authentication provider, as shown in the following syntax.

Note:

The $realm variable defines the trusted STS that identifies a specific SharePoint farm and the $cert variable is the one that was used from the Import a token signing certificate by using Windows PowerShell section. The SignInUrl parameter is to the AD FS server.

$realm = “urn:sharepoint:<WebAppName>“

$signInURL = “https://<YourADFSServerName>/adfs/ls”

$ap = New-SPTrustedIdentityTokenIssuer -Name <ProviderName> -Description <ProviderDescription> -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $emailClaimMap,$upnClaimMap -SignInUrl $signInURL -IdentifierClaim $emailClaimmap.InputClaimType

For additional information about the New-SPTrustedIdentityTokenIssuer cmdlet, see New-SPTrustedIdentityTokenIssuer

Phase 4: Configure web applications to use claims-based authentication and AD FS as the trusted identity provider

This phase has the following procedures:

Associate an existing web application with the AD FS identity provider
Create a new web application with the AD FS identity provider

Associate an existing web application with the AD FS identity provider

To configure an existing web application to use SAML sign-in, the trusted identity provider in the claims authentication type section must be changed.

To configure an existing web application to use the AD FS identity provider

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.

In Central Administration, on the home page, click Application Management.

On the Application Management page, in the Web Applications section, click Manage web applications.

Click the appropriate web application.

From the ribbon, click Authentication Providers.

Under Zone, click the name of the zone. For example, Default.

On the Edit Authentication page in the Claims Authentication Types section, select Trusted Identity provider, and then click the name of your SAML provider (<ProviderName> from the New-SPTrustedIdentityTokenIssuer command). Click OK.

Next, you must enable SSL for this web application. You can do this by adding an alternate access mapping for the “https://“ version of the web application‘s URL and then configuring the web site in the Internet Information Services (IIS) Manager console for an https binding. For more information about how to set up SSL for IIS, see How to Setup SSL on IIS 7.0.

Create a new web application with the AD FS identity provider

When creating a new web application to use SAML sign-in, you must configure claims authentication for the AD FS trusted identity provider. See Create claims-based web applications in SharePoint 2013 and do the following:

In the Security Configuration section of the New Web Application dialog box, for Use Secure Sockets Layer (SSL), select Yes.

For information about how to set up SSL for IIS, see How to Setup SSL on IIS 7.0.
In the Claims Authentication Types section of the New Web Application dialog box, select Trusted Identity provider, and then click the name of your SAML provider (<ProviderName> from the New-SPTrustedIdentityTokenIssuer command).

Configure server-to-server authentication in SharePoint 2013

Updated: October 16, 2012

Summary: Find resources to help you configure server-to-server authentication for SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The following articles on TechNet and related resources provide information about how to configure server-to-server authentication.

TechNet articles about how to configure server-to-server authentication

The following articles about how to configure server-to-server authentication in SharePoint 2013 are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Configure server-to-server authentication between SharePoint 2013 farms	Describes the steps to configure server-to-server authentication between two SharePoint 2013 farms.
	Configure server-to-server authentication between SharePoint 2013 and Exchange Server 2013	Describes the steps to configure server-to-server authentication between SharePoint 2013 and Exchange Server 2013.
	Configure server-to-server authentication between SharePoint 2013 and Lync Server 2013	Describes the steps to configure server-to-server authentication between SharePoint 2013 and Lync Server 2013.

Configure server-to-server authentication between SharePoint 2013 farms

Published: September 4, 2012

Summary: Learn how to configure server-to-server authentication between SharePoint 2013 farms.

Applies to: SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise | SharePoint Foundation 2013

The configuration details in this article describe how to configure server-to-server authentication between SharePoint 2013 farms. For background information about server-to-server authentication, see Plan for server-to-server authentication in SharePoint 2013 Preview.

Important:

Web applications that include server-to-server authentication endpoints for incoming server-to-server requests, or that make outgoing server-to-server requests must be configured to use Secure Sockets Layer (SSL). For information about how to create a web application to use SSL, see Create claims-based web applications in SharePoint 2013.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Configure a SharePoint 2013 trust relationship with another farm

To service incoming server-to-server requests from another SharePoint 2013 farm, you must configure the SharePoint 2013 farm to trust the sending farm. Use the Windows PowerShell New-SPTrustedSecurityTokenIssuer cmdlet in SharePoint 2013 to configure the trust relationship by specifying the JavaScript Object Notation (JSON) metadata endpoint of the sending farm.

To configure a SharePoint 2013 trust relationship with another farm

Verify that you are a member of the Administrators group on the server on which you are running Windows PowerShell cmdlets.

Securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

In the SharePoint 2013 environment on the farm that is receiving server-to-server requests, start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

New-SPTrustedSecurityTokenIssuer –MetadataEndpoint “https://<HostName>/_layouts/15/metadata/json/1” –IsTrustBroker –Name “<FriendlyName>”

Where:

<HostName> is the name and port of any SSL-enabled web application of the farm that will be sending server-to-server requests.
<FriendlyName> is a friendly name for the sending SharePoint 2013 farm.

Repeat step 3 for all SharePoint 2013 farms that will be sending server-to-server requests.

Note:

For more information, see New-SPTrustedSecurityTokenIssuer.

The recommended best practice for server-to-server authentication is that each server-to-server application that establishes trust with a SharePoint farm must use a different certificate. In a cross-farm SharePoint topology, if you are required to use the same certificate across the farms, you must also set the name identifier of the SharePoint Security Token Service (STS) to be the same across those farms. The following procedure describes how to synchronize the STS name identifier across two SharePoint farms.

To synchronize the STS name identifier across SharePoint farms

Verify that you are a member of the Administrators group on the server on which you are running Windows PowerShell cmdlets.

Securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

In the SharePoint 2013 environment on one of the farms, start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

Get-SPSecurityTokenServiceConfig
In the display of the Get-SPSecurityTokenServiceConfig command, note the value of the NameIdentifier field, which starts with “00000003-0000-0ff1-ce00-000000000000@“. This is the name identifier of the SharePoint STS.
To set the name identifier of the SharePoint STS in the other SharePoint farm, use the following Windows PowerShell commands on a server in that farm:

$config = Get-SPSecurityTokenServiceConfig
$config.NameIdentifier=<CommonNameIdentifier>
$config.Update();

Where <CommonNameIdentifier> is the value of the NameIdentifier field from step 4.

Configure server-to-server authentication between SharePoint 2013 and Exchange Server 2013

Updated: October 16, 2012

Summary: Learn how to configure server-to-server authentication between SharePoint 2013 and Exchange Server 2013.

Applies to: SharePoint Server 2013 Enterprise | SharePoint Server 2013 Standard | SharePoint Foundation 2013

Server-to-server authentication enables you to share resources that live on various servers in a SharePoint farm and access services, such as Exchange Server 2013 and Lync Server 2013, which are distributed among servers. Server-to-server authentication in SharePoint 2013 also supports resource sharing and access with additional services that are compliant with the server-to-server authentication protocol.

The configuration details in this article are about how to configure server-to-server authentication between SharePoint 2013 and Exchange Server 2013.

Important:

Web applications that include server-to-server authentication endpoints for incoming server-to-server requests, or that make outgoing server-to-server requests must be configured to use Secure Sockets Layer (SSL). For information about how to create a web application to use SSL, see Create claims-based web applications in SharePoint 2013.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Process overview

This configuration has the following steps:
- Configure the SharePoint 2013 server to trust the Exchange Server 2013 server
- Configure permissions on the SharePoint 2013 server
- Configure the Exchange Server 2013 server to trust the SharePoint 2013 server
Important:

Complete the procedures in the order in which they are presented in this article.

To configure the SharePoint 2013 server to trust the Exchange Server 2013 server

Verify that you are a member of the Administrators group on the server on which you are running Windows PowerShell cmdlets.

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following commands:

New-SPTrustedSecurityTokenIssuer –MetadataEndpoint “https://<HostName>/metadata/json/1” –IsTrustBroker –Name “<FriendlyName>”

Where:

<HostName> is the name or address of the Exchange Server 2013 server.
<FriendlyName> is a friendly name for the Exchange Server 2013 server.

To configure permissions on the SharePoint 2013 server

At the Windows PowerShell command prompt, type the following commands:

$exchange=Get-SPTrustedSecurityTokenIssuer
$app=Get-SPAppPrincipal -Site http://<HostName> -NameIdentifier $exchange.NameId
$site=Get-SPSite http://<HostName>
Set-SPAppPrincipalPermission –AppPrincipal $app –Site $site.RootWeb –Scope sitesubscription –Right fullcontrol -EnableApplyOnlyPolicy

Where:
- <HostName> is the name or address of the SharePoint 2013 server.
  
  Note:
For more information, see Get-SPTrustedSecurityTokenIssuer, Get-SPAppPrincipal, and Set-SPAppPrincipalPermission.

To configure the Exchange Server 2013 server to trust the SharePoint 2013 server

Start the Exchange Management Shell.

For Windows Server 2008 R2:
- In the Exchange Server 2013 environment, on the Start menu, click All Programs, click Microsoft Exchange Server 2013, and then click Exchange Management Shell.
For Windows Server 2012:
- In the Exchange Server 2013 environment, on the Start screen, click Exchange Management Shell.
  
  If Exchange Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click Exchange Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following commands:

cd c:\’Program Files’\Microsoft\’Exchange Server’\V15\Scripts
.\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl https://<HostName>/_layouts/15/metadata/json/1 -ApplicationType SharePoint

Where:

<HostName> is the name and port of any SSL-enabled web application of the SharePoint farm.

Configure server-to-server authentication in SharePoint 2013

Configure server-to-server authentication between SharePoint 2013 and Lync Server 2013

Published: October 2, 2012

Summary: Learn how to configure server-to-server authentication between SharePoint 2013 and Lync Server 2013.

Applies to: SharePoint Server 2013 Enterprise | SharePoint Server 2013 Standard | SharePoint Foundation 2013

Server-to-server authentication enables you to share resources that live on various servers in a SharePoint farm and access services, such as Lync Server 2013 and Exchange Server 2013, which are distributed among servers. Server-to-server authentication in SharePoint 2013 also supports resource sharing and access to additional services that are compliant with the server-to-server authentication protocol. For more information about the SharePoint server-to-server authentication protocol, see OAuth 2.0 Authentication Protocol: SharePoint Profile (http://msdn.microsoft.com/en-us/library/hh631177(office.12).aspx).

The configuration details in this article explain how to configure server-to-server authentication between SharePoint 2013 and Lync Server 2013.

Important:

Web applications that include server-to-server authentication endpoints for incoming server-to-server requests, or that make outgoing server-to-server requests must be configured to use Secure Sockets Layer (SSL). For information about how to create a web application to use SSL, see Create claims-based web applications in SharePoint 2013.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Process overview

This configuration has the following steps:
- Configure the server that runs SharePoint 2013 to trust the server that runs Lync Server 2013
- Configure the server that runs Lync Server 2013 to trust the server that runs SharePoint 2013
To configure the SharePoint 2013 server to trust the Lync Server 2013 server

Verify that you are a member of the Administrators group on the server on which you are running Windows PowerShell cmdlets.

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen, right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following commands:

New-SPTrustedSecurityTokenIssuer –MetadataEndpoint “https://<HostName>/metadata/json/1″ –IsTrustBroker –Name “<FriendlyName>“

Where:

<HostName> is name or address of the server that runs Lync Server 2013.
<FriendlyName> is a friendly name for the server that runs Lync Server 2013.

To configure the Lync Server 2013 server to trust the SharePoint 2013 server

If you have not already done this, assign a server-to-server authentication certificate to Lync Server 2013. Follow the instructions in Assigning a Server-to-Server Authentication Certificate to Microsoft Lync Server 2013.
Configure the server that runs Lync Server 2013 for a new SharePoint partner application that corresponds to the SharePoint farm. For the instructions in Configuring an On-Premises Partner Application for Microsoft Lync Server 2013, change the metadata URL string in the embedded script from:

http://atl-sharepoint-001.litwareinc.com/jsonmetadata.ashx

to:
https://<NameAndPort>/_layouts/15/metadata/json/1

Where:
<NameAndPort> is the host name or address and port of any SSL-enabled web application of the SharePoint farm.

Configure app authentication in SharePoint Server 2013
Published: September 4, 2012

Summary: Learn how to configure app authentication in SharePoint Server 2013.

Applies to: SharePoint Server 2013 Enterprise | SharePoint Server 2013 Standard

When you use an app for SharePoint, an external component of the app might want to access SharePoint resources. For example, a web server that is located on the intranet or the Internet might try to access a SharePoint resource. When this occurs, SharePoint has to confirm the following:
- The authentication of the identity of the app and the user on whose behalf the app is acting.
- The authorization of the access for both the app and the user whose behalf the app is acting.
App authentication is the combination of these two confirmations.

This topic describes how to configure a SharePoint Server 2013 farm for app authentication by configuring a trust, by registering the app with the Application Management service, and by configuring app permissions.

Important:
SharePoint web applications that include app authentication endpoints for incoming requests must be configured to use Secure Sockets Layer (SSL). For information about how to configure SSL for a new web application, see Create claims-based web applications in SharePoint 2013.

Note:

This topic does not apply to SharePoint Foundation 2013.
Process overview

This configuration has the following steps that must be performed in consecutive order:

Configure the SharePoint Server 2013 app authentication trust.
Register the app with the Application Management service.
Configure app permissions.

For information about apps for SharePoint, see Overview of apps for SharePoint 2013.

Note:

Because SharePoint Server 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint Server 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Step 1. Configure the SharePoint Server 2013 app authentication trust

There are two ways to configure an app authentication trust with SharePoint Server 2013:
- If you have an Office 365 subscription and the app is also using Windows Azure Access Control Service (ACS) for authentication, you configure the SharePoint farm to trust the ACS instance that corresponds to your Office 365 subscription. ACS then acts as a common authentication broker between the on-premises SharePoint farm and the app and as the online security token service (STS). ACS generates the context tokens when the app requests access to a SharePoint resource.
  
  In this case, configure SharePoint Server 2013 to trust ACS.
- If you do not have an Office 365 subscription or if the app does not use ACS for authentication, you must configure a server-to-server trust relationship between the SharePoint farm and the app, known as a high-trust app. A high-trust app generates its own context tokens when it requests access to a SharePoint resource. This must be done for each high-trust app that a SharePoint farm must trust. For example, if multiple apps are running on one server and if they all use different token signing certificates, you must create a separate trust with each one.
  
  In this case, configure SharePoint Server 2013 to trust the app.
  - Configure SharePoint Server 2013 to trust ACS
Use the following procedure to configure SharePoint Server 2013 to trust ACS.

To configure a SharePoint Server 2013 trust relationship with ACS

Verify that you are a member of the Administrators group on the server on which you are running Windows PowerShell cmdlets.

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- In the SharePoint 2013 environment, on the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- In the SharePoint 2013 environment, on the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

$New-SPTrustedSecurityTokenIssuer –MetadataEndpoint “<Metadata endpoint URL of ACS>” –IsTrustBroker –Name “ACS”

Where:

<Metadata endpoint URL of ACS> for SharePoint Server 2013 is https://accounts.accesscontrol.windows.net/metadata/json/1/?realm=<contextID property of your Office 365 subscription>.

Keep the Windows PowerShell command prompt open for the Step 2. Register the app with the Application Management service.

Configure SharePoint Server 2013 to trust the app

Use the following procedure to configure SharePoint Server 2013 to trust the app.

To configure a SharePoint Server 2013 trust relationship with a high-trust app

Verify that you are a member of the Administrators group on the server on which you are running Windows PowerShell cmdlets.

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server 2013 cmdlets.

Note:

In Central Administration on the SharePoint Server 2013 server in the farm, on the Quick Launch, click System Settings, and then click Manage services on server.
In the list of services on the server, make sure that that User Profile Service is started.
In Central Administration, on the Quick Launch, click Application Management, and then click Manage service applications.
In the list of service applications, make sure that that the App Management Service and User Profile Service Application are started.
Obtain a .CER version of the signing certificate of the high-trust app and store it in a location that can be accessed during the rest of this procedure.
Verify that you are a member of the Administrators group on the server on which you are running Windows PowerShell cmdlets.

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server 2013 cmdlets.

Note:

Click Start menu, click All Programs, click SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following commands:

$appId = “<AppID>“

$spweb = Get-SPWeb “<AppURL>“

$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site

$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“<CERFilePath>“)

$fullAppIdentifier = $appId + ‘@’ + $realm

New-SPTrustedSecurityTokenIssuer -Name “<FriendlyName>” -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier

Where:

<AppID> is the client ID assigned to the high-trust app when it was created.

Important:

All of the letters in the AppID must be in lowercase.

<AppURL> is the URL to the high-trust app‘s location on the app server.
<CERFilePath> is the path of the .CER version of the signing certificate of the high-trust app.
<FriendlyName> is a friendly name that identifies the app.

Keep the Windows PowerShell command prompt open for the next procedure.

Step 2. Register the app with the Application Management service

Use the following procedure to register the app with the Application Management service.

To register the app as a SharePoint app principal

At the Windows PowerShell command prompt, type the following command:

$appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName “<DisplayName>”

Where:

<DisplayName> is the name of the app as displayed in Central Administration.

Keep the Windows PowerShell command prompt open for the next procedure.

Step 3. Configure app permissions

Use the following Windows PowerShell command to add or change individual app permissions. Repeat this procedure for as many times as needed to configure the permissions of the app.

To configure app permissions

At the Windows PowerShell command prompt, type the following command:

Set-AppPrincipalPermission -appPrincipal $appPrincipal -site $web -right <Level> -scope <Scope>

Where:

<Level> is Read, Write, Manage, or FullControl.

<Scope> is Farm, Site collection, SharePoint Online, Web, Documents, List, or Library.

For more information, see Set-SPAppPrincipalPermission

For more information, see Plan app permissions management in SharePoint 2013.
Configure client certificate authentication for SharePoint 2013

Published: September 25, 2012

Summary: Learn how to configure SharePoint 2013 to support user authentication using a client certificate.

Applies to: SharePoint Server 2013 Enterprise | SharePoint Server 2013 Standard | SharePoint Foundation 2013

Client certificate authentication enables web-based clients to establish their identity to a server by using a digital certificate, which provides additional security for user authentication. SharePoint 2013 does not provide built-in support for client certificate authentication, but client certificate authentication is available through Security Assertion Markup Language (SAML)-based claims authentication. You can use Active Directory Federation Services (AD FS) 2.0 as your security token service (STS) for SAML claims or any third-party identity management system that supports standard security protocols such as WS-Trust, WS-Federation, and SAML 1.1.

Note:

For more information about SharePoint 2013 protocol requirements, see SharePoint Front-End Protocols.

Claims-based authentication in SharePoint 2013 allows you to use different STSs. If you configure AD FS as your STS, SharePoint 2013 can support any identity provider or authentication method that AD FS supports, which includes client certificate authentication.

Note:

For more information about AD FS, see Active Directory Federation Services Overview.

In the following figure, SharePoint 2013 is configured as a relying partner for an AD FS-based STS.

AD FS can authenticate user accounts for several different types of authentication methods, such as forms-based authentication, Active Directory Domain Services (AD DS), client certificates, and smart cards. When you configure SharePoint 2013 as a relying partner of AD FS, SharePoint 2013 trusts the accounts that AD FS validates and the authentication methods that AD FS uses to validate those accounts. This is how SharePoint 2013 supports client certificate authentication.
Configure client certificate authentication

The following topics explain how to configure SharePoint 2013 with client certificate authentication or smart card authentication when you use AD FS as your STS:

Configure AD FS to support claims-based authentication.

For more information, see AD FS 2.0 – How to change the local authentication type (http://go.microsoft.com/fwlink/p/?LinkId=212513).
Configure SharePoint 2013 to support SAML-based claims authentication using AD FS.

For more information, see Configure SAML-based claims authentication with AD FS in SharePoint 2013.
Create a web application that uses SAML-based claims authentication.

For more information, see Create claims-based web applications in SharePoint 2013.

Note:

These steps will be similar for a third-party STS.

Configure availability and recovery solutions for SharePoint 2013

Published: October 16, 2012

Summary: Learn about the options for providing high availability and disaster recovery solutions for SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The following downloadable resources, articles on TechNet, video recordings, and related resources provide information about installing and configuring high availability and disaster recovery solutions for a SharePoint 2013 farm.

The articles in this section assume that you are familiar with the concepts and terms presented in High availability and disaster recovery concepts in SharePoint 2013 and Plan for high availability and disaster recovery for SharePoint 2013.

TechNet articles about installing and configuring high availability and disaster recovery solutions

The following articles about high availability and disaster recovery solutions are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Configure SQL Server 2012 AlwaysOn Availability Groups for SharePoint 2013	Describes how to install and configure a SQL Server 2012 AlwaysOn Availability Group for a SharePoint farm.

Configure SQL Server 2012 AlwaysOn Availability Groups for SharePoint 2013

Published: October 16, 2012

Summary: Learn how to create and configure a SQL Server 2012 AlwaysOn Availability Group for a SharePoint 2013 farm.

Applies to: SharePoint Server 2013 | SharePoint Server 2013 Enterprise

This article provides the required information and detailed procedures to create and configure a SQL Server 2012 AlwaysOn Availability Group for a SharePoint 2013 farm.

Important:

The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server 2013. With both of these products these steps are to deploy a new SharePoint farm and do not cover upgrading from SQL Server 2008 R2 to SQL Server 2012.

In this article:
Process overview

We recommend the following installation sequence and key configuration steps to deploy a SharePoint farm that uses an AlwaysOn availability group:
- Select or create a Windows Server failover cluster.
- Install SQL Server 2012 on each cluster node.
- Create and configure an availability group.
- Install and configure SharePoint 2013.
- Add the SharePoint databases to the availability group.
- Test failover for the availability group.
Before you begin

A SQL Server 2012 AlwaysOn Availability Group is not just a combination of database mirroring and database clustering. It is a completely new high availability and disaster recovery feature that co-exists with existing high availability and disaster recover options such as mirroring and log shipping.

Before you begin deployment, review the following information about SQL Server AlwaysOn, the technologies that support AlwaysOn, and SharePoint 2013:
- Knowledge and skill requirements
- AlwaysOn Availability Group concepts
- Hardware and software requirements
- Permissions
Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
- Plan browser support
- Accessibility for SharePoint Products
- Accessibility features in SharePoint 2013 Products
- Keyboard shortcuts
- Touch
- Knowledge and skill requirements
To implement SQL Server AlwaysOn Availability Groups as a high availability and disaster recovery solution, several technologies interact and have to be installed and configured correctly. We recommend that the team responsible for setting up an AlwaysOn environment for SharePoint products has a working knowledge of, and hands-on skills with the following technologies:
- Windows Server Failover Clustering (WSFC) services
- SQL Server 2012
- SharePoint 2013
  - SQL Server AlwaysOn Availability Group concepts
A SQL Server Availability Group enables you to specify a set of databases that you want to fail over together as a single entity. When an availability group fails over to a target instance or target server, all the databases in the group fail over also. Because SQL Server 2012 can host multiple availability groups on a single server, you can configure AlwaysOn to fail over to SQL Server instances on different servers. This reduces the need to have idle high performance standby servers to handle the full load of the primary server, which is one of the many benefits of using availability groups.

An availability group consists of the following components:
- Replicas, which are a discrete set of user databases called availability databases that fail over together as a single unit. Every availability group supports one primary replica and up to four secondary replicas.
- A specific instance of SQL Server to host each replica and to maintain a local copy of each database that belongs to the availability group.
Replicas and failover

The primary replica makes the availability databases available for read-write connections from clients and sends transaction log records for each primary database to every secondary replica. Each secondary replica applies transaction log records to its secondary databases.

All replicas can run under asynchronous-commit mode, or up to three of them can run under synchronous-commit mode. For more information about synchronous and asynchronous commit mode, see Availability Modes (AlwaysOn Availability Groups).

Note:

Database issues, such as a database becoming suspect due to a loss of a data file, deletion of a database, or corruption of a transaction log do not cause failovers.

Read the following articles to learn required and important concepts about SQL Server AlwaysOn technology:
- For details about the benefits of AlwaysOn Availability Groups and an overview of AlwaysOn Availability Groups terminology, see AlwaysOn Availability Groups (SQL Server).
- For detailed information about prerequisites, see Prerequisites, Restrictions, and Recommendations for AlwaysOn Availability Groups (SQL Server). This article contains the following information:
  - Windows Server system requirements and recommendations
  - SQL Server instance prerequisites and restrictions
    
    Important:
  You can install SQL Server 2012 on Windows Server core to improve security and reduce maintenance, but you cannot install SharePoint 2013 on Windows Server core. For more information, see Server Core for Windows Server 2008 R2 [Server Core for Windows Server 2008 R2. For information about server core and Windows Server 2012, see Windows Server Installation Options.
  - Prerequisites and restrictions for using a SQL Server Failover Cluster Instance (FCI) to host an availability replica
- Availability group prerequisites and restrictions
- Availability database prerequisites and restrictions
  - Windows Server Failover Clustering
To create and use SQL Server 2012 AlwaysOn Availability Groups, you have to install SQL Server 2012 on a Windows Server Failover Clustering (WSFC) cluster. For more information, see Windows Server Failover Clustering (WSFC) with SQL Server.

Although configuring a WSFC cluster is out of the scope for this article, you should be aware of the following requirements before you install and configure a cluster:
- All the cluster nodes must be in the same Active Directory Domain Services (AD DS) domain.
- Each availability replica in an availability group must reside on a different node of the same Windows Server Failover Clustering (WSFC) cluster.
- The cluster creator must have the following accounts and permissions:
  - Have a domain account in the domain where the cluster will exist.
  - Have local administrator permissions on each cluster node.
  - Have Create Computer objects and Read All Properties permissions in AD DS. For more information, see Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory or Active Directory Domain Services for Windows Server 2012.
A very important aspect of configuring failover clustering and AlwaysOn is determining the quorum votes that are needed for the cluster nodes.

Failover clustering is based on a voting algorithm where more than one half of the voters, or quorum, must be online and able to communicate with each other. Because a given cluster has a specific number of nodes and a specific quorum configuration, the cluster service is able to determine what constitutes a quorum. The cluster service will stop on all the nodes if the number of voters drops below the required majority.

For more information, see WSFC Quorum Modes and Voting Configuration (SQL Server) and Configure Cluster Quorum NodeWeight Settings.
- SharePoint Foundation 2013 and SharePoint Server 2013
Some SharePoint 2013 databases do not support SQL Server AlwaysOn Availability Groups. We recommend that you review the Supported high availability and disaster recovery options for SharePoint databases before you configure an AlwaysOn environment. You should also review the Hardware and software requirements for SharePoint 2013 article.
Detailed steps to configure an AlwaysOn Availability Group for SharePoint
The following illustration shows a SharePoint 2013 farm (SPHA_farm) that uses an availability group named SP_AG1. We’ll use SPHA_farm as reference example in our steps to configure AlwaysOn.
- Prepare the Windows Server cluster environment
Obtain access to or create a three node Windows Server Failover Clustering (WSFC) cluster that you can use to install SQL Server 2012 on each cluster node. The following reference material provides guidance and detailed steps to configure a Windows Server failover cluster:
- Failover Clusters in Windows Server 2008 R2.
  
  This page provides links to Getting Started, Deployment, Operations, and Troubleshooting articles for Windows Server 2008 R2.
- Failover Clustering Overview.
  
  This page provides links to Getting Started, Deployment, Operations, and Troubleshooting articles for Windows Server 2012.
  - Prepare the SQL Server environment
Before you can create an Availability Group for SharePoint Foundation 2013 or SharePoint Server 2013, you must prepare the SQL Server 2012 environment. To prepare the environment, complete the following tasks:
- Install the SQL Server prerequisites.
- Install SQL Server.
- Enable Named Pipes.
- Enable AlwaysOn.
When you prepare the database server environment you must consider SharePoint 2013 database requirements. Refer to the following articles before you install SQL Server:
- Hardware requirements—database servers
- Install SharePoint 2013
- Configure SQL Server security for SharePoint 2013 environments
- Supportability regarding SQL collation for SharePoint Databases and TempDB. (This guidance in this article also applies to SharePoint 2013.)
  - Install SQL Server 2012
To install SQL Server 2012

Install SQL Server 2012 prerequisites on each cluster node.

For more information, see Prerequisites, Restrictions, and Recommendations for AlwaysOn Availability Groups (SQL Server).
Install SQL Server on each cluster node.

For more information, see Installation for SQL Server 2012.

Enable Named Pipes

Named Pipes is required for an AlwaysOn Availability Group. Use the following procedure to enable Named Pipes for SQL Server.

To enable Named Pipes

Make sure that the logon has the required credentials. To change a network configuration for the database engine, you must be a member of the sysadmin fixed server role.
Log on to the server that will host the primary replica and start SQL Server Management Studio.
Expand SQL Server Network Configuration and then click Protocols for<instance name>.
In the details pane, right-click Named Pipes and then click Enable from the list of available options.
In the console pane, click SQL Server Services.
In the details pane, right-click SQL Server ( <instance name> ) and then click Restart, to stop and restart SQL Server.
Repeat the previous steps to enable Named Pipes for SQL Server on the other cluster nodes.

Enable AlwaysOn

After you enable Named Pipes, you must enable AlwaysOn for each of the database servers in the cluster.

Note:

You can enable AlwaysOn by using SQL Server Management Studio, Transact-SQL, or Windows PowerShell 3.0.

To enable AlwaysOn

Make sure that your logon account has the required permissions to create an availability group. The account must have membership in the db_owner fixed database role and either CREATE AVAILABILITY GROUP server permission, CONTROL AVAILABILITY GROUP permission, ALTER ANY AVAILABILITY GROUP permission, or CONTROL SERVER permission.
Log on to the server that will host the primary replica and start SQL Server Management Studio.
In Object Explorer, select SQL Server Services, right-click SQL Server (<instance name>), where <instance name> is the name of a local server instance for which you want to enable AlwaysOn Availability Groups, and then click Properties.
Select the AlwaysOn High Availability tab.
Select the Enable AlwaysOn Availability Groups check box, and then click OK.
Although the change is saved you must manually restart the SQL Server service (MSSQLSERVER) to commit the change. The manual restart enables you to choose a restart time that is best for your business requirements.
Repeat the previous steps to enable AlwaysOn for SQL Server on the other cluster nodes.

For more information, see Enable and Disable AlwaysOn Availability Groups (SQL Server).

Create and configure the availability group

Depending on the SQL Server 2012 environment where you plan to create the Availability Group, you might have to create a temporary database to before you create the Availability Group.

The process that creates an availability group requires you to provide a name for the availability group and then select an eligible user database on the connected server instance as an availability database.

Note:

To be eligible to be added to an availability group, a database must be a user database. System databases cannot belong to an availability group. For more information, see the “Availability Database Prerequisites and Restrictions” section of Prerequisites, Restrictions, and Recommendations for AlwaysOn Availability Groups (SQL Server) and see Creation and Configuration of Availability Groups (SQL Server).

If there no user databases are on the instance of the connected server, which is the case in our example, you need to create one.

Use the following procedure to create a temporary user database that will be a temporary primary replica for the group.

To create a temporary user database

Make sure that your logon account has the correct permissions for this task. You require one of the following permissions in the master database to create the new database:

CREATE DATABASE
CREATE ANY DATABASE
ALTER ANY DATABASE

Log on to the server that will host the primary replica, which is SP-SRV1 in our example.
Start Management Studio.
In Object Explorer, right-click Databases and then click New Database.
In the New Database dialog box, type the Database name:, which is “TemporaryUserDB” for this example.

Because this is a temporary database that you delete after you create the availability group, you can use the default settings. Click OK.

Because the New Availability Group Wizard will not create an availability group unless the user database was backed up, you have to back up the temporary database.
In Object Explorer expand Databases and right-click the temporary database that you just created. Pick Tasks and then choose Back Up.
In the Back Up Database dialog box, click OK to accept all the default settings and create the back up.

About replicas and data synchronization

About replicas

Every availability replica is assigned an initial role—either the primary role or the secondary role, which the availability databases of that replica inherit. The role of a given replica determines whether it hosts read-write databases or read-only databases, the type of failover and whether it uses synchronous commit or asynchronous commit.

The following table shows the information that you have to provide for each replica, either when you first create the availability group, or when you add secondary replicas.

Replica configuration requirements

Replica information	Description
Server Instance	Displays the name of the instance of the server that will host the availability replica.
Initial Role	Indicates the role that the new replica will first perform: Primary or Secondary.
Automatic Failover (Up to 2)	Indicates the type of failover that the replica uses: automatic or manual.
Synchronous Commit (Up to 3)	Indicates the type of commit that is used for the replica.
Readable Secondary	Indicates whether a secondary replica can be read. The configuration options are unavailable for read access, read-only, and read-only intent. For more information, see Readable Secondary Replicas (AlwaysOn Availability Groups). Important: Readable secondary replicas are currently not supported for SharePoint 2013 runtime usage.

Note:

When you add replicas to a group, you will also provide the endpoint for each replica and configure backup preferences. For more information, see Specify the Endpoint URL When Adding or Modifying an Availability Replica (SQL Server) and Backup on Secondary Replicas (AlwaysOn Availability Groups).

Data synchronization

As part of the availability group creation process, you have to make an exact copy of the data on the primary replica and install the copy on the secondary replica. This is the initial data synchronization for the Availability Group. For more information, see Select Initial Data Synchronization Page (AlwaysOn Availability Group Wizards).

A network share must exist and must be accessed by all the nodes in the AlwaysOn configuration to do the initial data synchronization between all the cluster nodes that host a replica. For more information, see Network Shares Extension and File Services.

The following restrictions exist when you use the New Availability Group wizard to start data synchronization:

If the file paths on the secondary replica location differ from the file paths on the primary location, you have to start data synchronization manually.
If any secondary database exists on a secondary replica, you have to manually delete the secondary databases before you start data synchronization in the New Availability Group. However, if you want to use existing secondary databases, exit the New Availability Group wizard and start data synchronization manually.
To use the availability group wizard to synchronize data, you have to have a backup share that all the replicas can write to. You can specify the share by browsing to it or by entering its fully qualified universal naming convention (UNC) path name, \\Systemname\ShareName\Path\, in the Specify a shared network location accessible by all replicas box.

For each database in the availability group, the Start Data Synchronization page shows the progress of the following operations:

Creating a full database backup of the primary database on the network share.
Creating a full database backup of the primary database on the network share.
Restoring these backups to the secondary replica location.

These restore operations both use RESTORE WITH NORECOVERY option and leave the new secondary database in the RESTORING state.
Joining the secondary database to the availability group.

This step puts the secondary database in the ONLINE state and starts data synchronization for this database.

Login replication

SharePoint logins that are created by using the same approach as in previous releases of SQL Server are not replicated in an availability group. This occurs because login information is stored in the MasterDB database, which is not replicated. Although the farm accounts are created when replicas are synchronized, login information is not available after a failover.

If you have already created an availability group and synchronized the primary and secondary replicas, the workaround is to manually copy the logins from the primary replica to the secondary replicas.

SQL Server 2012 introduces the concept of Users with Passwords for Contained Databases. The database itself stores all the database metadata and user information, and a user who is defined in this database does not have to have a corresponding login. The information in this database is replicated by the availability group and is available after a failover. For more information, see Contained Databases.

Important:

If you create a new SharePoint login to use for an existing availability group, make sure to add the login to the contained database so it is replicated to each server that is hosting a SQL Server instance for the availability group. For example, if you create another application pool for a Web App and give it a new identity (an application pool account that you have not used), then you need to add that account as a login.

Create and configure the availability group

Use the following procedure to create an availability group on the primary replica, which is SP-SRV1 in our example.

Create the availability group

Make sure that your logon account has the required permissions to create an availability group. This requires membership in the db_owner fixed database role and either CREATE AVAILABILITY GROUP server permission, CONTROL AVAILABILITY GROUP permission, ALTER ANY AVAILABILITY GROUP permission, or CONTROL SERVER permission.
Log on to the server that will host the primary replica and start SQL Server Management Studio.
To start the New Availability Group Wizard, right-click AlwaysOn High Availability and then click New Availability Group Wizard.
Click Next to advance to the Specify Name page. Enter SP-AG1 as the name of the new availability group in the Availability group name: box.

This name must be: a valid SQL Server identifier, unique on the Windows Server Failover Clustering cluster and unique on the domain.
On the Select Databases page, all user databases that are eligible to become the primary database for the new availability group are listed on the User databases on this instance of SQL Server grid. Select TemporaryUserDB, and then click Next.
On the Specify Replicas page, use the following tabs to configure the replicas for SP-AG1: Replicas, Endpoints, and Backup Preferences.
On the Listener tab, configure an availability group listener for our example.

An availability group listener is a server name to which clients can connect r to access a database in a primary or secondary replica of an availability group. Availability group listeners direct incoming connections to the primary replica or to a read-only secondary replica. The listener provides fast application failover after an availability group fails over. For more information, see Availability Group Listeners, Client Connectivity, and Application Failover (SQL Server).

Important:

Intermittent, unusually high latency might occur when you use availability groups that have replicas that are deployed on multiple subnets.

As a best practice, connections to SharePoint availability groups in a multi-subnet environment should configure specifyMultiSubnetFailover=True to avoid issues caused by high network latency. For more information, see Supporting Availability Group Multi-Subnet Failovers.

You cannot directly specify MultiSubnetFailover=True because a SharePoint client cannot directly modify a connection string. You must use Windows PowerShell to set this value on the MultiSubnetFailover database property. The following example shows how to do this.

$dbs = Get-SPDatabase | ?{$_.MultiSubnetFailover –ne $true}
foreach ($db in $dbs)
{
$db.MultiSubnetFailover = $true
$db.Update()
}

Select the desired configuration for each instance in the Selected instances grid, and then click Next.
Click Finish to create the availability group.
The Select Initial Data Synchronization page lets you select a synchronization preference and specify the shared network location that all replicas can access. For our environment accept the default, Full, which performs full database and log backups. Click Next.
The Validation page of the wizard displays the results of six checks before it lets you continue with availability group creation. If all checks pass, click Next to continue. If any tests fail, you cannot continue until you correct the error and then click Re-run Validation to run the validation tests again. When all the tests pass, click Next to continue.
On the Summary page, verify the configuration of the replica that you are adding and then click Finish to save it. To change the configuration, click Previous to return to previous wizard pages.

Install and configure SharePoint 2013

At this point in the process, you can install SharePoint 2013 and create the farm. Use the following procedure as a guide to install and configure SharePoint 2013.

Note:

For detailed installation and configuration instructions, see Prepare for installation of SharePoint 2013 and Install SharePoint 2013.

To install SharePoint 2013

Copy the SharePoint 2013 program files to a local disk on the computer where you plan to install SharePoint products or to a network file share.
Run the Microsoft SharePoint Products Preparation Tool to install all the prerequisites to set up and use SharePoint 2013.
Run Setup to install binaries, configure security permissions, and edit registry settings for SharePoint 2013.
Run the SharePoint Products Configuration Wizard to install and configure the configuration database, install and configure the content database, and install the SharePoint Central Administration website.

Note:

When you run the configuration wizard, you have to identify the server that will host the SharePoint databases. On the Specify Configuration Database Settings page, in the Database server box, type SP-SRV1 as the name of the computer that is running SQL Server.

Add SharePoint databases to the availability group

To finalize setup of AlwaysOn for a SharePoint 2013 farm, add the SharePoint databases to the availability group and synchronize secondary replicas to the primary replica.

Important:

Only add the databases that are supported for use with a SQL Server AlwaysOn Availability Group.

On the server that hosts the primary replica, you have to run the Add Databases to Availability Group wizard to add all the SharePoint databases to the availability group. The following procedure is the same as the procedure that we described to create the availability group.

To add SharePoint databases to the availability group

Log on to the server that will host the primary replica and start SQL Server Management Studio.

The account that that you use must be a member of the Local Administrators group for each server where you install SharePoint 2013

In addition, the account must have at least one of the following permissions:

ALTER AVAILABILITY GROUP permission on the availability group
CONTROL AVAILABILITY GROUP permission
ALTER ANY AVAILABILITY GROUP permission
CONTROL SERVER permission

To join a database to availability group requires membership in the db_owner fixed database role.

In Object Explorer, browse to, and if it is necessary expand the Availability Groups.
Right-click the example group, SP-AG1, and then click Add Database.
On the Select Databases page, all user databases that are eligible to become the primary database for the new availability group are listed on the User databases on this instance of SQL Server grid. Use the checkboxes to select all the databases that you want to add to the group, and then click Next.
The Select Initial Data Synchronization page lets you select a synchronization preference and specify the shared network location that all replicas can access. For our environment we’ll accept the default, Full, which performs full database and log backups. Click Next.
The Validation page of the wizard displays the results of six checks before it lets you continue with availability group creation. If any tests fail, you cannot continue until you correct the error and then click Re-run Validation to run the validation tests again. When all the tests pass, click Next to continue.
On the Summary page, verify the configuration of the replica that you are adding, and then click Finish to keep it. To change the configuration, click Previous to return to previous wizard pages.

Important:

Databases that you add to a SharePoint farm are not automatically added to the availability group. You must add them by using the steps described in this article or by using scripts to automate the procedure.

Use failover tests to validate the AlwaysOn installation
After you synchronize the SharePoint data with the secondary replicas, the final step is to test failover.

You must run extensive failover tests to make sure that the behavior of the AlwaysOn environment is as expected and that you completely understand the configuration requirements and procedures related to SQL Server 2012Availability Groups. These tests include and are not limited to the following:
- Verify that all the farm services and features are completely functional.
- Verify that SharePoint 2013 data is preserved and not corrupted.
Test availability group failover by using either the planned manual failover described in Perform a Planned Manual Failover of an Availability Group (SQL Server) or the forced manual failover described in Perform a Forced Manual Failover of an Availability Group (SQL Server).

You can perform either of the previous failovers by using the Failover Wizard in SQL Server Management Studio, Transact-SQL, or Windows PowerShell in SQL Server 2012.

Note:

In an Active-Active failover cluster scenario where there are multiple SharePoint instances can fail over to each other you must ensure that each server has enough capacity to handle the local workload and the workload from the failed server.
Monitor the AlwaysOn environment

You have to monitor an AlwaysOn environment for performance, health, and capacity.

Performance

New performance objects, SQLServer:Database Replica and SQLServer:Availability Replica, are available to monitor an AlwaysOn environment.

Health and capacity

For general health monitoring you can use the Availability Groups Dashboard to obtain the health of the availability groups in the system. We recommend that you refer to the following posts on the official SQL Server AlwaysOn team blog to fully understand AlwaysOn health monitoring.
- The AlwaysOn Health Model Part 1 — Health Model Architecture
- The AlwaysOn Health Model Part 2 — Extending the Health Model
You can also use Transact-SQL to monitor availability groups by using the set of catalog and dynamic management views that are provided for AlwaysOn Availability Groups. For more information, see Monitor Availability Groups (Transact-SQL).
Configure email integration for a SharePoint 2013 farm

Published: July 16, 2012

Summary: Use these TechNet articles to learn how to configure incoming and outgoing email for a SharePoint 2013 farm.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The following articles on TechNet provide information about email integration. After you install SharePoint 2013, you can configure incoming and outgoing email. These optional settings are useful if you want to work with email in the server farm.

TechNet articles about email integration

The following articles about email integration are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Configure incoming email for a SharePoint 2013 farm	This article describes how to configure incoming email so that SharePoint 2013 sites accept and archive incoming email. It also describes how to configure incoming email so that SharePoint sites can archive email discussions as they happen, save attachments, and show meetings that were sent and received by email on site calendars. In addition, this article describes how to configure the SharePoint Directory Management Service to provide support for email distribution list creation and management.
	Configure outgoing email for a SharePoint 2013 farm	This article describes how to configure outgoing email so that your Simple Mail Transfer Protocol (SMTP) server sends email alerts to site users and notifications to site administrators.

Configure incoming email for a SharePoint 2013 farm

Published: July 16, 2012

Summary: Learn how to install and configure the SMTP service, prepare your environment, and configure incoming email for a SharePoint 2013 farm.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

This article describes how to configure incoming email for SharePoint 2013. This article also describes how to install and configure the SMTP service that you must use to enable incoming email.

When incoming email is enabled, SharePoint sites can receive and store email messages and attachments in lists and libraries. This article describes two scenarios, one basic and one advanced. The basic scenario applies to a single-server farm environment and is recommended if you want to use default settings. The advanced scenario applies to a single-server farm or a multiple-server farm and contains several advanced options from which to choose. For more information, see Plan incoming email (SharePoint 2013 Preview).

In this article:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Before you begin this operation, review the following information about prerequisites:
- Your system is running SharePoint 2013.
- You have read Plan incoming email (SharePoint 2013 Preview).
- For the basic scenario, each SharePoint front-end web server must be running the Simple Mail Transfer Protocol (SMTP) service and the SharePoint Foundation Web Application service.
- For the advanced scenario, you can use one or more servers in the server farm to run the SMTP service and to have a valid SMTP server address. Alternatively, you must know the name of a server outside the farm that is running the SMTP service and the location of the email drop folder.
If you have not installed and configured the SMTP service and do not choose to use an email drop folder, you must complete the steps in Install and configure the SMTP service before you configure incoming email.
Install and configure the SMTP service

Incoming email for SharePoint 2013 uses the SMTP service. You can use the SMTP service in one of two ways. You can install the SMTP service on one or more servers in the farm, or administrators can provide an email drop folder for email that is forwarded from the service on another server. For more information about the email drop folder option, see Plan incoming email (SharePoint 2013 Preview).
- Install the SMTP service
If you are not using a drop folder for email, the SMTP service must be installed on every front-end web server in the farm that you want to configure for incoming email. To install the SMTP service, use the Add Features Wizard in Server Manager. After you complete the procedure, the SMTP service is installed on the front-end web server.

To install the SMTP service

Verify that the user account that is performing this procedure is a member of the Administrators group on the front-end web server.
Click Start, point to Administrative Tools, and then click Server Manager.
In Server Manager, click Features.
In Features Summary, click Add Features to open the Add Features Wizard.
On the Select Features page, select SMTP Server.
In the Add Features Wizard dialog box, click Add Required Roll Services, and then click Next.
On the Confirm Installation Selections page, click Install.
On the Installation Results page, ensure that the installation finished successfully, and then click Close.

Install IIS 6.0 Management tools

To manage the SMTP service on Windows Server 2008 and Windows Server 2008 R2, you must use Internet Information Services (IIS) 6.0 Manager.

To install IIS 6.0 Manager

Verify that you have the following administrative credentials:

You must be a member of the Administrators group on the front-end web server.

Click Start, point to Administrative Tools, and then click Server Manager.
In Server Manager, click Roles.
In Application Server section, click Add Role Services.
On the Select Role Services page, select Management Tools and IIS 6 Management compatibility, and then click Install.

Configure the SMTP service

After you install the SMTP service, you configure it to accept email from the mail server for the domain. You can decide to accept relayed email from all servers except those that you specifically exclude. Alternatively, you can block email from all servers except those that you specifically include. You can include servers individually, in groups by subnet, or in groups by domain.

After you configure the service, set it to start automatically.

To configure the SMTP service

Verify that the user account that is performing this procedure is a member of the Administrators group on the front-end web server.
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) 6.0 Manager.
In IIS Manager, expand the server name that contains the SMTP server that you want to configure.
Right-click the SMTP virtual server that you want to configure, and then click Start.
Right-click the SMTP virtual server that you want to configure, and then click Properties.
On the Access tab, in the Access control area, click Authentication.
In the Authentication dialog box, verify that Anonymous access is selected.
Click OK.
On the Access tab, in the Relay restrictions area, click Relay.
To enable relaying from any server, click All except the list below.
To accept relaying from one or more specific servers, follow these steps:
1. Click Only the list below.
2. Click Add, and then add servers one at a time by IP address, or in groups by using a subnet or domain.
3. Click OK to close the Computer dialog box.
Click OK to close the Relay Restrictions dialog box.
Click OK to close the Properties dialog box.

To set the SMTP service to start automatically

Click Start, point to Administrative Tools, and then click Services.
In Services, right-click Simple Mail Transfer Protocol (SMTP), and then select Properties.
In the Simple Mail Transfer Protocol (SMTP) Properties dialog box, on the General tab, in the Startup type list, select Automatic.
Click OK.

Configure incoming email in a basic scenario

You can use the following procedure to configure incoming email in a basic scenario by selecting the Automatic settings mode and using the default settings. After you complete the procedure, users can send email to lists and libraries.

To configure incoming email in a basic scenario

Verify that the user account that is performing this procedure is a member of the Administrators group on the server that is running the SharePoint Central Administration website.
In Central Administration, click System Settings.
On the System Settings page, in the E-Mail and Text Messages (SMS) section, click Configure incoming e-mail settings.
If you want to enable sites on this server to receive email, on the Configure Incoming E-Mail Settings page, in the Enable Incoming E-Mail section, click Yes.
Select the Automatic settings mode.
In the Incoming E-Mail Server Display Address section, in the E-mail server display address box, type a display name for the email server, for example, mail.fabrikam.com.
Use the default settings for all other sections, and then click OK.

After you configure incoming email, users who have Manage Lists permissions can configure email–enabled lists and document libraries.

Configure incoming email in an advanced scenario

You can use the following procedure to configure incoming email in an advanced scenario by selecting the Advanced settings mode and additional options that you want to use for your incoming email environment. After you complete the procedure, users can send email to lists and libraries.

You can also use the Automatic settings mode in an advanced scenario. In the Automatic settings mode, you can select to receive email that has been routed through a safe-email server application. In the Advanced settings mode, you can instead specify a drop folder. For more information, see Plan incoming email (SharePoint 2013 Preview).

Several of these steps mention prerequisite procedures that are documented in Prepare your environment for incoming email in an advanced scenario later in this article.

To configure incoming email in an advanced scenario

Verify that the user account that is performing this procedure is a member of the Administrators group on the server that is running the SharePoint Central Administration website.
In Central Administration, click System Settings.
On the System Settings page, in the E-Mail and Text Messages (SMS) section, click Configure incoming e-mail settings.
If you want to enable sites on this server to receive email, on the Configure Incoming E-mail Settings page, in the Enable Incoming E-Mail section, click Yes.
Select the Advanced settings mode.

You can specify a drop folder instead of using an SMTP server.

Note:

You can also select the Automatic settings mode and select whether to use Directory Management Service and whether to accept email from all email servers or from several specified email servers. For more information, see Plan incoming email (SharePoint 2013 Preview).

If you want to connect to Directory Management Service, in the Directory Management Service section, click Yes.

If you select this option, you must first configure Active Directory Domain Services (AD DS). If you use Exchange Server, you must also configure the DNS Manager and add an SMTP connector. For more information, see Configure AD DS to be used with Directory Management Service, Configure DNS Manager, and Add an SMTP connector in Microsoft Exchange Server 2010 later in this article.
1. In the Active Directory container where new distribution groups and contacts will be created box, type the name of the container in the format OU=ContainerName, DC=domain, DC=com, where ContainerName is the name of the OU in AD DS, domain is the second-level domain, and com is the top-level domain.
The application pool identity account for Central Administration must be delegated the Create, delete, and manage user accounts task for the container. Access is configured in the properties for the OU in AD DS.
1. In the SMTP mail server for incoming mail box, type the name of the SMTP mail server. The server name must match the FQDN in the A resource record entry for the mail server in DNS Manager.
2. To accept messages only from authenticated users, click Yes for Accept messages from authenticated users only. Otherwise, click No.
3. To enable users to create distribution groups from SharePoint sites, click Yes for Allow creation of distribution groups from SharePoint sites. Otherwise, click No.
4. Under Distribution group request approval settings, select the actions that will require approval. Actions include the following:

Create new distribution group
Change distribution group e-mail address
Change distribution group title and description
Delete distribution group

If you want to use a remote Directory Management Service, select Use remote and complete the remainder of this step. Otherwise, click No and proceed to step 8.

If you select this option and you are using Exchange Server, you must configure the DNS Manager and add an SMTP connector. For more information, see Configure DNS Manager and Add an SMTP connector in Microsoft Exchange Server 2010 later in this article. The AD DS has most likely already been configured, so you do not need to do this.
1. In the Directory Management Service URL box, type the URL of the Directory Management Service that you want to use. The URL is typically in the following format: http://server:adminport/_vti_bin/SharePointEmailWS.asmx.
2. In the SMTP mail server for incoming mail box, type the name of the SMTP mail server. The server name must match the FQDN in the A resource record entry for the mail server in DNS Manager on the domain server.
3. To accept messages from authenticated users only, click Yes for Accept messages from authenticated users only. Otherwise, click No.
4. To allow creation of distribution groups from SharePoint sites, click Yes for Allow creation of distribution groups from SharePoint sites. Otherwise, click No.
In the Incoming E-Mail Server Display Address section, in the E-mail server display address box, type a display name for the email server (for example, mail.fabrikam.com). You typically use this option together with the Directory Management Service.

Tip:

You can specify the email server address that is displayed when users create an incoming email address for a list or group. Use this setting together with Directory Management Service to provide an email server address that is easy to remember.

In the E-Mail Drop Folder section, in the E-mail drop folder box, type the name of the folder from which the Windows SharePoint Services Timer service retrieves incoming email from the SMTP service. This option is available only if you selected Advanced settings mode. If you select this option, ensure that you configure the necessary permissions to the email drop folder. For more information, see Configure permissions to the email drop folder later in this article.

It is useful to have a dedicated email drop folder if the default email drop folder is full or almost full.

Ensure that the logon account for the SharePoint Timer service has Modify permissions on the email drop folder. For more information, see To configure email drop folder permissions for the logon account for the SharePoint Timer service later in this article.
In the Safe E-Mail Servers section, select whether you want to accept email from all email servers or from specific email servers.

This option is available only if you selected Automatic settings mode.
Click OK.

After you configure incoming email, site administrators can configure email–enabled lists and document libraries.

If you selected Directory Management Service, contact addresses that are created for document libraries appear automatically in Active Directory Users and Computers. The addresses are displayed in the OU of AD DS for SharePoint 2013 and must be managed by the administrator of AD DS. The AD DS administrator can add more email addresses for each contact. For more information about AD DS, see Using Active Directory Service in the TechNet Library.

Alternatively, you can configure the computer running Exchange Server by adding a new Exchange Server Global recipient policy. The policy automatically adds external addresses that use the second-level domain name and not the subdomain or host name for SharePoint 2013. For more information about how to manage Exchange Server, see Recipient Configuration Node in the Exchange Server Technical Library.

Prepare your environment for incoming email in an advanced scenario

Before you configure incoming email in an advanced scenario, you need to perform additional procedures depending on how you want your incoming email environment to work.

If you want to use Directory Management Service, you must first configure AD DS, and if you use Exchange Server, you must also configure the DNS Manager and add an SMTP connector.

If you want to use a specific email drop folder, ensure that you configure the necessary permissions to the email drop folder.

In this section:
If you plan to use Directory Management Service, you should first create an organizational unit (OU) and make the necessary configurations in AD DS.

To use Directory Management Service on a SharePoint farm, you must configure the application pool identity account for the SharePoint Central Administration website to have the Create, delete, and manage user accounts user right to the container that you specify in AD DS. The preferred way to do this is by assigning the right to the application pool identity account for the SharePoint Central Administration website. An AD DS administrator must set up the OU and assign the Create, delete, and manage user accounts right to the container. The advantage of using Directory Management Service on a remote server farm is that you do not have to assign rights to the OU for multiple farm service accounts.

The following procedures are performed on a domain controller that runs Windows Server 2008 with DNS Manager. In some deployments, these applications might run on multiple servers in the same domain.

To create an OU in AD DS

Verify that the user account that is performing this procedure is a member of the Domain Administrators group or a delegated authority for domain administration on the domain controller that is running DNS Manager.
Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
In Active Directory Users and Computers, right-click the folder for the second-level domain that contains your server farm, point to New, and then click Organizational Unit.
Type the name of the OU, and then click OK.

After you create the OU, you must delegate the Create, delete, and manage user accounts right to the container of the OU to manage the user accounts.

To delegate the right to the application pool identity account for Central Administration

Verify that the user account that is performing this procedure is a member of the Domain Administrators group or the Enterprise Administrators group in AD DS, or a delegated authority for domain administration.
In Active Directory Users and Computers, find the OU that you created.
Right-click the OU, and then click Delegate control.
On the Welcome page of the Delegation of Control Wizard, click Next.
On the Users and Groups page, click Add, and then type the name of the application pool identity account that the Central Administration uses.
In the Select Users, Computers, and Groups dialog box, click OK.
On the Users or Groups page of the Delegation of Control Wizard, click Next.
On the Tasks to Delegate page of the Delegation of Control Wizard, select the Create, delete, and manage user accounts check box, and then click Next.
On the last page of the Delegation of Control Wizard, click Finish to exit the wizard.

To create and delete child objects, you must also delegate Create all Child Objects and Delete all Child Objects control of the OU to the application pool identity account for Central Administration. After you complete this procedure, the application pool identity account for Central Administration has Create all Child Objects and Delete all Child Objects control on the OU, and you can enable incoming email.

To delegate Create all Child Objects and Delete all Child Objects control of the OU to the application pool identity account for Central Administration

Verify that the user account that is performing this procedure is a member of the Domain Administrators group or the Enterprise Administrators group in AD DS, or a delegated authority for domain administration.
Right-click the OU, and then click Delegate control.
In the Delegation of Control Wizard, click Next.
Click Add, and then type the name of the application pool identity account for Central Administration.
Click OK.
Click Next.
On the Tasks to Delegate page of the Delegation of Control Wizard, select Create a custom task to delegate, and then click Next.
Click This folder, existing objects in this folder, and creation of new objects in this folder, and then click Next.
In the Permissions section, select Create all Child Objects and Delete all Child Objects.
Click Next.
On the last page of the Delegation of Control Wizard, click Finish to exit the wizard.

Delegating Create all Child Objects and Delete all Child Objects control of the OU to the application pool identity account for Central Administration enables administrators to enable email for a list. After these controls have been delegated, administrators cannot disable email for the list or document library because the Central Administration account tries to delete the contact from the whole OU instead of from the list.

To avoid this problem, you must add Delete Subtree permissions for the application pool identity account for Central Administration. Use the following procedure to add these permissions. After this procedure is complete, you can disable incoming email for a list.

To add Delete Subtree permissions for the application pool identity account for Central Administration

Verify that the user account that is performing this procedure is a member of the Domain Administrators group or the Enterprise Administrators group in AD DS, or a delegated authority for domain administration.
In Active Directory Users and Computers, click the View menu, and then click Advanced Features.
Right-click the OU, and then click Properties.
In the Properties dialog box, click the Security tab, and then click Advanced.
In the Permission Entries area, double-click the application pool identity account for Central Administration.

If the application pool identity account is listed more than once, select the first one.
In the Permissions area, select Allow, for Delete Subtree.
Click OK to close the Permissions dialog box.
Click OK to close the Properties dialog box.
Click OK to close Active Directory Users and Computers.

After you add these permissions, you must restart Internet Information Services (IIS) for the farm.

For more information, see Active Directory Users, Computers, and Groups in the TechNet Library.

Configure DNS Manager

If you are using Exchange Server and are routing email internally in your organization, you must create a host (A) resource record in DNS Manager to associate DNS domain names of computers (or hosts) to their IP addresses. Your organization might already have a configured DNS Manager and an A resource record. If not, then use the following procedure.

To create an A resource record for a subdomain

Verify that the user account that is performing this procedure is a member of the Administrators group on the local computer.

In DNS Manager, select the forward lookup zone for the domain that contains the subdomain for SharePoint 2013.

Right-click the zone, and then click New Host (A or AAAA).

In the New Host dialog box, in the Name text box, type the host or subdomain name for SharePoint 2013.

In the Fully qualified domain name (FQDN) text box, type the FQDN for the server that is running SharePoint 2013. This is typically in the format subdomain.domain.com.

Ensure that the domains that are listed under the SMTP server in IIS match the FQDN of the server that receives email. If they do not match, you must create a local domain. For instructions, see To create a local domain later in this article.
In the IP address text box, type the IP address to which you want the FQDN to resolve.
Click Add Host.
In the message that confirms the creation of the host record, click OK.
In the New Host dialog box, click Done.

The A resource record now appears in DNS Manager.

If you use the E-mail server display address option and if the email address to which you are sending email messages is not the same as your server name, you must create a local domain.

To create a local domain

Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) 6.0 Manager.

In IIS Manager, expand the SMTP server.

Right-click Domains, and on the Action menu, point to New, and then click Domain.

In the New SMTP Domain Wizard dialog box, select Alias, and then click Next.

In the Domain Name area, in the Name box, type the address of the mail that is to be received by this domain.

This address must be the same as the one that you specified in step 4 in To create an A resource record for a subdomain, and in step 6b in To configure incoming email in an advanced scenario.
Click Finish.
In the message that confirms the creation of the host record, click OK.
Restart the SMTP server so that all email messages that are still in the Queue folder move to the Drop folder. The messages are then sent by the Windows SharePoint Services Timer service to their destination list or library.

Note:

If you are routing email from outside your organization to an SMTP server, you must use an MX record. For more information, see Add a mail exchanger (MX) resource record to a zone in the Windows Server Technical Library.

Add an SMTP connector in Microsoft Exchange Server 2010

An SMTP connector gives you more control over the message flow in your organization. Other reasons to use an SMTP connector are to set delivery restrictions or to specify a specific address space. If you use Exchange Server to route incoming email to SharePoint lists and libraries, you must have an SMTP connector so that all mail that is sent to the SharePoint domain uses the servers that are running the SMTP service.

Use the following procedure to add an SMTP connector in Exchange Server. After you complete the procedure, the SMTP connector ensures that incoming email messages are sent to the correct list and library in the farm.

To add an SMTP connector in Exchange Server

Verify that the user account that is performing this procedure is a member of the Administrators group on the server that is running Exchange Server.
In Exchange Management Console, expand the Organization Configuration group, right-click Hub Transport, point to New Send Connector.

The New Send Connector wizard appears.
On the Introduction page, do the following and then click Next:
1. In the Name box, type a name for the SMTP connector.
2. In the Select the intended use for this Send connector box, select the Custom usage type for the connector.
On the Address Space page, click Add, and then click SMTP Address Space.
In the SMTP Address Space dialog box, do the following:
1. In the Address box, type an email domain for the connector.
2. In the Cost box, assign an appropriate cost. By default, the cost is 1.
Click OK to return to the Address Space page, and then click Next.
On the Network settings page, select Use domain name system (DNS) “MX” records to route mail automatically, and then click Next.
On the Source Server page, click Next.

The Source server page only appears on Hub Transport servers. By default, the Hub Transport server that you are currently working on is listed as a source server.
On the New Connector page, review your options and then click New to create the new send connector.
On the Completion page, ensure that the send connector was created, and then click Finish.

In the Hub Transport pane, you can see that the send connector has been enabled automatically.

For more information, see Create an SMTP Send Connector in the Exchange Server Technical Library.

Configure permissions to the email drop folder

You can specify a particular email drop folder, which enables SharePoint 2013 to retrieve incoming email from a network share on another server. You can use this option if you do not want to use an SMTP service. However, the drawback of using this option is that SharePoint 2013 cannot detect configuration changes on the remote email server that is delivering email to the drop folder. The result is that SharePoint 2013 cannot retrieve email if the location of the email messages has changed. However, this feature is useful if the default email drop folder is full or almost full.

If you specified an email drop folder, you must ensure that the application pool identity accounts for Central Administration and for the web application have the required permissions to the email drop folder.

Configure email drop folder permissions for the application pool identity account for a web application

If your deployment uses different application pool identity accounts for Central Administration and for one or more web applications, each application pool identity account must have permissions to the email drop folder. If the application pool identity account for the web application does not have the required permissions, email will not be delivered to document libraries on that web application.

In most cases, when you configure incoming email and select an email drop folder, permissions are added for the following worker process groups:

WSS_Admin_WPG, which includes the application pool identity account for Central Administration and the logon account for the SharePoint Timer service, and has Full Control permissions.
WSS_WPG, which includes the application pool accounts for web applications, and has Read & Execute, List Folder Contents, and Read permissions.

In some cases, these groups might not be configured automatically for the email drop folder. For example, if Central Administration is running as the Network Service account, the groups or accounts that are needed for incoming email will not be added when the email drop folder is created. Check to determine whether these groups have been added automatically to the email drop folder. If the groups have not been added automatically, you can add them or add the specific accounts that are required.

To configure email drop folder permissions for the application pool identity account for a web application

Verify that the user account that is performing this procedure is a member of the Administrators group on the server that contains the email drop folder.
In Windows Explorer, right-click the drop folder, click Properties, and then click the Security tab.
On the Security tab, under the Group or user names box, click Edit.
In the Permissions for Windows Explorer dialog box, click Add.
In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type the name of the worker process group or application pool identity account for the web application, and then click OK.

This account is listed on the Identity tab of the Properties dialog box for the application pool in IIS.
In the Permissions for User or Group box, next to Modify, select Allow.
Click OK.

Configure email drop folder permissions for the logon account for the SharePoint Timer service

Ensure that the logon account for the Windows SharePoint Services Timer service has Modify permissions on the email drop folder. If the logon account for the service does not have Modify permissions, email–enabled document libraries will receive duplicate email messages.

To configure email drop folder permissions for the logon account for the SharePoint Timer service

Verify that the user account that is performing this procedure is a member of the Administrators group on the server that contains the email drop folder.
In Windows Explorer, right-click the drop folder, click Properties, and then click the Security tab.
On the Security tab, under the Group or user names box, click Edit.
In the Permissions for Windows Explorer dialog box, click Add.
In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type the name of the logon account for the SharePoint Timer service, and then click OK.

This account is listed on the Log On tab of the Properties dialog box for the service in the Services snap-in.
In the Permissions for User or Group box, next to Modify, select Allow.
Click OK.

Are attachments missing from email messages that are sent to a SharePoint document library?
If attachments are missing from email messages that are sent to a SharePoint document library, it might be because you associated the document library with an email address. When you do this, Directory Management Service may not add the following two attributes to the user associated with the email address:
- internet Encoding = 1310720
- mAPIRecipient = false
You must use Active Directory Service Interfaces (ADSI) to manually add these two missing attributes.
On servers that are running Windows Server 2008 or Windows Server 2008 R2, ADSI Edit is installed when you configure a server as a domain controller by installing the AD DS role. You can also install Windows Server 2008 Remote Server Administration Tools (RSAT) on domain member servers or stand-alone servers. For more information, see Installing or Removing the Remote Server Administration Tools Pack in the Windows Server Technical Library.

To add attributes by using ADSI Edit

Click Start, and then click Run.
In the Run dialog box, type Adsiedit.msc, and then click OK.
In the ADSI Edit window, expand ADSI Edit, expand Domain [DomainName], expand DC=DomainName, DC=com, and then expand CN=Users.
Right-click the user name to which you want to add the missing attributes, and then click Properties.
In the Properties dialog box, double-click Internet Encoding on the Attribute Editor tab.
In the Integer Attribute Editor dialog box, type 1310720 in the Value box, and then click OK.
In the Properties dialog box, double-click mAPIRecipient on the Attribute Editor tab.
In the Boolean Attribute Editor dialog box, click False, and then click OK two times.

Configure outgoing email for a SharePoint 2013 farm

Published: July 16, 2012

Summary: Learn how to install and configure the SMTP service and configure outgoing email for a SharePoint 2013 farm.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

This article describes how to configure outgoing email for a farm or for a specific web application for SharePoint 2013. This article also describes how to install and configure the SMTP service that you must use to enable outgoing email.

After you have installed SharePoint 2013 and completed the initial configuration of your server farm, you can configure outgoing email. Doing so enables users to create alerts to track such site items as lists, libraries, and documents. In addition, site administrators can receive administrative messages about site administrator issues, such as the information that site owners have exceeded their specified storage space. For more information, see Plan outgoing email (SharePoint 2013 Preview).

To configure outgoing email for a specific web application, first configure the default outgoing email for all web applications in the farm. If you configure the outgoing email for a specific web application, that configuration will override the default configuration for all web applications in the farm.

Important:

You cannot configure outgoing email by using Windows PowerShell.

In this article:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Before you begin this operation, review the following information about prerequisites:
- Your computer is running SharePoint 2013.
- One or more servers in the server farm are running the Simple Mail Transfer Protocol (SMTP) service and have a valid SMTP server address. Alternatively, you must know the name of a server outside the farm that is running the SMTP service.
If you have not installed and configured the SMTP service, before you configure outgoing email you must complete the steps in:
- Install and configure the SMTP service
Install and configure the SMTP service

Before you can enable outgoing email, you must determine which SMTP server to use. This SMTP server must be configured to allow anonymous SMTP email submissions. The SMTP server can be a server in the farm or outside the farm.

Note:

If your organization does not allow anonymous SMTP email messages to be sent by using Exchange Server, you can use a local SMTP server in the SharePoint farm that accepts anonymous email messages. The local SMTP server automatically authenticates the messages and then forwards them to the computer that‘s running Exchange Server.
- Install the SMTP service
To install the SMTP service, use the Add Features Wizard in Server Manager. The wizard creates a default SMTP configuration. You can customize this default SMTP configuration to meet the requirements of your organization.

If you already have the SMTP service installed on a server, skip to Configure the SMTP service later in this article.

To install the SMTP service

Verify that the user account that is performing this procedure is a member of the Administrators group on the front-end web server.
Click Start, point to Administrative Tools, and then click Server Manager.
In Server Manager, click Features.
In Features Summary, click Add Features to open the Add Features Wizard.
On the Select Features page, select SMTP Server.
In the Add Features Wizard dialog box, click Add Required Roll Services, and then click Next.
On the Confirm Installation Selections page, click Install.
On the Installation Results page, ensure that the installation is complete, and then click Close.

Configure the SMTP service

After you install the SMTP service, you configure it to send email messages from servers in the farm.

You can decide to send relayed email messages to all servers except those that you specifically exclude. Alternatively, you can block messages to all servers except those that you specifically include. You can include servers individually or in groups by subnet or domain.

If you enable anonymous access and relayed email messages, you increase the possibility that the SMTP server will be used to relay unsolicited commercial email messages (spam). It is important to limit this possibility by carefully configuring mail servers to help protect against spam. One way that you can do this is by limiting relayed email messages to a list of specific servers or to a domain, and by preventing relayed email messages from all other servers.

Note:

To manage the SMTP service on Windows Server 2008, you must use Internet Information Services (IIS) 6.0 Manager. Ensure that you install IIS 6.0 Management tools in Server Manager.

To install IIS 6.0 Management tools

Verify that the user account that is performing this procedure is a member of the Administrators group on the front-end web server.
Click Start, point to Administrative Tools, and then click Server Manager.
In Server Manager, click Roles.
In the Application Server section, click Add Role Services.
On the Select Role Services page, select Management Tools and IIS 6 Management compatibility, and then click Install.

To configure the SMTP service

Verify that the user account that is performing this procedure is a member of the Administrators group on the front-end web server.
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) 6.0 Manager.
In IIS Manager, expand the server name that contains the SMTP server that you want to configure.
Right-click the SMTP virtual server that you want to configure, and then click Start.
Right-click the SMTP virtual server that you want to configure, and then click Properties.
On the Access tab, in the Access control area, click Authentication.
In the Authentication dialog box, verify that Anonymous access is selected.
Click OK.
On the Access tab, in the Relay restrictions area, click Relay.
To enable relayed email messages to any server, click All except the list below.
To accept relayed email messages from one or more specific servers, follow these steps:
1. Click Only the list below.
2. Click Add, and then add servers one at a time by IP address, or in groups by using a subnet or domain.
3. Click OK to close the Computer dialog box.
Click OK to close the Relay Restrictions dialog box.
Click OK to close the Properties dialog box.

Ensure that the SMTP service is running and set to start automatically. To do this, use the following procedure.

To set the SMTP service to start automatically

Click Start, point to Administrative Tools, and then click Services.
In Services, right-click Simple Mail Transfer Protocol (SMTP), and then select Properties.
In the Simple Mail Transfer Protocol (SMTP) Properties dialog box, on the General tab, in the Startup type list, select Automatic.
Click OK.

Configure outgoing email for a farm

You can configure outgoing email for a farm by using the SharePoint Central Administration website. Use the following procedures to configure outgoing email. After you complete the procedures, users can track changes and updates to individual site collections. In addition, site administrators can, for example, receive notices when users request access to a site.

To configure outgoing email for a farm by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators group on the server that is running the SharePoint Central Administration website.
In Central Administration, click System Settings.
On the System Settings page, in the E-Mail and Text Messages (SMS) section, click Configure outgoing e-mail settings.
On the Outgoing E-Mail Settings page, in the Mail Settings section, type the SMTP server name for outgoing email (for example, mail.example.com) in the Outbound SMTP server box.
In the From address box, type the email address as you want it to be displayed to email recipients.
In the Reply-to address box, type the email address to which you want email recipients to reply.
In the Character set list, select the character set that is appropriate for your language.
Click OK.

Configure outgoing email for a specific web application

You can configure outgoing email for a specific web application by using the Central Administration website. Use the following procedures to configure outgoing email.

Note:

To configure outgoing email for a specific web application, first configure the default outgoing email for all web applications in the farm. If you configure the outgoing email for a specific web application, that configuration will override the default configuration for all web applications in the farm.

To configure outgoing email for a specific web application by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators group on the server that is running the SharePoint Central Administration website.
In Central Administration, in the Application Management section, click Manage web applications.
On the Web Applications Management page, select a web application, and then in the General Settings group on the ribbon, click Outgoing E-mail.
On the Web Application Outgoing E-Mail Settings page, in the Mail Settings section, type the name of the SMTP server for outgoing email (for example, mail.fabrikam.com) in the Outbound SMTP server box.
In the From address box, type the email address (for example, the site administrator alias) as you want it to be displayed to email recipients.
In the Reply-to address box, type the email address (for example, a help desk alias) to which you want email recipients to reply.
In the Character set list, click the character set that is appropriate for your language.
Click OK.

Configure services and service applications in SharePoint 2013

Published: July 16, 2012

Summary: Introduces articles that describe how to configure services for SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

In SharePoint 2013, you can configure individual services independently, and you can implement only the services that your organization needs.

Deployed services are named service applications. A service application provides a resource that you can share across sites in a farm or sometimes across multiple farms, and users can access them through a hosting web application. Service applications are associated to web applications by service application connections.

For more information about service applications and services, see Technical diagrams (SharePoint 2013 Preview). If you plan to use Office Web Apps, you must install and configure them to work with SharePoint 2013. For more information, see Office Web Apps overview (Used with SharePoint 2013 Preview Products).

The following articles on TechNet and related resources provide information about how to configure services for SharePoint 2013.

TechNet articles about how to configure services for SharePoint 2013

The following articles about how to configure services for SharePoint 2013 are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

Content	Description
Configure Excel Services in SharePoint Server 2013	Deploy Excel Services to a SharePoint Server 2013 farm by creating an Excel Services service application by using Central Administration.
Configure a Business Intelligence Center in SharePoint Server 2013	Create a Business Intelligence Center in SharePoint Server 2013 by using the Business Intelligence Center enterprise template and creating a new site collection.
Create and configure Machine Translation services in SharePoint Server 2013	The Machine Translation Service in SharePoint 2013 lets users automatically translate documents. This topic describes how to create a Machine Translation Service Application and configure the Machine Translation Service by using Central Administration, or Windows PowerShell.
Configure PerformancePoint Services (SharePoint Server 2013)	Configure PerformancePoint Services in SharePoint Server 2013 before you make it available to users
Create and configure a Search service application in SharePoint Server 2013	This article describes how to create and configure a SharePoint Search service application so that you can crawl content and provide search results to users.
Manage the search topology in SharePoint 2013	Learn how to retrieve, clone, add, move, remove and activate search components in the search topology using Windows PowerShell. Use these procedures to scale out or scale down the search topology of the Search service application
Create a Search Center site in SharePoint Server 2013	This article describes how to create a SharePoint Search Center site and grant site access to users.
Deploy people search in SharePoint Server 2013	Learn how to set up SharePoint people search so that users can find people in the organization and the documents that they have authored.
Configure result sources for search in SharePoint Server 2013	Learn how to create and manage result sources for SharePoint Search service applications, and for SharePoint sites and site collections.
Configure the Secure Store Service in SharePoint 2013	This article describes the SharePoint 2013Secure Store Service operations that solution designers can use to create target applications that map user and group credentials to the credentials of external data sources.
Administer the User Profile service in SharePoint Server 2013	Learn how to configure and administer the User Profile service and User Profile Synchronization service.
Visio Graphics Service administration in SharePoint Server 2013	Learn how to create, configure, list, or delete Visio Services service applications by using Central Administration or Windows PowerShell.
Share service applications across farms in SharePoint 2013	Describes the process and cautions that are involved in sharing service applications across farms.

Additional resources about how to configure services for SharePoint 2013

The following resources about how to configure services for SharePoint 2013 are available from other subject matter experts.

	Content	Description
	Installation and Deployment for SharePoint 2013 Resource Center	Visit the Resource Center to access videos, Community Sites, documentation, and more.

Configure the Secure Store Service in SharePoint 2013

Published: July 16, 2012

Summary: Configure storage of authorization credentials in Secure Store Service on a SharePoint Server 2013 farm. A video demonstration is included.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

This article describes how to configure the Secure Store Service on a SharePoint Server 2013 farm. Secure Store has important planning considerations associated with it. Be sure to read Plan the Secure Store service (SharePoint Server 2010) before you begin the procedures in this article.

In this article:
Configure Secure Store

To configure Secure Store, you perform the following steps:

Register a managed account in SharePoint Server 2013 to run the Secure Store application pool.
Start the Secure Store Service on an application server in the farm.
Create a Secure Store Service service application.

To run the application pool, you must have a standard domain account. No specific permissions are required for this account. Once the account has been created in Active Directory, follow these steps to register it with SharePoint Server 2013.

To register a managed account

On the SharePoint Central Administration Web site home page, in the left navigation, click Security.
On the Security page, in the General Security section, click Configure managed accounts.
On the Managed Accounts page, click Register Managed Account.
In the User name box, type the name of the account.
In the Password box, type the password for the Contoso\ExcelAppPool account.
If you want SharePoint Server 2013 to handle changing the password for the account, select the Enable automatic password change box and specify the password change parameters that you want to use.
Click OK.

Once you have configured the registered account, you must start the Secure Store Service on an application server in the farm. Because Secure Store deals with sensitive information, we recommend that you use a separate application server just for the Secure Store Service for better security.

To start the Secure Store Service

On the Central Administration home page, in the System Settings section, click Manage services on server.
Above the Service list, click the Server drop-down list, and then click Change Server.
Select the application server where you want to run the Secure Store Service.
In the Service list, click Start next to Secure Store Service.

Once the service is started, you must create a Secure Store Service service application. Use the following procedure to create the service application.

To create a Secure Store Service service application

On the Central Administration home page, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click New, and then click Secure Store Service.
In the Service Application Name box, type a name for the service application (for example, Secure Store Service).
In the Database Server box, type the instance of SQL Server where you want to create the Secure Store database.

Note:

Because the Secure Store database contains sensitive information, we recommend that you deploy the Secure Store database to a different instance of SQL Server from the rest of SharePoint Server 2013.

Select the Create new application pool option and type a name for the application pool in the text box.
Select the Configurable option, and, from the drop-down list, select the account for which you created the managed account earlier.
Click OK.

The Secure Store Service has now been configured. The next step is to generate an encryption key for encrypting the Secure Store database.

Work with encryption keys

Before using the Secure Store Service, you must generate an encryption key. The key is used to encrypt and decrypt the credentials that are stored in the Secure Store Service database.
- Generate an encryption key
The first time that you access the Secure Store service application, your only option is to generate a new encryption key. Once the key has been generated, the rest of the Secure Store functionality becomes available.

To generate a new encryption key

On the Central Administration home page, in the Application Management section, click Manage service applications.
Click the Secure Store service application.
In the Key Management group, click Generate New Key.
On the Generate New Key page, type a pass phrase string in the Pass Phrase box, and type the same string in the Confirm Pass Phrase box. This pass phrase is used to encrypt the Secure Store database.

Important:

A pass phrase string must be at least eight characters and must have at least three of the following four elements:

Uppercase characters
Lowercase characters
Numerals
Any of the following special characters

“! ” # $ % & ‘ ( ) * + , – . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

Important:

The pass phrase that you enter is not stored. Make sure that you write this down and store it in a safe place. You must have it to refresh the key, such as when you add a new application server to the server farm.

Click OK.

For security precautions or as part of regular maintenance you may decide to generate a new encryption key and force the Secure Store Service to be re-encrypted based on the new key. You can use this same procedure to do this.

Caution:

You should back up the database of the Secure Store Service application before generating a new key.

Refresh the encryption key

Refreshing the encryption key propagates the key to all the application servers in the farm. You may be required to refresh the encryption key if any of the following things are true:

You add a new application server to the server farm.
You restore a previously backed up Secure Store Service database and have since changed the encryption key.
You receive an “Unable to get master key” error message.
You have upgraded your farm from SharePoint Server 2010.

To refresh the encryption key

On the Central Administration home page, in the Application Management section, click Manage service applications.
Click the Secure Store service application.
In the Key Management group, click Refresh Key.
In the Pass Phrase box, type the pass phrase that you first used to generate the encryption key.

This phrase is either the pass phrase that you used when you initialized the Secure Store Service service application or one that you used when you created a new key by using the Generate a New Key command.
Click OK.

Store credentials in Secure Store

Storing credentials in Secure Store is accomplished by using a Secure Store target application. A target application maps the credentials of a user, group, or claim to a set of encrypted credentials stored in the Secure Store database. After a target application is created, you can associate it with an external content type or application model, or use it with a business intelligence service application such as Excel Services or Visio Services to provide access to an external data source. When a SharePoint Server 2013 service application calls the target application, Secure Store confirms that the user making the request is an authorized user of the target application and then retrieves the encrypted credentials. The credentials are then used on the user’s behalf by the SharePoint Server 2013 service application.

To create a target application, you must do the following:

Create the target application itself, specifying the type of credentials that you want to store in the Secure Store database, the administrators for the target application, and the credential owners.
Specify the credentials that you want to store.

Create a target application

Target applications are configured on the Secure Store Service Application page in Central Administration. Use the following procedure to create a target application.

To create a target application

On the Central Administration home page, in the Application Management section, click Manage service applications.
Click the Secure Store service application.
In the Manage Target Applications group, click New.
In the Target Application ID box, type a text string.

This is the unique string that you will use externally to identify this target application.
In the Display Name box, type a text string that will be used to display the identifier of the target application in the user interface.
In the Contact Email box, type the e-mail address of the primary contact for this target application.

This can be any legitimate e-mail address and does not have to be the identity of an administrator of the Secure Store Service application.
When you create a target application of type Individual (see below), you can implement a custom Web page that lets users add individual credentials for the destination data source. This requires custom code to pass the credentials to the target application. If you did this, type the full URL of this page in the Target Application Page URL field. There are three options:

Use default page: Any Web sites that use the target application to access external data will have an individual sign-up page that was added automatically. The URL of this page will be http:/<samplesite>/_layouts/SecureStoreSetCredentials.aspx?TargetAppId=<TargetApplicationID>, where <TargetApplicationID> is the string typed in the Target Application ID box. By publicizing the location of this page, you can enable users to add their credentials for the external data source.
Use custom page: You provide a custom Web page that lets users provide individual credentials. Type the URL of the custom page in this field.
None: There is no sign-up page. Individual credentials are added only by a Secure Store Service administrator who is using the Secure Store Service application.

In the Target Application Type drop-down list, choose the target application type: Group, for group credentials, or Individual, if each user is to be mapped to a unique set of credentials on the external data source.

Note:

There are two primary types for creating a target application:

Group, for mapping all the members of one or more groups to a single set of credentials on the external data source.
Individual, for mapping each user to a unique set of credentials on the external data source.

Click Next.
Use the Specify the credential fields for your Secure Store Target Application page to configure the various fields which may be required to provide credentials to the external data source. By default, two fields are listed: Windows User Name and Windows Password.

To add an additional field for supplying credentials to the external data source, on the Specify the credential fields for your Secure Store Target Application page, click Add Field.

By default, the type of the new field is Generic. The following field types are available:

Field	Description
Generic	Values that do not fit in any of the other categories.
User Name	A user account that identifies the user.
Password	A secret word or phrase.
PIN	A personal identification number.
Key	A parameter that determines the functional output of a cryptographic algorithm or cipher.
Windows User Name	A Windows user account that identifies the user.
Windows Password	A secret word or phrase for a Windows account.
Certificate	A certificate.
Certificate Password	The password for the certificate.

To change the type of a new or existing field, click the arrow that appears next to the type of the field, and then select the new type of field.

Note:

Every field that you add will be required to have data when you set the credentials for this target application.

You can change the name that a user sees when interacting with a field. In the Field Name column of the Specify the credential fields for your Secure Store Target Application page, change a field name by selecting the current text and typing new text.
When a field is masked, each character that a user types is not displayed but is replaced with a mask character such as the asterisk “*”. To mask a field, click the check box for that field in the Masked column of the page.
To delete a field, click the delete icon for that field in the Delete column of the page.

When you have finished editing the credential fields, click Next.

In the Specify the membership settings page, in the Target Application Administrators Field, list all users who have access to manage the target application settings.
If the target application type is group, in the Members field, list the user groups to map to a set of credentials for this target application.
Click OK to complete configuring the target application.

Set credentials for a target application

After creating a target application, an administrator of that target application can set credentials for it. These credentials are used by the calling application to provide access to an external data source. If the target application is of type Individual, you can also enable users to supply their own credentials.

To set credentials for a target application

On the Central Administration home page, in the Application Management section, click Manage service applications.
Click the Secure Store service application.
In the target application list, point at the target application for which you want to set credentials, click the arrow that appears, and then, in the menu, click Set credentials.

If the target application is of type Group, type the credentials for the external data source. Depending on the information that is required by the external data source, the fields for setting credentials will vary.

If the target application is of type Individual, type the user name of the individual who will be mapped to this set of credentials on the external data source, and type the credentials for the external data source. Depending on the information that is required by the external data source, the fields for setting credentials will vary.
Click OK.

Once you have set the credentials for the target application, it is ready to be used by a SharePoint Server 2013 service such as Business Connectivity Services or Excel Services.

Enable the audit log

Audit entries for the Secure Store service are stored in the Secure Store Service database. By default, the audit log file is disabled.

An audit log entry stores information about a Secure Store Service action, such as when it was performed, whether it succeeded, why it failed if it didn’t succeed, the Secure Store Service user who performed it, and optionally the Secure Store Service user on whose behalf it was performed. Therefore, a valid reason to enable an audit log file is to troubleshoot an authentication issue.

To enable the audit log by using Central Administration

On the Central Administration home page, in the Application Management section, click Manage service applications.
Select the Secure Store service application. (That is, select the service application, but do not click the link to go to the Secure Store Service application settings page.)
On the ribbon, click Properties.
From the Enable Audit section, click to select the Audit log enabled box.
To change the number of days that entries will be purged from the audit log file, specify a number in days in the Days Until Purge field. The default value is 30 days.
Click OK.

Video demonstration

This video shows the steps necessary to configure a Secure Store service application.

Note:

This video uses SharePoint Server 2010. Target applications function in the same way in SharePoint Server 2013.

Video: How target applications are used in Secure Store

Create and configure a Search service application in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how to create and configure a SharePoint Search service application so that you can crawl content and provide search results to users.

Applies to: SharePoint Server 2013

Before you begin

If you used the Farm Configuration Wizard after you installed SharePoint Server 2013, a Search service application might have been created at that time. To verify whether a Search service application exists, you can click Manage service applications in the Application Management section on the Central Administration home page. For the remainder of this article, it is assumed that a Search service application does not exist yet, and that therefore you must create one.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Plan browser support

Accessibility for SharePoint Products

Accessibility features in SharePoint 2013 Products

Keyboard shortcuts

Touch
How to create and configure a SharePoint Search service application

When you deploy and configure a Search service application, you perform the following main tasks:

Create accounts — Certain domain user accounts are required specifically for a Search service application.
Create a Search service application — A Search service application provides enterprise search features and functionality.
Configure the Search service application — Basic configuration of a Search service application includes configuring a default content access account, an email contact, and content sources.
Configure the Search service application topology — You can deploy search components on different servers in the farm. You can also specify which instance of SQL Server is used to host the search-related databases.

Step 1: Create accounts that are required for a SharePoint Search service application

The following table lists the accounts that are required when a Search service application is created.

Account	Description	Notes
Search service	Windows user credentials for the SharePoint Server Search service, which is a Windows service	This setting applies to all Search service applications in the farm. You can change this account at any time by clicking Configure service accounts in the Security section on the Central Administration home page.
Search Admin Web Service application pool Search Query and Site Settings Web Service application pool	Windows user credentials	For each of these accounts, you can use the same credentials that you specified for the Search service. Or, you can assign different credentials to each account according to the principle of least-privilege administration.
Default content access	Windows user credentials for the Search service application to use to access content when crawling	We recommend that you specify a separate account for the default content access account according to the principle of least-privilege administration.

The accounts that you use for the Search service, the Search Admin Web Service application pool, and the Search Query and Site Settings Web Service application pool must be registered as managed accounts in SharePoint Server 2013 so that they are available when you create the Search service application. Use the following procedure to register each of these accounts as a managed account.

To register a managed account

On the Central Administration home page, in the Quick Launch, click Security.
On the Security page, in the General Security section, click Configure managed accounts.
On the Managed Accounts page, click Register Managed Account.
On the Register Managed Account page, in the Account Registration section, type the user name and password that you want to use as credentials for the service account.
If you want SharePoint Server 2013 to manage password changes for this account, select the Enable automatic password change check box and configure the parameters for automatic password change.
Click OK.

Step 2: Create a SharePoint Search service application

Each Search service application has a separate content index. You can create multiple Search service applications if you want to have different content indexes for different sets of content. For example, if you want to segregate sensitive content (such as employee benefits information) into a separate content index, you can create a separate Search service application to correspond to that set of content.

Use the following procedure to create a Search service application.

To create a Search service application

Verify that the user account that is performing this procedure is a member of the Farm Administrators group for the farm for which you want to create the service application.
On the Central Administration home page, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, on the ribbon, click New, and then click Search Service Application.
On the Create New Search Service Application page, do the following:
1. Accept the default value for Service Application name, or type a new name for the Search service application.
2. In the Search Service Account list, select the managed account that you registered in the previous procedure to run the Search service.
3. In the Application Pool for Search Admin Web Service section, do the following:
  1. Select the Create new application pool option, and then specify a name for the application pool in the Application pool name text box.
  2. In the Select a security account for this application pool section, select the Configurable option, and then from the list select the account that you registered to run the application pool for the Search Admin Web Service.
4. In the Application Pool for Search Query and Site Settings Web Service section, do the following:
  1. Choose the Create new application pool option, and then specify a name for the application pool in the Application pool name text box.
  2. In the Select a security account for this application pool section, select the Configurable option, and then from the list select the account that you registered to run the application pool for the Search Query and Site Settings Web Service.
Click OK.

Step 3: Configure the SharePoint Search service application

You configure a Search service application on the Search Administration page for that service application. Use the following procedure to go to the Search Administration page for a particular Search service application.

To go to the Search Administration page

Verify that the user account that is performing this procedure is an administrator for the Search service application that you want to configure.
On the home page of the Central Administration website, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click the Search service application that you want to configure.

On the Search Administration page, configure the settings as described in the following sections:

Specify the default content access account
Specify the contact email address
Create content sources
- Specify the default content access account

When you create a Search service application, the account that you specify for the Search service is automatically configured as the default content access account. The crawler uses this account to crawl content that does not have an associated crawl rule that specifies a different account. For the default content access account, we recommend that you specify a domain user account that has read access to as much of the content that you want to crawl as possible. You can change the default content access account at any time.

If you have to crawl certain content by using a different account, you can create a crawl rule and specify a different account for crawling. For information about how to create a crawl rule, see Manage crawl rules (SharePoint Server 2013 Preview).

Use the following procedure to specify the default content access account.

To specify the default content access account

On the Search Administration page, in the System Status section, click the link in the Default content access account row.
In the Default Content Access Account dialog box, in the Account box, type the account that you created for content access in the form domain\user name.
Type the password for this account in the Password and Confirm Password boxes.
Click OK.

Specify the contact email address

The Search service writes the contact email address to the logs of crawled servers. The default contact email address, someone@example.com, is a placeholder. We recommend that you change this to an account that an external administrator can contact when a crawl might be contributing to a problem such as a decrease in performance on a server that the search system is crawling.

Use the following procedure to specify the contact email address.

To specify the contact email address

On the Search Administration page, in the System Status section, click the link for the Contact e-mail address.
In the Search E-mail Setting dialog box, in the E-mail Address box, type the email address that you want to appear in the logs of servers that are crawled by the search system.
Click OK.

Create content sources in a SharePoint Search service application

Crawling requires at least one content source. A content source is a set of options that you use to specify the type of content to crawl, the starting URLs to crawl, and when and how deep to crawl. When a Search service application is created, a content source named “Local SharePoint sites” is automatically created and configured for crawling all SharePoint sites in the local server farm. You can create content sources to specify other content to crawl and how the system will crawl that content. For more information, see Add, edit, or delete a content source (SharePoint Server 2013 Preview). However, you do not have to create other content sources if you do not want to crawl content other than the SharePoint sites in the local farm.

If you choose the Standalone installation option when you install SharePoint Server 2013, a full crawl of all SharePoint sites in the farm is automatically performed after installation and an incremental crawl is scheduled to occur every 20 minutes after that. If you choose the Server Farm installation option when you install SharePoint Server 2013, no crawls are automatically scheduled or performed.

Step 4: Configure the SharePoint Search service application topology

When you create a Search service application, the SharePoint Server Search service is started on the application server that is hosting the Central Administration website, and search components are deployed to that server. If you have more than one application server in your farm, you can deploy additional search components on other application servers, depending on your requirements. You can deploy multiple instances of certain components. For more information, see Manage search topology (SharePoint Server 2013 Preview).
Create a Search Center site in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how to create a SharePoint Search Center site and grant site access to users.

Applies to: SharePoint Server 2013

Note:

The article does not apply to SharePoint Online, because in that environment a Search Center site is automatically available at <host_name>/search/.

A Search Center site, or Search Center, provides an interface for users to submit search queries and view search results. A Search Center site is the top-level site of a site collection that a farm administrator creates by using the Enterprise Search Center template or the Basic Search Center template.

Before you begin

Depending on the kind of installation that you performed and the site collection template that you selected at that time, the farm might already have a Search Center site. To check this, browse to the top-level site for the site collection that you created during installation. In either case, you can create a Search Center site and grant users access to it by using the procedures in this article. After you create the Search Center site, the site collection administrator or site owner might want to add features and functionality so that the site provides a richer interface than the search box that appears by default on each SharePoint site.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Plan browser support

Accessibility for SharePoint Products

Accessibility features in SharePoint 2013 Products

Keyboard shortcuts

Touch

To create a SharePoint Search Center site

Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
On the home page of the Central Administration website, in the Application Management section, click Create site collections.
On the Create Site Collection page, do the following:
1. In the Web Application section, select a web application to contain the new site collection. To use a web application other than the one that is displayed, click the web application that is displayed, and then click Change Web Application.
2. In the Title and Description section, in the Title box, type the name for the new Search Center site. Optionally, type a description in the Description box.
3. In the Web Site Address section, for the part of the URL immediately after the web application address, select /sites/, or select a managed path that was previously defined, and then type the final part of the URL.
  
  Note the address of the new Search Center for future reference.
4. In the Template Selection section, do the following:
  1. In the Select the experience version drop-down list, select 2013 to create a Search Center site that provides the SharePoint Server 2013 user experience, or select 2010 to create a Search Center site that provides the SharePoint 2010 Products user experience.
  2. In the Select a template subsection, click the Enterprise tab, and then do one of the following:

If you are using SharePoint Foundation 2013, select the Basic Search Center template.
Otherwise, if you are using SharePoint Server 2013, select the Enterprise Search Center template.

In the Primary Site Collection Administrator section, in the User name box, type the user name of the primary site collection administrator for this site collection in the form domain\user name.
(Optional) In the Secondary Site Collection Administrator section, type the user name of a secondary site collection administrator in the form domain\user name.
In the Quota Template section, select No Quota.

A Search Center site is not intended to be a data repository. Therefore, you do not have to select a quota template.
Click OK.

On the Top-Level Site Successfully Created page, click the link to the Search Center site that you created.

After you create the Search Center site, you must grant site access to users so that they can perform search queries and view search results. Use the following procedure to grant site access to users.

To grant access to the SharePoint Search Center

Verify that the user account that is performing this procedure is a member of the Owners group on the Search Center site.
In a web browser, go to the Search Center site.
Open the Site menu by clicking the gear icon in the upper-right portion of the page, and then click Site Permissions.
In the Shared with dialog box, click Invite people.
In the Share <SearchCenterName> dialog box, in the Enter users separated with semicolons text box, type the names of the Windows user groups and Windows users to whom you want to grant permissions for submitting queries and viewing search results in the Search Center.

For example, to grant access to the Search Center to all Windows users, type NT Authority\authenticated users.
Click Show options.
Clear the Send an email invitation check box.
In the Select a group or permission level drop-down list, select <SearchCenterName> Visitors [Read].
Click Share.

Deploy people search in SharePoint Server 2013

Published: October 16, 2012

Summary: Learn how to set up SharePoint people search so that users can find people in the organization and the documents that they have authored.

Applies to: SharePoint Server 2013

In this article:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
People search has the following prerequisites:
- A Search service application must be running in the farm. For more information, see Create and configure a Search service application in SharePoint Server 2013. The farm must also have a Search Center that uses the Enterprise Search Center template. For more information, see Create a Search Center site in SharePoint Server 2013.
- A Managed Metadata service application must be running in the farm. For more information, see Overview of managed metadata service applications in SharePoint Server 2013.
- User profile synchronization must be configured in the farm. If this has not been done yet, at a minimum you must complete the following procedures that are described in Synchronize user and group profiles in SharePoint Server 2013:
  - Phase 0: Configure the farm
  - Phase 1: Start the User Profile synchronization service
For more information, see Overview of profile synchronization in SharePoint Server 2013 and Plan profile synchronization for SharePoint Server 2013.

The following sections describe how to deploy and provide data for people search.
Set up people search
To set up people search, you must configure My Sites settings and configure crawling.
- Configure My Sites settings
You configure My Sites for a User Profile service application to specify the My Site Host location and other settings. For more information, see Plan for My Sites in SharePoint Server 2013 and Configure My Site settings for the User Profile service application.

After you configure My Sites settings, the next step is to configure crawling.
- Configure crawling
When you configure My Sites, the default content access account for search is automatically given Retrieve People Data for Search Crawlers permissions in the User Profile service application. If you want to use a different content access account to crawl the profile store, you must make sure that the account has permissions to crawl the profile store. Use the following procedure to grant access to the profile store for a different account.

To grant access to an account to crawl the profile store

Verify that the user account that is performing this procedure is an administrator for the Search service application.
Start SharePoint 2013 Central Administration.

For Windows Server 2008 R2:
- Click Start, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Central Administration.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Central Administration.
  
  If SharePoint 2013 Central Administration is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Central Administration.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

In Central Administration, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click the row that contains the User Profile service application, and then in the ribbon, click Administrators.
In the Administrators for User Profile Service Application dialog box, in the To add an account box, type a user account in the form domain\user name.
Click Add.
In the Permissions list, select the Retrieve People Data for Search Crawlers check box.
Click OK.

After you give the account access to crawl the profile store, you must create a crawl rule to specify that you want to use that account when you crawl the profile store. Use the following procedure to create a crawl rule for this purpose.

To create a crawl rule to authenticate to the User Profile service application

Verify that the user account that is performing this procedure is an administrator for the Search service application.
In Central Administration, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click the Search service application for which you want to create a crawl rule.
On the Search Administration page, in the Quick Launch, in the Crawling section, click Crawl Rules.
On the Manage Crawl Rules page, click New Crawl Rule.
In the Path section, in the Path box, type the start address for the User Profile service application in the form sps3://<hostname>, where <hostname> is the URL for the Web application where you deployed the My Sites site collection.
Click Use regular expression syntax for matching this rule if you want to use regular expression syntax in the path.
In the Crawl Configuration section, select Include all items in this path.
In the Specify Authentication section, select Specify a different content access account.
In the Account box that appears, type the user account to which you gave access to the profile store in the form domain\user name.
Type the password for the account that you specified in the Password and Confirm Password boxes.
Clear the Do not allow Basic Authentication check box only if you want to allow the user account credentials to be sent as plaintext.

Note:

You should not clear the Do not allow Basic Authentication check box unless you are using SSL to encrypt the website traffic. For more information, see Plan for user authentication methods in SharePoint 2013.

Click OK.

For more information, see Manage crawl rules.

When you configure My Sites, the starting URL to crawl the profile store (sps3://<hostname>) is automatically added to the default content source. We recommend that you remove the URL of the profile store from the default content source and then create a separate content source to crawl only the profile store. This allows you to crawl the profile store on a different schedule from other crawls.

Use the following procedure to remove the URL of the profile store from the default content source.

To remove the profile store URL from the default content source

Verify that the user account that is performing this procedure is an administrator for the Search service application.
In Central Administration, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click Search Service Application.
On the Search Administration page, in the Quick Launch, in the Crawling section, click Content Sources.
On the Manage Content Sources page, click the link to the default content source (Local SharePoint sites).
In the Start Addresses section, remove the URL for the profile store (sps3://<hostname>, where <hostname> is the URL for the web application where you deployed the My Sites site collection).
Click OK.

Use the following procedure to create a content source that specifies how to crawl the profile store.

To create a content source that specifies how to crawl the profile store

Verify that the user account that is performing this procedure is an administrator for the Search service application.
In Central Administration, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click Search Service Application.
On the Search Administration page, in the Quick Launch, in the Crawling section, click Content Sources.
On the Manage Content Sources page, click New Content Source.
On the Add Content Source page, in the Name section, type a name for this content source.
In the Content Source Type section, ensure that SharePoint Sites is selected.
In the Start Addresses section, type the start address in the form sps3://<hostname>, where <hostname> is the URL for the web application where you deployed the My Sites site collection.
In the Crawl Settings section, leave the default value of Crawl everything under the host name for each start address.
In the Crawl Schedules section, do the following:

Select Enable Continuous Crawls or Enable Incremental Crawls.

A continuous crawl automatically provides maximum freshness for the content source without an incremental crawl schedule. For more information, see Manage continuous crawls in SharePoint 2013.

If you select Enable Incremental Crawls, create an incremental crawl schedule.
Optionally create a schedule for full crawls.

If you selected Enable Incremental Crawls, in the Content Source Priority section, select the priority for this content source.

Note:

The Content Source Priority section does not appear when you specify the content source type as SharePoint Sites and you select Enable Continuous Crawls.

Click OK.

Add data for people search
To get the best results from people search, you should add as much information as you can by adding user profiles to the profile store and adding information to My Sites.
- Add user profiles to the profile store
Before you can obtain meaningful people search results, you must add user profiles to the User Profile service application. You can do this in the following ways:
- Import user profiles from the directory service. For more information, see the following articles:
  
  Plan for profile synchronization (SharePoint 2013 Preview)
  
  Synchronize user and group profiles in SharePoint Server 2013
  
  Configure profile synchronization by using SharePoint Active Directory Import in SharePoint Server 2013
  
  Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file in SharePoint 2013
- Add user profiles manually.
- Synchronize with an external data source by using the Business Data Connectivity service. For more information, see Phase 3: Configure connections and import data from business systems in the article Synchronize user and group profiles in SharePoint Server 2013.
Important:

For a test environment, we recommend that you do not synchronize the profile store to a directory service or other external data source that is in a production environment. Instead, create a copy of the directory service and synchronize the copy with the profile store.

Use the following procedure to view the user profiles in the User Profile service application.

To view a list of user profiles in the User Profile service application

Verify that the user account that is performing this procedure is an administrator for the User Profile service application.
In Central Administration, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click the User Profile service application.
On the Manage Profile Service page, in the People section, click Manage User Profiles.
On the Manage User Profiles page, in the Find profiles box, type the name of the domain of which the users are members.

Do not type the fully qualified domain name. For example, if users are members of the Contoso.com domain, type Contoso in the Find profiles box.
Click Find.

Add information to My Sites

My Sites keep information in the User Profile service application databases. The User Profile service application stores much of the information that appears in results for people search. People search results become more useful as users add more information to their My Sites.

The first time that a user accesses their My Site, also known as their personal site, a My Site is created for them and a profile is automatically added to the User Profile service application.

To add information to a user’s My Site, log on as a user for whom a user profile was created in the User Profile service application, and then go to that user‘s My Site. In the user‘s My Site, you can provide information about the user‘s expertise and interests. To see how the information that you added affects the people search results that appear, perform a crawl of the profile store, and then search on the user’s name.

Crawl the profile store

You are now ready to crawl the profile store. For information about how to start the crawl, see Start, pause, resume, or stop crawls in SharePoint 2013.

Note:

We recommend that you crawl the profile store and wait about two hours after the crawl finishes before you start the first crawl of the default content source (that is, local SharePoint sites). After the crawl of the profile store finishes, the search system generates a list to standardize people’s names. This is so that when a person’s name has different forms in search results, the results are displayed in a single group corresponding to one name. For example, all documents authored by Anne Weiler or A. Weiler or alias AnneW can be displayed in the search results in a result block that is labeled “Documents by Anne Weiler”. Similarly, all documents authored by any of those identities can be displayed under the heading “Anne Weiler” in the refinement panel if “Author” is one of the categories there.

For information about how to view the status of a crawl, see Start, pause, resume, or stop a crawl.
Configure result sources for search in SharePoint Server 2013

Published: October 16, 2012

Summary: Learn how to create and manage result sources for SharePoint Search service applications, and for SharePoint sites and site collections.

Applies to: SharePoint Server 2013

Result sources limit searches to certain content or to a subset of search results. SharePoint Server 2013 provides 16 pre-defined result sources. The pre-configured default result source is Local SharePoint Results. You can specify a different result source as the default. For more information, see Understanding result sources.

In this article:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Create a result source

You can create a result source for a Search service application, a site collection, or a site. The following table shows the permissions that are required to create a result source at each level, and where the result source can be used.

Levels and permissions for result sources

When you create a result source at this level	You must have this permission	The result source can be used in
Search service application	Search service application administrator	All site collections in web applications that consume the Search service application
Site collection	Site collection administrator	All sites in the site collection
Site	Site owner	The site

To create a result source

Depending on the level at which you want to create the result source, do one of the following:

To create a result source for a Search service application:
Verify that the user account that performs this procedure is an administrator on the Search service application.
In Central Administration, in the Application Management section, click Manage service application.
Click the Search service application for which you want to create a result source.
On the Search Administration page for the Search service application, on the Quick Launch, in the Queries and Results section, click Result Sources.
To create a result source for a site collection:
Verify that the user account that performs this procedure is an administrator for the site collection.
On the Settings menu for the site collection, click Site Settings.
On the Site Settings page, in the Site Collection Administration section, click Search Result Sources.
To create a result source for a site:
Verify that the user account that performs this procedure is a member of the Owners group for the site.
On the Settings menu for the site, click Site Settings.
On the Site Settings page, in the Search section, click Result Sources.

On the Manage Result Sources page, click New Result Source.
On the Add Result Source page, in the General Information section, do the following:
1. In the Name box, type a name for the result source.
2. In the Description box, type a description of the result source.
In the Protocol section, select one of the following protocols for retrieving search results:

Local SharePoint, the default protocol, provides results from the search index for this Search service application.
Remote SharePoint provides results from the index of a search service in another farm.
OpenSearch provides results from a search engine that uses the OpenSearch 1.0/1.1 protocol.
Exchange provides results from Microsoft Exchange Server. Click Use AutoDiscover to have the search system find an Exchange Server endpoint automatically, or type the URL of the Exchange web service to retrieve results from — for example, https://contoso.com/ews/exchange.asmx.

Note:

Note: The Exchange Web Services Managed API must be installed on the computer on which the search service is running. For more information, see Optional software in Hardware and software requirements for SharePoint 2013.

In the Type section, select SharePoint Search Results to search the whole index, or People Search Results to enable query processing that is specific to people search.
In the Query Transform field, do one of the following:

Leave the default query transform (searchTerms) as is. In this case, the query will be unchanged since the previous transform.
Type a different query transform in the text box.
Use the Query Builder to configure a query transform by doing the following:
Click Launch Query Builder.
In the Build Your Query dialog box, optionally build the query by specifying filters, sorting, and testing on the tabs as shown in the following tables.
On the BASICS tab

Keyword filter

You can use keyword filters to add pre-defined query variables to the query transform. You can select pre-defined query variables from the drop-down list, and then add them to the query by clicking Add keyword filter.

Property filter

You can use property filters to query the content of managed properties that are set to queryable in the search schema.

You can select managed properties from the Property filter drop-down list. Click Add property filter to add the filter to the query.

On the SORTING tab

Sort results	In the Sort by menu, you can select a managed property from the list of managed properties that are set as sortable in the search schema, and then select Descending or Ascending. To sort by relevance, that is, to use a ranking model, select Rank. You can click Add sort level to specify a property for a secondary level of sorting for search results.
Ranking Model	If you selected Rank from the Sort by list, you can select the ranking model to use for sorting.
Dynamic ordering	You can click Add dynamic ordering rule to specify additional ranking by adding rules that change the order of results within the result block when certain conditions are satisfied.

On the TEST tab

Query text	You can view the final query text, which is based on the original query template, the applicable query rules, and the variable values.
Click Show more to display the options in the following rows of this table.
Query template	You can view the query as it is defined in the BASICS tab or in the text box in the Query transform section on the Add Result Source page.
Query template variables	You can test the query template by specifying values for the query variables.

On the Add Result Source page, in the Credentials Information section, select the authentication type that you want for users to connect to the result source.

Set a result source as default

You can set any result source as the default result source. Specifying a result source as default can make it easier to edit the query in Search Web Parts. For example, when you add a Content Search Web Part to a page, the Web Part automatically uses the default result source. For more information, see Configure Search Web Parts in SharePoint Server 2013.

To set a result source as default

Perform the appropriate procedures in the following list depending on the level at which the result source was configured.

If the result source was created at the Search service application level, do the following:
Verify that the user account that performs this procedure is an administrator for the Search service application.
In Central Administration, in the Application Management section, click Manage service applications.
Click the Search service application for which you want to set the result source as default.
On the Search Administration page, in the Queries and Results section, click Result Sources.
If the result source is at the site collection level, do the following:
Verify that the user account that performs this procedure is an administrator for the site collection administrator.
On the Settings menu for the site collection, click Site Settings.
On the Site Settings page, in the Site Collection Administration section, click Search Result Sources.
If the result source is at the site level, do the following:
Verify that the user account that performs this procedure is a member of the Owners group for the site.
On the Settings menu for the site, click Site Settings.
On the Site Settings page, in the Search section, click Result Sources.

On the Manage Result Sources page, point to the result source that you want to set as default, click the arrow that appears, and then click Set as Default.

Create and configure Machine Translation services in SharePoint Server 2013

Updated: October 16, 2012

Summary: Learn how to create a new SharePoint Machine Translation service application and how to configure the Machine Translation Service.

Applies to: SharePoint Server 2013

The Machine Translation Service in SharePoint Server 2013 lets users automatically translate documents. You can create a Machine Translation service application and configure the Machine Translation Service by using Central Administration, or Windows PowerShell. Configuring the Machine Translation Service consists of the following steps:

Create a Machine Translation service application.
Configure the Machine Translation Service.

Before you begin

Before you perform these operations, review the following information about prerequisites:

The App Management service application must be started in Central Administration. For more information, see Configure an environment for apps for SharePoint 2013.

You must configure server-to-server authentication and app authentication. For more information, see Configure server-to-server authentication in SharePoint 2013 and Configure app authentication in SharePoint Server 2013.

There must be a User Profile service application proxy in the default proxy group for the farm, and the User Profile service application must be started and configured by using Central Administration or by using Windows PowerShell. For more information, see Create, edit, or delete a User Profile service application (SharePoint 2013 Preview).

The server from which machine translations will be run must be able to connect to the Internet.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Plan browser support (http://go.microsoft.com/fwlink/p/?LinkId=246502)

Accessibility for SharePoint Products

Accessibility features in SharePoint 15 Products (http://go.microsoft.com/fwlink/p/?LinkId=246501)

Keyboard shortcuts (http://go.microsoft.com/fwlink/p/?LinkID=246504)

Touch (http://go.microsoft.com/fwlink/p/?LinkId=246506)
Create a SharePoint Machine Translation service application

You can create a new Machine Translation Service application by using either Central Administration or Windows PowerShell.

To create a Machine Translation service application by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group and the Administrators group on the computer that is running Central Administration.
On the Central Administration home page, in the Application Management section, click Manage service applications.
On the ribbon, click New, and then click Machine Translation Service.
In the Create New Machine Translation Service Application pane, in the Name section, type a name for the service application.
In the Application Pool section, do one of the following:

Click Use existing application pool, and then select the application pool that you want to use from the drop-down list.
Click Create a new application pool, type the name of the new application pool, and then under Select a security account for this application pool do one of the following:
- Click Predefined to use a predefined security account, and then select the security account from the drop-down list.
- Click Configurable to specify a new security account to be used for an existing application pool. You can create a new account by clicking the Register new managed account link.

Important:

The account that is used by the application pool must also have Full Control permissions to the User Profile service application. If you create a new application pool and a new account, make sure that you add the account to the list of accounts that can use the User Profile Service Application, and grant Full Control permissions to the account. For more information, see Restrict or enable access to a service application (SharePoint Server 2010).

In the Partitioned Mode section, select Run in partitioned mode only if you will be providing hosting services for other sites, and the sites using it have site subscriptions.
In the Add to Default Proxy List section, select Add this service application’s proxy to the farm’s default proxy list. If you have multiple Web applications, and want them to use different sets of services, clear this check box.
In the Database section, specify the database server, database name, and authentication method for the new service application as described in the following table. The database is used to hold the work items for the Machine Translation service.

Database section properties

Item	Action
Database Server	Type the name of the database server and SQL Server 2012 instance that you want to use in the format ServerName\Instance. You can also use the default entry.
Database Name	Type the name of the database. Important: The database name must be a unique name.
Database Authentication	Select the authentication that you want to use by doing one of the following: If you want to use Windows authentication, leave this option selected. We recommend this option because Windows authentication automatically encrypts the password when it connects to SQL Server. If you want to use SQL authentication, click SQL authentication. In the Account box, type the name of the account that you want the service application to use to authenticate to the SQL Server database, and then type the password in the Password box. Note: In SQL authentication, an unencrypted password is sent to SQL Server. We recommend that you use SQL authentication only if you force protocol encryption to SQL Server or encrypt network traffic by using IPsec.

Click OK.
Start the Machine Translation Service. For more information, see “Starting or stopping a service” in Manage services on the server (SharePoint Server 2010).

To create a Machine Translation service application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

New-SPTranslationServiceApplication -Name “<ServiceApplicationName>” -DatabaseName “<DatabaseName>” -DatabaseServer “<DatabaseServer>” -ApplicationPool “<ApplicationPoolName>” -Default

Where:

<ServiceApplicationName> is name of the new Machine Translation Service application.
<DatabaseName> is the name of the database that will host the Machine Translation Service logs. To create a new database, provide a new name.

Important:

The database name must be a unique name.

<DatabaseServer> is the name of the database server that will hold the work items for the Machine Translation Service.
<ApplicationPoolName> is the name of an existing application pool in which the new Machine Translation Service should run.

Important:

The account that is used by the application pool must also have Full Control permissions to the User Profile service application. If you create a new application pool and a new account, make sure that you add the account to the list of accounts that can use the User Profile service application, and grant it Full Control permissions. For more information, see Restrict or enable access to a service application (SharePoint Server 2010).

Example

New-SPTranslationServiceApplication -Name “Machine Translation Service Application” -DatabaseName “MachineTranslationDB” -DatabaseServer “ContosoDBServer” -ApplicationPool “ContosoAppPool” -Default

Start the Machine Translation Service. For more information, see “Starting or stopping a service” in Manage services on the server (SharePoint Server 2010).

For more information, see New-SPTranslationServiceApplication.

Configure the Machine Translation Service

You can configure the Machine Translation Service by using either Central Administration or Windows PowerShell.

Caution:

Changing the default settings for the Machine Translation Service can potentially affect server performance. For example, increasing item size limits can result in the translation job taking longer to run, and increasing the number of processes will consume more resources on the server. Be sure to carefully consider any possible server effects before you change these settings.

To configure the Machine Translation Service by using Central Administration

Verify that the user account that is performing this procedure is a member of the Farm Administrators group in SharePoint Server 2013.
On the Central Administration home page, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click the link that corresponds to the name of the Machine Translation service application.
On the Machine Translation Service page, in the Enabled File Extensions section, clear the check box for any file name extensions that you want to disable. By default, all file name extensions are enabled.
In the Item Size Limits section, do the following:

In the Maximum file size for binary files in KB. Microsoft Word documents are binary files box, type the maximum file size (100-524288), in KB, for binary files. The default is 51200. Files that exceed this limit will not be translated.
In the Maximum file size for text files in KB. Plain-text, HTML, and XLIFF documents are text files box, type the maximum file size (100-15360), in KB, for text files. The default is 5120. Files that exceed this limit will not be translated.
In the Maximum character count for Microsoft Word documents box, type the maximum character count (10000-10000000) for Word documents. The default is 500000.

In the Online Translation Connection section, do one of the following:

Click Use default internet settings. This is the default.
Click Use the proxy specified, and type a web proxy server and port number.

Note:

If you change this setting, you must stop and restart the Machine Translation Service after you configure it.

In the Translation Processes section, type the number of translation processes (1-5). The default is 1.

Note:

If you change this setting, you must stop and restart the Machine Translation Service after you configure it.

In the Translation Throughput section, do the following:

In the Frequency with which to start translations (minutes) box, type the frequency with which groups of translations are started, in minutes (1-59). The default is 15.
In the Number of translations to start (per translation process) box, type the number of translations (1-1000) per process. This number represents the number of translations started per process every time translations are started. The default is 200.

In the Maximum Translation Attempts section, type the maximum number of times (1-10) a translation is tried before its status is set to Failed. The default is 2.
In the Maximum Synchronous Translation Requests section, type the maximum number of synchronous translation requests (0-300). The default is 10.

Note:

You can also set this value to 0 so that no synchronous jobs are accepted.

In the Translation Quota section, do the following:

In the Maximum number of items which can be queued in a 24-hour period section, do one of the following:
- Click No limit. This is the default.
- Click Limit per 24 hours, and then type the maximum number of items (100-1000000) that can be queued in a 24-hour period.
In the Maximum number of items which can be queued in a 24-hour period per site subscription section, do one of the following:
- Click No limit. This is the default.
- Click Limit per 24 hours, and then type the maximum number of items (100-1000000) that can be queued in a 24-hour period per site subscription.

Note:

This setting applies only if you will be providing hosting services for other sites, and the sites using it have site subscriptions.

In the Completed Job Expiration Time section, do one of the following:

Click Days, and then type the number of days (1-1000) completed jobs are kept in the job history log. The default is 7.
Click No expiration.

In the Recycled Threshold section, type the number of documents (1-1000) to be converted before the conversion process is restarted. The default is 100.

Note:

If you change this setting, you must stop and restart the Machine Translation Service after you configure it.

In the Office 97-2003 Document Scanning section, specify whether to disable security scanning for Office 97-2003 documents. Only enable this setting if you trust the documents that will be converted. The default is No.
Click OK.
If you changed any settings that require you to restart the Machine Translation Service, restart the service now. For more information, see “Starting or stopping a service” in Manage services on the server (SharePoint Server 2010).

To configure the Machine Translation Service by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Set-SPTranslationServiceApplication -Identity “<ServiceApplicationName>” -EnableAllFileExtensions -UseDefaultlnternetSettings -TimerJobFrequency <TimerJobFrequency> -MaximumTranslationAttempts <MaximumTranslationAttempts> -JobExpirationDays <JobExpirationDays> -MaximumSyncTranslationRequests <MaximumSyncTranslationRequests> -RecycleProcessThreshold <RecycleProcessThreshold> -DisableBinaryFileScan <DisableBinaryFileScan>

Where:

<ServiceApplicationName> is name of the Machine Translation service application.
<TimerJobFrequency> is the frequency, in minutes (1-59), with which groups of translations are started.
<MaximumTranslationAttempts> is the maximum number of times (1-10) a translation is tried before its status is set to Failed.
<JobExpirationDays> is the number of days (1-1000) completed jobs are kept in the job history log.
<MaximumSyncTranslationRequests> is the maximum number of synchronous translation requests (0-300).
<RecycleProcessThreshold> is the number of documents (1-1000) to be converted before the conversion process is restarted.
<DisableBinaryFileScan> is either 0 (false) or 1 (true).

Example

Set-SPTranslationServiceApplication -Identity “Machine Translation Service Application” -EnableAllFileExtensions -UseDefaultlnternetSettings -TimerJobFrequency 30 -MaximumTranslationAttempts 3 -JobExpirationDays 14 -MaximumSyncTranslationRequests 20 -RecycleProcessThreshold 300 -DisableBinaryFileScan 1

Note:

Changes to any of the following parameters will require that you restart the Machine Translation Service: KeepAliveTimeout, MaximumTranslationTime, TotalActiveProcesses, RecycleProcessThreshold, WebProxyAddress, MachineTranslationAddress, UseDefaultInternetSettings.

If you changed any settings that require you to restart the Machine Translation Service, restart the service now. For more information, see “Starting or stopping a service” in Manage services on the server (SharePoint Server 2010).

For more information, see Set-SPTranslationServiceApplication.

The Microsoft Translator Hub is an extension of Microsoft Translator, and allows you to build automatic language translation systems that integrate with your website. After you build a custom system, the Test System page on the Projects tab in the Microsoft Translator Hub displays a category ID. You can configure the Machine Translation Service to use the custom translation system by passing the category ID in the MachineTranslationCategory parameter. For more information about the Microsoft Translator Hub, see http://hub.microsofttranslator.com.

Additional steps

If the account that is used by the application pool that was assigned to the Machine Translation service application differs from the one used by the User Profile service application, you must add it to the list of accounts that can use the User Profile service application, and grant it Full Control permissions. For more information, see Restrict or enable access to a service application (SharePoint Server 2010).
Configure Request Manager in SharePoint Server 2013

Published: October 2, 2012

Summary: Learn how Request Manager in SharePoint Server 2013 can route and throttle incoming requests to help improve performance and availability.

Applies to: SharePoint Server 2013

Request Manager is functionality in SharePoint Server 2013 that enables administrators to manage incoming requests and determine how SharePoint Server 2013 routes these requests.

In this article:
Overview

Request Manager uses configured rules to perform the following tasks when it encounters requests:
- Deny potentially harmful requests from entering a SharePoint farm.
- Route good requests to an available server.
- Manually optimize performance.
Information that administrators or an automated process provide to Request Manager determine the effectiveness of routed requests.

To learn about how to use performance data to plan and manage the capacity of a SharePoint Server 2013 environment, see Capacity management and sizing overview for SharePoint Server 2013

Scenarios

The following table describes possible scenarios and resolutions that Request Manager can address.

Area	Scenario	Resolution
Reliability and performance	Routing new requests to web front end with low performance can increase latency and cause timeouts.	Request Manager can route to front-end web servers that have better performance, keeping low performance front-end web servers available.
Reliability and performance	Requests from users and bots have equal priority.	Prioritize requests by throttling requests from bots to instead serve requests from end-users).
Manageability, accountability, and capacity planning	SharePoint Server fails or generally responds slowly, but it‘s difficult to identify the cause of a failure or slowdown.	Request Manager can send all requests of a specific type, for example, Search, User Profiles, or Office Web Apps, to specific computers. When a computer is failing or slow, Request Manager can locate the problem.
Manageability, accountability, and capacity planning	All front-end web servers must be able to handle the requests because they could be sent to any front-end web server.	Request Manager can send multiple or single requests to front-end web servers that are designated to handle them.
Scaling limits	Hardware scaling limited by load balancer	Request Manager can perform application routing and scale out as needed so that a load balancer can quickly balance loads at the network level.

Setup and Deployment

Request Manager’s task is to decide two things: a SharePoint farm will accept a request, and if the answer is “yes”, to which front-end web server SharePoint Server will send it. The three major functional components of Request Manager are Request Routing, Request Throttling and Prioritizing, and Request Load Balancing. These components determine how to handle requests. Request Manager manages all requests on a per-web-application basis. Because Request Manager is part of the SharePoint Server 2013 Internet Information Services (IIS) module, it only affects requests that IIS hosts.

When a new request is received, Request Manager is the first code that runs in a SharePoint farm. Although Request Manager is installed during setup of SharePoint Server on a front-end web server, the Request Management service is not enabled. You can use the Start-SPServiceInstance and Stop-SPServiceInstance cmdlets to start and stop the Request Management service instance respectively or the Manage services on server page on the the SharePoint Central Administration website. You can use the RoutingEnabled or ThrottlingEnabled parameters of the Set-SPRequestManagementSettings Windows PowerShell cmdlet to change properties of Request Manager.

Note:

There is no user interface to configure properties of Request Manager. The Windows PowerShell cmdlet is the only way to perform this task.

Request Manager has two supported deployment modes: Dedicated and Integrated.
- Dedicated mode
Figure 1 shows a dedicated mode deployment.

Figure 1: Dedicated mode

A set of front-end web servers is dedicated to managing requests exclusively. The front-end web servers that are dedicated to Request Manager are in their own farm that is located between the hardware load balancers (HLBs) and the SharePoint farm. The HLBs send all requests to the Request Manager front-end web servers. Request Manager that runs on these front-end web servers decides to which SharePoint front-end web servers it will send the requests and then routes the requests. Depending on the routing and throttling rules, Request Manager might ignore some requests without sending them to another server. The SharePoint front-end web servers do their normal tasks in processing requests and then send responses back through the front-end web servers that run Request Manager and to the clients.

Note that all farms are set up as SharePoint farms. All front-end web servers in Figure 1 are SharePoint front-end web servers, each of which can do the same work as any other. The difference between the farms is that the Request Manager front-end web servers have Request Manager enabled.

Dedicated mode is good for larger-scale deployments when physical computers are readily available. The ability to create a separate farm for Request manager provides two benefits: Request Manager and SharePoint processes do not compete for resources and you can scale out one without having to also scale out the other. This allows you to have more control over the performance of each role.
- Request Manager and SharePoint processes do not compete for resources.
- You can scale out each farm separately, which provides more control over the performance of each farm.
  - Integrated mode
Figure 2 shows an integrated mode deployment.

Figure 2: Integrated mode

In an integrated mode deployment, all SharePoint front-end web servers run Request Manager. Hardware load balancers send requests to all front-end web servers. When a front-end web server receives a request, Request Manager decides how to handle it: .
- Allow it to be processed locally.
- Route it to a different front-end web server.
- Deny the request.
Integrated mode is good for small-scale deployments when many physical computers are not readily available. This mode lets Request Manager and the rest of SharePoint Server to run on all computers. This mode is common for on-premises deployments.

Configuration

Request Manager has two configurable parts: General settings and Decision information. General settings are parameters that make Request Manager ready to use, such as enabling or disabling Request Routing and Request Throttling and Prioritizing. Decision information is all of the information that is used during the routing and throttling processes, such as routing and throttling rules.

Note:

You configure Request Manager on a farm and functionality occurs at a web application level.

General settings

By default, request routing and request throttling and prioritizing are enabled. You use the Set-SPRequestManagementSettings cmdlet to change the properties of request routing, request throttling and prioritizing, and select a routing weight scheme.

The table describes the configuration situation and Windows PowerShell syntax to use.

Windows PowerShell examples to enable routing and throttling

Situation	Windows PowerShell syntax
Enable routing and throttling for all web applications	Get-SPWebApplication \| Set-SPRequestManagementSettings –RoutingEnabled $true –ThrottlingEnabled $true
Enable routing with static weighting for all web applications	Get-SPWebApplication \| Get-SPRequestManagementSettings \| Set-SPRequestManagementSettings –RoutingEnabled $true –ThrottlingEnabled $false –RoutingWeightScheme Static

In some situations, multiple front-end web servers will be suitable destinations for a particular request. In this case, by default, SharePoint Server selects one server randomly and uniformly.

One routing weight scheme is static-weighted routing. In this scheme, static weights are associated with front-end web servers so that Request Manager always favors a higher static weight during the selection process. This scheme is useful to give added weight to more powerful front-end web servers and produce less strain on less powerful ones. Each front-end web server will have a static weight associated with it. The values of the weights are any integer value, where 1 is the default. A value less than 1 represents lower weight, and greater than 1 represents higher weight.

Another weighting scheme is health-weighted. In health-weighted routing, front-end web servers that have health scores closer to zero will be favored, and fewer requests will be sent to front-end web servers that have a higher health score values. The health weights run from 0 to 10, where 0 is the healthiest and therefore will get the most requests. By default, all front-end web servers are set to healthy, and therefore, will have equal weights. SharePoint’s health score based monitoring system assigns weight to server and send a health score value as a header in the response to a request. Request Manager uses same health score and stores it in local memory.

Decision information

Decision information applies to routing targets, routing rules, and throttling rules.

Routing targets

Request routing determines the routing targets that are available when a routing pool is selected for a request. The scope of routing targets is currently for front-end web servers only, but Request Manager‘s design does not exclude routing to application servers, too. A list of front-end web servers in a farm is automatically maintained by using the configuration database. An administrator who wants to change that list, typically in dedicated mode, has to use the appropriate routing cmdlets to get, add, set, and remove routing targets.

The following table describes the various routing target tasks and the associated Windows PowerShell syntax to use.

Windows PowerShell examples routing target tasks

Task	Windows PowerShell syntax
Return a list of routing targets for all available web applications.	Get-SPWebApplication \| Get-SPRequestManagementSettings \| Get-SPRoutingMachineInfo –Availability Available
Add a new routing target for a specified web application. Note: IIS log files will contain all HTTP requests. For additional information about IIS logging, see IIS Logging	$web=Get-SPWebApplication -Identity <URL of web application> $rm=Get-SPRequestManagementSettings -Identity $web Add-SPRoutingMachineInfo –RequestManagementSettings $rm -Name <MachineName> -Availability Available Where <URL of web application> is the URL of the web application to which you’re adding a new routing target. <MachineName>is the name of the server that hosts the web application.
Edit an existing routing target‘s availability and static weight for a specified web application	$web=Get-SPWebApplication -Identity <URL of web application> $rm=Get-SPRequestManagementSettings -Identity $web $m=Get-SPRoutingMachineInfo -RequestManagementSettings $rm -Name <MachineName> Set-SPRoutingMachineInfo -Identity $m -Availability Unavailable Where <URL of web application> is the URL of the web application for which you’re editing an existing routing target‘s availability and static weight.
Remove a routing target from a specified web application Note: You cannot remove front-end web servers that are in the farm. Instead, you can use the Availability parameter of the Set-SPRoutingMachineInfo cmdlet to make them unavailable.	$web=Get-SPWebApplication -Identity <URL of web application> $rm=Get-SPRequestManagementSettings -Identity $web $m=Get-SPRoutingMachineInfo -RequestManagementSettings $rm -Name <MachineName> Remove-SPRoutingMachineInfo -Identity $M Where <URL of web application> is the URL of the web application from which you’re removing a routing target.

Routing and throttling rules

Request routing and request throttling and prioritizing are decision algorithms that use rules to prescribe many actions. The rules determine how Request Manager handles requests.

Rules are separated into two categories, routing rules and throttling rules, which are used in request routing and request throttling and prioritizing, respectively. Routing rules match criteria and route to a machine pool. Throttling rules match criteria and throttle based on known health score of a computer.

Request Routing
Request processing is all operations that occur sequentially from the time that Request Manager receives a new request to the time that Request Manager sends a response to the client.

Request processing is divided into the components:
- request routing
- incoming request handler
- request throttling and prioritizing
- request load balancing
  - Incoming request handler
The role of the incoming request handler is to determine whether Request Manager should process a request. If request throttling and prioritizing is disabled and the Request Manager queue is empty, Request Manager directs the request to SharePoint Server that is running on the current front-end web server. If request throttling and prioritizing is enabled, request throttling and prioritizing determines whether the request should be allowed or denied on the current front-end web server.

The processes steps of the incoming request handler are as follows:

Request is determined if it should be throttled or routed
For routed requests, load balance algorithm is run
Request routed to load balancer endpoint

Request routing and Request throttling and prioritizing only run if it is enabled and is routed once per farm. Request load balancer only runs if a request has been determined as routable. The outgoing request handler only runs if the request has to be sent to a different front-end web server. The role of the outgoing request handler is to send the request to the selected front-end web server, wait for a response, and send the response back to the source.

Request routing

The role of request routing is to select a front-end web server to route a request. By using no routing rules that are defined, the routing scheme is as easy as randomly selecting an available front-end web server.

The algorithm of request routing is defined by two parts: request-rule matching and front-end web server selection.

Request rule matching

Every rule has one or more match criteria, which consist of three things: match property, match type, and match value.

The following table describes the different types of match properties and match types:

Match property	Match type
Hostname	RegEx
URL	Equals
Port number	Starts with
MIME Type	Ends with

For example, an administrator would use the following match criteria to match http://contoso requests: Match Property=URL; Match value= http://contoso; Match type=RegEx

Front-end web server selection

The front-end web server selection uses all routing rules, whether they match or do not match a given request. Rules that match have machine pools, a request sends load balanced to any machine in any matching rule‘s machine pool. If a request does not match any request, it sends load balanced to any available routing target.

Request routing and prioritizing

For routing requests that use the health-based monitoring system, the role of request routing and prioritizing is to reduce the routing pool to computers that have a good health score to process requests. If request routing is enabled, the routing pool is whichever front-end web server is selected. If request routing is disabled, the routing pool only contains the current front-end web server.

Request routing and prioritizing can be divided into two parts: request-rule matching and front-end web server filtering. Request-rule matching happens exactly like in request routing. Front-end web server filtering uses the health threshold parameter from the throttling rules in combination with front-end web server health data to determine whether the front-end web servers in the selected routing pool can process the given request.

The front-end web server filtering process follows these steps:

The routing pool is either the current front-end web server or one or more front-end web servers that request routing selects.
All matching rules are checked to find the smallest health threshold value.
Remove front-end web servers in the routing pool that have health scores greater than or equal to the smallest health threshold value.

For example, request routing is disabled and the current front-end web server has a health score of 7 and a rule “Block OneNote“ without a health threshold (that is, health threshold = 0) is created.

The routing pool is the current front-end web server that has a health threshold equal to zero (0). So, the smallest threshold that the front-end web server can serve is zero. Because the current front-end web server has health score of 7, Request Manager denies and removes the request.

Request load balancing

The role of request load balancing is to select a single target to which to send the request. Request load balancing uses the routing weight schemes to select the target. All routing targets begin with a weight of 1. If static weighting is enabled, request load balancing uses the static weights set of each routing target to adjust the weights and the value can be valid integer number. If health weighting is enabled, request load balancing uses health information to add weight to healthier targets and remove weight from less healthy targets.

Monitoring and maintenance

Monitoring and logging are keys to managing requests from Request Manager.

The rules that matched.
The rules that did not match.
The final decision of the request.

Decisions might include useful information such as the following.
- Was the request denied?
- Which front-end web server was selected and from which routing pool>
- Did the request succeed or fail and why?
- How long did each part, routing, throttling, and waiting for front-end web server to respond, take?

An administrator can use this information to adjust the routing and throttling rule sets to optimize the system and correct problems. To help you monitor and evaluate your farm’s performance, you can create a performance monitor log file and add the following SharePoint Foundation Request Manager Performance counters:

Counter name	Description
Connections Current	The total number of connections that are currently open by Request Manager.
Connections Reused / Sec	The number of connections per second that are reused when the same client connection makes another request without closing the connection.
Routed Requests / Sec	The number of routed requests per second. The instance determines the application pool and server for which this counter tracks.
Throttled Requests / Sec	The number of throttled requests per second.
Failed Requests / Sec	The number of failed requests per second.
Average Processing Time	The time to process the request that is, the time to evaluate all the rules and determine a routing target.
Last Ping Latency	The last ping latency (that is, Request Manager’s PING feature) and the instance determine which application pool and machine target.
Connection Endpoints Current	The total number of endpoints that are connected for all active connections.
Routed Requests Current	The number of unfinished routed requests. The instance determines which application pool and machine target.

Along with creating a performance monitor log file, the verbose logging level can be enabled by using the following Windows PowerShell syntax:

Set-SPLogLevel “Request Management“
–TraceSeverity Verbose

Configure Business Connectivity Services solutions for SharePoint 2013

Published: July 16, 2012

Summary: Find links to procedures to help you install and configure SharePoint 2013 Business Connectivity Services (BCS) for the on-premises and cloud-only solutions, and other scenarios.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

This article is your starting place for the procedures to install common Microsoft Business Connectivity Services scenarios for SharePoint 2013. The Business Connectivity Services solution that you deploy will most likely look different from the solutions presented here, but you can model your installation on these examples. Also, you can select the individual procedures from here to build your own procedural documents for your Business Connectivity Services solution scenario.

About Business Connectivity Services installation scenarios

Every Business Connectivity Services solution is unique because each business has unique data integration problems that it solves with Business Connectivity Services. The solutions can range from something simple and straightforward that a power user or IT professional (who has the appropriate permissions) can perform by themselves, to complex solutions that require developer, IT professional, and end-user solution development involvement. This guide presents the configuration procedures in common scenarios.

On-premises All the Business Connectivity Services components are under your organizations control behind your firewall.

Prerequisites

Before you begin with any Business Connectivity Services scenario configuration, make sure that you have read Business Connectivity Services Overview (SharePoint 2013 Preview) and completed the steps in Plan a Business Connectivity Services solution (SharePoint 2013 Preview).
On-premises deployment

The procedures in Deploy a Business Connectivity Services on-premises solution in SharePoint 2013 show you how to deploy a solution that involves the following:
- A Business Connectivity Services infrastructure that is on your corporate network.
- Information workers who access the Business Connectivity Services solution are on your corporate network.
- External content that is surfaced in SharePoint as an external list.
- External content that is synchronized into Outlook for offline use.
- Accessing external data that is in SQL Server database on your corporate network.
- SharePoint Designer 2013 to create the external content type for the SQL Server data source.
- The Secure Store Service to manage mapping of user credentials to group credentials for accessing the external systems.
Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
Updated: October 16, 2012

Summary: How to install Business Connectivity Services (BCS) to access an on-premises SQL Server external data source, surface external data in SharePoint lists, and take external data offline in Outlook.

Applies to: SharePoint Server 2013

The following scenario shows you how to create a no-code business solution in Microsoft Business Connectivity Services (BCS) by using the SQL Server AdventureWorks sample database. You learn how to:
- Configure the accounts, and groups that you need to securely access the external data source.
- Configure the permission on the external data source, the external content type and the external lists.
- Create and configure an external content type.
- Create an external list that makes the external data available to users.
- Connect the external list to Outlook to make the external data available when the user is offline.
This article includes the overview, roadmap, and any conceptual information that is needed.

What these procedures help you deploy

Business Connectivity Services is a centralized infrastructure in SharePoint 2013 and Office 2013 that enables you to integrate data that is not in SharePoint products and Office 2013 into SharePoint products and Office 2013. BCS implementations take many different forms, including the on-premises form. These procedures show you how to install and configure BCS to integrate data from an on-premises SQL data source into a SharePoint products external list and into Outlook. For the purposes of building out this scenario, we use the AdventureWorks sample SQL database. The solution looks as shown in the following figure.

A user goes to an external list on a SharePoint site. The external list creates a request for data by using the user‘s Windows credentials.
The request is sent to the BDC runtime in the SharePoint farm.
The BDC runtime accesses the external content type for the list (in the BDC Metadata Store) to see how to access the external system and which operations can be performed. By using either the user‘s credentials or the credentials from the Secure Store (as defined in the external content type), the BDC runtime passes the request to a connector that can handle the request, in this case the SQL connector.
The SQL connector accesses the external data source and retrieves the data, and applies any formatting and filtering as specified in the external content type. The data is passed back through the request chain to the list where the user can interact with it.
The user wants to take this data on a portable computer in Outlook so the user can use the Connect to Outlook feature on the external list to take the data offline.
The Click Once installation runs and installs the required BDC model on the client. This lets the BDC Client-Side Runtime access the external data directly.
Outlook then connects to the external data by using the configuration in the BDC model and synchronizes it into an Outlook SharePoint external list, formatted as a contacts list.
The user can then interact with the contact data, and any changes that the user makes can be written back to the external data source either by an on-demand synch or by waiting six hours for the automated synchronization.

How to use these procedures and a roadmap of the procedures

The steps to completely deploy this scenario are presented in smaller procedures. Some of the procedures are on TechNet, some are on Office.com, and some are on MSDN. Each procedure is numbered indicating its position in the overall sequence. At the beginning and end of each procedure, links direct you to the preceding and following steps. The following list contains links to all of the procedures, in proper order, for your reference. You must follow them in sequence to build out the scenario. You can also use these procedures individually to build out your own unique scenarios. When you are assembling individual procedures to build out your own scenarios, be sure to test the entire set of procedures, in order, in a lab setting before you attempt them in production.

Prerequisites for deploying a Business Connectivity Services on-premises solution in SharePoint 2013
Create database logins for a Business Connectivity Services on-premises solution in SharePoint 2013
Start the Business Data Connectivity service for a Business Connectivity Services on-premises solution in SharePoint 2013
Create the Business Data Connectivity service application in SharePoint 2013
Set permissions on the BCS Metadata Store for a Business Connectivity Services on-premises solution in SharePoint 2013
Configure the Secure Store Service for a Business Connectivity Services on-premises solution in SharePoint 2013
Create an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013
Configure permission on an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013
Create an external list for a Business Connectivity Services on-premises solution in SharePoint 2013
Manage user permissions on an external list for a Business Connectivity Services on-premises solution in SharePoint 2013
Connect an external list to Outlook for a Business Connectivity Services on-premises solution in SharePoint 2013
Verify offline access and synchronization of external data in Outlook for a Business Connectivity Services on-premises solution in SharePoint 2013

Prerequisites for deploying a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: How to prepare your environment to install Business Connectivity Services (BCS) in an on-premises configuration in SharePoint 2013.

Applies to: SharePoint Server 2013 | SharePoint Foundation 2013

Before you start your installation of the on-premises Microsoft Business Connectivity Services (BCS) scenario, you must have these software and infrastructure requirements in place.

Important:

This is Step 1 in the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013.
On-premises scenario prerequisites
- A fully functional SharePoint 2013 server farm with a Web Application and site collection
- A fully functioning instance of SQL Server 2008 with Service Pack 1 (SP1) and Cumulative Update 2 or SQL Server 2008 R2
- SharePoint Designer 2013
- Outlook 2013 client
- You have an account that has permissions to administer the Business Data Connectivity Service Application
- You have an account that has permissions to administer the Secure Store Service service application
- Download the AdventureWorks sample database from Codeplex downloads for SQL Server. This database must be installed and functioning on your SQL Server
- Create an Active Directory directory Service (AD DS) security group and add the users who will be using this BCS solution, for example create a group that is named AdventureWorksBCSUsers
The AdventureWorks sample database is developed and published by Microsoft. The AdventureWorks sample database is prepopulated with a large quantity of fictitious data from a fictitious company, AdventureWorks Cycles. We are using the AdventureWorks sample database here so we have a concrete example for illustrating the installation and configuration of the on-premises BCS scenario.

Tip:

If you have problems attaching the database file by using the Attach command, in the Attach databases dialog box, and remove the reference to the log file in the bottom pane before you click OK.
Preparing the environment
- How to download and install the AdventureWorks sample database

From a browser, go to AdventureWorks sample database and download the AdventureWorks2008R2_Data.mdf file.
Install the Adventure Works2008R2 sample database by following the procedures in the “Readme for AdventureWorks 2008 R2 Sample Database“ section of the SQL Server Samples Readme (en-US) page.

Important:

Link to Step 2Create database logins for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Create database logins for a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: How to prepare the SQL Server logins for Business Connectivity Services (BCS) on-premises scenario deployment in SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Microsoft Business Connectivity Services (BCS) requires an account that it can use to access the external data source. The account must have the necessary permissions on the external data source to perform all the operations that your BCS solution might require. For ease of configuration and ongoing management, you can map a group of SharePoint products users to a single shared account on the external data source.

In this procedure, you create a SQL Server login and then assign that login to a user account on the AdventureWorks sample database. You will use Secure Store Service services to map a group of SharePoint 2013 users to the single shared account in a later procedure.

Important:

This is Step 2 in the Business Connectivity Services On-Premises scenario deployment procedures.
- Link to Step 1Prerequisites for deploying a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
  - Create a SQL Server login

Start SQL Server Management Studio.
In the Object Explorer, expand the <database server name>, expand Security, and then expand Logins.
Right-click Logins, and then click New Login
In the Login Name box, enter SharePointGroupAccount.
Select SQL Server authentication, and then enter and confirm a password.
In the Default database box, select AdventureWorks2008R2, and then click OK.

Create a SQL Server user on the AdventureWorks database

In the Object Explorer, expand Databases, expand AdventureWorks2008R2, expand Security, and then expand Users.
Right-click Users, and then click New User.
Under the Login Name, with the User name box pre-selected, in the first box, enter AdventureWorksUser
In the second box, click Browse, in the Select Login dialog box, click Browse, select the SQL Server account, SharePointGroupAccount, and then click OK twice.
Under Database Role membership, select db_owner.
Click OK.
Close SQL Server Management Studio.

Important:

Link to Step 3Start the Business Data Connectivity service for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Start the Business Data Connectivity service for a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: How to start the Business Data Connectivity service for a SharePoint 2013 server farm.

The Business Data Connectivity Service must be running for you to create any BCS based business solution. Use this procedure to start or stop the Business Data Connectivity Service

Important:

This is Step 3 in the Business Connectivity Services On-Premises scenario deployment procedures.
- Link to Step 2Create database logins for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
  - Start the Business Data Connectivity service

Open the SharePoint Central Administration website for the server farm that contains your BCS solution.
On the Quick Launch, click System Settings.
On the System Settings page, under Servers, click Manage services on server.
Check the value in the Server field. If the server name shown there is not the server that you want running the Business Data Connectivity Service on, click on the down arrow, click Change Server and select the correct server.
If necessary, next to Business Data Connectivity Service, under the Action column, click Start.

Note:

If you need to stop the Business Data Connectivity Service after starting it, next to Business Data Connectivity Service in the Action column click Stop.

Important:

Link to Step 4Create the Business Data Connectivity service application in SharePoint 2013 of the Business Connectivity Services On-Premises deployment procedures

Create the Business Data Connectivity service application in SharePoint 2013

Published: October 16, 2012

Summary: How to create the Business Data Connectivity service application for SharePoint 2013 for a Business Connectivity Services on-premises configuration.

Applies to: SharePoint Server 2013 | SharePoint Foundation 2013

Microsoft Business Connectivity Services is a SharePoint 2013 service application. You must create it if it was not created during your farms initial configuration.

Important:

This is Step 4 in the Business Connectivity Services on-premises scenario deployment procedures.
- Link to Step 3Start the Business Data Connectivity service for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
  - Create a new Business Data Connectivity Services service application

Open the SharePoint Central Administration website for your farm with a Farm administrator account. This must be the farm in which you started the Business Data Connectivity Service in the Start the Business Data Connectivity service for a Business Connectivity Services on-premises solution in SharePoint 2013 procedure.
On the Quick start, click, Application Management.
On the Application Management page under Service Applications, click Manage service applications.
If an instance of the Business Data Connectivity Service Application that you will use for this solution is already there, you can skip the rest of this procedure. If not, follow the rest of this procedure to create one.
On the SERVICE APPLICATIONS tab, click New and click Business Data Connectivity Service.
Configure the setting in the Create New Business Data Connectivity Service Application configuration page as follows:
1. In the Service Application Name box enter the name you want the service to appear as on the Manage Service Applications page. This BCS service application can be used by multiple BCS solutions.
2. In the Database area, leave the prepopulated values for Database Server, Database Name, and Database authentication, which is Windows authentication (recommended) unless you have specific design needs to change them.
3. If you have SQL Server database mirroring configured and you want to include the Business Data Connectivity Service database in mirroring, provide the name of the failover database server in the Failover Database Server box.
4. If you have not already created a new application pool for your service applications, enter a name for a new application pool in the Application pool name box, for example, “SharePointServiceApps“. You can use this application pool for all your service applications. For more information on planning, creating and configuring service applications, see Manage service applications in SharePoint 2013.
5. Select the account that you configured in the Prerequisites for deploying a Business Connectivity Services on-premises solution in SharePoint 2013 procedure as the SharePoint products application services account in the Configurable drop down.
Click OK to create the new Business Data Connectivity Service Application and click OK again.
Select the row that the Business Data Connectivity Service Application is in, not the proxy row.
Click Administrators in the Operations area and add any accounts that you want to be able to administer the Business Data Connectivity service application granting them full control. When these individuals open Central Administration they will only be able to administer the Business Data Connectivity service application.

Important:

Link to Step 5Set permissions on the BCS Metadata Store for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Set permissions on the BCS Metadata Store for a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: How to configure permissions on the Business Connectivity Services (BCS) Metadata Store for SharePoint 2013 for an on-premises configuration.

Applies to: SharePoint Server 2013 | SharePoint Foundation 2013

The BCS Metadata Store holds external content types, external systems and BDC model definitions for the BCS Service Application. In this procedure you configure administrative permissions on the Metadata Store and everything that it will contain.

Important:

This is Step 5 in the Business Connectivity Services On-Premises scenario deployment procedures.
- Link to Step 4Create the Business Data Connectivity service application in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
  - Set permissions on the Business Connectivity Services Metadata Store

Open the SharePoint Central Administration website with either a Farm administrator account or an account that has been delegated permissions to administer the Business Data Connectivity Service Applications.
On the Quick Launch, click Application Management.
On the Application Management page, under Service Applications, click Manage service applications.
In the list of services, select the row of the Business Data Connectivity Service Application that you created in Create the Business Data Connectivity service application in SharePoint 2013 and then click Manage and then Set Metadata Store Permissions.
Enter the Farm Administrator account and any other delegate administrators if you have them and then click Add.
For each account or group that you added that is an administrator of the Business Data Connectivity Service Application, select the Edit, Execute, Selectable In Clients, and Set Permissions checkboxes.
Select the Propagate permissions to all BDC Models, External Systems and External Content Types in the BDC Metadata Store. Doing so will overwrite existing permissions checkbox. For more information on setting permissions on the BDC Metadata Store, see Overview of Business Connectivity Services security tasks in SharePoint 2013.
Click OK.

Note:

Edit is a highly privileged permission that is required to create or modify external content types in the Business Data Connectivity metadata store. Execute permission is required to query the external content type.

Important:

Link to Step 6Configure the Secure Store Service for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Configure the Secure Store Service for a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: Link to a configuration of the Secure Store Services for a Business Connectivity Services (BCS) on-premises solution in SharePoint 2013.

Applies to: SharePoint Server 2013 | SharePoint Foundation 2013

The Secure Store Service stores the credentials that Microsoft Business Connectivity Services uses to access the AdventureWorks external data source and performs credential mapping between your users accounts and the credentials used to access the external data source.

Important:

This is Step 6 in the Business Connectivity Services On-Premises scenario deployment procedures.
- Link to Step 5Set permissions on the BCS Metadata Store for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
Parameters for configuring the Secure Store Service for a Microsoft Business Connectivity Services on-premises configuration

In this procedure you perform all the steps in Configure the Secure Store Services in SharePoint 2013 Preview article. You must perform the steps in the Configure the Secure Store Services in SharePoint 2013 article with these parameters from start to finish.
- Configure Secure Store Service for on-premises Business Connectivity Services

Perform all the steps in Configure the Secure Store Services in SharePoint 2013 Preview with the following parameters.
Open the SharePoint Central Administration website for the server farm that your Secure Store Service is in with an account that has Farm Administrator permissions.
In the Configure the Secure Store Services in SharePoint 2013 Preview article, perform all procedures in the Configure Secure Store section with these parameters
1. For the Register Managed Account, User name type in the name of the service account that you created in the Prerequisites for deploying a Business Connectivity Services on-premises solution in SharePoint 2013 procedure.
2. Do not select the Enable automatic password change box.
Perform the “To start the Secure Store Service“ procedure
Perform the “To create a Secure Store Service application” procedures using these parameters
1. In the Service Application Name box enter the name you want the service to appear as on the Manage Service Applications page.
2. In the Database area, leave the prepopulated values for Database Server, Database Name, and Database authentication, which is Windows authentication (recommended) unless you have specific design needs to change them.
3. If you have SQL Server database mirroring configured and you want to include the Secure Store Service in mirroring, provide the name of the failover database server in the Failover Database Server box.
4. For the Configurable dropdown, select the account that you registered as a managed account earlier in this procedure.
Perform the steps in the Work with encryption keys section with these parameters:
1. Don‘t perform the procedures in the “Refresh the encryption key“ sub-section
Read the Store credentials in Secure Store section and perform the Create a target application procedure using these parameters.
1. In the Target Application ID box type in a string for the target application; this is not the display name. For example type in AWTargetAppID.
2. In the Display Name box, enter the display name you want, for example Adventure Works Target Application ID.
3. In the Target Application Type dropdown, select Group (which indicates the mapping of many credentials to one credential). In this case, the Target Application Page URL is not needed and automatically selects to None.
4. On the Create New Secure Store Target Application page, under Field Name, change Windows User Name to SQL User Name, and Windows Password to SQL Password.
5. Under Field Type change Windows User Name to User Name and change Windows Password to Password.
6. In the Target Application Administrators add the accounts that you want to be administrators of the Target Application. Note that the Farm Administrator has access by default.
7. In the Members box, add the names of the users whom you want to allow access to the external data source. For this example use the AdventureWorksBCSUsers security group you created in Prerequisites for deploying a Business Connectivity Services on-premises solution in SharePoint 2013.
Perform the steps in the Set credentials for a target application procedure using these parameters:
1. In the SQL User Name box, type AdventureWorksUser which is the name SQL Server account you created in Create database logins for a Business Connectivity Services on-premises solution in SharePoint 2013.
2. In the SQL Password, and Confirm SQL Password boxes type the password for that account, which is actually the password for the SharePointGroupAccount account that you created in Create database logins for a Business Connectivity Services on-premises solution in SharePoint 2013.

Important:

Link to Step 7Create an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Create an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: How to create and configure an external content type for the Business Connectivity Services (BCS) on-premises scenario deployment in SharePoint 2013.

Applies to:

These procedures walk you through building an external content type for Business Connectivity Services using SharePoint Designer 2013 without writing any code. You will learn how to discover a SQL Server database, connect to the database table, and then return the required data. You will create an external content type named Customers that is based on the Customer view in the AdventureWorks sample database. This article uses the procedures in How to: Create external content types for SQL Server in SharePoint 2013 Preview. You must open that article and perform the steps there using the parameters given in the matching sections of this article.

Note:

The sections in this article match the sections in the How to: Create external content types for SQL Server in Sharepoint 2013.

Important:

This is Step 7 in the Business Connectivity Services On-Premises scenario deployment procedures.
- Link to Step 6Configure the Secure Store Service for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
Create and configure an external content type with SharePoint Designer 2013
- Define general information

Open How to: Create external content types for SQL Server in SharePoint 2013 Preview
Create a new external content type named AWcustomers with a display name of AdventureWorks Customers.

Define general and Office behaviors

Set the Office Item Type to Contact. The Office Item Type determines the Outlook behavior you want to attach to the external content type. In this case, this AWCustomer external content type behaves like a native Contact Item in Outlook.
In the Offline Sync for External List checkbox, make sure Enabled is selected, which is the default.

Note:

If you disable this option, then the SharePoint Connect to Outlook ribbon command is not available for an external list.

Create a connection to the external data

Add a connection using SQL Server as the External Data Source Type.
In the Set the Database Server box, enter <The name of the database server> and in the Set the Database Name box, enter AdventureWorks2008R2. Optionally, in the Name box, enter AdventureWorks Sample Database.
Select Connect with Impersonated Custom Identity.
In the Secure Store Application ID box, enter AWTargetAppID.

Warning:

If you are prompted to enter a user name and password for AWTargetAppID it may be because when you created the SharePointGroupAccount SQL login, you did not uncheck the User must change password at next login option. To fix this, you must change the password via SQL query ALTER LOGIN <LoginName> WITH PASSWORD = ‘<originalpassword>‘

Select a table, view, or routine and Define Operation

In the AdventureWorks Sample Database select the vIndividualCustomer view and right click Create All Operations.

Note:

Create All Operations is a convenient way to define all basic methods of operations (Create, Read, Read List, Update, and Delete).

Tip:

Always read carefully the messages in the Errors and Warnings pane. They provide useful information to confirm your actions or troubleshoot any issues.

Add columns

In the Parameters Configuration dialog box, by default all columns are selected. To remove unnecessary columns, clear the checkboxes next to the following columns: Suffix and Demographics.
For the BusinessEntityID select the Map to Identifier value.

Note:

Uncheck the Required box to prevent it from being updated but select the Read Only checkbox, which is needed to retrieve items so you can update other fields.

Map Outlook fields and set up the external item picker control

For the FirstName, LastName, EmailAddress, and PhoneNumber fields, do the following:
Click and highlight the field.
Under properties, in the Office property dropdown, select the appropriate matching field: FirstName to First Name (FirstName), LastName to Last Name (LastName), and PhoneNumber to Primary Telephone Phone Number (PrimaryTelephonePhoneNumber), EmailAddress to EmailAddress1 (Email1Address).

Note:

Unmapped fields, depending on the number, are displayed as extended properties. For two to five fields they are listed as Adjoining meaning that they are appended to the form region at the bottom of an Outlook form’s default page. For six or more fields they are listed as Separate and are added as a new page to an Outlook.

For the following fields, BusinessEntityID, FirstName, LastName, and EmailAddress click and highlight the field, and then under Properties, click Show in Picker.

Define filters

Create a Comparison filter named ByRegion, use CountryRegionName for the value.
Under Properties, next to Default Value, enter Canada.
Create Limit filter named AWLimit, use BusinessEntityID for the Filter Field
Set the default value to 200

Tip:

Click the Errors and Warnings pane and make sure there are no more errors or warnings.

Set the Title field for an external list and complete the external content type

Set BusinessEntityID as the Title and save the external content type.

Important:

Link to Step 8Configure permission on an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Configure permission on an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: Configure permission on an external content type for a Business Connectivity Services (BCS) on-premises scenario deployment in SharePoint 2013.

Applies to: SharePoint Server 2013 | SharePoint Foundation 2013

To configure user access and permissions to the external content type:

Important:

This is Step 8 in the Business Connectivity Services On-Premises scenario deployment procedures.
- Link to Step 7Create an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
  - Set up permissions to the external content type

Open the Central Administration page for your site.
On the Quick Launch, click Application Management.
On the Application Management page, under Service Applications, click Manage service applications.
In the list of services, click your Business Data Connectivity (BDC) Service.
Click AWCustomers.
On the ribbon, click Set Object Permissions.
Enter the user accounts to which you want to grant permissions, and then click Add. For this example, you would add the security group that was created in Prerequisites for deploying a Business Connectivity Services on-premises solution in SharePoint 2013AdventureWorksBCSUsers.
Select the user accounts that you just added, and then select Execute check boxe.
Select the Propagate permissions to all BDC Models, External Systems and External Content Types in the BDC Metadata Store check box to overwrite existing permissions.
Click OK.

The external content type is now available for use in SharePoint and Office products to the appropriate users.

Important:

Link to Step 9Create an external list for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Create an external list for a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: Create an external list, set its permissions and configure a view for a Business Connectivity Services (BCS) on-premises scenario deployment in SharePoint 2013.

Applies to:

An external list is a key building block for SharePoint solutions based on external data. You can read and write external data with the familiar experience of using a SharePoint list. An external list looks and behaves a lot like a native list, but there are some differences in behavior. For example, you can create views and use calculated values with formulas, but not attach files or track versions. For this exercise, you create the external list in the browser because that is a common approach. This article uses the procedures in Create an external list on Office.com. You must open that article and perform the steps there using the parameters given in the matching sections of this article.

Important:

This is Step 9 in the Business Connectivity Services On-Premises scenario deployment procedures.
- Link to Step 8Configure permission on an external content type for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
  - Create an external list

Open Create an external list
Create an external list named AdventureWorksCustomers using the AWCustomers external content type.

Create a view of an external list

Create a view for the external list AdventureWorksCustomers. For this example use ByRegionData Source Filter.
Make it the default view, and select your own Sort, Filter, and Limit values.

Important:

Link to Step 10Manage user permissions on an external list for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Manage user permissions on an external list for a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: How to configure permissions on external lists for a Business Connectivity Services (BCS) on-premises scenario deployment in SharePoint 2013.

Applies to:

Once you or an appropriate user has created the external list, it‘s important to make sure that you set appropriate permissions for other users. If the subsite that contains the external list inherits permissions from its parent site, then you may inadvertently give permission to inappropriate users. In this example, permissions are given to the AdventureWorksBCSUsers group.

Important:

This is Step 10 in the Business Connectivity Services On-Premises scenario deployment procedures.
- Link to Step 9Create an external list for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
  - Manage user permissions to the external list

On the List tab, in the Settings group, click List Settings.
Under Permissions and Management, click Permissions for this list…
Apply permissions to the list as you have planned them.

The following table summarizes the default external list permissions for SharePoint user groups:

Name	Permission levels
Excel Services Viewers	View Only
<Site Name> Members	Edit
<Site Name> Owners	Full Control
<Site Name> Visitors	Read

Important:

Link to Step 11Connect an external list to Outlook for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Connect an external list to Outlook for a Business Connectivity Services on-premises solution in SharePoint 2013

Published: October 16, 2012

Summary: Create a connection between an external list and Outlook in a Business Connectivity Services (BCS) on-premises scenario deployment in SharePoint 2013.

Applies to:

The external list contains customer data mapped to Outlook contacts for which you enabled Offline Sync for External List, so you can connect the list with Outlook 2013. Once connected, you can view, edit, and print the data using the familiar Outlook user interface. This article mirrors the procedures in Connect an external list to Outlook on Office.com. Refer to that article for more information on connecting an external list to Outlook.

Important:

This is Step 11 in the Business Connectivity Services On-Premises scenario deployment procedures.
- Link to Step 10Manage user permissions on an external list for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013.
  - Synchronize the external list with Outlook

Open the SharePoint 2013 site that contains the external list. In the ribbon, on the List tab, in the Connect & Export group, click Connect to Outlook.
In the Microsoft Office Customization Installer dialog box, click Install.The installation should take a minute or two.
Once the installation is complete, click Close.

Link to

Step 12Verify offline access and synchronization of external data in Outlook for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.

Verify offline access and synchronization of external data in Outlook for a Business Connectivity Services on-premises solution in SharePoint 2013

Summary: How to work offline with external data in Outlook for a Business Data Connectivity (BCS) on-premises scenario deployment in SharePoint 2013.

Applies to:

Important:

This is Step 12 in the On-Premises scenario deployment procedures. This is the last step in the installation procedures for this scenario
- Link to Step 11Connect an external list to Outlook for a Business Connectivity Services on-premises solution in SharePoint 2013 Create an external list for a Business Connectivity Services on-premises solution in SharePoint 2013 of the Business Connectivity Services On-Premises scenario deployment procedures.
- For a list of all the procedures in order, see Deploy a Business Connectivity Services on-premises solution in SharePoint 2013
  - Update customer data offline and refresh it online

To take Outlook 2013 offline, click Send/Receive, and in the Preferences group, click Work Offline.
Make a change or two to one of the AdventureWorks customers.
To bring Outlook 2013 back online, click Send/Receive, and in the Preferences group, click Work Online.
To synchronize the data, on the navigation pane, right-click the <Team Site Name> AWCustomers external list and then click Sync now

Configure eDiscovery in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn the steps to set up and configure eDiscovery in SharePoint Server 2013 and Exchange Server 2013.

Applies to: SharePoint Server 2013

This article identifies the steps that are required to configure eDiscovery in SharePoint Server 2013. When you complete the steps that are listed in this article, users will be able to create and work with eDiscovery cases.

Before you configure eDiscovery, you should understand the concepts that are presented in the article Overview of eDiscovery and In-Place Holds (SharePoint 2013 Preview), and you should have completed the planning process that is described in the article Plan for eDiscovery.

The tasks that you must perform to configure eDiscovery are the following:
- Configure communication between SharePoint Server 2013 and Exchange Server 2013.
- Configure Search to crawl all discoverable content.
- Grant permissions.
- Create an eDiscovery Center.
Configure communication between SharePoint Server 2013 and Exchange Server 2013

If you will use a SharePoint eDiscovery Center to discover content in Exchange Server, you must configure SharePoint Server 2013 and Exchange Server to interact.

Important:

To discover content in Exchange Server from a SharePoint eDiscovery Center, you must be running Exchange Server 2013.

Perform the following steps:

Ensure that the Exchange Web Service managed API is installed on every front-end server that is running SharePoint Server 2013. For more information about the Exchange Web Service managed API, see Hardware and software requirements (SharePoint 2013 Preview).
Configure a trust relationship between SharePoint Server 2013 and Exchange Server. For information about how to configure the trust relationship, see Configure server-to-server authentication in SharePoint 2013.
If you want content from Lync Server 2013 to be discoverable, configure Lync Server 2013 to archive to Exchange Server 2013. For information about how to configure Lync Server 2013 archiving, see Microsoft Lync Server 2013 Archiving Deployment Guide.
Perform the eDiscovery configuration steps for Exchange. For information about how to configure Exchange Server 2013 for eDiscovery, see Configure Exchange for SharePoint eDiscovery Center.

Configure Search to crawl all discoverable content

Content is only discoverable if it is crawled and indexed by the Search service application that is associated with the web application that the eDiscovery Center is in. You should have identified this Search service application when you planned for eDiscovery. To configure the Search service application to crawl the appropriate content, follow these steps:

If content in Exchange Server 2013 must be discoverable, add Exchange Server 2013 as a result source. For information about how to configure a result source, see Configure result sources for search in SharePoint Server 2013.
Ensure that all websites that contain discoverable content are being crawled. For information about how to configure a location to be crawled, see Add, edit, or delete a content source (SharePoint Server 2010).
Ensure that all file shares that contain discoverable content are being crawled. For information about how to configure a location to be crawled, see Add, edit, or delete a content source (SharePoint Server 2010).

Grant permissions

The article Plan for eDiscovery recommends that you create a security group to contain all users of the eDiscovery Center. After you create the security group, grant the security group permissions to access all discoverable content.

Note:

The article Plan for eDiscovery explains the different ways of granting permissions to discoverable content. You should have chosen to grant permissions at the web application level or at the site collection level.

If you will grant permissions at the web application level, create a user policy that gives the security group full read permissions for each web application that contains discoverable content. For information about how to create a policy for a web application, see Manage permission policies for a Web application (SharePoint Server 2010).

Note:

When you change permissions at the web application level, Search re-crawls all of the content in the web application.

If you will grant permissions at the site collection level, make the security group a site collection administrator for each site collection that contains discoverable content. For information about how to add a site collection administrator, see Add or change a site collection administrator.

Important:

A site collection administrator must add the security group as an additional site collection administrator by using the Site Settings menu. You cannot use Central Administration to make a security group a site collection administrator

Ensure that the security group has permissions to access all file shares and other websites that contain discoverable content.
If you will use a SharePoint eDiscovery Center to discover content in Exchange Server, grant the security group permissions to access Exchange Server mailboxes. For information about how to grant permissions in Exchange, see Configure Exchange for SharePoint eDiscovery Center.
Grant the security group permissions to view the crawl log. For information about how to grant permissions to access the crawl log, see Set-SPEnterpriseSearchCrawlLogReadPermission.

Create an eDiscovery center

An eDiscovery Center is a site collection from which users can create and manage eDiscovery cases. To create an eDiscovery Center, follow the procedure in the article Create a site collection (SharePoint 2013 Preview), and choose the eDiscovery Center site collection type from the Enterprise tab. Be aware that an eDiscovery Center must be in a web application that supports claims authentication.
Configure site mailboxes in SharePoint Server 2013

Published: July 31, 2012

Summary: Configure Exchange Server 2013 and SharePoint Server 2013 for team email by using the SharePoint Server 2013 Site Mailboxes feature.

Applies to: Exchange Server 2013 | SharePoint Server 2013

This article describes how to configure Site Mailboxes in SharePoint Server 2013 and Exchange Server 2013. Site Mailboxes feature provides SharePoint Server 2013 users with team email on a SharePoint site. Site Mailboxes also provides links to SharePoint document libraries in Outlook 2013, enabling users to share files and email messages with other members of a team that are working on a joint project.

Before you begin

Before you begin this operation, review the following information about prerequisites:
- Site Mailboxes requires Exchange Server 2013.
- Any previous version of Exchange Web Services (EWS) will need to be uninstalled from the SharePoint servers.
Note:

You may need to determine if a previous version of EWS is installed. If so, please run the Check-SiteMailboxConfig script referenced below. Your version should be 15.0.516.25 or above.
- Site Mailboxes feature requires that user profile synchronization be configured in the farm. For information about configuring user profile synchronization, see Plan user profiles and identities (SharePoint Server 2013 Preview), and Manage user profile synchronization in SharePoint 2013 Server Preview.
- Site Mailboxes feature requires that the app management service application be configured in the farm. For information about configuring the app management service application, see New-SPAppManagementServiceApplication.
- Secure Sockets Layer (SSL) configured for the Default Zone is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. This is such a scenario. As a prerequisite for configuring Site Mailboxes, the computer that is running SharePoint Server must have SSL configured. For more information, see Create claims-based web applications in SharePoint 2013 and follow the steps for creating an SSL site collection and server certificate.
Note:

You may need to import the Exchange Server SSL certificate from Exchange 2013 to SharePoint 2013, and from SharePoint 2013 to Exchange 2013. This is only necessary if the certificate is not trusted for the API endpoints (such as a Self-SSL Certificate in a lab environment).

To import an untrusted SSL certificate to a new server:
- Open Internet Explorer and navigate to Outlook Web App Preview (if on SharePoint) or the SSL SharePoint site (if on Exchange): https://<ExServerName>/owa or https://<SP_FQDN>.
- Accept to trust the certificate by clicking Continue to website.
- Click Certificate Error info in Internet Explorer next to the Address bar, and then click View Certificates.
- Select Install Certificate and then select Place all certificates in the following store.
- Select the checkbox to show physical stores.
- Install the certificate to Trusted Root Certification Authorities > Local Computer.
- In order to perform these procedures, you must be a member of the SharePoint and Exchange Server administrator groups and have an operational Exchange Server with end-user mailboxes.
- A SharePoint backup solution will not incorporate Exchange site mailboxes. An Exchange administrator will need to ensure timely backups of site mailboxes are taking place.
- Users who access files in a SharePoint document library from a Site Mailbox must have the document library configured as a trusted site in their browser or a warning will appear that asks the user if she or he wants to trust the file.
Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Configure SharePoint for Site Mailboxes in SharePoint Server 2013

The first step in configuring Site Mailboxes is to install the Exchange Server Web Services API on each web front-end (WFE) server in the SharePoint Server 2013 farm.
- Install Exchange Web Services API on SharePoint Server

Download EWSManagedAPI.msi from the Microsoft Download Center (http://go.microsoft.com/fwlink/p/?LinkId=258305) and save it to a folder on each WFE server.
Open a command window as administrator and navigate to the folder where you saved EWSManagedAPI.msi.
Run the following command:

msiexec /i EwsManagedApi.msi addlocal=”ExchangeWebServicesApi_Feature,ExchangeWebServicesApi_Gac”
Reset IIS from the command line by typing IISReset.

Establish OAuth Trust and Service Permissions on SharePoint Server 2013

The next step is to copy the following two scripts. The first should be saved as Set-SiteMailboxConfig.ps1 and the second should be saved as Check-SiteMailboxConfig.ps1.

Set-SiteMailboxConfig.ps1:

# .SYNOPSIS
#
# Set-SiteMailboxConfig helps configure Site Mailboxes for a SharePoint farm
#
# .DESCRIPTION
#
# Establishes trust with an Exchange Server, sets Site Mailbox settings and enables Site Mailboxes for a farm.
#
# .PARAMETER ExchangeSiteMailboxDomain
#
# The FQDN of the Exchange Organization where Site Mailboxes will be created
#
# .PARAMETER ExchangeAutodiscoverDomain
#
# [Optional] The FQDN of an Exchange Autodiscover Virtual Directory
#
# .PARAMETER WebApplicationUrl
#
# [Optional] The URL of a specific web application to configure. If not specified all Web Applications will be configured
#
# .PARAMETER Force
#
# [Optional] Indicate that the script should ignore any configuration issues and enable Site Mailboxes anyway
#

Param
(
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[string]$ExchangeSiteMailboxDomain,
[Parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$ExchangeAutodiscoverDomain,
[Parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$WebApplicationUrl,
[Parameter(Mandatory=$false)]
[switch]$Force
)

$script:currentDirectory = Split-Path $MyInvocation.MyCommand.Path

if($WebApplicationUrl -ne $NULL -and $WebApplicationUrl -ne “”)
{
$webapps = Get-SPWebApplication $WebApplicationUrl
}
else
{
$webapps = Get-SPWebApplication
}

if($webapps -eq $NULL)
{
if($WebApplicationUrl -ne $NULL)
{
Write-Warning “No Web Application Found at $($WebApplicationUrl). Please create a web application and re-run Set-SiteMailboxConfig”
}
else
{
Write-Warning “No Web Applications Found. Please create a web application and re-run Set-SiteMailboxConfig”
}

return
}

$rootWeb = $NULL

foreach($webapp in $webapps)
{
if($rootWeb -eq $NULL)
{
$rootWeb = Get-SPWeb $webApp.Url -EA SilentlyContinue
}
}

if($rootWeb -eq $NULL)
{
Write-Warning “Unable to find a root site collection. Please create a root site collection on a web application and re-run Set-SiteMailboxConfig”
return
}

$exchangeServer = $ExchangeAutodiscoverDomain

if($exchangeServer -eq $NULL -or $exchangeServer -eq “”)
{
$exchangeServer = “autodiscover.$($ExchangeSiteMailboxDomain)”
}

Write-Host “Establishing Trust with Exchange Server: $($exchangeServer)”

$metadataEndpoint = “https://$($exchangeServer)/autodiscover/metadata/json/1”

$exchange = Get-SPTrustedSecurityTokenIssuer | Where-Object { $_.MetadataEndpoint -eq $metadataEndpoint }

if($exchange -eq $NULL)
{
$exchange = New-SPTrustedSecurityTokenIssuer -Name $exchangeServer -MetadataEndPoint $metadataEndpoint
}

if($exchange -eq $NULL)
{
Write-Warning “Unable to establish trust with Exchange Server $($exchangeServer). Ensure that $($metadataEndpoint) is accessible.”

if($ExchangeAutodiscoverDomain -eq $NULL -or $ExchangeAutodiscoverDomain -eq “”)
{
Write-Warning “If $($metadataEndpoint) does not exist you may specify an alternate FQDN using ExchangeAutodiscoverDomain.”
}
return
}

Write-Host “Granting Permissions to Exchange Server: $($exchangeServer)”
$appPrincipal = Get-SPAppPrincipal -Site $rootWeb.Url -NameIdentifier $exchange.NameId
Set-SPAppPrincipalPermission -AppPrincipal $appPrincipal -Site $rootWeb -Scope SiteSubscription -Right FullControl -EnableAppOnlyPolicy

Write-Host
Write-Host

Write-Host “Verifying Site Mailbox Configuration”
$warnings = & $script:currentDirectory\Check-SiteMailboxConfig.ps1 -ReturnWarningState

if($warnings -and -not $Force)
{
Write-Warning “Pre-requisites not satisfied. Stopping Set-SiteMailboxConfig. Use -Force to override”
return
}
elseif($warnings)
{
Write-Warning “Pre-requisites not satisfied. -Force used to override”
}

foreach($webapp in $webapps)
{
Write-Host “Configuring Web Application: $($webapp.Url)”
Write-Host “Setting Exchange Site Mailbox Domain to $($ExchangeSiteMailboxDomain)”
$webapp.Properties[“ExchangeTeamMailboxDomain”] = $ExchangeSiteMailboxDomain

if($ExchangeAutodiscoverDomain -ne $NULL -and $ExchangeAutodiscoverDomain -ne “”)
{
Write-Host “Setting Exchange Autodiscover Domain to $($ExchangeAutodiscoverDomain)”
$webapp.Properties[“ExchangeAutodiscoverDomain”] = $ExchangeAutodiscoverDomain;
}

$webapp.Update()
}

$feature = Get-SPFeature CollaborationMailboxFarm -Farm -ErrorAction Ignore

if($feature -eq $NULL)
{
Write-Host “Enabling Site Mailboxes for Farm”
Enable-SPFeature CollaborationMailboxFarm
}
else
{
Write-Host “Site Mailboxes already enabled for Farm”
}

CheckSiteMailboxConfig.ps1:

Param
(
[Parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[switch]$ReturnWarningState
)

Add-PSSnapin Microsoft.SharePoint.Powershell

$anyWarnings = $false

Write-Host “Step 1: Checking for Exchange Web Services”

try
{
$assm = [System.Reflection.Assembly]::Load(“Microsoft.Exchange.WebServices, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35”)
if($assm.GlobalAssemblyCache)
{
Write-Host -Foreground Green “Found Exchange Web Services in Global Assembly Cache”
Write-Host “Exchange Web Services Version: $([System.Diagnostics.FileVersionInfo]::GetVersionInfo($assm.Location).FileVersion)”
}
else
{
Write-Warning “Unable to find Exchange Web Services in Global Assembly Cache”
$anyWarnings = $true
}
}
catch
{
Write-Warning “Unable to find Exchange Web Services in Global Assembly Cache”
$anyWarnings = $true
}

Write-Host
Write-Host

Write-Host “Step 2: Checking for https web application”

$webapps = Get-SPWebApplication -EA SilentlyContinue

$rootWeb = $NULL

if($webapps -ne $NULL)
{
$sslWebAppExists = $false
foreach($webapp in $webapps)
{
if($rootWeb -eq $NULL)
{
$rootWeb = Get-SPWeb $webApp.Url -EA SilentlyContinue
}

if(-not $webapp.Url.StartsWith(“https://”))
{
Write-Warning “Web Application at $($webapp.Url) does not use HTTPS. Site Mailboxes will not work on this Web Application.”
}
else
{
$sslWebAppExists = $true
Write-Host -Foreground Green “Found Web Application at $($webapp.Url) that uses HTTPS”
}
}

if(-not $sslWebAppExists)
{
Write-Warning “At least one Web Application must be configured for HTTPS in the default zone.”
$anyWarnings = $true
}
}
else
{
Write-Warning “No Web Applications Found. Please create a web application and re-run Check-SiteMailboxConfig”
$anyWarnings = $true
if($ReturnWarningState)
{
return $anyWarnings
}
return;
}

if($rootWeb -eq $NULL)
{
Write-Warning “Unable to find any Sites. Please create a root site collection on a web application and re-run Check-SiteMailboxConfig”
$anyWarnings = $true
if($ReturnWarningState)
{
return $anyWarnings
}
return;
}

# Get App Permissions Management Objects
$appPrincipalManager = [Microsoft.SharePoint.SPAppPrincipalManager]::GetManager($rootWeb)
$appPrincipalPermissionsManager = New-Object -TypeName Microsoft.SharePoint.SPAppPrincipalPermissionsManager -ArgumentList $rootWeb

Write-Host
Write-Host
Write-Host “Step 3: Checking for trusted Exchange Servers”

$trustedIssuers = Get-SPTrustedSecurityTokenIssuer
$trustedIssuerHosts = @()

if($trustedIssuers -ne $NULL)
{
$foundTrustedIssuer = $false
foreach($trustedIssuer in $trustedIssuers)
{
if($trustedIssuer.RegisteredIssuerName.StartsWith(“00000002-0000-0ff1-ce00-000000000000@”))
{
if($trustedIssuer.IsSelfIssuer)
{
$foundTrustedIssuer = $true

$uri = New-Object -TypeName System.Uri -ArgumentList $trustedIssuer.MetadataEndPoint

Write-Host -Foreground Green “Found trusted Exchange Server at $($uri.Host)”
$appPrincipalName = [Microsoft.SharePoint.SPAppPrincipalName]::CreateFromNameIdentifier($trustedIssuer.RegisteredIssuerName)
$appPrincipal = $appPrincipalManager.LookupAppPrincipal([Microsoft.SharePoint.SPAppPrincipalIdentityProvider]::External, $appPrincipalName);

if($appPrincipal -ne $NULL)
{
$isValidAppPrincipal = $true;

if($appPrincipalPermissionsManager.GetAppPrincipalSiteSubscriptionContentPermission($appPrincipal) -eq [Microsoft.SharePoint.SPAppPrincipalPermissionKind]::FullControl)
{
Write-Host -Foreground Green “Exchange Server at $($uri.Host) has Full Control permissions”

}
else
{
Write-Warning “Exchange Server at $($uri.Host) does not have Full Control permissions”
$isValidAppPrincipal = $false;
$anyWarnings = $true
}

if($appPrincipalPermissionsManager.IsAppOnlyPolicyAllowed($appPrincipal))
{
Write-Host -Foreground Green “Exchange Server at $($uri.Host) has App Only Permissions”
}
else
{
Write-Warning “Exchange Server at $($uri.Host) does not have App Only Permissions”
$isValidAppPrincipal = $false;
$anyWarnings = $true
}

if($isValidAppPrincipal)
{
$trustedIssuerHosts += $uri.Host
}

}
else
{
Write-Warning “Unable to get App Principal for $($uri.Host). Unable to check permissions for this Exchange Server”
$anyWarnings = $true
}
}
else
{
Write-Warning “Found trusted Exchange Server at $($uri.Host) but it is not a Self Issuer”
$anyWarnings = $true
}
}
}

if(-not $foundTrustedIssuer)
{
Write-Warning “Unable to find any trusted Exchange Servers”
$anyWarnings = $true
}
}
else
{
Write-Warning “Unable to find any trusted Exchange Servers”
$anyWarnings = $true
}

Write-Host
Write-Host
Write-Host “Step 4: Report current Site Mailbox Configuration”

if($webapps -ne $NULL)
{
foreach($webapp in $webapps)
{
Write-Host
Write-Host “Web Application Site Mailbox Configuration: $($webapp.Url)”
Write-Host “Exchange Site Mailbox Domain: $($webapp.Properties[“ExchangeTeamMailboxDomain”])”

if($webapp.Properties[“ExchangeAutodiscoverDomain”] -ne $NULL)
{
Write-Host “Exchange Autodiscover Domain: $($webapp.Properties[“ExchangeAutodiscoverDomain”])”
}
}
}

Write-Host
Write-Host “Trusted Exchange Services: $([String]::Join(“, “, $trustedIssuerHosts))”

$feature = Get-SPFeature CollaborationMailboxFarm -Farm -ErrorAction Ignore

if($feature -eq $NULL)
{
Write-Host -ForegroundColor Red “Site Mailboxes are NOT enabled for Farm”
}
else
{
Write-Host -ForegroundColor Green “Site Mailboxes are enabled for Farm”
}

if($ReturnWarningState)
{
return $anyWarnings
}

Save the two .ps1 files to the same folder on a SharePoint 2013 WFE server, as one script calls the other during execution. In a SharePoint PowerShell window (right-click and Run As Administrator to open), navigate to the folder containing the .ps1 files and run the Set-SiteMailboxConfig.ps1 script. This will allow users to retrieve and install the Exchange metadata, giving the Exchange service principal full control permissions to SharePoint site subscription, enable the site mailbox feature in the SharePoint environment and optionally set the Exchange site mailbox target domain, if DNS for the domain has not been configured for AutoDiscover. The Check-SiteMailboxConfig.ps1 is called as part of the Set-SiteMailboxConfig script, and will confirm the configuration has been successful (it can also be run separately).

The format should be as follows:

.\Set-SiteMailboxConfig.ps1 <Domain> <Exchange Server> [URL] [FQDN of the Exchange AutoDiscovery virtual directory]

Where <Domain> will equal the FQDN of the domain your Exchange is in, and <Exchange Server> is the Exchange you intend to connect to. These are required parameters.

Optional parameters are [URL], which would be a specific URL you may be configuring (typically used in an environment with SSL and non-SSL web applications), while [FQDN of the Exchange AutoDiscovery virtual directory] may need to be configured if DNS AutoDiscovery is not enabled or properly configured.

Example: .\Set-SiteMailboxConfig.ps1 tailspintoys.com exchange1.tailspintoys.com https://tailspintoys.com https://exchange1.tailspintoys.com/autodiscover/metadata/json/1If while running the script you encounter an error, please refer to the Troubleshooting section below for guidance.
Configure Exchange Server 2013 for Site Mailboxes

The final step is to establish OAuth trust, and service permissions, on the Exchange server.
- Establish OAuth Trust and Service Permission on Exchange

On your Exchange Server open the Exchange Windows PowerShell window as Administrator and change to the “C:\Program Files\Microsoft\Exchange Server\V15\Scripts” directory.
Run the following command:

.\Configure-EnterprisePartnerApplication.ps1 -ApplicationType Sharepoint -AuthMetadataUrl https://<SP_FQDN>/_layouts/15/metadata/json/1

Where <SP_FQDN> is the URL to the SharePoint SSL root site collection you wish to configure.

Troubleshooting

Please review the following if issues are encountered.

Table of Error Codes for Reference When Running Configuration Checklist Script

Error Code	Error	Notes
0	NoError	Review Prerequisites.
1	ExchangeClientNotAvailable	EWS client was not found on the SharePoint WFE. Run the Check script and ensure the entries are properly in the GAC; you may need to reinstall the EWS client.
2	UnsupportedVersion	EWS client version is incompatible with SharePoint. Run the Check script to ensure the version meets minimum requirements. Alternatively, the Exchange server may be 2010 or earlier.
3	InvalidUser	The TeamMailboxDomain parameter is not a valid FQDN or SMTP address.
4	UnauthorizedUser	The script received a 401 from the Exchange Server, review the Exchange setup steps.
5	ServerBusy	Exchange timed out during AutoDiscovery. It should be intermittent, please retry, but if it is persistent, follow-up with the Exchange Administrator.
6	URLNotAvailable	AutoDiscovery failed to return a URL for ECP/OWA, which means typically that the EWS client version is incompatible with SharePoint. It may also mean Site Mailboxes are not enabled on Exchange, which would require follow-up with the Exchange Administrator.
7	OAuthNotSupported	Unsuccessful in generating an OAuth token on behalf of SharePoint. This is typically caused by claims-based authentication being disabled on the SharePoint web application.
8	OAuthException	An error occurred during the OAuth handshake between SharePoint and Exchange. This is typically caused by server to server configuration issues, such as a realm value mismatch on either side, certificate issues for Exchange or SharePoint, etc. Review certificates and attempt to establish or reestablish trust.
9	InvalidAutodiscoverDomain	The AutoDiscover domain property is not set to a valid FQDN.
10	UnknownError	An unknown error condition has occurred. Run the Check script and confirm that a valid, trusted instance of SharePoint is available, review prerequisites, confirm AutoDiscover has been set-up properly with the Exchange Administrator.
101	OAuthNotSupportedOverHttp	If this error is thrown, your web application‘s default zone is not set to SSL, and AllowOauthoverHttp is also set to false. Run the Check script to ensure that any web application you intend to host site mailboxes are set with SSL in the default zone, as outlined in the prerequisites.
102	AssociatedOwnersGroupNull	One or both of the default Owners and Members groups for the site have been deleted. Each of these two default groups are required to exist on any site where users install site mailboxes. A site administrator should be able to direct a site owner to recreated these required groups.
103	ExchangeTeamMailboxDomainNotSet	The ExchangeTeamMailboxDomain property has not been set.
104	ExchangeAppPrincipalNotFound	No Exchange app principals were found to be trusted. Typically, this means the New-SPTrustedSecureTokenService step was missed. Run the Check script and ensure that the app principal URL(s) outputted are the correct one(s).
105	ExchangeAppPrincipalMissingPermissions	The Exchange app principal being connected to doesn‘t have the right permissions on the SharePoint farm. Run the Check script and ensure that the Exchange app principal has the required permissions on the farm.

Configure Exchange task synchronization in SharePoint Server 2013

Published: August 21, 2012

Summary: Configure Exchange Server 2013 and SharePoint Server 2013 for task synchronization by using the SharePoint Server 2013 Task Synchronization feature.

Applies to: SharePoint Server 2013 Enterprise

This article describes how to configure Task Synchronization in SharePoint Server 2013 and Exchange Server 2013. Task Synchronization allows users to synchronize SharePoint Server 2013 and Project Server tasks with Exchange Server and have them appear in Outlook 2013.

Before you begin

Before you begin this operation, review the following information about prerequisites:

Task Synchronization requires that user profile synchronization be configured in the farm. For information about configuring user profile synchronization, see Plan user profiles and identities (SharePoint Server 2013 Preview), and Manage user profile synchronization in SharePoint 2013 Server Preview.

Task Synchronization requires that the work management service application be configured in the farm. For information about creating the work management service application, see New-SPWorkManagementServiceApplication

Task Synchronization requires Exchange Server 2013.

Secure Sockets Layer (SSL) is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. This is such a scenario. As a prerequisite for configuring Task Synchronization, the computer that is running SharePoint Server must have SSL configured. For more information, see Create claims-based web applications in SharePoint 2013 and follow the steps for creating an SSL site collection and server certificate.

Note:

You may need to import the SSL certificate from the SharePoint Server 2013 web application. This is only necessary if the certificate is not trusted for the API endpoints (such as a Self-SSL Certificate in a lab environment).

To import the untrusted SSL certificate from SharePoint Server 2013:

Open Internet Explorer on the Exchange server and navigate to the SSL SharePoint site https://<SP_FQDN>, where <SP_FQDN> is the URL to the SSL site.

Accept to trust the certificate by clicking Continue to website.

Click Certificate Error info in Internet Explorer next to the Address bar, and then click View Certificates.

Select Install Certificate and then select Place all certificates in the following store.

Select the checkbox to show physical stores.

Install the certificate to Trusted Root Certification Authorities > Local Computer.

In order to perform these procedures, you must be a member of the SharePoint and Exchange Server administrator groups and have an operational Exchange Server with end-user mailboxes.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Plan browser support

Accessibility for SharePoint Products

Accessibility features in SharePoint 2013 Products

Keyboard shortcuts

Touch
Configure SharePoint for Task Synchronization in SharePoint Server 2013

The first step in configuring Task Synchronization is to install the Exchange Server Web Services API on each web front-end server in the SharePoint Server 2013 farm.
- Install Exchange Web Services API on SharePoint Server

Download EWSManagedAPI.msi from the Microsoft Download Center (http://go.microsoft.com/fwlink/p/?LinkId=258305) and save it to a folder on the application server.
Open a command window as administrator and navigate to the folder where you saved EWSManagedAPI.msi.
Run the following command:

msiexec /i EwsManagedApi.msi addlocal=”ExchangeWebServicesApi_Feature,ExchangeWebServicesApi_Gac”
Reset IIS from the command line by typing IISReset.

Configure Exchange Server 2013 for Task Synchronization

The next step is to establish OAuth trust and service permission on Exchange Server.
- Establish OAuth Trust and Service Permission on Exchange

On the Exchange server, open Windows PowerShell and change to the “C:\Program Files\Microsoft\Exchange Server\V15\Scripts” directory.
Run the following script:

.\Configure-EnterprisePartnerApplication.ps1 -ApplicationType Sharepoint -AuthMetadataUrl https://<SP_FQDN>/_layouts/15/metadata/json/1

Where <SP_FQDN> is the URL to the root site collection.

Configure social computing features in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how to configure social computing features in SharePoint 2013, including My Sites, Community Sites, and microblogging.

Applies to: SharePoint Server 2013

SharePoint Server 2013 implements features that make enterprise social computing and collaboration easier. Social networking tools, such as My Sites, and social content technologies, such as microblogs, are examples of social computing features. These features enable users to easily capture and share the knowledge and expertise that is needed to do their work. This sharing of information encourages collaboration, improves innovation, and targets relevant content to the people who have to see it. You can adapt content to each user while enabling administrators to set policies to protect privacy.

TechNet articles about configuring social computing features

The following articles about how to configure social computing features in SharePoint Server 2013 are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Configure My Sites in SharePoint Server 2013	Learn how to set up My Sites in SharePoint Server 2013.
	Create and configure communities in SharePoint Server 2013	Learn how to set up Community Sites in SharePoint Server 2013.
	Configure microblogging in SharePoint Server 2013	Learn how to configure microblogging in SharePoint Server 2013.
	Enable or disable personal and social features for users or groups in SharePoint Server 2013	Learn how to configure user permissions for personal and social features in SharePoint Server 2013.

Additional resources about configuring social computing features

The following resources about how to configure social computing features in SharePoint Server 2013 are available from other subject matter experts.

	Content	Description
	What’s New in SharePoint 2013 Resource Center	Visit the Resource Center to access videos, community sites, documentation, and more.

Configure My Sites in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how to set up and configure My Sites in SharePoint Server 2013.

Applies to: SharePoint Server 2013

This article describes how to set up My Sites in SharePoint Server 2013. Like other tasks in SharePoint Server, there are multiple ways to complete a task. This article provides ordered tasks with prerequisites and procedures to help you set up My Sites in your enterprise.

Before you set up My Sites, ensure that you understand the concepts and terminology in My Sites overview (SharePoint Server 2010) and Plan for My Sites (SharePoint Server 2010).

We recommend that you perform all of the procedures in the order listed for best results, although not all of them are required.

In this article:
Prerequisites

Because My Sites have dependencies on other service applications and features in SharePoint Server 2013, ensure that you meet the prerequisites in this section before you perform the procedures in this task.

Note:

My Sites are hosted by a web application and rely on a User Profile service application. Both are described in this section. My Sites also requires a managed metadata service application. We recommend that you also have a Search service application to use with My Sites, but this is not required. Without the Search service application, some My Sites functionality is affected. For more information, see Related service applications in Plan for My Sites (SharePoint 2013 Preview).
- Web application
Although you can use an existing web application, for optimal performance and security, we recommend that you create the My Site host site collection in a dedicated web application. For more information, see Create a Web application (SharePoint Server 2010).

Important:

If a My Site host site collection was created during initial deployment and configuration, we recommend that you do not use it because it was created in the default web application. Delete this site collection, and create a new web application that is dedicated to hosting My Sites. Then create a new My Site host site collection in the dedicated web application.
- User Profile service application and profile synchronization
Ensure you have a User Profile service application that you want to use for My Sites. If you do not, follow the steps in Create, edit, or delete a User Profile service application (SharePoint 2013 Preview) to create one.

Important:

Although the Create New User Profile service application dialog box requests information in the My Site Host URL and Personal Site Location sections, for this task, remove any default values and leave those fields blank when you create the User Profile service application. Additionally, you can select any of the options in Site Naming Format. These settings will be configured separately later in this task.

Optionally, configure profile synchronization if you want to synchronize user and group profile information that is stored in the SharePoint Server 2013 profile database with profile information that is stored in a directory service or business system. For more information, see Plan for profile synchronization (SharePoint 2013 Preview).
Create a My Site host site collection

The My Site host site collection is a site collection that uses the Enterprise site template named My Site Host. This site collection must be created in the web application that you want to host My Sites. Generally, this site collection can be created at the root path of the web application, although it can be created as an explicit inclusion managed path deeper in the URL as long as there is a site collection created at the web application root. For more information about how to select the path for the My Site host collection, see My Sites architecture in Plan for My Sites (SharePoint 2013 Preview).

To create a My Site host site collection

Verify that you have the following administrative credentials:

To create a My Site host site collection, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website or a service application administrator for the services related to My Sites. If you are a service application administrator, you must also have permission to create site collections in the web application that you dedicate to host My Sites.

In Central Administration, click Application Management, and then click Create site collections.
On the Create Site Collection page, in the Web Application section, ensure that the selected web application is the web application that you want to host My Sites. If it is not, expand the list, and then click Change Web Application. In the Select Web Application dialog box, select a different web application.
In the Title and Description section, type a title and description for the site collection.
In the Web Site Address section, select the URL where you want this site collection created. Generally, you should use the default path (which is displayed as / in the user interface), which is the root of the web application. For more information about this path, see My Sites architecture in Plan for My Sites (SharePoint 2013 Preview).
In the Template Selection section, in the Select experience version list, select 2013. Then, on the Enterprise tab, click My Site Host.
In the Primary Site Collection Administrator section, and optionally in the Secondary Site Collection Administrator section, type an account in the format domain\username to specify an administrator for the site collection.
Optionally, in the Quota Template section, select a quota template for the My Site host site collection. This quota template does not affect the individual site collections that users create for their My Sites. For more information, see Planning for storage requirements in Plan for My Sites (SharePoint 2013 Preview).
Click OK. Copy this site collection URL for later reference.

Add a wildcard inclusion managed path to the web application

The wildcard inclusion managed path is the path under which separate site collections are created for a user’s My Site. Creation of the site collection occurs the first time that a user views the user‘s My Site. This functionality is available only when self-service site creation is also enabled. Enabling self-service site creation is discussed later in this article. For more information about managed paths, see Define managed paths (SharePoint Server 2010).

To add a wildcard inclusion managed path to the web application

Verify that you have the following administrative credentials:

To add managed paths, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website.

In Central Administration, click Application Management, and then click Manage Web applications.
On the Web Applications Management page, select the web application that you created to host My Sites.
On the Web Applications tab, in the Manage group, click Managed Paths.
In the Define Managed Paths dialog box, in the Add a New Path section, in the Path box, type the path that you want to append to the URL namespace, and then select Wildcard inclusion. For example, if your web application URL is http://mysites.contoso.com/ and you want users’ individual site collections created under a path named “personal”, type personal in the Path box. Separate My Sites site collections will be created for each user under http://mysites.contoso.com/personal/.
Click Add Path, and then click OK.
Copy this managed path for later reference.

Connect the web application to service applications

The web application that hosts My Sites must be connected to service applications in SharePoint Server 2013. The User Profile service application is required for My Sites. The managed metadata service application and Search service application are highly recommended. For more information, see My Sites architecture in Plan for My Sites (SharePoint 2013 Preview).

Additionally, if you have other SharePoint sites from which you want users to be able to access their My Site and About Me links from the upper-right corner menu, connect the web applications of those sites to the User Profile service application.

To connect the web application to service applications

Verify that you have the following administrative credentials:

To connect a web application to a service application, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website.

In Central Administration, in the Application Management section, click Manage Web applications.
On the Web Applications Management page, select the web application that you created to host My Sites.
On the Web Applications tab, in the Manage group, click Service Connections.
In the Configure Service Application Associations dialog box, in the Edit the following group of connections list, select default if the default group contains the service applications that you want to connect to the web application.

If you choose [Custom], select any service applications to which you want to connect the web application, including the User Profile service application, the managed metadata service application, and the Search service application.

Click OK.

Enable self-service site creation for the web application

Self-service site creation enables the automatic creation of a separate site collection for users when they first view their My Site.

To enable self-service site creation for the web application

Verify that you have the following administrative credentials:

To enable self-service site creation, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website.

In Central Administration, in the Application Management section, click Manage Web applications.
On the Web Applications page, select the web application that you created to host My Sites.
On the Web Applications tab, in the Security group, click Self-Service Site Creation.
In the Self-Service Site Creation Management dialog box, in Site Collections, select On. Optionally, in Quota template to apply, select a quota template.
In Start a Site, choose one of the following options:
1. Prompt users to create a team site under so users can create team sites from their My Site to use site feeds.
2. Be hidden from users if you do not want users to create team sites from their My Sites to use site feeds.
Click OK to finish.

Perform these additional steps to configure permissions for users to create team sites from their My Sites to use site feeds.

In the Policy group, click Permission Policy.
On Manage Permission Policy Levels dialog box, click Add Permission Policy Level.
Type a name for the permission policy.
Under Permissions, in Site Permissions, select the Grant option for Create Subsites – Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
Click Save.
In the Policy group, click User Policy.
On Policy for Web Application dialog box, click Add Users.
On Add Users, in Zones select (All Zones), then click Next.
In Choose Users, enter the user names of the users that you want to create team sites from their My Site to use site feeds. If all users can create team sites from their My Site to use site feeds, click the Browse icon. In Select People and Groups, click All Users, then click Everyone. Click Add, and then click OK.
In the Choose Permissions section, select the name of the Permission Policy created previously.
Click Finish, and then click OK.

Configure My Site settings for the User Profile service application

After you have a My Site host site collection and wildcard inclusion managed path configured for My Sites, you can update the My Sites settings in the User Profile service application. Most of these settings are configured during initial deployment and only change infrequently during maintenance operations afterward.

To configure My Site settings for the User Profile service application

Verify that you have the following administrative credentials:

To configure My Site settings for the User Profile service application, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website or a service application administrator for the User Profile service application.

In Central Administration, in the Application Management section, click Manage service applications.

Click the User Profile service application that you connected to the web application hosting My Sites earlier in this task.

On the Manage Profile Service page, in the My Site Settings section, click Setup My Sites.

On the My Sites Settings page, in the Preferred Search Center section, specify settings for the search center to direct users to when they search for people or documents from their About Me profile page. If you do not have a search center set up yet, you can skip this step and complete it later. For more information, see Search service application in Plan for My Sites (SharePoint 2013 Preview).
In the My Site Host section, type the URL of the My Site host site collection that you created earlier in this task.
Optionally, in the My Site Host URL in Active Directory section, type the URL of the My Site host site collection that is returned to client and mobile phone applications that uses Exchange Auto Discovery. When a user is using a client or mobile phone application, credentials are passed in the form of an email address and password. Exchange Auto Discover then finds other required settings, such as SMTP server name, and sends this to the client or mobile phone application. Client and mobile phone applications use Exchange Auto Discovery to find a user’s SharePoint Server 2013My Site based on the My Site host URL stored in Active Directory Domain Services (AD DS).
In the Personal Site Location section, type the wildcard inclusion managed path you configured earlier in this task. By default, personal is prepopulated in the box. However, if you chose a different path for your wildcard inclusion managed path, replace personal with your path.
In the Site Naming Format section, select a naming format for the My Sites site collections that will be created when users view their My Sites for the first time. For more information about these formats, see My Sites architecture in Plan for My Sites (SharePoint 2013 Preview).
In the Language Options section, specify whether users can select a preferred language for their My Site. The available languages correspond to the language packs installed in the farm. All servers in a farm must have the same language packs. For more information about multilingual sites, see Plan for multilingual sites (SharePoint Server 2010). For more information about language packs, see About language IDs and language packs in Install or uninstall language packs for SharePoint 2013.
In the Read Permission Level section, specify the users or groups that can view other users‘ My Sites when they are created. By default, this includes all authenticated users. However, you can select a more specific group or users depending on the needs of your deployment.
In the Security Trimming Options section, specify how system generated posts are checked for permissions before they are displayed in feeds and on the Tags and Notes page.
In the Newsfeed section, enable system generated posts to the feed on My Sites by selecting Enable activities in My Site newsfeeds. This option is selected by default. This is important in hosted environments where tenants can share the same User Profile service but have different requirements on whether they can enable newsfeeds for their users.

When upgrading from a SharePoint Server 2010 server farm that uses the newsfeed and tags and notes, you enable these legacy features on your SharePoint Server 2013 server farm by selecting Enable SharePoint 2010 activity migration.
In the E-mail Notifications section, specify an email address to use as the sender email address for My Site email notifications. This account does not have to be a real monitored email address. If you want to receive notifications for newsfeed activities, such as replies to your posts or when someone follows you, select Enable newsfeed email notifications.

Important:

You must add the IP address of the farm’s outbound SMTP server to the safe list in Exchange Server 2013 to prevent My Site email notifications from being sent to the Junk folder. For more information about safe lists in Exchange Server 2013, see Understanding Connection Filtering in the Exchange Server Technical Library.

In the My Site Cleanup section, specify a new owner of a My Site if the existing My Site user is removed from the profile database. For example, if a user leaves the company and is no longer in the profile database, the user‘s My Site will be deleted together with any content. However, before it is deleted, a new owner can recover any important content. Select Enable access delegation for the My Site cleanup job to first attempt to assign ownership of the My Site to the user‘s manager. If no manager is found, the My Site is assigned to the user specified in Secondary Owner. The new owner has two weeks to retrieve content from the My Site before it is deleted.
In the Privacy Settings section, select Make My Sites Public to make all users’ My Sites public. This option is not selected by default.

Note:

When a user’s My Site is public, the user’s list of followers, the user’s list of people they are following, and all activities (including new follow notifications, social tagging and rating of content, birthdays, job title changes, workplace anniversary, updating Ask Me About, posting on a note board, and new blog posts) will be public. Any policies set within People and Privacy on the Manage Policies page is overridden.

Click OK.

For more information about additional timer jobs for My Sites, see Planning for jobs and schedules in Plan for My Sites (SharePoint 2013 Preview).

Enable the User Profile Service Application – Activity Feed Job
The User Profile Service Application – Activity Feed Job creates system generated posts in the feeds for the following events:
- Following a tag
- Tagging an item
- Birthday celebration
- Job title change
- Workplace anniversary
- Updates to Ask Me About
- Posting on a note board
After you configure My Sites, enable the User Profile Service Application – Activity Feed Job so that users receive system generated posts in the Newsfeed on their My Sites.
There are other timer jobs related to My Sites that you might want to review and change default settings for. For more information about jobs related to My Sites functionality, see Planning for jobs and schedules in Plan for My Sites (SharePoint 2013 Preview).

To enable the User Profile Service Application – Activity Feed Job

Verify that you have the following administrative credentials:

To configure timer jobs, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website.

In Central Administration, click Monitoring, and then click Review job definitions.
On the Job Definitions page, in the View list, select Service. The Service list appears.

If the Service list does not display User Profile Service, in Service, click No selection, then click Change Service. On the Select Service page, use the arrows in the upper-right corner to locate User Profile Service, and then click it. The Job Definitions page updates with the User Profile service jobs.

Click the activity feed job for the User Profile service application that you created in Prerequisites earlier in this article. The job name is in the format User_Profile_service_name – Activity Feed Job, where User_Profile_service_name is the name that you specified for your User Profile service application.
On the Edit Timer Job page, in the Recurring Schedule section, select the interval that you want the job to run. Available intervals are Minutes, Hourly, Daily, Weekly, and Monthly. Selecting a shorter interval, such as Minutes or Hourly, ensures that activities appear on users’ My Site newsfeeds more frequently. However, it increases load on the system depending on how many activities are available. Selecting a longer interval, such as Daily, Weekly, or Monthly, reduces the number of times the job runs and processes feeds. However, it also means that users receive less frequent updates to activities in their newsfeeds.
Click Enable.
Optionally, click Run Now to run the job immediately without waiting for the next scheduled interval.

Next steps

After you configure My Sites by using the procedures in this article, consider whether you require the following optional procedures:
Trusted My Site Host Locations is an optional feature that prevents a user from creating more than one My Site in an organization with multiple User Profile service applications. For more information, see Add or delete a trusted My Site host location (SharePoint Server 2010).
- Configure links to Office client applications
Users‘ My Sites are convenient locations for users to save files that they work on in Office client applications, such as Word, Excel, and PowerPoint. After you configure an environment for My Sites, you can add a link to the Favorite Links section that users see when they save documents in the Save As dialog box in Office client applications. Users can then select their My Site and save files to the Documents library available on their My Site. For more information, see Add or delete links to Office client applications (SharePoint Server 2010).
- Add personalization site links on My Sites
If your organization wants to provide important information to users, it can do so by adding personalization site links to a user’s My Site. For more information, see Add or delete personalization site links on My Sites.
- Start related services
If the related services for My Sites have not been started yet, start them so that My Sites functionality is available in your environment. For more information, see Manage services on the server (SharePoint Server 2010).
- Configure microblogging
Setting up My Sites is the first step in configuring microblog features in SharePoint Server 2013. For more information about how to configure microblogging features in SharePoint Server 2013, see Configure microblogging in SharePoint Server 2013.
Create and configure communities in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how to create Community Sites and Community Portals in SharePoint Server 2013.

Applies to: SharePoint Server 2013

You can create Community Sites and Community Portals in SharePoint Server 2013. Community Sites provide a discussion forum experience in the SharePoint environment. The Community Portal provides a directory of Community Sites for users to browse and search for communities of interest. Before you create Community Sites and Community Portals, understand the concepts and planning process in Communities overview (SharePoint 2013 Preview) and Plan for Communities (SharePoint 2013 Preview).

Important:

The steps in this article apply to SharePoint Server 2013.

In this article:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Before you begin this operation, review the following information about prerequisites:
- Verify that you have met the requirements in Phase 3: Plan the solution in Plan for Communities (SharePoint 2013 Preview).
Create a Community Site

Use the following procedure to create a Community Site at the site collection level in SharePoint Server 2013.

To create a Community Site

Verify that you have the following administrative credentials:

To create a site collection by using the Community Site template, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website or a service application administrator. If you are a service application administrator, you must also have permission to create site collections in the web application in which you create the Community Site.

In Central Administration, click Application Management, and then click Create site collections.
On the Create Site Collection page, in the Web Application section, ensure that the selected web application is the web application in which you want to create the Community Site. If it is not, expand the list, and then click Change Web Application. In the Select Web Application dialog box, select a different web application.
In the Title and Description section, type a title and description for the site collection.
In the Web Site Address section, select the URL where you want this site collection created.
In the Template Selection section, in the Select experience version list, select 2013. Then, on the Collaboration tab, click Community Site.
In the Primary Site Collection Administrator section, and optionally in the Secondary Site Collection Administrator section, type an account in the format domain\username to specify an administrator for the site collection.
Optionally, in the Quota Template section, select a quota template.
Click OK.
Verification: After the site collection is created successfully, click the link to open the Community Site.

Create a Community Portal

Use the following procedure to create a Community Portal in SharePoint Server 2013. Community Portals can be created at only the site collection level.

To create a Community Portal

Verify that you have the following administrative credentials:

To create a site collection by using the Community Portal template, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website or a service application administrator. If you are a service application administrator, you must also have permission to create site collections in the web application in which you create the Community Portal.

In Central Administration, click Application Management, and then click Create site collections.
On the Create Site Collection page, in the Web Application section, ensure that the selected web application is the web application in which you want to create the Community Portal. If it is not, expand the list, and then click Change Web Application. In the Select Web Application dialog box, select a different web application.
In the Title and Description section, type a title and description for the site collection.
In the Web Site Address section, select the URL where you want this site collection created.
In the Template Selection section, in the Select experience version list, select 2013. Then, on the Enterprise tab, click Community Portal.
In the Primary Site Collection Administrator section, and optionally in the Secondary Site Collection Administrator section, type an account in the format domain\username to specify an administrator for the site collection.
Optionally, in the Quota Template section, select a quota template.
Click OK.
Verification: After the site collection is created successfully, click the link to open the Community Portal.

Additional steps

After you have created a Community Site or a Community Portal, consider the following additional steps to complete the configuration:

Create additional Community Sites as needed. You might create them at the site collection level, as in this procedure, or create them at the site level depending on what you determined during the planning phase.

Configure permissions for your Community Sites to make them private, closed, or open. For more information, see Community types in Plan for Communities (SharePoint 2013 Preview).

Customize the Community Site. In particular, update the icon, title, and description of the site so that the Community Portal displays distinct information for each Community Site.

Run a search crawl so that it indexes the new site or sites, and populates the Community Portal with Community Sites. No communities appear on the portal until you run a crawl. Configure the incremental crawl schedule so that the Community Portal continues to display any new Community Sites, and so that members can search within communities and the portal.
Configure microblogging in SharePoint Server 2013

Published: July 16, 2012

Summary: Use these TechNet articles to learn how to configure microblogging in SharePoint 2013.

Applies to: SharePoint Server 2013

The following articles on TechNet provide information about microblogging in SharePoint 2013. Before you configure microblogging, make sure that you have completed the steps in Configure My Sites in SharePoint Server 2013.

TechNet articles about microblogging

The following articles about microblogging are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Configure Following settings in SharePoint Server 2013	Learn how to configure Following settings for My Sites in SharePoint 2013.
	Manage Feed Cache and Last Modified Time Cache repopulation in SharePoint Server 2013	Learn how to manage repopulation of the Feed Cache and Last Modified Time Cache in SharePoint 2013.
	Manage the Distributed Cache service in SharePoint Server 2013	Learn how to configure and manage the Distributed Cache service in SharePoint 2013.

Configure Following settings in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how to configure Following settings for My Sites in SharePoint Server 2013.

Applies to: SharePoint Server 2013

In SharePoint Server 2013, following is a user-initiated action that indicates the user’s interest in a specific document, person, site, or tag. When users follow an item, new activities about that item appear in the users‘ newsfeeds on their My Sites. Users view all their followed items from their My Sites.

Configure Following settings for My Sites

Use this procedure to configure Following settings for My Sites.

Note:

Using lower limits can slightly improve performance. Also, by using lower limits, users will follow higher priority documents, people, or sites.

To configure Following settings for My Sites

Verify that you have the following administrative credentials:

To configure Following settings for the User Profile service application, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website or a service application administrator for the User Profile service application.

In Central Administration, in the Application Management section, in the Service Applications group, click Manage service applications.
In the list of service applications, select the User Profile service application.
In the Operations group, click Manage.
On the Manage Profile Service page, in the My Sites Settings section, click Manage Following.
In the Maximum number of followed people box, type the maximum number of people that a user can follow from the user‘s My Site.
In the Maximum number of followed documents box, type the maximum number of documents that a user can follow from the user‘s My Site.
In the Maximum number of followed sites box, type the maximum number of sites that a user can follow from the user‘s My Site.
Click OK.

Manage Feed Cache and Last Modified Time Cache repopulation in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how to manage repopulation of the Feed Cache and Last Modified Time Cache in SharePoint Server 2013.

Applies to: SharePoint Server 2013

SharePoint Server 2013 feeds require the Feed Cache and Last Modified Time Cache. The Feed Cache maintains recent conversations and activities of entities. The Last Modified Time Cache maintains the last modified time for all items in the Feed Cache. The Distributed Cache service manages both the Feed Cache and the Last Modified Time Cache.

System events, such as a server shutting down unexpectedly or a variation in electrical supply to the server, can affect the Distributed Cache service. Additionally, an administrator who performs maintenance and operational tasks can take an application server that runs the Distributed Cache service offline. This results in the resetting and emptying of the Feed Cache and the Last Modified Time Cache. In this situation, repopulation of the recent conversations and activities of entities occurs. Repopulation occurs in two stages:

Load last modified time information for recent conversations and activities.
Load recent conversations and activities.

Note:

In the case of planned maintenance and operations, an administrator can preserve cache data by using the graceful shutdown procedure. For more information, see Perform a graceful shutdown of the Distributed Cache service in Manage the Distributed Cache service in SharePoint Server 2013.

To manage the repopulation process, SharePoint Server 2013 includes the Feed Cache Repopulation Job timer job. When the Feed Cache Repopulation Job timer job runs, it first checks whether the Feed Cache and Last Modified Time Cache are empty. If they are empty, it starts repopulating the last modified time information for recent conversations and activities in the Last Modified Time Cache. After the timer job finishes the Last Modified Time Cache repopulation, the Feed Cache is populated with recent conversations and activities the next time any user accesses a feed in SharePoint Server 2013.

In this article:

Repopulate the Last Modified Time Cache by using timer jobs in Central Administration
Repopulate the Feed Cache and Last Modified Time Cache by using Windows PowerShell cmdlets

Repopulate the Last Modified Time Cache by using timer jobs in Central Administration

The User Profile Service Application – Feed Cache Repopulation Job repopulates the Last Modified Time Cache if the Distributed Cache service resets and becomes empty. Also, after you configure My Sites, users will not see posts appearing in their consolidated newsfeed if the User Profile Service Application – Feed Cache Repopulation Job timer job is not configured to run. By default, the User Profile Service Application – Feed Cache Repopulation Job timer job is configured to run every 5 minutes.

Use this procedure to configure the User Profile Service Application – Feed Cache Repopulation Job timer job to monitor the Feed Cache and Last Modified Time Cache for repopulation.

Important:

Do not change the default settings of this timer job if you plan to use social features in SharePoint Server 2013. Do not disable this timer job. If this timer job is disabled and a repopulation is required, it will re-enable itself and run.

To configure the User Profile Service Application – Feed Cache Repopulation Job

Verify that you have the following administrative credentials:

To configure timer jobs, you must be a member of the Farm Administrators group on the computer running the SharePoint Central Administration website.

In Central Administration, on the Monitoring page, click Review job definitions.
On the Job Definitions page, in the View list, select All.
Use the arrows at the bottom of the page to locate the feed cache repopulation job for the User Profile service application on your server farm. The job name is in the format User_Profile_service_name – Feed Cache Repopulation Job, where User_Profile_service_name is the name that you specified for the User Profile service application.
On the Edit Timer Job page, in the Recurring Schedule section, select the interval that you want the job to run. Available intervals are Minutes, Hourly, Daily, Weekly, and Monthly. Selecting a shorter interval, such as Minutes or Hourly, ensures that checks for an empty cache is performed more frequently. Selecting a longer interval, such as Daily, Weekly, or Monthly, reduces the number of times the job runs. However, it also means that performing cache repopulation checks are done fewer times. We recommend that this timer job runs on shorter intervals.
Click Enable.
Optionally, click Run Now to run the job immediately without waiting for the next scheduled interval.

Repopulate the Feed Cache and Last Modified Time Cache by using Windows PowerShell cmdlets
You can use Windows PowerShell cmdlets to perform the repopulation of the Feed Cache and the Last Modified Time Cache. To perform repopulation, we recommend that you configure the User Profile Service Application – Feed Cache Repopulation Job timer job as described above. This is because the timer job first checks to see whether the cache is empty and then repopulates the cache as necessary, whereas the Windows PowerShell cmdlets force a repopulation of the cache. However, in some instances, using the Windows PowerShell cmdlets is the only way to repopulate the cache. These instances include the following:
- After attaching a new content database and the cache is not repopulating.
- After restoring a content database.
The following cmdlets are available to force repopulation of the Feed Cache and the Last Modified Time Cache:
- Update-SPRepopulateMicroblogLMTCache. This cmdlet must be run first.
- Update-SPRepopulateMicroblogFeedCache.
Manage the Distributed Cache service in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how to configure and manage the Distributed Cache service in SharePoint Server 2013.

Applies to: SharePoint Server 2013

To perform management and operational tasks on the Distributed Cache service in SharePoint Server 2013, an administrator must perform specific, ordered procedures. This article describes how to conduct several management and operational tasks on the Distributed Cache service.

In this article:
Important:

The Distributed Cache service can end up in a nonfunctioning or unrecoverable state if you do not follow the procedures that are listed in this article. In extreme scenarios, you might have to rebuild the server farm. The Distributed Cache depends on Windows Server AppFabric as a prerequisite. Do not administer the AppFabric Caching Service from the Services window in Administrative Tools in Control Panel. Do not use the applications in the folder named AppFabric for Windows Server on the Start menu.
Start and stop the Distributed Cache service
An administrator that performs maintenance and operational tasks might need to start and stop the Distributed Cache service. Some of these tasks include the following:
- Changing the default configuration of the server farm at installation time. The Distributed Cache service is started on all SharePoint servers at installation time. An administrator might want to stop the Distributed Cache service on some servers in the farm.
- Updating the server and there is only one Distributed Cache server in the SharePoint Server 2013 farm.
Stopping the cache results in partial data loss. The Feed Cache depends on the Distributed Cache service. Tags and document activities are saved only to the Feed Cache. Tags and document activities are not persisted to content databases. When the Distributed Cache service is stopped, tags and document activities are lost. When the Distributed Cache service is started, repopulation occurs when the feed cache repopulation timer job runs. For more information, see Manage Feed Cache and Last Modified Time Cache repopulation in SharePoint Server 2013. One way to maintain the tags and document activities is to use the method described in Perform a graceful shutdown of the Distributed Cache service later in this article. When the graceful shutdown of the Distributed Cache service method is used, all cache data is moved from one server to another server before the Distributed Cache service is stopped.

Note:

If your cache hosts are part of a cache cluster, do not start or stop the Distributed Cache service as described here. Instead, see Add or remove a server in a Distributed Cache cluster later in this article.

To start and stop the Distributed Cache service by using Central Administration

In Central Administration, click Application Management.
In Service Applications, click Manage Services on Server.
On the Services on Server page, locate the Distributed Cache service.
If the Distributed Cache service is started and you want to stop the service, under Action, click Stop. If the Distributed Cache service is stopped and you want to start the service, under Action, click Start.

To start the Distributed Cache service by using Windows PowerShell

At the Windows PowerShell command prompt, run the following command:

$instanceName =”SPDistributedCacheService Name=AppFabricCachingService”
$serviceInstance = Get-SPServiceInstance | ? {($_.service.tostring()) -eq $instanceName -and ($_.server.name) -eq $env:computername}
$serviceInstance.Provision()

To stop the Distributed Cache service by using Windows PowerShell

At the Windows PowerShell command prompt, run the following command:

Change the memory allocation of the Distributed Cache service
When SharePoint Server 2013 is installed, it assigns the Distributed Cache service 10 percent of the total physical memory on the server. The Distributed Cache service uses half of the memory allocation for data storage (also known as cache size), and the other half of the memory allocation is used for memory management overhead. When the cached data grows, the Distributed Cache service uses the entire 10 percent of the allocated memory.

The following scenarios describe when an administrator should increase the memory allocation for the Distributed Cache:
- When you add physical memory to a server. In this case, the Distributed Cache does not recalculate the 10 percent memory allocation to include the new total physical memory.
- When you have a dedicated Distributed Cache server. Use the following method to calculate how much memory can be assigned to the Distributed Cache service:

Determine the total physical memory on the server. For this example, we will use 16 GB as the total physical memory available on the server.
Reserve 2 GB of memory for other processes and services that are running on the cache host. For example, 16 GB – 2 GB = 14 GB. This remaining memory is allocated to the Distributed Cache service.
Take half of the remaining memory, and convert it to MB. For example, 14 GB/2 = 7 GB or 7000 MB. This is the cache size of the Distributed Cache service.
Use the following procedure to update the memory allocation accordingly.

Change the memory allocation of the Distributed Cache by using Windows PowerShell

Use this procedure to reconfigure the memory allocation for the Distributed Cache service.

Stop the Distributed Cache service on all cache hosts that are part of the cache cluster. To stop the Distributed Cache service, on all cache hosts, at the Windows PowerShell command prompt, run the following command:

$instanceName =”SPDistributedCacheService Name=AppFabricCachingService”
$serviceInstance = Get-SPServiceInstance | ? {($_.service.tostring()) -eq $instanceName -and ($_.server.name) -eq $env:computername}
$serviceInstance.Unprovision()
Reconfigure the cache size of the Distributed Cache service on the server that is being added or upgraded. On that server only, at the Windows PowerShell command prompt, run the following command:

Set-CacheHostConfig -Hostname Hostname -cacheport Cacheport -cachesize Cachesize

Where:

Hostname is the FQDN of the application server being reconfigured that runs the Distributed Cache service.
Cacheport is equal to the port number of the Distributed Cache (22233).
Cachesize is the cache size’s memory allocation assignment in MB. In the previous example, the cache size was calculated at 7000 MB for a server with 16 GB of total physical memory.

Restart the Distributed Cache service. On all servers, at the Windows PowerShell command prompt, run the following command:

$serviceInstance.Provision()

Add or remove a server in a Distributed Cache cluster
An administrator can add or remove a server to a cache cluster, or might want to remove a server from the cache cluster, perform some operational or maintenance tasks on the server, and then rejoin or add the server to the cache cluster. When removing the server, the Distributed Cache service is stopped, then unregistered from the server. Unregistering the Distributed Cache service means that an administrator will not see the Distributed Cache service listed on the Services on Server page in Central Administration. Similarly, when a server is added, the Distributed Cache service is registered and then is started on the server. Registering the Distributed Cache service means that an administrator will see the Distributed Cache service listed on the Services on Server page in Central Administration.

Use the following procedures to add and remove a server from a cache cluster. These Windows PowerShell cmdlets are run on the server being added or removed.
- Add a server to the cache cluster and starting the Distributed Cache service by using a Windows PowerShell
At the Windows PowerShell command prompt, run the following command:

Add-SPDistributedCacheServiceInstanceOnLocalServer
- Remove a server from the cache cluster by using a Windows PowerShell
At the Windows PowerShell command prompt, run the following command:

Remove-SPDistributedCacheServiceInstanceOnLocalServer

Important:

This procedure will stop the cache service and nonpersisted cached data will be lost. If you want to keep the cached data, use the graceful shutdown procedure that is described in the next section, and then run the Remove-SPDistributedCacheServiceInstanceOnLocalServer cmdlet. The Remove-SPDistributedCacheServiceInstanceOnLocalServer cmdlet involves stopping and disabling the underlying AppFabric Caching service. Do not restart the AppFabric Caching service other than by running the Add-SPDistributedCacheServiceInstanceOnLocalServer cmdlet.

Perform a graceful shutdown of the Distributed Cache service

In a SharePoint Server 2013 farm, a cache cluster exists when several cache hosts run the Distributed Cache service. In a SharePoint Server 2013 farm, one cache exists, and the cache spans the cache cluster. An administrator can take a cache host out of the cluster to perform operational or maintenance tasks on the server, such as applying updates to the server. To prevent data loss associated with the removal of the cache host from the cache cluster, an administrator must first run the graceful shutdown procedure before removing the cache host from the cache cluster. The graceful shutdown procedure is run on the cache host being removed from the cache cluster. This cache host stores a portion of the cached data. The graceful shutdown procedure transfers all cached data from the cache host on which the graceful shutdown procedure is being run on to another cache host in the farm. The transfer process takes 15 minutes or more to run depending on how many items exist in the cache. When the transfer process is complete, removing the cache host by using the Remove-SPDistributedCacheServiceInstanceOnLocalServer cmdlet does not result in any data loss.

To perform a graceful shutdown of the Distributed Cache by using Windows PowerShell

At the Windows PowerShell command prompt, run the following command:

Stop-SPDistributedCacheServiceInstanceGracefullyOnLocalServer
Remove-SPDistributedCacheServiceInstanceOnLocalServer

Note:

To rejoin or add the server to the cache cluster, run the Add-SPDistributedCacheServiceInstanceOnLocalServer cmdlet.

Change the service account

When the server farm is first configured, the server farm account is set as the service account of the AppFabric Caching service. The Distributed Cache service depends on the AppFabric Caching service. To change the service account of the AppFabric Caching service to a managed account:

Create a managed account. For more information, see Configure automatic password change (SharePoint Server 2010).
Set the Managed account as the service account on the AppFabric Caching service. At the Windows PowerShell command prompt, run the following command:

$farm = Get-SPFarm
$cacheService = $farm.Services | where {$_.Name -eq “AppFabricCachingService”}
$accnt = Get-SPManagedAccount -Identity domain_name\user_name
$cacheService.ProcessIdentity.CurrentIdentityType = “SpecificUser”
$cacheService.ProcessIdentity.ManagedAccount = $accnt
$cacheService.ProcessIdentity.Update()
$cacheService.ProcessIdentity.Deploy()

Where Domain_name\user_name is the domain name and user name of the managed account.

Enable or disable personal and social features for users or groups in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how to configure user permissions for personal and social features in SharePoint Server 2013.

Applies to: SharePoint Server 2013

Farm Administrators or service administrators of a User Profile service application control who can create My Sites, and use personal and social features. For example, you might want a subset of users in an organization to be able to create My Sites, so you enable the Create Personal Site permission for those users. For more information, see User Profile service application overview (SharePoint 2013 Preview).

Important:

Before you decide which permission to grant users or groups of users, first review the permission descriptions and how the combination of these permissions affects the My Site user experience. For more information, see Plan users and user permissions in Plan for My Sites (SharePoint 2013 Preview).

Before you perform this procedure, confirm the following:
- A User Profile service application is running in the farm. For more information, see Create, edit, or delete a User Profile service application (SharePoint 2013 Preview).
Enable users or groups to use personal and social features

Use this procedure to configure the user permissions for personal and social features.

To enable users or groups to use personal and social features

Verify that you have the following administrative credentials:

To use the SharePoint Central Administration website to enable users or groups to use personal and social features, you must be a member of the Farm Administrators group, or you must have been delegated permission to administer the User Profile service application that is running in the farm. For more information, see Assign administration of a User Profile service application (SharePoint 2013 Preview).

In Central Administration, in the Application Management section, click Manage service applications.
In the list of service applications, click User Profile Service Application.
On the Manage Profile Service: User Profile Service Application page, in the People group, click Manage User Permissions.
On the Permissions for User Profile Service Application page, type or select a user or group account, and then click Add.
In the Permissions for box, check the feature or features that you want the user or group to be able to use, and then click OK.

Configure web content management solutions in SharePoint Server 2013

Updated: October 16, 2012

Summary: Learn how to install and configure SharePoint web content management solutions that use cross-site collection publishing.

Applies to: SharePoint Server 2013

The articles that are listed in the following table describe how to set up cross-site publishing features in a SharePoint Server 2013 environment.

	Content	Description
	Configure cross-site publishing in SharePoint Server 2013	Learn how to create site collections for cross-site publishing, activate the Cross-Site Collection Publishing feature, create and manage term sets for tagging content on authoring sites, create catalog content by using SharePoint lists, share a library or list as a catalog, and configure search settings for cross-site publishing.
	Connect a publishing site to a catalog in SharePoint Server 2013	Learn how to connect a publishing site to a library or list that is shared as a catalog.
	Configure Search Web Parts in SharePoint Server 2013	Learn how to configure the following Web Parts that use search technology in a publishing environment: Content Search Web Part Refinement Panel Web Part Taxonomy Refinement Panel Web Part Recommended Items Web Part
	Configure refiners and faceted navigation in SharePoint Server 2013	Learn how to map a crawled property to a refinable managed property, enable a managed property as a refiner, and configure faceted navigation.
	Configure result sources for web content management in SharePoint Server 2013	Learn how to create and manage result sources for SharePoint Search service applications, and for SharePoint sites and site collections.
	Configure recommendations and usage event types in SharePoint Server 2013	Learn how to create custom usage event types, how to add code to record usage events, and how to influence how recommendations are shown on a page.

Configure cross-site publishing in SharePoint Server 2013

Updated: October 16, 2012

Summary: Learn to create and tag catalog content in authoring sites and configure search settings for cross-site publishing in SharePoint Server 2013.

Applies to: SharePoint Server 2013

Before you configure cross-site publishing, make sure that you understand the concepts and terminology in Plan for cross-site publishing in SharePoint 2013 Preview.

In this article:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Create site collections for cross-site publishing

In a cross-site collection publishing scenario where content is reused across site collections, you must have at least two site collections, one for authoring content and one for publishing content. Before you create the site collections, review the following information:
- “Plan site collections and site structure for SharePoint authoring sites” in Plan SharePoint authoring sites for cross-site publishing (SharePoint 2013 Preview).
- “Plan site collections and site structure for SharePoint publishing sites” in Plan SharePoint publishing sites for cross-site publishing (SharePoint 2013 Preview).
For information about how to create a site collection by using either Central Administration or Windows PowerShell, see Create a site collection (SharePoint 2013 Preview).
Activate the Cross-Site Collection Publishing feature

Before you can use cross-site collection publishing to reuse content across site collections, you have to activate the Cross-Site Collection Publishing feature on the authoring site collection.

Note:

If you used the Product Catalog Site Collection template to create the authoring site collection, you do not have to do this operation. By default, the Cross-Site Collection publishing feature is active when you create a site collection by using the Product Catalog Site Collection template.

To activate the Cross-Site Collection Publishing feature

Verify that the user account that performs this procedure is a site collection administrator on the authoring site collection.
On the top-level site of the authoring site collection, on the Settings menu, click Site Settings.
On the Site Settings page, in the Site Collection Administration section, click Site collection features.
On the Site Collection Features page, next to Cross-Site Collection Publishing, click Activate.

Create content for authoring sites

Before you create content for authoring sites, review “Plan term sets for tagging content on authoring sites” and “Plan catalog content for authoring sites” in Plan SharePoint authoring sites for cross-site publishing (SharePoint 2013 Preview).
- Create and manage term sets for tagging content on authoring sites
You create and manage term sets by using the Term Store Management Tool. For information about how to create and manage term sets, see the following articles:
- Set up a new term set
- Create and manage terms in a term set
After you have created a term set, you have to make it available for tagging content. If you used the Product Catalog Site Collection template to create the authoring site collection, and you have created a term set in this site collection, you do not have to do this operation. By default, new term sets created in the Product Catalog site collection are available for tagging content.

To make a term set available for tagging content

Verify that the user account that performs this procedure is a member of the Owners SharePoint group on the authoring site that contains the catalog.
On the authoring site, on the Settings menu, click Site Settings.
On the Site Settings page, in the Site Administration section, click Term store management.
In the TAXONOMY TERM STORE section, click the term set that you want to make available for tagging.
Click the INTEDED USE tab, and then select Available for Tagging.
Click Save.

Create catalog content by using SharePoint lists

When you create catalog content by using SharePoint lists, we recommend that you create site columns for the lists in which you want to maintain your catalog content. This is because managed properties are automatically created for site columns, and you can use these managed properties when defining queries for you catalog content on a publishing site. If you have several lists, we recommend that you create a site content type for each list, and then associate the appropriate site columns to this site content type. If you want to use managed navigation to display catalog content on a publishing site, you also have to create at least one term set as described in Create and manage term sets for tagging content on authoring sites. The tagging term set must be tied to a site column that is a Managed Metadata data type.

For information about how to create site content types and site columns, see the following articles:

If you have large amounts of data in external business systems — for example, an ERP system — consider importing this data into one or more SharePoint lists. SharePoint Server 2013 does not have a solution for importing list content. However, you can develop custom import tools — for example, by using Windows PowerShell. For a set of example Windows PowerShell scripts that you can use to import list content for cross-site publishing, see Import list content to Products list for SharePoint 2013 Preview. The example scripts import content only to a site collection that was created by using the Product Catalog Site Collection template.

Share a library or list as a catalog

Before you share a library or list as a catalog, verify that the Cross-Site Collection Publishing feature is activated for the site collection. If you used the Product Catalog Site Collection template to create the site collection, the Cross-Site Collection Publishing feature is already active. For all other types of site collections, you must activate the Cross-Site Collection Publishing feature before you can continue with the following steps. For more information, see Activate the Cross-Site Collection Publishing feature earlier in this article.

By default, anonymous access is enabled when you share a library or list as a catalog. If you have connected a publishing site to the catalog, and you don’t want anonymous users to be able to view and search content that was added to the search index from this catalog, you should disable anonymous access.

Important:

In addition to enabling anonymous access for a catalog, you must enable anonymous access for the web application and publishing site so that anonymous users can search and view the content. For more information, see Create claims-based web applications in SharePoint 2013.

To share a library or list as a catalog

Verify that the user account that performs this procedure is a member of the Owners group on the site that contains the library or list that you want to share.
Browse to the library or list that you want to share, and then do one of the following:

To share a library, click the LIBRARY tab, and then, on the ribbon, in the Settings group, click Library Settings.
To share a list, click the LIST tab, and then, on the ribbon, in the Settings group, click List Settings.

On the Settings page, in the General Settings section, click Catalog Settings.
On the Catalog Settings page, in the Catalog Sharing section, select the Enable this library as a catalog check box.
In the Anonymous Access section, if you want don’t want anonymous users to view and search this content, click Disable anonymous access.
In the Catalog Item URL Fields section, in the Available fields box, select up to five fields that uniquely identify an item in the library or list, and then click Add.

After you connect a publishing site to this catalog, the fields that you specified as catalog item URL fields appear as part of the friendly URL. (See the example that follows this procedure.)
In the Navigation Hierarchy section, select the column that is associated with the term set that you want to use as a navigation term set for catalog pages. After you connect a publishing site to this library or list to show catalog content, the value of the column that you selected appears as part of the friendly URL (see the example that follows this procedure).

Note:

You only have to make a selection in this section if you want to use managed navigation to display catalog content on a publishing site.

Click OK.

Note:

After you share a library or list as a catalog, the content source that contains the catalog must be crawled. You don’t have to start a full crawl. This is because an incremental crawl or a continuous crawl also adds the content to the search index. For more information, see Start, pause, resume, or stop crawls in SharePoint 2013 Preview.

In this example, let’s say that you have a list that contains data for different electronic products. The following items were specified when the list was shared as catalog:

Electronic products
- Audio
- Car audio
- MP3
- Computers
- Laptops
- Desktops

Each item in the shared list is associated with a value from this term set in the Item Category Managed Metadata site column. For more information about Managed Metadata columns, see Create a Managed Metadata column.

The following table describes how site columns and their corresponding values in the previous list are combined to create friendly URLs for catalog content when you connect a publishing site collection to this list.

Product title	Item Category	Item Number	Friendly URL to an item when the catalog is connected to a publishing site
Proseware 50W Car Radio	Car audio	1010101	<site>/audio/car-audio/1010101
Contoso 4GB Portable MP3 Player M450	MP3	4020102	<site>/audio/mp3/4020102
AdventureWorks Laptop8.9 E0890	Laptops	7030906	<site>/computers/laptops/7030906
WWI Desktop PC2.33 X2330	Desktops	7030906	<site>/computers/desktops/3030802

Make a term set available to other site collections

After you create a term set on the authoring site collection, you have to make it available to publishing site collections. You can make a term set available to all site collections or to specific site collections.

To make a term set available to all site collections

Verify that the user account that performs this procedure is a member of the Owners SharePoint group on the authoring site that contains the catalog.
On the authoring site, on the Settings menu, click Site Settings.
On the Site Settings page, in the Site Administration section, click Term store management. If the user that performs this procedure is already a member of the Term Store Administrators group, you can skip to step 7.
In the Term Store Management Tool, verify that Managed Metadata Service is selected.
In the Term Store Administrator section, type one or more user names.
Click Save.
Right-click Managed Metadata Service, and then select New Group.
Type the name of the global term set that you want to create, and then press Enter.
Refresh the page.
Right-click the term set that you want to make available to all site collections, and then click Move Term Set.
In the Term Set Move dialog box, click the global term set that you want to move the term set to, and then click OK.
Refresh the page.

To make a term set available to specific site collections

Verify that the user account that performs this procedure is a member of the Owners SharePoint group on the authoring site that contains the catalog.
On the authoring site, on the Settings menu, click Site Settings.
On the Site Settings page, in the Site Administration section, click Term store management.
In the Term Store Management Tool, click the group that contains all term sets within the site collection.
In the Site Collection Access section, type the URLs of the site collections to which you want to make the term set available — for example, http://<site>/sites/products.
Click Save.

Configure search for cross-site publishing

Because cross-site publishing depends on search, you have to create a content source and manage crawling for SharePoint cross-site publishing sites.

A content source specifies what, when, and how content should be crawled. When a Search service application is created, a content source named Local SharePoint sites is created and is automatically configured to crawl all SharePoint sites in the local server farm. You can create additional content sources to specify other content to crawl and define how SharePoint should crawl that content. You do not have to create a separate content source for catalog content in order to make content available to other site collections. However, it is easier to maintain crawl schedules when you have separate content sources for the different content that you want users to view and search.

The ability to enable continuous crawls is a new crawl schedule option in SharePoint 2013. When you enable continuous crawls, any changes that are made to content within the specified content source is picked up automatically by the crawler and added to the search index. A continuous crawl starts at set intervals. The default interval is 15 minutes, but you can set continuous crawls to occur at shorter intervals by using Windows PowerShell.

For information about how to create a new content source and manage crawling in Central Administration, see the following articles:
Some actions — for example, doing search schema management to enable refiners — require a full reindex of the content source that contains the catalog for the changes to be added to the search index. A site collection administrator can independently of the Search service application administrator indicate that a catalog should be fully reindexed during the next scheduled crawl of the catalog.

To reindex catalog content

Verify that the user account that performs this procedure is a member of the Site collection administrators group on the site that contains the catalog.
Browse to the catalog, and then do one of the following:

If you want to perform a full crawl of a catalog in a library, click the LIBRARY tab, and then, on the ribbon, in the Settings group, click Library Settings.
If you want to perform a full crawl of a catalog in a list, click the LIST tab, and then, on the ribbon, in the Settings group, click List Settings.

On the Settings page, in the General Settings section, click Advanced settings.
On the Advanced Settings page, in the Reindex List section, click Reindex List, and then click Reindex List to confirm that you want the catalog to be reindexed during the next scheduled crawl.
Click OK.

Note:

The full reindex of the catalog will be performed during the next scheduled crawl.

Connect a publishing site to a catalog in SharePoint Server 2013
Published: October 2, 2012

Summary: Learn how to connect a publishing site collection to a library or list that is shared as a catalog.

Applies to: SharePoint Server 2013

To show content from a library or list that is shared as a catalog, you must connect the publishing site collection to the catalog. When you connect a publishing site collection to a catalog, the following occurs:
- The catalog content is integrated into the publishing site collection.
- The term set used by the catalog is integrated into the term set of the publishing site collection.
- A category page and an item details page are created for the catalog pages.
- Friendly URL is created for the item details page.
- A result source is created for the catalog.
In this article:
- Before you begin
- Connect a publishing site to a catalog
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Before you connect the publishing site collection to a catalog, review the information in Plan category pages and item detail pages. Also verify the following:
- The publishing site that you connect to a catalog uses managed navigation. By default, site collections that are created by using the Publishing Portal Site Collection template use managed navigation.
- The library or list was shared as a catalog, as described in Share a library or list as a catalog.
- A full crawl of the content source that contains the catalog was performed, as described in Configure search for cross-site publishing.
- The term set that is used by the catalog is available to the publishing site collection, as described in Make a term set available to other site collections.
Connect a publishing site to a catalog

To connect a publishing site to a catalog

Verify that the user account that completes this procedure is a member of the Owners SharePoint group on the publishing site collection.
On the publishing site collection, on the Settings menu, click Site Settings.
On the Site Settings page, in the Site Administration section, click Manage catalog connections.
On the Manage catalog connections page, click Connect to a catalog. A list of available catalogs appears. Note that only catalogs that have been crawled will appear.
On the line that contains the catalog that you want to connect to, click Connect. You can also search for a specific catalog by typing the catalog name in the search field.
On the Catalog Source Settings page, in the Connection Integration section, do one of the following:

To make catalog content available to the publishing site and integrate the catalog tagging term set into the publishing site navigation term set, select Integrate the catalog into my site. When you select this option, use the following steps to specify at which level the term sets should be integrated, specify the URL for the catalog item details page, and select category pages and catalog item pages.
To make the catalog content available to the publishing site, select Connect, but do not integrate the catalog. You should select this option if you want to use content from the library to create individual catalog item pages.

Either option creates a result source for the catalog.

In the Navigation Hierarchy section, specify the term from which the catalog tagging term set should be integrated into the publishing site navigation term set. The catalog navigation column that you previously configured in Share a library or list as a catalog appears by default. The fields in this section are optional. Therefore, if you don’t change the fields in this section, the catalog tagging term set will be integrated from the root term. If you want to integrate the catalog tagging term set from a different term, do the following:

Next to the Root term of hierarchy box, click Browse for a valid choice.
In the Select: Add Terms dialog box, click the term that corresponds to the level from which you want to integrate the catalog tagging term set, click Select, and then click OK.
To integrate the root term that is the parent of the selected term in the publishing site navigation term set, select the Include root term in site navigation check box.

Note:

All items in the catalog must be tagged with a term from the specified catalog tagging term set. If this is not done, site navigation will not work as intended for all items.

In the Navigation Position section, specify the term in the publishing site navigation term set where the catalog tagging term set should be integrated. Do one of the following:

To integrate the catalog tagging term set to the root term of the publishing site navigation term set, click Add to navigation root.
To integrate the catalog tagging term set to a term below the root term of the publishing site navigation term set, click Select an alternate location in site navigation, and then do the following:
- Click Browse for a valid choice to display the publishing site navigation term set.
- In the Select: Add Terms dialog box, click the term that corresponds to the level from which you want to integrate the catalog tagging term set, click Select, and then click OK.

If you want changes to the catalog tagging term set to be updated on the publishing site, in the Navigation Pinning section, select the Pin terms to site navigation check box. By default, this option is selected. If you clear this check box, changes made to the catalog tagging term set are not reflected on the publishing site navigation.
In the Catalog Item URL Behavior section, specify what you want the URL of the catalog item to do by selecting one of the following options:

To point the URL of the catalog item to an item details page, select Make URLs relative to this site. When you select this option, you have to specify a catalog item URL format as described in the next step. This also means that the content that you can display on the item details page has to come from the search index.
To have the catalog item URL point to the item in the source catalog, select Make URLs point to source catalog. When you select this option, you do not have to specify a catalog item URL format. Note that when you select this option, anonymous users are not able to access and view the item in the source catalog.

In the Catalog Item URL Format section, select which properties the URL of the item details page should contain by doing one of the following:

To use the field that you specified as Primary Key the when you shared the library or list as a catalog as described in Share a library or list as a catalog, select Use the default URL format provided by the catalog source. By default, this option is already selected.

Note:

All items in the catalog must have values for the specified field. Site navigation will not work as intended for items with missing values.

To manually define a format for the URL, select Manually define a URL format, and then type in a URL. You should select this option only if you have created an item details page and the items in your catalog are not tagged with a term from a catalog tagging term set. Type the URL in the following format: /<Folder of item details page>/<Name of item details page>.aspx? <Managed property name>=[Managed property value] — for example, /Pages/itemdetails.aspx?TitleProperty=[Title].
To construct a custom URL based on catalog properties, select Construct a URL format from catalog properties, and then do the following:
- In the Available Fields list, select up to five fields, and then click Add.

Important:

Fields of site column type Number will not create a valid URL. All items in the catalog must have values for the specified fields. Site navigation will not work as intended for items with missing values.

In the Category Page section, do one of the following:

To have SharePoint Server 2013 automatically create a new Category page for your catalog content, click Create a new page, and then select a master page. The page will be added to the Pages library with the name Category-<catalog tagging term set name>. The page will not be published automatically.
To use a Category page that was already created, select Use an existing page, and then specify the location of the page.

In the Item Page section, do one of the following:

To have SharePoint Server 2013 automatically create a new Item page for your catalog content, click Create a new page, and then select a master page. The page will be added to the Pages library with the name CatalogItem-<catalog tagging term set name>. The page will not be published automatically.
To use an already created Item page, select Use an existing page, and specify the location of this page.

Click OK.

Configure Search Web Parts in SharePoint Server 2013

Published: October 2, 2012

Summary: Learn how to configure the different Web Parts that use search technology in a publishing environment.

Applies to: SharePoint Server 2013

Web Parts that use search technology to show content in a publishing environment (referred to in this article as Search Web Parts) show content that was crawled and added to the search index, as described in “Understanding how content is added to and managed in the search index” in Overview of cross-site publishing in SharePoint 2013 Preview. These Web Parts have queries defined in them, and when users browse to a page that contains a Web Part that uses search technology, the Web Part issues the query automatically. The query result is then displayed in the Web Part. You can modify the query in the search Web Part to fit your content needs.

In this article:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
There are many Search Web Parts available in SharePoint Server 2013. These Web Parts have predefined queries, such as what type of content to search for, where to search for content, and how to show content. For information about different Search Web Parts, see “Plan to add search Web Parts to pages” in Plan SharePoint publishing sites for cross-site publishing (SharePoint 2013 Preview). Many of the Search Web Parts use result sources and have query rules that are applied to them. Result sources narrow the scope of search results that are retrieved. A query rule is a set of conditions that will cause the query to be changed in a specific way. For more information about result sources and query rules, see Plan result sources and query rules.

To customize how search results appear in Search Web Parts — for example, to show an image followed by a title in bold to the right of the image — you modify display templates. The two types of display templates that are most relevant to Search Web Parts are control display templates and item display templates.
Add a Content Search Web Part to a page

To add a Content Search Web Part to a page

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
Browse to the page where you want to add the Web Part.
Click the Settings menu, and then click Edit page.
In the Web Part Zone where you want to add the Web Part, click Add a Web Part.
In the Categories list, click Content Rollup.
In the Parts list, click Content Search, and then click Add.

Configure the query for a Content Search Web Part

You can use the Content Search Web Part in Quick Mode and create a query by selecting options from a list of existing result sources, or you can switch to Advanced Mode to create your own custom query by using Keyword Query Language (KQL). Use the Advanced Mode only if you know KQL and the functionality that is enabled for the managed properties.

To configure the query for a Content Search Web Part

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
Browse to the page that contains the Content Search Web Part that you want to configure.
Click the Settings menu, and then click Edit Page.
In the Web Part, click the Content Search Web Part Menu arrow, and then click Edit Web Part.
In the Web Part tool pane, in the Properties section, in the Search Criteria section, click Change query.
On the BASICS tab, do one of the following:

To define your query by using Quick Mode, select options as described in the following table:
Quick Mode (default)

Select a query

Select a result source to specify which content should be searched. If you have shared a document library or list as catalog, the catalog result source will be displayed in this drop-down list. By default, this is set to Recently changed items (System).

Restrict results by app

Select an option from the list to restrict results to a specific site, library, list, or URL. By default, this is set to Current site.

Restrict by tag

You can limit results to content that is tagged with a term from a term set.

Select one of the following options:

Don’t restrict by any tag	Search results will not be limited based on tags (default).
Restrict by navigation term of current page	Search results will be limited to content that is tagged with the term of the current page. The current tag is displayed as the last part of the friendly URL. This option is only meaningful for sites that use managed navigation.
Restrict by current and child navigation	Search results will be limited to content that is tagged with the term of the current page (displayed as the last part of the friendly URL), and content that is tagged with sub-terms of the current page. This option is only meaningful for sites that use managed navigation. Note: In a cross-site publishing scenario, this selection will only work when the result source selected in the Select a query section is the catalog result source that is created when a publishing site is connected to a catalog.
Restrict on this tag	Search results will be limited to content that is tagged with the tag that you type inside the box.

To create your own query by using Keyword Query Language (KQL), click Switch to Advanced Mode. For information about KQL, see Keyword Query Language (KQL) syntax reference. When you configure the query in Advanced Mode, you can also use query variables. Query variables are placeholders for values that change dynamically depending on the context of the page when the page that contains the Content Search Web Part is being displayed. The correct information is inserted dynamically from the context the query is sent to the index. Examples of query variables are {User.Name}, which represents the name of the user who is viewing the page, or {searchBoxQuery}, which represents the query that a user typed in a search box. Select options as described in the following table:
Advanced Mode

Select a query	Select a result source to specify which content should be searched. Default result source is Local SharePoint Results (System).
Keyword filter	You can use keyword filters to add query variables to your query. See Query variables in SharePoint Server 2013 for a list of available query variables. You can select pre-defined query variables from the drop-down list, and then add them to the query by clicking Add keyword filter.
Property filter	You can use property filters to query the content of managed properties that are set to queryable in the search schema. You can select managed properties from the Property filter drop-down list. Click Add property filter to add the filter to the query.
Query text	Type your query by using Keyword Query Language (KQL), or use the Keyword filter and Property filter lists to build the query. The keyword query can consist of free-text keywords, property filters, or operators. Use braces to enclose query variables. The query variables will be replaced with an actual value when the query is run. Keyword queries have a maximum length of 2,048 characters.

The REFINERS tab lists the managed properties that are enabled as refiners in the search schema. You can specify that the search results returned in the Content Search Web Part should be limited to one or more values from the refiners. Click a refiner in the list, and then click Apply to add it to the query.

Click Show more if you want to define grouping of results. Under Group results, you can specify that the results should be grouped based on one or more managed properties. This is useful when you are displaying several variants for a given item, and want to group them under a single result.
On the SORTING tab, you can specify how search results should be sorted.

This tab is available only if you use Advanced Mode. If you use Quick Mode, you can define sorting options in the result source.

In the Sort by drop-down list, select a managed property from the list of managed properties that are set as sortable in the search schema, and then select Descending or Ascending. For example, to sort by relevance (that is, to use a ranking model) select Rank.

To add more sorting levels, click Add sort level.

If you selected Rank from the Sort by list, you can select which ranking model to use for sorting in the Ranking Model list.

Under Dynamic ordering, you can specify additional ranking by adding rules that will change the order of results when certain conditions apply. Click Add dynamic ordering rule, and then specify conditional rules.
On the SETTINGS tab, specify the settings that are listed in the following table.

Query Rules	Select whether to use Query Rules or not.
URL Rewriting	Select if the URL rewrite to the item details page should continue to be relative for each catalog item as defined when you set up the catalog connection. If you select Don’t rewrite URLs, the URLs for catalog items are pointed directly to the library item of the connected catalog.
Loading Behavior	Select when the search results returned by the Content Search Web Part appear on the web page. The default option is Sync option: Issue query from the server. By using this loading behavior, queries are issued from the server, and the search results are included in the page response that is sent back from SharePoint. If you select Async option: Issue query from the browser, the queries will be issued from the end-users browser after the complete page is received. This option may be considered for secondary content on a page — for example Recommendations or Popular Items.
Priority	Select the level that best describes the relative importance of content that is displayed by this Web Part in relation to other Search Web Parts. If SharePoint Server 2013 is running under heavy load, the queries will be run according to their priority.

On the TEST tab, you can preview the query that is sent by the Content Search Web Part.

Query text

Shows the final query that will be run by the Content Search Web Part. It is based on the original query template where dynamic variables are substituted with current values. Other changes to the query may have to be made as part of query rules.

Click Show more to display additional information.

Query template	Shows the content of the query template that is applied to the query.
Refined by	Shows the refiners applied to the query as defined on the REFINERS tab.
Grouped by	Shows the managed property on which search results should be grouped as defined on the REFINERS tab.
Applied query rules	Shows which query rules are applied to the query.

The Query template variables section shows the query variables that will be applied to the query, and the values of the variables that apply to the current page. You can type other values to test the effect they will have on the query. Click the Test Query button to preview the search results.

You can also test how the query works for different user segment terms. Click Add user segment term to add terms to be added to the query. Click the Test query button to preview the search results.

Query text

Configure the display templates for the Content Search Web Part

When you connect a publishing site to a catalog, the default control display template for the Content Search Web Part on your category page is List with Paging (named Control_ListWithPaging in the Master Page Gallery).

The default item display template for the Content Search Web Part is Picture on top, 3 lines on bottom (named Item_Picture3Lines in the Master Page Gallery). If you want to use other display templates on your category page, you can change them by changing the settings for the Content Search Web Part.

Add a Refinement Web Part to a page

You can add refiners to a page to narrow the items that are shown in a Content Search Web Part, and help users quickly browse to specific content. Refiners are based on managed properties from the search index. To display refiners on a page, you must first enable the managed property that you want to use as a refiner, and then add a Refinement Web Part to the page where you want the refiners to appear. You can configure the Refinement Web Part for two types of refiners: Stand-alone refiners and Refiners for faceted navigation. For more information about the different refiner types, see Plan refiners and faceted navigation in Plan search for SharePoint cross-site publishing sites (SharePoint 2013 Preview).

Before you begin this procedure, verify the following:
- The managed properties that you want to use as refiners are enabled as refinable managed properties described in “Enable a managed property as refiner” in Configure refiners and faceted navigation in SharePoint Server 2013.
- You have done a full crawl of the content source that contains the managed properties that are enabled as refiners as described in Start, pause, resume, or stop crawls in SharePoint 2013 Preview.
- If you are using refiners for faceted navigation, you have configured the refiners as described in “Configure refiners for faceted navigation” in Configure refiners and faceted navigation in SharePoint Server 2013.
To add a Refinement Web Part to a page

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
Browse to the page where you want to add the Web Part.
Click the Settings menu, and then click Edit Page.
In the Web Part Zone where you want to add the Web Part, click Add a Web Part.
In the Categories list, select Search.
In the Parts list, select Refinement, and then click Add.

Configure the Refinement Web Part

To configure the Refinement Part

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
Browse to the page that contains the Refinement Web Part that you want to configure.
Click the Settings menu, and then click Edit Page.
In the Web Part, click the Refinement Web Part Menu arrow, and then click Edit Web Part.
You can configure the Web Part for stand-alone refiners or for refiners for faceted navigation by using the following procedures,

To configure the Web Part for stand-alone refiners:

In the Web Part tool pane, in the Properties for Search Refinement section, verify that the Choose Refiners in this Web Part is selected.
Click Choose Refiners…
On the Refinement configuration page, from the Available refiners section, use the buttons to select which refiners should be added to the term set, and also in which order that they should be displayed. If you have specified an alias for a refinable managed property, this alias is displayed in the Configuration for section.
In the Configuration for section, set the configuration for how every refiner appears.

Note:

If you have a single language site, you can change the refiner display name in the Display name section. For multilingual sites, you have to change the refiner display language as described in Change the refiner display name.

To configure the Web Part for refiners for faceted navigation:

In the Web Part tool pane, in the Properties for Search Refinement section, select the option Use the refinement configuration defined in the Managed Navigation term set.

Change the refiner display name

When you add a Refinement Web Part, the name of the managed property that is enabled as a refiner will be used as display name for the refiner. In many cases, the managed property name is not user-friendly — for example, RefinableString00 or ColorOWSTEXT. You can change the display name of the refiner by changing a java script file in the master page gallery.

To change the refiner display name

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
On the Settings menu, click Site Settings.
On the Site Settings page, in the Web Designer Galleries section, click Master pages and page layouts.
On the Master Page Gallery page, click Display Templates.
On the Display Templates page, click Language Files.
On the Language Files page, click the folder that contains the language that you want to change the refiner display name for.
Open the CustomStrings.js file.
Add one line to the file for each managed property that is enabled as a refiner for which you want to change the display name byusing the following syntax:

“rf_RefinementTitle_ManagedPropertyName”: “Sample Refinement Title for ManagedPropertyName”

For example, you can add the following line to change the display name for the managed property RefinableInt00 to Price:

“rf_RefinementTitle_RefinableInt00”: “Price”.

Display refiner counts in a Refinement Web Part

When you add a Refinement Web Part to a page, by default, the Web Part will not show refiner counts — that is, the number of items for each refiner value. For example, if you have enabled the managed property Color as a refiner, the refiner values will only show colors such as Red, Green, and Blue. You can add refiner counts by changing a value in an HTML file so that the refiner values are shown as Red (10), Green (12), and Blue (8).

To add refiner counts to the Refinement Web Part

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
On the Settings menu, click Site Settings.
On the Site Settings page, in the Web Designer Galleries section, click Master pages and page layouts.
On the Master Page Gallery page, click Display Templates.
On the Display Templates page, click Filters.
Open the Filter_Default.html file.
Change the value for ShowCounts to true.

Configure the display templates for the Refinement Web Part

The display templates for the Refinement Web Part can be found in the Master Page Gallery.

To configure display templates for the Refinement Web Part

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
On the Settings menu, click Site Settings.
On the Site Settings page, in the Web Designer Galleries section, click Master pages and page layouts.
On the Master Page Gallery page, click Display Templates.
On the Display Templates page, click Filters.

You can change the display template that is used by each refiner by selecting a display template from a list in the Display template section on the Refinement configuration page. When you add a Filter display template to the master page gallery, it is added to the list.

Add a Taxonomy Refinement Panel Web Part to a page

Before you begin this procedure, verify the following:
- The managed properties that you want to use as refiners are enabled as refinable as described in Enable a managed property as refiner (SharePoint 2013 Preivew).
- You have done a full crawl of the content source that contains the managed properties that are enabled as refiners as described in Start, pause, resume, or stop crawls in SharePoint 2013 Preview.
- If you are using refiners for faceted navigation, you have configured the refiners as described in Configure refiners for faceted navigation (SharePoint 2013 Preview).
To add a Taxonomy Refinement Panel Web Part to a page

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
Browse to the page where you want to add the Web Part.
Click the Settings menu, and then click Edit Page.
In the Web Part Zone where you want to add the Web Part, click Add a Web Part.
In the Categories list, select Search.
In the Parts, select Taxonomy Refinement Panel, and then click Add.

Configure the Taxonomy Refinement Panel Web Part

To configure the Taxonomy Refinement Panel Web Part

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
Browse to the page where you have the Taxonomy Refinement Panel Web Part that you want to configure.
On the Settings menu, click Edit Page.
In the Web Part, click the Taxonomy Refinement Panel Web Part Menu arrow, and then click Edit Web Part.
In the Web Part tool pane, in the Properties section, in the Query section, on the Refinement Target menu, select the Web Part you want to associate with the Taxonomy Refinement Panel Web Part.
In the Web Part tool pane, in the Properties section, in the Query section, on the Refiner menu, select the managed property that you have specified for Managed Navigation.

Add a Recommended Items Web Part to a page

You can use the Recommended Items Web Part to show content recommendations based how users have previously interacted with the site. For example, you can add this Web Part to a Catalog Item page. If a user views a specific item, this Web Part will display other items that users have previously viewed, such as “Users who viewed this item also viewed these items.“ For more information about recommendations, see Plan usage analytics, usage events and recommendations in Plan search for SharePoint cross-site publishing sites (SharePoint 2013 Preview).

To add a Recommended Items Web Part to a page

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
Browse to the page where you want to add the Web Part.
Click the Settings menu, and then click Edit Page.
In the Web Part Zone where you want to add the Web Part, click Add a Web Part.
In the Categories list, click Search-Driven Content.
In the Parts list, click Recommended Items, and then click Add.

Configure the Recommended Items Web Part

To configure the query for a Recommended Items Web Part

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the publishing site collection.
Browse to the page where you have the Recommended Items Web Part that you want to configure.
On the Settings menu, click Edit Page.
In the Web Part, click the Recommended Items Web Part Menu arrow, and then click Edit Web Part.
In the Web Part tool pane, in the Properties section, in the Search Criteria section, click Change query.
On the BASICS tab, define your query by selecting options described in the following table.

Get recommended items for	From the drop-down list, select from which value recommendations should be displayed. In a catalog scenario, this will often be A token from a URL. If you select this option, you will also have to select which URL token you want to obtain recommendations for. For example, let’s say that you want to obtain recommendations for items in your catalog. You have a catalog item page where you display your catalog items, and the item number is part of your friendly URL — for example, www.contoso/audio/mp3/4010101. (4010101 represents the item number.) When you want to obtain recommendations for a token from the URL, you should select {URLToken.1} (4010101) from the second drop-down list.
Restrict results by app	Use this drop-down list to specify a scope for the search results.
Restrict results by content type	Use this drop-down list to limit the search results to a specific content type.
If there are too few recommended items	If you don‘t have much usage data — for example, if your site is fairly new, or if the items do not have recommendations to display — this Web Part will not display any search results. In order for the Web Part to display recommendations even though not enough user data has cumulated, you can select the option to Select a query to fill in with additional results.

The REFINERS tab lists the managed properties that are set as refiner-enabled in the search schema. You can specify that the search results returned in the Recommended Items Search Web Part should be limited to one or more values from the refiners. Click a refiner in the list, and then click Apply to add it to the query.

Click Show more if you want to define grouping of results. Under Group results, you can specify that the results should be grouped based on one or more managed properties.
On the SETTINGS tab, specify the following:

Query Rules	Select whether to use Query Rules or not.
URL Rewriting	Select if the URL rewrite to the item details page should continue to be relative for each catalog item as defined when you set up the catalog connection. If you select Don’t rewrite URLs, the URLs for your catalog items are pointed directly to the library item of the connected catalog.
Loading Behavior	Select when the search results returned by the Recommended Items Web Part should be displayed on the web page. The default option is Display the page and web party simultaneously. By using this loading behavior, queries are issued from the server, and the search results are included in the page response that is sent back from SharePoint. If you select Display the page and web part independently, the queries will be issued from the end-users browser after the complete page is received. This option may be considered for secondary content on a page — for example, Recommendations or Popular Items
Priority	Select the level that best describes the relative importance of content that is displayed by this Web Part in relation to other Search Web Parts. If SharePoint Server 2013 is running under heavy load, the queries will be run according to their priority.

On the TEST tab, you can preview the query that is sent by the Recommended Items Web Part.

Query text

Shows the content of the query template that is applied to the query.

Click Show more to display additional information the query is

Refined by	Shows the refiners applied to the query as defined in the REFINERS tab.
Grouped by	Shows the managed property on which search results should be grouped as defined in the REFINERS tab.
Applied query rules	Shows which query rules are applied to the query.

In the Query template variables section, the selections that you made on the BASIC tab are displayed. In addition, you can type additional values for testing as outlined in the following table. Click the Test query button to preview the search results.

{RecsURL}*	Shows the token you selected when specifying for which value recommendations should be displayed.
{Scope}*	Shows the scope that you selected for the search results.
{ContentTypeID}*	Shows the content type that you selected for the search results.

You can also test how the query works for different user segment terms. Click Add user segment term for testing to add terms to be added to the query. Click the Test query button to preview the search results.

Query text

Shows the final query that will be run by the Recommended Items Web Part. It is based on the original query template where dynamic variables are substituted with current values. Other changes to the query may have be made as part of query rules.

Configure the display templates for the Recommended Items Web Part

The default control display template for the Recommended Items Search Web Part is List (known as Control_List in the Master Page Gallery).

The default item display template for the Recommended Items Web Part is Recommended Items: Picture on top, 3 lines (known as Item_RecommendationsClickLogging in the Master Page Gallery). When a user clicks a link that is displayed in the Recommended Items Web Part, the default display template logs a Recommendations Clicked usage event.

Configure refiners and faceted navigation in SharePoint Server 2013

Published: October 2, 2012

Summary: Learn how to map a crawled property to a refinable managed property, enable a managed property as a refiner and configure refiners for faceted navigation.

Applies to: SharePoint Server 2013

You can add refiners to a page to help users quickly browse to specific content. Refiners are based on managed properties from the search index. To use managed properties as refiners, the managed properties must be enabled as refiners.

Faceted navigation is the process of browsing for content by filtering on refiners that are tied to category pages. Faceted navigation allows you to specify different refiners for category pages, even when the underlying page displaying the categories is the same. For information about category pages, see “Category pages and catalog item pages” in Overview of cross-site publishing in SharePoint Server 2013 Preview.

Important:

You can apply faceted navigation only to publishing sites that use managed navigation. You configure the refiners that are used in faceted navigation on the term set on the authoring site collection.

In this topic:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Review the information in “Plan refiners and faceted navigation” in Plan search for SharePoint cross-site publishing sites (SharePoint 2013 Preview).

Enable a managed property as refiner

To use a managed property as refiner, the managed property must be enabled as refiner. Search service application administrators can do this in Central Administration as described in Enable a managed property as a refiner in SharePoint Central Administration later in this article.

Site collection administrators can configure refiners because the search schema has many managed properties that are enabled as refiners by default. These managed properties are listed in the following table. Before site collection administrators can use these managed properties as refiners on their web pages, they must map the appropriate crawled property to the managed property that is enabled as a refiner. To make it easier to work with these properties when doing additional refiner configuration in Term Store Management, you can specify a user-friendly alias name for the managed property.

Managed properties that are enabled as refiners by default

Managed property name	Data type for mapping
RefinableDate00 – RefinableDate19	Values contain dates
RefinableDecimal00 – RefinableDecimal09	Values contain numbers with maximum three decimals
RefinableDouble00 – RefinableDouble09	Values contain numbers with more than three decimals
RefinableInt00 – RefinableInt49	Values are whole numbers
RefinableString00 – RefinableString99	Values are strings

Note:

We recommend that you use only the managed properties that are enabled as refiners by default when you perform the procedure in the following section.

Map a crawled property to a refinable managed property in SharePoint site collection administration

To map a crawled property to a refinable managed property

Verify that the user account that performs this procedure has the following credentials:

The user account that performs this procedure is a site collection administrator on the publishing site collection.

On the publishing site collection, on the Settings menu, click Site settings.
On the Site Settings page, in the Site Collection Administration section, click Search Schema.
On the Managed Properties page, in the Managed property filter box, type the name of a refinable managed property — for example, RefinableString00 — and then click the arrow.
In the Property Name column, click the refinable managed property that you want to edit.
To specify an alias of the refinable managed property to use when you configure refiners for faceted navigation, on the Edit Managed Property page, type a user-friendly name in the Alias box.
In the Mappings to crawled properties section, click Add a Mapping.
In the Crawled property selection dialog box, find the crawled property that you want to map to the refinable managed property in the list, or search for it by typing the name of the crawled property in the box, and then clicking Find.

Important:

When you search for a crawled property, you may find two crawled properties that represent the same content. For example, a site column of type text named Color will during crawl discover two crawled properties: ows_Color and ows_q_TEXT_Color. Crawled properties that begin with either ows_r<four letter code>, ows_q<four letter code> or ows_taxId are automatically created crawled properties. When you select a crawled property to map to a refinable managed property, make sure that you don’t map the automatically created crawled property. You should always map the crawled property that begins with ows_.

For information about automatically created crawled properties, see About automatically created managed properties (SharePoint 2013 Preview).

Click OK.
On the Edit Managed Property page, click OK.

Note:

To configure refiners in Web Parts or in Term Store Management, you must start a full crawl of the content source that contains the refinable managed properties. For more information, see Start, pause, resume, or stop crawls in SharePoint 2013 Preview.

Enable a managed property as a refiner in SharePoint Central Administration

Important:

All automatically created managed properties use the text data type. Therefore, you should only enable an automatically created managed property as a refiner if the site column used to create the managed property also uses the text data type. For example, if the site column uses an integer or date data type, you must create a new managed property, map the crawled property value to this new managed property, and then enable it as a refiner.

When you select a crawled property to map to a managed property, make sure that you don‘t map the automatically created crawled property. The name of the automatically created crawled property starts with either ows_r<four letter code>_, ows_q<four letter code>_, or ows_taxId_. The name of the crawled property that you should use in the mapping starts with ows_.

For information about how to create a new managed property, see To add a managed property. For more information about automatically created crawled properties, see About automatically created managed properties (SharePoint 2013 Preview).

To enable a managed property as a refiner

Verify that the user account that performs this procedure is an administrator of the Search service application.
In Central Administration, in the Application Management section, click Manage service applications.
On the Manage Service Applications page, click Search Service Application.
Click the Search service application.
On the Managed Properties page, in the Managed property filter box, type the name of the managed property that you want to enable as refiner, and then click the arrow.
In the Property Name column, click the managed property that you want to edit.
On the Edit Managed Property page, in the Refinable section, select either Yes – active or Yes – latent. If you select Yes – latent, you can switch the refiner to active later without having to do a full crawl.
Click OK.

Note:

To configure refiners in Web Parts or in Term Store Management, a full crawl of the content source that contains the refinable managed properties must be completed. Administrators of the Search service application can complete a full crawl as described in Start, pause, resume, or stop crawls in SharePoint 2013 Preview. Site collection administrators can initiate a full crawl by specifying that the catalog that contains the refinable managed properties should be reindexed during the next scheduled crawl.

Configure refiners for faceted navigation

Before you start the procedures in this section, verify the following:
- On the authoring site, a library or list is shared as a catalog, as described in “Share a library or list as a catalog” in Configure cross-site publishing in SharePoint Server 2013.
- The required managed properties are enabled as refiners, as described in Enable a managed property as refiner.
- A full crawl was completed for the content source that contains the refinable managed properties, as described in Start, pause, resume, or stop crawls in SharePoint 2013 Preview.
  - Enable a term set for faceted navigation
To configure refiners for faceted navigation, you must first enable the relevant term set for faceted navigation. This procedure is performed on the authoring site collection.

To enable a term set for faceted navigation

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the authoring site collection.
On the authoring site collection, on the Settings menu, click Site settings.
On the Site Settings page, in the Site Administration section, click Term store management.
In the TAXONOMY TERM STORE section, click to select the term set that you want to enable for faceted navigation.
Click the INTENDED USE tab, and then select Use this Term Set for Faceted Navigation.
Click Save.

Add refiners to a term set

When configuring refiners for faceted navigation, you can add refiners to all terms in a term set or to specific terms in a term set. This procedure is performed on the authoring site collection.

To add refiners to all terms in a term set

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the authoring site collection.
On the authoring site collection, on the Settings menu, click Site settings.
On the Site Settings page, in the Site Administration section, click Term store management.
In the TAXONOMY TERM STORE section, click the term set that you have enabled for faceted navigation.
Click the FACETED NAVIGATION tab, and then click Customize refiners….
On the Refinement Configuration page, in the Available refiners section, use the buttons to select which refiners should be added to the term set, and also to specify the order in which you want the refiners to appear. If you have specified an alias for a refinable managed property, this alias is displayed in the Configuration section.
In the Configuration for section, specify how you want each refiner to appear.
Click OK to close the Refinement Configuration page, and then click Save.

To add refiners to specific terms in a term set

Verify that the user account that performs this procedure is a member of the Designers SharePoint group on the authoring site collection.
On the authoring site collection, on the Settings menu, click Site settings.
On the Site Settings page, in the Site Administration section, click Term store management.
In the TAXONOMY TERM STORE section, click the term set that you have enabled for faceted navigation, and then click the term to which you want to add term-specific refiners.
Click the FACETED NAVIGATION tab, and then click Stop inheriting….
Click FACETED NAVIGATION tab, and then click Customize refiners….
On the Refinement Configuration page, in the Available refiners section, use the buttons to select which refiners should be added to the term set, and also to specify the order in which you want the refiners to appear. If you have specified an alias for a refinable managed property, this alias is displayed in the Configuration section.
In the Configuration for section, specify how you want each refiner to appear.
Click OK to close the Refinement Configuration page, and then click Save.

Set intervals for refiner values

For refiners that contain numeric values, you can present the numeric values within different intervals. For example, if you want end-users to be able to refine based on price, it would be useful to specify different price intervals instead of showing all available prices as separate refiners. This procedure is performed in your authoring site collection.

To set intervals for refiner values

Add refiners to a term set as described in Add refiners to a term set in this topic.
On the Refinement Configuration page, in the Selected refiners section, click the refiner that you want to set intervals for.
In the Configuration for section, for Intervals, select Custom, and then type the intervals in the Thresholds box.
Click OK to close the Refinement Configuration page, and then click Save.

Additional steps

To show refiners on a page, you must add a Refinement Panel Web Part to the page where you want the refiners to appear. For more information, see Configure Search Web Parts in SharePoint Server 2013.

Configure result sources for web content management in SharePoint Server 2013

Published: October 16, 2012

Summary: Learn how to create and manage result sources for SharePoint Search service applications, and for SharePoint sites and site collections.

Applies to:

Result sources limit searches to certain content or to a subset of search results. SharePoint Server 2013 provides 16 pre-defined result sources. The pre-configured default result source is Local SharePoint Results. You can specify a different result source as the default. In addition to the pre-configured result sources, SharePoint Server 2013 automatically creates a result source when you connect a publishing site to a catalog, and adds it to the result sources in the publishing site. This result source limits search results to the URL of the catalog. For more information about result sources, see “Plan result sources and query rules” in Plan search for cross-site publishing sites in SharePoint Server 2013 Preview.

In this article:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
We recommend that you set up the publishing site, integrate a catalog, and configure category and catalog item pages before you begin to create result sources. This is because you can then more easily test and verify how the different result sources apply to the different Search Web Parts that you have on the site.

Create a result source

Levels and permissions for result sources

When you create a result source at this level	You must have this permission	The result source can be used in
Search service application	Search service application administrator	All site collections in web applications that consume the Search service application
Site collection	Site collection administrator	All sites in the site collection
Site	Site owner	The site

To create a result source

Depending on the level at which you want to create the result source, do one of the following:

To create a result source for a Search service application:
Verify that the user account that performs this procedure is an administrator on the Search service application.
In Central Administration, in the Application Management section, click Manage service application.
Click the Search service application for which you want to create a result source.
On the Search Administration page for the Search service application, on the Quick Launch, in the Queries and Results section, click Result Sources.
To create a result source for a site collection:
Verify that the user account that performs this procedure is a site collection administrator on the publishing site collection.
On the publishing site collection, on the Settings menu, click Site Settings.
On the Site Settings page, in the Site Collection Administration section, click Search Result Sources.
To create a result source for a site:
Verify that the user account that performs this procedure is a member of the Owners group on the publishing site.
On the publishing site, on the Settings menu, click Site Settings.
On the Site Settings page, in the Search section, click Result Sources.

On the Manage Result Sources page, click New Result Source.
On the Add Result Source page, in the General Information section, do the following:
1. In the Name box, type a name for the result source.
2. In the Description box, type a description of the result source.
In the Protocol section, select one of the following protocols for retrieving search results:

Local SharePoint, the default protocol, provides results from the search index for this Search service application.
Remote SharePoint provides results from the index of a search service in another farm.
OpenSearch provides results from a search engine that uses the OpenSearch 1.0/1.1 protocol.
Exchange provides results from Microsoft Exchange Server. Click Use AutoDiscover to have the search system find an Exchange Server endpoint automatically, or type the URL of the Exchange web service to retrieve results from — for example, https://contoso.com/ews/exchange.asmx.

Note:

In the Type section, select SharePoint Search Results to search the whole index, or People Search Results to enable query processing that is specific to people search.
In the Query Transform field, do one of the following:

Leave the default query transform (searchTerms) as is. In this case, the query will be unchanged since the previous transform.
Type a different query transform in the text box.
Use the Query Builder to configure a query transform by doing the following:
Click Launch Query Builder.
In the Build Your Query dialog box, optionally build the query by specifying filters, sorting, and testing on the tabs as shown in the following tables.
On the BASICS tab

Keyword filter

For an overview of query variables, see Query variables in SharePoint Server 2013.

Property filter

You can use property filters to query the content of managed properties that are set to queryable in the search schema.

You can select managed properties from the Property filter drop-down list. Click Add property filter to add the filter to the query.

On the SORTING tab

Sort results	In the Sort by menu, you can select a managed property from the list of managed properties that are set as sortable in the search schema, and then select Descending or Ascending. To sort by relevance, that is, to use a ranking model, select Rank. You can click Add sort level to specify a property for a secondary level of sorting for search results.
Ranking Model	If you selected Rank from the Sort by list, you can select the ranking model to use for sorting.
Dynamic ordering	You can click Add dynamic ordering rule to specify additional ranking by adding rules that change the order of results within the result block when certain conditions are satisfied.

On the TEST tab

Query text	You can view the final query text, which is based on the original query template, the applicable query rules, and the variable values.
Click Show more to display the options in the following rows of this table.
Query template	You can view the query as it is defined in the BASICS tab or in the text box in the Query transform section on the Add Result Source page.
Query template variables	You can test the query template by specifying values for the query variables.

On the Add Result Source page, in the Credentials Information section, select the authentication type that you want for users to connect to the result source.

Set a result source as default

You can set any result source as the default result source. Specifying a result source as default can make it easier to edit the query in Search Web Parts. For example, when you add a Content Search Web Part to a page, the Web Part automatically uses the default result source. For more information, see Configure Search Web Parts in SharePoint Server 2013.

To set a result source as default

Perform the appropriate procedures in the following list depending on the level at which the result source was configured.

If the result source was created at the Search service application level, do the following:
Verify that the user account that performs this procedure is an administrator for the Search service application.
In Central Administration, in the Application Management section, click Manage service applications.
Click the Search service application for which you want to set the result source as default.
On the Search Administration page, in the Queries and Results section, click Result Sources.
If the result source is at the site collection level, do the following:
Verify that the user account that performs this procedure is a site collection administrator on the publishing site collection.
On the publishing site collection, on the Settings menu, click Site Settings.
On the Site Settings page, in the Site Collection Administration section, click Search Result Sources.
If the result source is at the site level, do the following:
Verify that the user account that performs this procedure is a member of the Owners group on the publishing site.
On the publishing site, on the Settings menu, click Site Settings.
On the Site Settings page, in the Search section, click Result Sources.

On the Manage Result Sources page, point to the result source that you want to set as default, click the arrow that appears, and then click Set as Default.

Configure recommendations and usage event types in SharePoint Server 2013

Published: October 16, 2011

Applies to:

Usage events enable you to track how users interact with items on your site. Items can be documents, sites, or catalog items. When a user interacts with an item on your site, SharePoint Server 2013 generates a usage event for this action. For example, if you want to monitor how often a catalog item is viewed from a mobile phone, you can track this activity.

This article describes how to create custom usage event types, and how to add code to record custom usage events so that they can be processed by the analytics processing component.

You can use the data that is generated by usage events to show recommendations or popular items on your site. This article also explains how to influence how recommendations are shown by changing the level of importance for a specific usage event type. For more information, see “Plan usage analytics, usage events and recommendations” in Plan search for cross-site publishing sites in SharePoint Server 2013 Preview.

You can view the statistics for all usage event types in Popularity Trends and Most Popular Items reports. For more information, see View usage reports.

In this article:
Before you begin

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Create a custom usage event type

There are three default usage event types in SharePoint 2013. You can create up to twelve custom usage event types by using Windows PowerShell.

To create a custom usage event type

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

# To get a site at the root site collection level:
$Site = Get-SPSite “http://localhost”

# To get a site below the root site collection level:
$Site = Get-SPSite “http://localhost/sites/<SiteName>”

# To create a custom usage event type:
$SSP = Get-SPEnterpriseSearchServiceApplicationProxy
$EventGuid = [Guid]::NewGuid()
$EventName = “<EventTypeName>”
$tenantConfig = $SSP.GetAnalyticsTenantConfiguration([Guid]::Empty)
$newEventType = $tenantConfig.RegisterEventType($EventGuid, $EventName, “”)
$tenantConfig.Update($SSP)

Where:

<SiteName> is the name of the site for which you want to create a custom usage event.
<EventTypeName> is the name of the new custom usage event type that you want to create — for example, BuyEventType.

This procedure creates a random GUID for the usage event type. Use this GUID when you add code to record the custom usage event, as described in Record a custom usage event.

Important:

It can take up to three hours for a custom usage event type to become available in the system. However, to speed up the process, you can alternatively restart the SharePoint Timer Service.

Note:

Record a custom usage event

After you have created a custom usage event type, as described in Create a custom usage event type, you have to add code to the place where the event occurs — for example, when a page loads, or when a user clicks a link or a button. This data is then sent to the analytics processing component, where it is recorded and processed.

If you are using cross-site publishing, where you show catalog content on a publishing site, you must record the usage event on the URL of the indexed item, and override some site settings. For example, if you have a catalog in an authoring site that you have published on a publishing site, when a user interacts with a catalog item on the publishing site, this usage event must be recorded on the item in the authoring site. Furthermore, the code that you add to record the usage event must override the SiteId and the WebId of the publishing site, and be replaced with the SiteId and the WebId of the authoring site.

To add code to record a custom usage event

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

# To view GUIDs for all usage event types:
$SSP = Get-SPEnterpriseSearchServiceApplicationProxy
$SSP.GetAnalyticsEventTypeDefinitions([Guid]::Empty, 3) | ft
In an HTML editor, open the file where the custom usage event should be logged — for example, a display template for a Content Search Web Part, and add the following code:

window.Log<CustomUsageEventType>ToEventStore = function(url)
{
ExecuteOrDelayUntilScriptLoaded(function()
{
var spClientContext = SP.ClientContext.get_current();
var eventGuid = new SP.Guid(“<GUID>”);
SP.Analytics.AnalyticsUsageEntry.logAnalyticsAppEvent(spClientContext, eventGuid, url);
spClientContext.executeQueryAsync(null, Function.createDelegate(this, function(sender, e){ alert(“Failed to log event for item: ” + document.URL + ” due to: ” + e.get_message()) }));
}, “SP.js”);
}Where:

<CustomUsageEventType> is the name of the custom event — for example, BuyEventType.
<GUID> is the numeric ID of the usage event type — for example, 4e605543-63cf-4b5f-aab6-99a10b8fb257.

In an HTML editor, open the file that refers to the custom usage event, and add the following code:

# The example below shows how a custom usage event type is referred to when a button is clicked:
<button onclick=”Log<CustomUsageEventType>ToEventStore(‘<URL>’)”></button>

Where:

<CustomUsageEventType> is the name of the custom event type.
<URL> is the full URL of the item to which the usage event should be logged — for example, http://contoso.com/faq.

To add code to record a custom usage event and override site settings

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

# To view GUIDs for all usage event types:
$SSP = Get-SPEnterpriseSearchServiceApplicationProxy
$SSP.GetAnalyticsEventTypeDefinitions([Guid]::Empty, 3) | ft
In an HTML editor, open the file where the custom usage event should be logged — for example, a display template for a Content Search Web Part. The following example shows how to override the current SiteId, WebId and UserId.

window.Log<CustomUsageEventType>ToEventStore = function(url, siteIdGuid, webIdGuid, spUser)
{
ExecuteOrDelayUntilScriptLoaded(function()
{
var spClientContext = SP.ClientContext.get_current();
var eventGuid = new SP.Guid(“<GUID>”);
SP.Analytics.AnalyticsUsageEntry.logAnalyticsAppEvent2(spClientContext, eventGuid, url, webIdGuid, siteIdGuid, spUser);
spClientContext.executeQueryAsync(null, Function.createDelegate(this, function(sender, e){ alert(“Failed to log event for item: ” + document.URL + ” due to: ” + e.get_message()) }));
}, “SP.js”);
}

Where:

<CustomUsageEventType> is the name of the custom event type — for example, BuyEventType.
<GUID> is the numeric ID of the usage event type — for example, 4e605543-63cf-4b5f-aab6-99a10b8fb257.

In an HTML editor, open the file that refers to the custom usage event type, and add the following code:

# The example below shows how a custom usage event type is referred to when the “Buy!” button is clicked:
<button onclick=”Log<CustomUsageEventType>ToEventStore(‘<URL>’, new SP.Guid(‘{<SiteId GUID>}’), new SP.Guid(‘{<WebId guid}>’), ‘<UserName>’)”>Buy!</button>

Where:

<CustomUsageEventType> is the name of the custom event type — for example, BuyEventType.
<URL> is the URL found in the managed property OriginalPath.
<SiteId GUID> is the GUID in the managed property SiteID.
<WebId GUID> is the GUID in the managed property WebId.
<UserName> can — for example, be a cookie ID that is used to identify users on a site that has anonymous users.

Note:

Record a default usage event

If you want to add code that refers to a default usage event type — for example, views, you have to add code to the place where the event occurs.

If you are using cross-site publishing, which shows catalog content on a publishing site, you must record the usage event on the URL of the indexed item, and override some site settings. For example, if you have a catalog in an authoring site that you have published on a publishing site, when a user interacts with a catalog item on the publishing site, this usage event must be recorded on the item in the authoring site. Furthermore, the code that you add to record the usage event must override the SiteId and WebId of the publishing site, and be replaced with the SiteId and WebId of the authoring site.

To add code to record a default usage event

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

# To view EventTypeId for all usage event types:
$SSP = Get-SPEnterpriseSearchServiceApplicationProxy
$SSP.GetAnalyticsEventTypeDefinitions([Guid]::Empty, 3) | ft
In an HTML editor, open the file where the custom usage event should be logged — for example, a display template for a Content Search Web Part, and add the following code:

window.Log<DefaultUsageEventType>ToEventStore = function(url)
{
ExecuteOrDelayUntilScriptLoaded(function()
{
var spClientContext = SP.ClientContext.get_current();
SP.Analytics.AnalyticsUsageEntry.logAnalyticsEvent(spClientContext, <EventTypeId>, url);
spClientContext.executeQueryAsync(null, Function.createDelegate(this, function(sender, e){ alert(“Failed to log event for item: ” + document.URL + ” due to: ” + e.get_message()) }));
}, “SP.js”);
}

Where:

<DefaultUsageEventType> is the name of the default usage event type — for example, Views.
<EventTypeId> is the numeric ID of the usage event type — for example, 1.

In an HTML editor, open the file that refers to the default usage event, and add the following code:

# The example below shows how a default usage event type is referred to on a page load:
<body onload=“Log<DefaultUsageEventType>ToEventStore(‘<URL>’)“>

Where:

<DefaultUsageEventType> is the name of the default usage event type — for example, Views.
<URL> is the full URL of the item to which the usage event should be logged, — for example, http://contoso.com/careers

Save the file.

To add code to record a default usage event and override site settings

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

# To view EventTypeId for all usage event types:
$SSP = Get-SPEnterpriseSearchServiceApplicationProxy
$SSP.GetAnalyticsEventTypeDefinitions([Guid]::Empty, 3) | ft
In an HTML editor, open the file where the custom usage event should be logged — for example, a display template for a Content Search Web Part. The example below shows how to override the current SiteId, the WebId and the UserId.

window.Log<DefaultUsageEventType>ToEventStore = function(url, siteIdGuid, webIdGuid, spUser)
{
ExecuteOrDelayUntilScriptLoaded(function()
{
var spClientContext = SP.ClientContext.get_current();
SP.Analytics.AnalyticsUsageEntry.logAnalyticsEvent(spClientContext, <EventTypeId>, url, webIdGuid, siteIdGuid, spUser);
spClientContext.executeQueryAsync(null, Function.createDelegate(this, function(sender, e){ alert(“Failed to log event for item: ” + document.URL + ” due to: ” + e.get_message()) }));
}, “SP.js”);
}

Where:

<DefaultUsageEventType> is the name of the default event type — for example, Views.
<EventTypeId> is the numeric ID of the usage event type — for example, 1.

In an HTML editor, open the file that refers to the default usage event type, and add the following code:

# The example below shows how a default usage event type is referred to on a page load:
<body onload=“Log<DefaultUsageEventType>ToEventStore(‘<URL>’, new SP.Guid(‘{<SiteId GUID>}’), new SP.Guid(‘{<WebId GUID>}’), ‘<UserName>’)“>

Where:

<DefaultUsageEventType> is the name of the default event type — for example, Views.
<URL> is the URL in the managed property OriginalPath.
<SiteId GUID> is the GUID in the managed property SiteID.
<WebId GUID> is the GUID in the managed property WebId.
<UserName><UserName> can — for example, be a cookie ID that is used to identify users on a site that has anonymous users

Note:

Change the level of importance of a usage event type

The usage event type property, RecommendationWeight, is a numeric value that shows the level of importance of a usage event type compared to other usage event types that are used in the recommendations calculation. The default Views usage event type has a preconfigured RecommendationWeight value of 1. The other default usage event types, Recommendations displayed, and Recommendations clicked, and all custom usage event types, have a RecommendationWeight value of 0. To increase the importance of a usage event type in the recommendations calculation, change the value of the RecommendationWeight parameter. The highest level of importance available is 10.

To change the level of importance of a usage event type

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

# To view EventTypeId for all usage event types:
$SSP = Get-SPEnterpriseSearchServiceApplicationProxy
$SSP.GetAnalyticsEventTypeDefinitions([Guid]::Empty, 3) | ft

# To get a usage event type:
$tenantConfig = $SSP.GetAnalyticsTenantConfiguration([Guid]::Empty)
$event = $tenantConfig.EventTypeDefinitions | where-object { $_.EventTypeId -eq <EventTypeId> }

# To change the importance level of a usage event type:
$event.RecommendationWeight = <RecommendationWeightNumber>
$tenantConfig.Update($SSP)

# To verify the changed importance level for the usage event type:
$tenantConfig = $SSP.GetAnalyticsTenantConfiguration([Guid]::Empty)
$event = $tenantConfig.EventTypeDefinitions | where-object { $_.EventTypeId -eq <EventTypeId> }
$event

Where:

<EventTypeId> is the numeric ID of the usage event type for which you want to change the weight — for example, 256.
<RecommendationWeightNumber> is the level of importance that you want to apply to the user event type — for example, 4.

Note:

Change the Recent time period for a usage event type

The usage event type property RecentPopularityTimeframe is a numeric value that defines the Recent time period in the Most Popular Items report. The Most Popular Items report shows the most popular items per usage event type for all items in a library or list — for example, the most viewed items in a library or list. The report can be sorted by the time periods Recent or Ever. By default, the Recent time period is set to the last 14 days for each usage event. You can change this to a time period between one and 14 days.

To change the Recent time period for a usage event type

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

# To view EventTypeId for all usage event types:
$SSP = Get-SPEnterpriseSearchServiceApplicationProxy
$SSP.GetAnalyticsEventTypeDefinitions([Guid]::Empty, 3) | ft

# To get a usage event type:
$tenantConfig = $SSP.GetAnalyticsTenantConfiguration([Guid]::Empty)
$event = $tenantConfig.EventTypeDefinitions | where-object { $_.EventTypeId -eq <EventTypeId> }

# To change the Recent time span for a usage event type:
$event.RecentPopularityTimeFrame = <TimeFrame>
$tenantConfig.Update($SSP)

# To verify the changed Recent time frame for the usage event type:
$tenantConfig = $SSP.GetAnalyticsTenantConfiguration([Guid]::Empty)
$event = $tenantConfig.EventTypeDefinitions | where-object { $_.EventTypeId -eq <EventTypeId> }
$event

Where:

<EventTypeId> is the numeric ID of the usage event type for which you want to change the Recent time frame — for example, 256.
<TimeFrame> is the new Recent time frame that you want to apply to the user event type — for example, 7.

Note:

The system updates any changes to the Recent time period only after the Usage Analytics Timer Job has run.

Note:

Enable and disable the logging of usage events of anonymous users

Users that are browsing the contents of a site without being connected to an account are known as anonymous users. Only the Views event type is enabled for the logging of anonymous users. By default, the logging of custom usage events is disabled for anonymous users.

To enable the logging of usage events of anonymous users

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

# To view EventTypeId for all usage event types:
$SSP = Get-SPEnterpriseSearchServiceApplicationProxy
$SSP.GetAnalyticsEventTypeDefinitions([Guid]::Empty, 3) | ft

# To get a usage event type:
$tenantConfig = $SSP.GetAnalyticsTenantConfiguration([Guid]::Empty)
$event = $tenantConfig.EventTypeDefinitions | where-object { $_.EventTypeId -eq <EventTypeId> }

# To enable the logging of anonymous users:
$event.Options = [Microsoft.Office.Server.Search.Analytics.EventOptions]::AllowAnonymousWrite
$tenantConfig.Update($SSP)

# To verify that the logging of anonymous users has been enabled, i.e. that the Options property is set to AllowAnonymousWrite:
$tenantConfig = $SSP.GetAnalyticsTenantConfiguration([Guid]::Empty)
$event = $tenantConfig.EventTypeDefinitions | where-object { $_.EventTypeId -eq <EventTypeId> }
$event

Where:

<EventTypeId> is the numeric ID of the usage event type that you want to enable for the logging of anonymous users — for example, 256.

To disable the logging of usage events of anonymous users

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

# To view EventTypeId for all usage event types:
$SSP = Get-SPEnterpriseSearchServiceApplicationProxy
$SSP.GetAnalyticsEventTypeDefinitions([Guid]::Empty, 3) | ft

# To get a usage event type:
$tenantConfig = $SSP.GetAnalyticsTenantConfiguration([Guid]::Empty)
$event = $tenantConfig.EventTypeDefinitions | where-object { $_.EventTypeId -eq <EventTypeId> }

# To disable the logging of anonymous users:
$event.Options = [Microsoft.Office.Server.Search.Analytics.EventOptions]::None
$tenantConfig.Update($SSP)

# To verify that logging of anonymous users has been disabled, i.e. that the Options property is set to None:
$tenantConfig = $SSP.GetAnalyticsTenantConfiguration([Gui

Where:

<EventTypeId> is the numeric ID of the usage event type that you want to disable for the logging of anonymous users — for example, 256.

Note:

For the default usage event type Views, you cannot disable the logging of anonymous users.

Note:

Configure workflow in SharePoint Server 2013

Published: September 11, 2012

Summary: Learn how to install and configure the SharePoint 2013 Workflow platform in SharePoint Server 2013.

Applies to: SharePoint Server 2013

This section describes how to configure workflow in SharePoint Server 2013.

In this section:
- Installing and configuring workflow for SharePoint Server 2013 This article describes how to install and configure the SharePoint 2013 Workflow platform to work with SharePoint Server.
- Installing Workflow Manager certificates in SharePoint Server 2013 Secure Socket Layer (SSL) certificates are used to provide encrypted communication between SharePoint Server 2013 and Workflow Manager. This article describes how to install the SSL certificates.
Installing and configuring workflow for SharePoint Server 2013

Updated: October 16, 2012

Summary: Learn how to install and configure workflow in SharePoint Server 2013.

Applies to: SharePoint Server 2013

This article contains the information and procedures required to configure workflow in SharePoint Server 2013.

In this article:
Important:

The steps in this article apply to SharePoint Server 2013. The SharePoint 2013 Workflow platform is not supported in SharePoint Foundation 2013.

Overview

A new option exists when you build a workflow for SharePoint Server 2013. This option is called Platform Type. The figure shows the Platform Type option when you are creating a new workflow by using SharePoint Designer 2013.

Figure: SharePoint 2013 includes three workflow platform options.

The only platform available when you first install SharePoint Server 2013 is the SharePoint 2010 Workflow platform. The SharePoint 2013 Workflow platform and the Project Server platform require additional steps. The three workflow platforms are outlined in the following table.

Workflow Platform types available in SharePoint Server 2013

Platform Type	Platform Framework	Requirements
SharePoint 2010 Workflow	Windows Workflow Foundation 3	Installs automatically with SharePoint 2013 Products.
SharePoint 2013 Workflow	Windows Workflow Foundation 4	Requires SharePoint Server 2013 and Workflow Manager. Note: Workflow Manager must be downloaded and installed separately from SharePoint Server 2013. It does not install automatically when you install SharePoint Server 2013.
SharePoint 2013 Workflow – Project Server	Windows Workflow Foundation 4	Requires SharePoint Server 2013, Workflow Manager, and Project Server 2013.

To learn more about workflow development with SharePoint Designer 2013 and other aspects of workflow, see the Workflow in SharePoint 2013 Resource Center.

Before you begin

Before you begin installation, make sure that you have met all hardware and software requirements for both SharePoint Server 2013 and Workflow Manager. For more information, see Hardware and software requirements (SharePoint 2013 Preview) and Planning your Workflow Manager Deployment.

Important:

The steps in this article apply to SharePoint Server 2013. The SharePoint 2013 Workflow platform is not supported in SharePoint Foundation 2013.
Install and configure SharePoint Server 2013

You must install and configure SharePoint Server 2013. To do so, see Install and deploy SharePoint 2013.

Note:

The SharePoint 2010 Workflow platform installs automatically when you install SharePoint Server 2013. The SharePoint 2013 Workflow platform requires Workflow Manager and must be installed separately and then configured to work with your SharePoint Server 2013 farm.
Install and configure Workflow Manager

You must install and configure Workflow Manager. To do so, see Installing and Configuring Workflow.

Configure Workflow Manager to work with the SharePoint Server 2013 farm

You must consider the following two key factors before configuring Workflow Manager to work with SharePoint Server 2013.

Is Workflow Manager installed on a server that is part of the SharePoint farm?
Will communication between Workflow Manager and SharePoint Server 2013 use HTTP or HTTPS?

These factors translate into four scenarios. Each scenario configures a SharePoint Server 2013 farm to communicate and function with the Workflow Manager farm. Follow the scenario that matches your circumstance.

1: Workflow Manager is installed on a server that is part of the SharePoint 2013 farm. Communication takes place by using HTTP.	2: Workflow Manager is installed on a server that is part of the SharePoint 2013 farm. Communication takes place by using HTTPS.
3: Workflow Manager is installed on a server that is NOT part of the SharePoint 2013 farm. Communication takes place by using HTTP.	4: Workflow Manager is installed on a server that is NOT part of the SharePoint 2013 farm. Communication takes place by using HTTPS.

Note:

For security reasons, we recommend HTTPS for a production environment.

To configure Workflow Manager on a server that is part of the SharePoint 2013 farm and on which communication takes place by using HTTP

Log on to the computer in the SharePoint Server 2013 farm where Workflow Manager was installed.
Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking the SharePoint 2013 Management Shell and choosing Run as administrator.
Run the Register-SPWorkflowService cmdlet.

Example:

Register-SPWorkflowService –SPSite “http://myserver/mysitecollection” –WorkflowHostUri “http://workflow.example.com:12291” –AllowOAuthHttp

To configure Workflow Manager on a server that is part of the SharePoint 2013 farm and on which communication takes place by using HTTPS

Determine if you need to install Workflow Manager certificates in SharePoint.

Under some circumstances, you have to obtain and install Workflow Manager certificates. If your installation requires that you obtain and install these certificates, you must complete that step before continuing. To learn whether you need to install certificates, and for instructions, see Installing Workflow Manager certificates in SharePoint Server 2013.
Log into the computer in the SharePoint Server 2013 farm where Workflow Manager was installed.
Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking the SharePoint 2013 Management Shell and choosing Run as administrator.
Run the Register-SPWorkflowService cmdlet.

Example:

Register-SPWorkflowService –SPSite “https://myserver/mysitecollection” –WorkflowHostUri “https://workflow.example.com:12290”

To configure Workflow Manager on a server that is NOT part of the SharePoint 2013 farm and on which communication takes place by using HTTP

Log on to each Web Front End (WFE) server in the SharePoint Server 2013 farm.
Install the Workflow Manager Client on each WFE server in the SharePoint farm.

Before you can run the workflow pairing cmdlet, you must install Workflow Manager Client on each of the WFE servers in the SharePoint farm.

You can download and install the Workflow Manager Client here: http://go.microsoft.com/fwlink/p/?LinkID=268376
Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking the SharePoint 2013 Management Shell command and choosing Run as administrator.
Run the Register-SPWorkflowService cmdlet. The cmdlet should be run only once and can be run from any of the WFE servers in the SharePoint farm. Example:

Register-SPWorkflowService –SPSite “http://myserver/mysitecollection” –WorkflowHostUri “http://workflow.example.com:12291” –AllowOAuthHttp

Important:

You must install the Workflow Manager Client on each Web Front End (WFE) server in the SharePoint farm before you run the pairing cmdlet.

To configure Workflow Manager on a server that is NOT part of the SharePoint 2013 farm and on which communication takes place by using HTTPS

Determine whether you need to install Workflow Manager certificates in SharePoint 2013.

Under some circumstances, you have to obtain and install Workflow Manager certificates. If your installation requires that you obtain and install these certificates, you must complete that step before continuing. To learn whether you need to install certificates, and for instructions, see Installing Workflow Manager certificates in SharePoint Server 2013.
Log on to each Web Front End (WFE) server in the SharePoint Server 2013 farm.
Install the Workflow Manager Client on each WFE server in the SharePoint farm.

Before you can run the workflow pairing cmdlet, you must install Workflow Manager Client on each of the WFE servers in the SharePoint farm.

You can download and install the Workflow Manager Client here: http://go.microsoft.com/fwlink/p/?LinkID=268376
Open the SharePoint Management Shell as an administrator. This is accomplished by right-clicking the SharePoint 2013 Management Shell command and choosing Run as administrator.
Run the Register-SPWorkflowService cmdlet. Example:

Register-SPWorkflowService –SPSite “https://myserver/mysitecollection” –WorkflowHostUri “https://workflow.example.com:12290”

Important:

You must install the Workflow Manager Client on each Web Front End (WFE) server in the SharePoint farm before you run the pairing cmdlet.

Validate the installation

Use these steps to validate that you have successfully installed and configured the required components.

To validate the installation

Add a user to your SharePoint site, and grant the user Site Designer permissions.
Install SharePoint Designer 2013 and create a workflow based on the SharePoint 2013 Workflow platform. For more information, see Creating a workflow by using SharePoint Designer 2013 and the SharePoint 2013 Workflow platform.
Run this workflow from the SharePoint user interface.

Troubleshooting

For security reasons, the Setup account cannot be used to create a workflow based on the SharePoint 2013 Workflow platform. If you try to create a workflow based on the SharePoint 2013 Workflow platform by using SharePoint Designer 2013, you receive a warning that the list of workflow actions do not exist, and the workflow is not created.

The user who deploys and runs a workflow must be added to the User Profile service. Check the User Profile service application page in Central Administration to confirm that the user you are using to validate workflow installation is in the User Profile service.

You can determine which ports SharePoint Server 2013 and Workflow Manager are using for both HTTP and HTTPS by using IIS Manager as shown in the figure.

Figure: Use IIS Manager to view the ports used by Workflow Manager

Workflow Manager communicates by using TCP/IP or Named Pipes. Make sure that the appropriate communication protocol is enabled on the SQL Server instance that hosts the Workflow Manager databases.

The SQL Browser Service must be running on the SQL Server instance that hosts the Workflow Manager databases.

The System Account cannot be used to develop a workflow.

To troubleshoot Workflow Manager, see Troubleshooting Workflow Management and Execution.

To troubleshoot SharePoint Server 2013, see Troubleshooting SharePoint 2013.

Installation and Deployment for SharePoint 2013 Resource Center

What’s New in SharePoint 2013 Resource Center

Workflow Resource Center
Installing Workflow Manager certificates in SharePoint Server 2013

Published: September 11, 2012

Summary: Learn how to configure SSL certificates for encrypted communication between Workflow Manager and SharePoint Server 2013.

Applies to: SharePoint Server 2013

Secure Socket Layer (SSL) is an encrypted communication protocol which uses encryption certificates. Workflow Manager and SharePoint Server 2013 can communicate in a secure manor using SSL. This article describes the steps required to setup and configure SSL certificates.

Configuration steps

The following sections provide instructions for configuring SSL communication with Workflow Manager and SharePoint Server 2013.

Enable SSL

Enable Secure Sockets Layer (SSL) in IIS Manager. For guidance on completing the configuration, see the following:

Configuring SSL in IIS Manager

How to Set Up SSL on IIS 7

Install Workflow Manager certificates in SharePoint

Under some circumstances, you must obtain and install Workflow Manager “issuer” certificates on SharePoint Server 2013. Here are the circumstances where you must install Workflow Manager certificates:

If SSL is enabled either on SharePoint Server 2013 (which is not the default) or on Workflow Manager (which is the default), AND
If SharePoint Server 2013 and Workflow Manager do not share a Certificate Authority, AND
If Workflow Manager is configured to generate self-signed certificates (which is the default).

Note:

Product trial, workflow development, and troubleshooting are easier if SSL is not enabled. However, communication between SharePoint Server 2013 and Workflow Manager is not encrypted if SSL is not enabled. For this reason, SSL should be enabled for production configurations.

To obtain and export certificates from the Workflow Manager server

On a computer that has Workflow Manager installed, choose IIS Manager, Sites. Right-click Workflow Management Site, and then choose Edit Bindings.
Choose the https port, and then choose Edit. Choose the View button in the SSL Certificate section.
To export the issuer certificate, do the following:
1. In the Certificate window, choose the Certification path tab.
2. Select root certification path and choose View.
3. On the Details tab, choose Export Certificate, and take the default options in the export wizard.
4. Give the exported certificate file a friendly name.

To install certificates on SharePoint Server 2013

Copy the issuer certificate to your SharePoint Server 2013 computer.
Add the certificates to the Windows Certificate store.
For each certificate, do the following:
1. Double-click the file to open and view the certificate.
2. On the certificate, choose the Install Certificate button to start the installation wizard.
3. In the wizard, choose Place all certificates in the following store, and then choose Trusted Root Certification Authorities.
Add the certificates to SharePoint Server by going to the SharePoint Management shell and running the New-SPTrustedRootAuthority cmdlet. Do this for each certificate file.

Create a web application in SharePoint 2013

Published: July 16, 2012

Summary: SharePoint 2013 web applications isolate content for specific types of users within your site collections.

Applies to: SharePoint Server 2013 | SharePoint Foundation 2013

The following downloadable resources, articles on TechNet, and related resources provide information about how to create web applications.

Introduction

A SharePoint 2013 web application is composed of an Internet Information Services (IIS) web site that acts as a logical unit for the site collections that you create. Before you can create a site collection, you must first create a Web application. Each web application is represented by a different IIS web site with a unique or shared application pool. You can assign each web application a unique domain name. This helps prevent cross-site scripting attacks. When you create a new web application, you also create a new content database and define the authentication method used to connect to the database. In addition, you define an authentication method to be used by the IIS Web site in SharePoint 2013.

TechNet articles about how to create web applications

The following articles about how to create web applications are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Create web applications that use classic mode authentication in SharePoint 2013	Explains how to create a web application that uses classic mode (Windows-classic) authentication in SharePoint 2013.
	Create claims-based web applications in SharePoint 2013	Illustrates how to create SharePoint 2013 web applications that use claims-based authentication or classic-mode authentication.
	Configure basic authentication for a claims-based web application in SharePoint 2013	Explains how to configure basic authentication for a web application that uses claims-based authentication in SharePoint 2013.
	Configure digest authentication for a claims-based web application in SharePoint 2013	Explains how to configure digest authentication for a web application that uses claims-based authentication in SharePoint 2013.

Create web applications that use classic mode authentication in SharePoint 2013

Updated: October 2, 2012

Summary: Learn how to create a web application that uses classic mode (Windows-classic) authentication in SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

In SharePoint 2013, claims-based authentication is the default and preferred method of user authentication and is required to take advantage of server-to-server authentication and app authentication. In Central Administration, you can only configure claims-based authentication when you manage web applications. You can also use Windows PowerShell cmdlets. The use of classic mode authentication, also known as Windows classic authentication, is discouraged in SharePoint 2013 and you can only create or configure web applications for classic mode authentication with Windows PowerShell cmdlets.

Important:

Office Web Apps can be used only by SharePoint 2013 web applications that use claims-based authentication. Office Web Apps rendering and editing will not work on SharePoint 2013 web applications that use classic mode authentication. If you migrate SharePoint 2010 web applications that use classic mode authentication to SharePoint 2013, you must migrate them to claims-based authentication to allow them to work with Office Web Apps. For more information, see Use Office Web Apps with SharePoint 2013.

To use Windows claims-based authentication instead (recommended), see Create claims-based web applications in SharePoint 2013. To convert a web application that uses classic mode to use claims-based authentication, see Migrate from classic-mode to claims-based authentication in SharePoint 2013.

Important:

The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server 2013.
Before you begin

Before you perform this procedure, confirm the following:
- Your system is running SharePoint 2013.
- You have determined the design of your logical architecture.
  
  For more information, see Logical architecture components.
- You have planned authentication for your web application.
  
  For more information, see Plan for user authentication methods.
- If you use Secure Sockets Layer (SSL), you must associate the SSL certificate with the web application’s IIS website after the IIS website is created. For more information about how to set up SSL, see How to Setup SSL on IIS 7.0 (http://go.microsoft.com/fwlink/p/?LinkId=187887). SSL is required by default for web applications that are used in server-to-server authentication and app authentication scenarios.
- You understand host-named site collections.
  
  For more information, see Host-named site collections planning.
Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Create a web application that uses classic mode authentication with Windows PowerShell

Perform the following procedure to use Windows PowerShell to create a web application that uses classic mode authentication.

To create a web application that uses classic mode authentication with Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 Products cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

New-SPWebApplication -Name <Name> -ApplicationPool <ApplicationPool> -AuthenticationMethod <WindowsAuthType> -ApplicationPoolAccount <ApplicationPoolAccount> -Port <Port> -URL <URL>

Where:

<Name> is the name of the new web application.
<ApplicationPool> is the name of the application pool.
< WindowsAuthType > is either “NTLM“ or “Kerberos“. Kerberos is recommended.
<ApplicationPoolAccount> is the user account that this application pool will run as.
<Port> is the port on which the web application will be created in IIS.
<URL> is the public URL for the web application.
Example

New-SPWebApplication -Name “Contoso Internet Site” -ApplicationPool “ContosoAppPool” -AuthenticationMethod “Kerberos” -ApplicationPoolAccount (Get-SPManagedAccount “CONTOSO\jdoe”) -Port 80 -URL “https://www.contoso.com”

For more information, see New-SPWebApplication.

Note:

After this procedure is complete, you can create one or more site collections for this web application. For more information, see Create a site collection.

After you successfully create the web application, when you open the Central Administration page, you see a health rule warning that indicates that one or more web applications is enabled with classic authentication mode. This is a reflection of our recommendation to use claims-based authentication instead of classic mode authentication.

Create claims-based web applications in SharePoint 2013

Published: July 16, 2012

Summary: Illustrates how to create SharePoint 2013 web applications that use claims-based authentication or classic-mode authentication.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Claims-based authentication is a requirement to enable the advanced functionality of SharePoint 2013. This article explains how to use either Central Administration or Windows PowerShell to create a SharePoint 2013 web application that uses claims-based authentication. Claims-based authentication is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. However, this article also provides guidance for using Windows PowerShell to create classic-mode web applications if you have a specific scenario that cannot support claims-based authentication. Be aware that classic-mode authentication is deprecated in this release, and it will not be available in the next version. For more information, see Plan for server-to-server authentication in SharePoint 2013

Important:

Secure Sockets Layer (SSL) is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication.

You can create a web application by using the SharePoint Central Administration website or Windows PowerShell. You typically use Windows PowerShell to create a web application. If you want to automate the task of creating a web application, which is common in enterprises, use Windows PowerShell. After you complete the procedure, you can create one or several site collections.

In this article:
Note:

The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server 2013.

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Create a claims-based web application by using Central Administration

Use the procedure described in this section to create a new claims-based SharePoint 2013 web application using the Central Administration.

To create a claims-based web application by using Central Administration

Verify that you have the following administrative credentials:

To create a web application, you must be a member of the Farm Administrators SharePoint group.

Start SharePoint 2013 Central Administration.

For Windows Server 2008 R2:
- Click Start, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Central Administration.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Central Administration.
  
  If SharePoint 2013 Central Administration is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Central Administration.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

On the Central Administration Home page, click Application Management.
On the Application Management page, in the Web Applications section, click Manage web applications.
In the Contribute group of the ribbon, click New.
On the Create New Web Application page, in the IIS Web Site section, you can configure the settings for your new web application by selecting one of the following two options:

Click Use an existing IIS web site, and then select the web site on which to install your new web application.
Click Create a new IIS web site, and then type the name of the web site in the Name box.
In the Port box, type the port number you want to use to access the web application. If you are using an existing web site, this field contains the current port number.

Note:

The default port number for HTTP access is 80, and the default port number for HTTPS access is 443.

Optional: In the IIS Web Site section, in the Host Header box, type the host name (for example, http://www.contoso.com) that you want to use to access the web application.

Note:

You do not need to populate this field unless you want to configure two or more IIS web sites that share the same port number on the same server, and DNS has been configured to route requests to the same server.

In the Path box, type the path to the IIS web site home directory on the server. If you are creating a new web site, this field contains a suggested path. If you are using an existing web site, this field contains the current path of that web site.

In the Security Configuration section, choose whether or not to Allow Anonymous access and whether or not to Use Secure Sockets Layer (SSL).

Important:

Secure Sockets Layer (SSL) is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. In general, we strongly recommend using SSL for web applications.

In the Security Configuration section, click Yes or No for the Allow Anonymous options. If you choose to Yes, visitors can use the computer-specific anonymous access account (that is, IIS_IUSRS) to access the web site.

Note:

If you want users to be able to access any site content anonymously, you must enable anonymous access for the entire web application zone before you enable anonymous access at the SharePoint site level. Later, site owners can configure anonymous access for their sites. If you do not enable anonymous access at the web application level, site owners cannot enable anonymous access at the site level.

In the Security Configuration section, click Yes or No for the Use Secure Sockets Layer (SSL) options. If you choose Yes, you must request and install an SSL certificate to configure SSL. For more information about how to set up SSL, see How to Setup SSL on IIS 7.0.

In the Claims Authentication Types section, select the authentication method that you want to use for the web application.

To enable Windows authentication, select Enable Windows Authentication and, in the drop-down menu, select NTLM or Negotiate (Kerberos). We recommend using Negotiate (Kerberos).

If you do not want to use Integrated Windows authentication, clear Integrated Windows authentication.

Note:

If you do not select Windows Authentication for at least one zone of this web application, crawling for this web application will be disabled.

If you want users’ credentials to be sent over a network in a nonencrypted form, select Basic authentication (credentials are sent in clear text).

Note:

You can select basic authentication or integrated Windows authentication, or both. If you select both, SharePoint 2013 offers both authentication types to the client web browser. The client web browser then determines which type of authentication to use. If you only select Basic authentication, ensure that SSL is enabled. Otherwise, a malicious user can intercept credentials.

To enable forms-based authentication, select Enable Forms Based Authentication (FBA), and then enter the ASP.NET Membership provider name and the ASP.NET Role manager name.

Note:

If you select this option, ensure that SSL is enabled. Otherwise, a malicious user can intercept credentials.

If you have set up Trusted Identity Provider authentication by using Windows PowerShell, the Trusted Identity provider check box is selected.

In the Sign In Page URL section, choose one of the following options to sign into SharePoint 2013:

Select Default Sign In Page URL to redirect users to a default sign-in web site for claims-based authentication.
Select Custom Sign In page URL and then type the sign-in URL to redirect users to a customized sign-in web site for claims-based authentication.

In the Public URL section, type the URL for the domain name for all sites that users will access in this web application. This URL will be used as the base URL in links that are shown on pages within the web application. The default URL is the current server name and port, and it is automatically updated to reflect the current SSL, host header, and port number settings on the page. If you deploy SharePoint 2013 behind a load balancer or proxy server, then this URL may need to be different than the SSL, host header, and port settings on this page.

The Zone value is automatically set to Default for a new web application. You can change the zone when you extend a web application.
In the Application Pool section, do one of the following:

Click Use existing application pool, and then select the application pool that you want to use from the drop-down menu.
Click Create a new application pool, and then type the name of the new application pool, or keep the default name.
Click Predefined to use a predefined security account for this application pool, and then select the security account from the drop-down menu.
Click Configurable to specify a new security account to be used for an existing application pool.

Note:

To create a new account, click the Register new managed account link.

In the Database Name and Authentication section, choose the database server, database name, and authentication method for your new web application, as described in the following table.

Item	Action
Database Server	Type the name of the database server and SQL Server instance you want to use in the format <SERVERNAME\instance>. You can also use the default entry.
Database Name	Type the name of the database, or use the default entry.
Database Authentication	Select the database authentication to use by doing one of the following: To use Windows authentication, leave this option selected. We recommend this option because Windows authentication automatically encrypts the password when it connects to SQL Server. To use SQL authentication, click SQL authentication. In the Account box, type the name of the account that you want the web application to use to authenticate to the SQL Server database, and then type the password in the Password box. Note: SQL authentication sends the SQL authentication password to SQL Server in an unencrypted format. We recommend that you only use SQL authentication if you force protocol encryption to SQL Server to encrypt your network traffic by using IPsec.

If you use database mirroring, in the Failover Server section, in the Failover Database Server box, type the name of a specific failover database server that you want to associate with a content database
In the Service Application Connections section, select the service application connections that will be available to the web application. In the drop-down menu, click default or [custom]. You use the [custom] option to choose the service application connections that you want to use for the web application.
In the Customer Experience Improvement Program section, click Yes or No.
Click OK to create the new web application.

Create a claims-based web application by using Windows PowerShell

Use the procedure in this section to create a new claims-based SharePoint 2013 web application using Windows PowerShell.

To create a claims-based web application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running Windows PowerShell cmdlets.
You must read about_Execution_Policies.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

Note:

To create a claims-based authentication provider, from the Windows PowerShell command prompt, type the following:

$ap = New-SPAuthenticationProvider
To create a claims-based web application, from the Windows PowerShell command prompt, type the following:

New-SPWebApplication -Name <Name>
-ApplicationPool <ApplicationPool>
-ApplicationPoolAccount <ApplicationPoolAccount>
-URL <URL> -Port <Port> -AuthenticationProvider $ap

Where:

<Name> is the name of the new web application that uses claims-based authentication.
<ApplicationPool> is the name of the application pool.
<ApplicationPoolAccount> is the user account that this application pool will run as.
<URL> is the public URL for this web application.
<Port> is the port on which the web application will be created in IIS.

Note:

For more information, see New-SPWebApplication.

The following example creates an https claims-based web application, using the current user credentials and the current machine name:

$waUrl = “https://” + $env:ComputerName
$siteAdmin = $env:userdomain + “\” + $env:username;
CreateWindowsWebApp -url $waUrl -title “WinClaimsInbound” -site_admin $siteAdmin -app_pool_name “WebAppPool1” -app_pool_account $siteAdmin -use_claims –use_ssl;

Note:

After you have created the web site, you must configure SSL in IIS for this newly created web site. For more information about how to set up SSL, see How to Setup SSL on IIS 7.0.

If you want your web application to use HTTP, do not use the –use_ssl parameter, and use the http scheme for the –url parameter.

Create a classic-mode web application by using Windows PowerShell

Use the procedure in this section to create a new classic-mode SharePoint 2013 web application using Windows PowerShell.

To create a classic-mode web application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running Windows PowerShell cmdlets.
You must read about_Execution_Policies.

From the Windows PowerShell command prompt, type the following:

New-SPWebApplication –Name <Name>
–ApplicationPool <ApplicationPool>
-AuthenticationMethod <WindowsAuthType>
–ApplicationPoolAccount <ApplicationPoolAccount>
-Port <Port> -URL <URL>

Where:

<Name> is the name of the new web application that uses classic-mode authentication.
<ApplicationPool> is the name of the application pool.
<WindowsAuthType> is either “NTLM“ or “Kerberos“. Kerberos is recommended.
<ApplicationPoolAccount> is the user account that this application pool will run as.
<Port> is the port on which the web application will be created in IIS.
<URL> is the public URL for the web application.

Note:

For more information, see New-SPWebApplication.

Note:

Configure basic authentication for a claims-based web application in SharePoint 2013

Published: September 25, 2012

Summary: Learn how to configure basic authentication for a web application that uses claims-based authentication in SharePoint 2013.

Applies to: SharePoint Server 2013 Enterprise | SharePoint Foundation 2013 | SharePoint Server 2013 Standard

You can configure basic authentication for one or more zones in a SharePoint 2013 claims-based web application. A web application is an Internet Information Services (IIS) web site that SharePoint 2013 creates and uses. Zones represent different logical paths for gaining access to the network services that are available within the same web application. Within each web application, you can create up to five zones. A different web site in IIS represents each zone. Use zones to enforce different access and policy conditions for large groups of users. To configure basic authentication for one or more zones in a SharePoint 2013 web application, use IIS Manager console, instead of SharePoint Central Administration.

Before you begin

Before you perform this procedure, confirm the following:
- Your system is running SharePoint 2013.
- Basic authentication requires previously assigned Windows account credentials for user access.
- You understand basic authentication for web traffic.
  
  Basic authentication enables a web browser to provide credentials when the browser makes a request during an HTTP transaction. Because user credentials are not encrypted for network transmission but are sent over the network in plaintext, we do not recommend that you use basic authentication over an unsecured HTTP connection. To use basic authentication, you should enable Secure Sockets Layer (SSL) encryption for the web site; otherwise, the credentials can be intercepted by a malicious user.
Note:

Because SharePoint 2013 runs as websites in IIS, administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Configure IIS to enable basic authentication

Use the IIS Manager console to configure IIS to enable basic authentication for one or more of the following zones for a claims-based web application:
- Default
- Intranet
- Extranet
The Default zone is the zone that is first created when a web application is created. The other zones are created by extending a web application. For more information, see Extend a claims-based web application.

To configure IIS to enable basic authentication

Verify that you a member of the Administrators group on the server on which you are configuring IIS.
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager to start IIS Manager console.
Expand Sites in the console tree, and then click the IIS web site that corresponds to the web application zone on which you want to configure basic authentication.
In Features View, in IIS, double-click Authentication.
In Features View, in Authentication, right-click Basic Authentication, and then click Enable.
Right-click Basic Authentication, and then click Edit.
In the Edit Basic Authentication Settings dialog box, in the Default domain text box, type the appropriate default domain.

The default domain is the name of a domain against which you want users to be authenticated when they do not provide a domain name.
In the Realm text box, type the appropriate realm, and then click OK.

The realm is a DNS domain name or an IP address that will use the credentials that are authenticated against your internal Windows domain. Configuring a realm name for basic authentication is optional.

The web site is now configured to use basic authentication.

You can also configure basic authentication when you create a web application in SharePoint Central Administration by selecting Basic authentication (password is sent in clear text) in the Claims Authentication Types section of the Create New Web Application dialog box. For more information, see Create claims-based web applications in SharePoint 2013.

Security

In the Claims Authentication Types section of the Create New Web Application dialog box, you can select Integrated Windows authentication, Basic authentication (password is sent in clear text), or both. If you select both, SharePoint 2013 will offer both authentication types to the client web browser. The client web browser then determines the type of authentication to use. If you only select Basic authentication (password is sent in clear text), make sure that you enable SSL for this web application.

Configure digest authentication for a claims-based web application in SharePoint 2013

Published: September 25, 2012

Summary: Learn how to configure digest authentication for a web application that uses claims-based authentication in SharePoint 2013.

Applies to: SharePoint Server 2013 Enterprise | SharePoint Server 2013 Standard | SharePoint Foundation 2013

You can configure digest authentication for one or more zones in a SharePoint 2013 claims-based web application. A web application is an Internet Information Services (IIS) web site that SharePoint 2013 creates and uses. Zones represent different logical paths for gaining access to the same web application. Within each web application, you can create up to five zones. A different web site in IIS represents each zone. Use zones to enforce different access and policy conditions for large groups of users. To configure digest authentication for one or more zones in a SharePoint 2013 web application, use IIS Manager console, instead of SharePoint Central Administration.

Unlike basic authentication, digest authentication encrypts user credentials to increase security. User credentials are sent as an MD5 message digest in which the original user name and password cannot be determined. Digest authentication uses a challenge/response protocol that requires the authentication requestor to present valid credentials in response to a challenge from the server. To authenticate against the server, the client has to supply an MD5 message digest in a response that contains a shared secret password string. The MD5 Message-Digest Algorithm is described in RFC 1321. For access to RFC 1321, see The Internet Engineering Task Force (http://go.microsoft.com/fwlink/p/?LinkId=159913).
Before you begin

Before you perform this procedure, confirm the following:
- Your system is running SharePoint 2013.
- The user and IIS server must be members of, or trusted by, the same domain.
- Users must have a valid Windows user account stored in Active Directory Domain Services (AD DS) on the domain controller.
- The domain must use a Windows Server 2008 or Windows Server 2008 R2 domain controller.
- You understand digest authentication for web traffic.
  
  For more information, see What is Digest Authentication? (http://go.microsoft.com/fwlink/p/?LinkId=209085).
Note:

Because SharePoint 2013 runs as websites in IIS, administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Configure IIS to enable digest authentication

Use IIS Manager console to configure IIS to enable digest authentication for one or more of the following zones for a claims-based web application:
- Default
- Intranet
- Extranet
The Default zone is the zone that is first created when a web application is created. The other zones are created by extending a web application. For more information, see Extend a claims-based web application.

To configure IIS to enable digest authentication

Verify that you are a member of the Administrators group on the server on which you are configuring IIS.
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager to start IIS Manager console.
Expand Sites in the console tree, and then click the IIS web site that corresponds to the web application zone on which you want to configure digest authentication.
In Features View, in IIS, double-click Authentication.
In Features View, in Authentication, right-click Digest Authentication, and then click Enable.
Right-click Digest Authentication, and then click Edit.
In the Edit Digest Authentication Settings dialog box, in the Realm text box, type the appropriate realm, and then click OK.

The realm is a DNS domain name or an IP address that will use the credentials that have been authenticated against your internal Windows domain. You must configure a realm name for digest authentication.

The web site is now configured to use digest authentication.

Install and manage solutions for SharePoint 2013

Published: October 16, 2012

Summary: Learn how to install solutions or components that were customized by developer or web designers to a SharePoint 2013 environment.

Applies to: SharePoint Server 2013 | SharePoint Foundation 2013

The process to install custom site elements and solution packages in SharePoint 2010 Products and SharePoint 2013 has not changed significantly. Detailed content about how to install custom elements is available in the SharePoint Server 2010 technical library in the following section Deploy customizations – overview (SharePoint Server 2010). To install solution packages, you can use a new parameter, CompatibilityLevel, to install the solution to the latest version directories, or to use only the current version tracked in the cab file. For more information, see Install-SPSolution.

To add functionality to SharePoint sites in SharePoint 2013, you can use apps for SharePoint. For more information about apps for SharePoint, see Install and manage apps for SharePoint 2013.

TechNet articles about how to install and manage solutions

The following articles about how to install and manage solutions are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Deploy customizations – overview (SharePoint Server 2010)	Overview article and detailed content about how to install custom elements for SharePoint Server 2010. Applies to both SharePoint 2010 Products and SharePoint 2013.
	Sandboxed solutions administration (SharePoint Server 2010)	Content about how to manage sandboxed solutions for SharePoint Server 2010. Applies to both SharePoint 2010 Products and SharePoint 2013.
	Features and solutions cmdlets in SharePoint 2013	List Windows PowerShell cmdlets that help you manage features and solutions in a SharePoint 2013 farm.

Additional resources about how to install and manage solutions

The following resources about how to install and manage solutions are available from other subject matter experts.

	Content	Description
	SharePoint 2013 Tech Center	Visit the TechCenter to access videos, community sites, documentation, and more.
	SharePoint developer center	Find resources for building solutions on SharePoint 2013. This includes how-to articles, code samples, and the SharePoint SDK.
	To the SharePoint Get the Point	Read draft content, learn about new content, and join the conversation at this IT pro content team blog. Learn how to get the most out of SharePoint sites by reading this blog.

Install and manage apps for SharePoint 2013

Published: July 16, 2012

Summary: The following resources provide information about apps for SharePoint, the SharePoint Store, and the App Catalog and how to install, manage, and monitor apps.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

Downloadable resources about apps for SharePoint

Download the following content for information about apps for SharePoint.

	Content	Description
	SharePoint 2013: App Overview for IT Pro model	Model poster describing apps from an IT Pro perspective.

TechNet articles about apps for SharePoint

The following articles about apps are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

Content	Description
Overview of apps for SharePoint 2013	Read an overview of apps for SharePoint from an IT Pro perspective.
Plan for apps for SharePoint 2013	Understand what you need to plan for before you support apps for SharePoint.
Plan for app authentication in SharePoint 2013 Preview	Learn how to plan for app authentication in SharePoint 2013.
Plan app permissions management in SharePoint 2013	App permissions management enforces security and provides the additional functionality that apps enable on SharePoint 2013 sites.
Configure an environment for apps for SharePoint 2013	Follow these steps to configure your environment to support apps for SharePoint.
Configure app authentication in SharePoint Server 2013	Learn how to configure app authentication in SharePoint 2013.
Manage the App Catalog in SharePoint 2013	Follow these steps to configure and manage the App Catalog and configure SharePoint Store rules.
Add apps for SharePoint to a SharePoint 2013 site	Learn how to install an app for SharePoint from the App Catalog or SharePoint Store.
Remove an app for SharePoint from a SharePoint 2013 site	Learn how to remove an app for SharePoint from a site collection.
Monitor apps for SharePoint for SharePoint Server 2013	Follow these steps to specify which apps for SharePoint to monitor, and then monitor the apps.
Monitor and manage app licenses in SharePoint Server 2013	Learn how SharePoint farm administrators assign, monitor, and manage the app for SharePoint licenses in SharePoint Server 2013.

Additional resources about apps for SharePoint

The following resources about apps for SharePointare available from other subject matter experts.

Content

Description

Installation and Deployment for SharePoint 2013 Resource Center

Visit the Resource Center to access videos, community sites, documentation, and more.

Content on MSDN

Articles about apps for SharePoint in the SharePoint Server 2013 Software Development Kit

Overview of apps for SharePoint 2013
Published: July 16, 2012

Summary: The apps for SharePoint are a powerful, easy way to add functionality to a SharePoint site. Understand how they work, how they are integrated with SharePoint sites, and how they are isolated from your site content.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

The apps for SharePoint provide a new method to deliver specific information or functionality to a SharePoint site. An app for SharePoint is a small, easy-to-use, stand-alone app that solves a specific end-user or business need. Site owners can discover and download apps for SharePoint from a public SharePoint Store or from their organization’s internal App Catalog and install them on their SharePoint sites. These apps for SharePoint integrate the best of the web with SharePoint 2013. They do not replace SharePoint features and solution packages, which customize or enhance SharePoint sites. Unlike features and solutions, which farm or site collection administrators have to install, apps for SharePoint are stand-alone applications that owners of sites can add to their SharePoint sites. The apps for SharePoint have a simple lifecycle – they can be installed, upgraded, and uninstalled by site owners.

The following are examples of apps for SharePoint that site owners could add to their sites:
- An app that provides event planning tools.
- An app that provides a shopping cart experience for a site.
- An app that sends a note of recognition for good work (kudos) to someone in the organization.
Microsoft will host and control a public SharePoint Store, where developers will be able to publish and sell their custom apps for SharePoint. End users and IT professionals will be able to obtain these custom apps for personal or corporate use. This SharePoint Store will handle the end-to-end acquisition experience from discovery to purchase, upgrades, and updates.

Company-developed and approved apps can also be deployed to an organization’s internal App Catalog hosted on SharePoint 2013 or SharePoint Online. This controls the visibility of apps within organizations.

Important:

This article applies to both SharePoint Foundation 2013 and SharePoint Server 2013.

Where are apps for SharePoint hosted?
There are several options for hosting apps for SharePoint.
- Provider-hosted
- Hosted in the cloud (Windows Azure autohosted)
- Hosted in a SharePoint environment
- Several combinations of these options.
Depending on the hosting option, the app can contain different elements and take advantage of different components.

Illustration of hosting options for apps for SharePoint

No matter the hosting option for the app, if you want users to be able to install and use apps for SharePoint in your environment, you will have to configure your environment to support them.

For more information about hosting options, see the SharePoint 2013 developer documentation.

How are apps for SharePoint and SharePoint sites related?

Site owners can add apps for SharePoint to their sites. If an app contains SharePoint components, those components are stored in a subweb of the site that is automatically created when you install the app. Apps have their own, isolated URLs, which are separate from the URL for the site that contains the app. If the app is a Provider-hosted or Windows Azure autohosted app, the app components are stored in those locations. For example, in the following diagram, App1 contains custom business logic and is stored on an external server – it is an Windows Azure autohosted app and does not store content in a subweb of the site. App2 is a SharePoint hosted app with only SharePoint components. App2’s content is stored in a subweb of the site on which it is installed.

Illustration of relationship between apps for SharePoint and SharePoint sites

What is the URL for an app for SharePoint?

By default, apps are deployed to their own web site in a special, isolated domain name, instead of in the same domain name as your farm. Processes run under that domain name and do not affect the SharePoint sites. This difference in domain names provides a layer of isolation for the apps. The use of a different domain name from the SharePoint sites prevents cross-site scripting between the apps and sites and unauthorized access to users’ data.

Each installation of an app has a unique URL in your environment. You determine the template for that URL (by specifying a domain name and an app prefix), and then app URLs are automatically generated based on that template. Paths for the apps are based on the URL for the site where they are installed. When you install an app to a site, a subweb of that site is created to host the app content. The subweb for the app is hierarchically below the site collection, but has an isolated unique host header instead of being under the site’s URL. The following diagram shows the relationship between the site’s URL and the app’s URL:

Illustration of URL for an app for SharePoint

In this diagram, the Main SharePoint Site is the site on which the user installed the app. The App1 SharePoint Site is a subweb of the Main site that contains the app and its components. The URL for the App1 SharePoint site is based on that of the Main SharePoint site. However, it is in a different domain, has a prefix-apphash at the beginning, and has an app name at the end for the subweb name. The prefix-apphash part of the URL is designed to support multi-tenant environments. In a multi-tenant environment, each tenant has its name that is combined with the apphash to provide a unique domain name for the app. If you are not in a multi-tenant environment, you can use the same app prefix for all URLs.

Use and benefits of apps for SharePoint

The apps for SharePoint allow users to add quick functionality to their site without your intervention. Unlike templates, features, and solutions, which an IT administrator must deploy, site owners can add apps for SharePoint to their sites or remove them. Because apps for SharePoint are limited in scope to a subweb and have an isolated URL, they do not interact with the rest of your farm or open your environment to cross-site scripting risks.

Your organization can develop its own apps for SharePoint. You can make apps for SharePoint available from the SharePoint Store, and you can make these apps available in the App Catalog so that users know which apps for SharePoint are approved for use in your environment. Users can easily update apps for SharePoint with new versions when they become available.

Impacts of apps for SharePoint
Supporting apps for SharePoint in your environment does require a configuration change to your environment. There are two main considerations:
- Requirements for supporting apps for SharePoint You must be running the Subscription Settings and App Management service applications to use apps for SharePoint. You must create the DNS domain to contain the URLs for apps for SharePoint in your environment.
- Plan for capacity Each app for SharePoint that is installed creates a subweb under the site on which it is installed with its own URL. This means that environments that contain many apps for SharePoint will have many additional subwebs. Be sure to consider this when planning for capacity for your farm.
For more information about these and other considerations, see Plan for apps for SharePoint 2013 and Configure an environment for apps for SharePoint 2013.
Plan for apps for SharePoint 2013

Published: July 16, 2012

Summary: Determine your environment’s app for SharePoint policy, whether to use the App Catalog, the URLs to use for apps for SharePoint, and the settings to configure for apps for SharePoint in your environment.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The apps for SharePoint provide a new method to deliver specific information or functionality to a SharePoint site. An app for SharePoint is a small, easy-to-use, stand-alone productivity app that solves a specific end-user need. Before you allow users to install apps in a SharePoint environment, you must plan how you want to support them. You have to determine your organization’s policy around apps for SharePoint, plan your configuration settings, and determine how to manage and monitor the apps. This article explains key decisions and helps you understand the choices to make as you plan to support apps for SharePoint.

In this article:
- Governance: determine the app for SharePoint policy for your organization
- Plan app configuration settings
- Plan App Catalog
- Plan to monitor apps
- Plan for app licenses
For more conceptual information about apps for SharePoint, see Overview of apps for SharePoint 2013.
Governance: determine the app for SharePoint policy for your organization
The first decision about apps for SharePoint is the extent to which you want to use them in your organization and the policy for using them. The following questions can help you frame your discussion about your policy:
- Do you want users to be able to install and use apps for SharePoint?
  - If so, keep reading and shaping your policy.
  - If not, then you can use settings in the SharePoint Store to control whether users can get apps from the SharePoint Store. You cannot block users from viewing the SharePoint Store. However, you can prevent them from purchasing or downloading apps for SharePoint. If you choose to prevent users from getting apps for SharePoint from the SharePoint Store, you should create a policy statement and notify users to advise users that you have chosen not to support apps for SharePoint. Otherwise, the only notification to users will be an error when they try to install an app for SharePoint.
- Do you want to restrict or control the apps for SharePoint that users can install and use?
  
  If so, you can do one or both of the following:
  - Set up an App Catalog to provide a set of apps for SharePoint that users can install and use.
  - Use the App Request feature to control the purchasing and licensing of apps for SharePoint.
- In which environments do you want apps for SharePoint to be available? For example, intranet, extranet, or Internet environments?
  
  You should decide which environments are appropriate for using apps for SharePoint and configure the settings for apps for SharePoint only in those farms or for those web applications.
- Do you want to control who can purchase apps for SharePoint?
  
  No explicit setting prevents a user from purchasing an app for SharePoint. However, you can create a request process that requires users to submit a request that your organization reviews to ensure that appropriate persons make purchases.
- Do you want to control who can install apps for SharePoint?
  
  A user must have the Manage Web site and Create Subsites permissions to install an app for SharePoint. By default, these permissions are available only to users who have the Full Control permission level or who are in the Site Owners group.
- Do you want to control which hosting options can be used for apps for SharePoint in your environment?
  
  You cannot explicitly specify the hosting options (Provider-hosted, Windows Azure autohosted, or SharePoint hosted) that are available. The creator of an app determines how it is hosted based on what the app contains or does. However, you can choose a specific hosting option for apps for SharePoint that you provide for your own organization in the App Catalog.
- How many and which apps for SharePoint do you want to monitor?
  
  You must explicitly select the apps for SharePoint to monitor for a farm.
Note:

The ability to monitor apps for SharePoint is not available for SharePoint Foundation 2013.

Plan app configuration settings
Before you use apps for SharePoint in your environment, you have to configure your environment to support them. If you don‘t configure your environment, users who try to install and use apps for SharePoint receive error messages. For all apps for SharePoint, you must set up a Domain Name Services (DNS) domain name to provide a host name for the installed apps. By using a separate domain name, apps for SharePoint are separated from SharePoint sites to prevent unauthorized access to user data and to reduce the likelihood of cross-site scripting attacks. Using separate URLs for apps for SharePoint and SharePoint sites is called app isolation. You also need a DNS record so that the domain name can get correctly resolved. You can create one of two of the following types of DNS records for app for SharePoint URLs:
- A wildcard Canonical Name (CNAME) record that points to the host domain assigned to the SharePoint farm.
- An A record to point to the IP address for the SharePoint farm.
Choose the type of record to point from the app domain to the SharePoint farm domain.

Illustration of a type of record that points from the app domain to a SharePoint farm domain

In addition to setting up the DNS domain to support apps in your environment, you also have to configure the following:
- SSL Certificates (if they are required)
  
  If you are using SSL to help secure traffic, you must create a wildcard certificate to use for all app URLs. Wildcard certificates cost about the same as five individual certificates. So, you can quickly justify the cost of a wildcard if you expect to use more than five instances of apps for SharePoint in your environment.
Important:

Each instance of an app for SharePoint that is installed has its own URL. Therefore, if you only have one app for SharePoint in your environment, but the app is installed on six different sites, then you will have six different app URLs.
- The Subscription Settings and App Management service applications
  
  These services support apps in your environment by storing the data needed to run apps in the farm. The Subscription Settings service stores the tenant name and the App Management Service stores app licenses, app principals, app users, app registrations, and so on.
- The app URLs to use
  
  Each app has a unique URL in your environment. You determine the template for that URL, and then app URLs are automatically generated by using the prefix and domain that you specify. For example, prefix–Apphash.ContosoApps.com/sites/web1/appname.
The Configure an environment for apps for SharePoint 2013 article explains how to configure these settings.
- Determine the domain name to use
Each app for SharePoint has a unique URL, which is made up of the app domain and a prefix for that domain that consists of a tenant name and an Apphash. The format is as follows: prefix–Apphash.domain.com. The Apphash is an arbitrarily-assigned unique identifier for each app for SharePoint.

Note:

The examples in this section use an Internet-style domain name for clarity. This does not imply that you must expose your apps to the Internet or that your URLs must use this format. Note that for actual hosting environments you must still organize a DNS routing strategy within your intranet and optionally configure your firewall.

When you choose the domain name and prefixes to use for your environment, consider the following:
- Consider using a unique domain name, not a subdomain
  
  To help improve security, the domain name that you choose should not be a subdomain of the root domain name that hosts other applications (other than SharePoint sites). This is because other applications that run under that host name might contain sensitive information stored in cookies that might not be protected. Code can set or read cookies across different domains that are under the same domain. A malicious developer could use code in an app for SharePoint to set or read information in a cookie on the root domain from the app for SharePoint subdomain. If a malicious app accessed that cookie information, then you could have an information leak. SharePoint sites have protections against this issue. However, it is still a good idea to use a domain for apps that is separate from your other domains. For example, if the SharePoint sites are at Contoso.com, do not use Apps.Contoso.com. Instead use a unique name such as Contoso-Apps.com. This is not to say that you should never use a subdomain if you have business reasons to do this. However, consider all potential security risks.
- For single tenant environments, use the same prefix for all apps
  
  If your environment is only used for your own organization and does not host SharePoint sites for other organizations, you configure a prefix that all app for SharePoint URLs in your environment use. For example, you can set the prefix to a word like default so that each app for SharePoint has a URL such as default-Apphash.Contoso-Apps.com.
- For multi-tenancy environments, use unique prefixes for each tenant’s apps
  
  If your environment has multiple tenants (in other words, you host SharePoint sites for multiple clients), you must be able to identify the URLs that each tenant or client in your environment uses. So, you set the URL prefix to indicate the client’s name or the client’s site’s name. For example, suppose that A. Datum Corporation hosts SharePoint sites for Fabrikam and Fourth Coffee under the adatum.com hosting domain (for example, Fabrikam.Adatum.com and FourthCoffee.Adatum.com). You should set the prefix for your hosted sites so that they are created as Fabrikam-Apphash.AdatamApps.com and FourthCoffee-Apphash.AdatamApps.com.
Important:

If you are in a multi-tenancy environment, you must use Windows PowerShell to configure the URL and prefix.
- Keep prefixes short and simple
  
  Prefixes must be less than 48 characters and cannot contain special characters or dashes.
- All URLs will be in the default zone
  
  You cannot use multiple zones in alternate access mapping for apps for SharePoint. By default, all apps for SharePoint are in the intranet zone.
Plan App Catalog
If you decide to provide trusted apps for SharePoint for users to install, you can configure the App Catalog to contain those apps for SharePoint. The App Catalog is a special site that contains the apps for SharePoint that users can install. You can have multiple App Catalogs in your farm, one for each Web application in your farm. To configure the App Catalog for a Web application, you just have to supply the names of the site collection administrators who you want to use for the App Catalog site. After you create the App Catalog, the site collection administrators can upload apps for SharePoint to it.

To plan App Catalog settings, determine the following:
- Which web applications will need an App Catalog.
  
  This goes together with your decisions about your policy for supporting apps for SharePoint in the SharePoint environment. If you have different types of sites (intranet, extranet, Internet) on different web applications in your farm, you can determine whether you want an App Catalog for each of those web applications.
  
  You can also share an App Catalog site across web applications in a farm. To do this, you configure the App Catalog for one web application, and then configure the App Catalog settings for another web application to use the same URL.
- Who to add as the site collection administrators for the App Catalog.
  
  The App Catalog is a site inside a web application that can only be accessed from a link in Central Administration or directly by using the URL.

Plan to monitor apps

Note:

This section applies only to SharePoint Server 2013.

The Monitor Apps page in SharePoint on-premises only lists apps that the Farm administrator adds. The maximum number of apps that can be monitored is limited to 100. Apps that exceed the threshold require a farm administrator to remove existing apps from the list. The first 50 apps appear in the monitoring apps list so the administrator must filter the apps to monitor the rest of the apps.

The apps for SharePoint monitoring data is stored in the SQL Server Usage database as WSS_Logging.

Plan for app licenses

SharePoint 2013 does not enforce app licenses. Developers who build apps must add code that retrieves license information and then addresses users. SharePoint 2013 provides the storage and together with SharePoint Store web services the app license renewal. SharePoint Store handles payments for the licenses, issues the correct licenses, and provides the process to verify license integrity. Note that licensing only works for apps that are distributed through the SharePoint Store. Apps that you purchase from another source and apps that you develop internally must implement their own licensing mechanisms. SharePoint 2013 supports the following app licenses formats:

License Type	Duration	User Limit
Free	Perpetual	Unlimited
Trial	30, 60, 120 Days, or Unlimited	Number per user or Unlimited
Paid per user	Perpetual	Number per user
Paid unlimited users (site license)	Perpetual	Unlimited

Plan app permissions management in SharePoint 2013

Published: July 16, 2012

Summary: App permissions management enforces security and enables the additional functionality that apps provide on SharePoint 2013 sites.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

The purpose of app permissions management is to manage the ability of apps to access and use internal SharePoint 2013 resources and perform tasks on behalf of users. For app authentication, SharePoint 2013 relies on a trusted token service named the Windows Azure Access Control Service (ACS) to issue time- and scope-limited access tokens for apps. In SharePoint 2013, the ACS acts as the app identity provider. The app authentication process verifies a claim that an app makes and asserts that the app can act on behalf of an authenticated SharePoint 2013 user. The authorization process verifies that an authenticated app has permission to access a specified resource and perform a defined function. You can configure SharePoint 2013 to process app permissions and enable anyone who enters an anonymous web site, for example, to view and fill out a form that requests additional information about a product or service. You can also allow a SharePoint 2013 site owner, or a user with elevated permissions, to purchase and install an app that a defined set of internal SharePoint 2013 users can access. For example, a site owner can purchase and install an expense report app for a workgroup, and the members of the workgroup can use the app to access data in SharePoint 2013 document libraries and generate expense reports. For more information about apps, see Overview of apps for SharePoint 2013.

In this article:
- App permission request scopes
- App permission requests
- App authorization policies
To plan the management of SharePoint 2013 app permissions, you have to determine the specific SharePoint 2013 resources that the app will need to access, and where those resources reside. You also have to determine the minimum permission level that will be required to enable the app to function correctly. In addition, you have to determine the appropriate app authorization policy to ensure that the app functions correctly and complies with specified authorization requirements.
Introduction

SharePoint 2013 apps provide a wide variety of powerful tools and enhanced functionality that can increase the usefulness of your SharePoint 2013 deployment. When you decide to support the implementation of SharePoint 2013 apps within your deployment, you need to determine who will be installing the apps and who will be using them. You also need to determine the appropriate scope and permission levels for each app, based on how the app is intended to be used.

This article explains how to decide which scope, permission level, and authorization policy to use for the various types of SharePoint 2013 apps you plan to deploy, depending on how the app is going to be used and who is going to use the app. This article does not explain how to create or configure SharePoint 2013 apps.

App permission request scopes

SharePoint 2013 apps use app permission request scopes and permission requests to specify the level at which the app is intended to run, and the permission level that is assigned to the app. The app permission request scope indicates the location within the SharePoint 2013 hierarchy where a permission request will apply. SharePoint 2013 supports the following permission request scopes:

SPSite Defines the app permission request scope as a SharePoint 2013 site collection.
SPWeb Defines the app permission request scope as a SharePoint 2013 web site.
SPList Defines the app permission request scope as a SharePoint 2013 list.
Tenancy Defines the app permission request scope as a SharePoint 2013 tenancy.

If an app is granted permission to one scope, the permission also applies to the children of that scope. For example, if an app is granted permission to a web site by using the SPWeb scope, the app is also granted permission to each list (SPList scope) that is contained within the SPWeb scope and all list items within each list. Because permission requests are made without information about the topology of the site collection where the app is installed, the scope is expressed as a type rather than as the URL of a specific instance. These scope types are expressed as URIs. Content database related permissions are organized under this URI: http://sharepoint/content. The following table provides an URI example for each app permission request scope.

Scope	URI
SPSite	http://sharepoint/content/sitecollection/
SPWeb	http://sharepoint/content/sitecollection/web
SPList	http://sharepoint/content/sitecollection/web/list
Tenancy	http://<sharepointserver>/<content>/<tenant>/

App permission requests

App permission requests are collections of permissions that enable apps to perform specific tasks. SharePoint 2013 includes four app permission request levels.

The following table lists the four app permission requests that you can assign to a SharePoint 2013 app.

Permission request	Description	Permissions included
Read-Only	Enables apps to view pages, list items, and download documents.	View Items Open Items View Versions Create Alerts Use Self-Service Site Creation View Pages
Write	Enables apps to view, add, update, and delete items in existing lists and document libraries.	Read-Only permissions, plus: Add Items Edit Items Delete Items Delete Versions Browse Directories Edit Personal User Information Manage Personal Views Add/Remove Personal Web Parts Update Personal Web Parts
Manage	Enables apps to view, add, update, delete, approve, and customize items or pages within a web site.	Write permissions, plus: Manage Lists Add and Customize Pages Apply Themes and Borders Apply Style Sheets
Full Control	Enables apps to have full control within the specified scope.	All permissions

There are important security implications when you assign a permission request level to a SharePoint 2013 app. The permission request level must be adequate to allow the app to function correctly and complete every aspect of the task it is designed to perform. However, it is also important to make sure that the assigned permission request level does not exceed the minimum requirements to complete the task. For example, the Read-Only app permission request level is adequate for a SharePoint 2013 app that is gathering and rendering data in response to a query. However, the Write app permission request level will be required for a SharePoint 2013 app that is intended to add new data or update existing data in a SharePoint 2013 library.

App authorization policies

In addition to determining the app permission request scope and the app permission request level for each app you deploy, you must also determine which app authorization policy is appropriate. SharePoint 2013 provides the following app authorization policies:
- User and app policy When you assign the user and app policy to a SharePoint 2013 app, the content database authorization checks succeed only if both the current user and the app have sufficient permissions to perform the actions that the app is designed to perform. The user and app policy is required when a SharePoint 2013 site has an embedded IFRAME that links to a SharePoint Store app, and the app calls back to SharePoint 2013 to access SharePoint 2013 resources on behalf of the user. For example, this is a requirement when a SharePoint Store app that does not run within SharePoint 2013 needs to act on behalf of a user to access the user’s resources.
- App-only policy When you assign the app-only policy to a SharePoint 2013 app, the content database authorization checks succeed if the app has sufficient permissions to perform the actions that the app is designed to perform, whether or not the current user (if there is a current user) has the same permissions. The app-only policy is required when the app is not acting on behalf of a user.
- User-only policy When you assign the user-only policy, the content database authorization checks succeed if the user has sufficient permissions to perform the action that the app is designed to perform. The user-only policy is required when a user is accessing their own resources.
Configure an environment for apps for SharePoint 2013

Updated: October 16, 2012

Summary: Configure domain names, service applications, and URLs for apps for SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

To enable users to install and use apps for SharePoint in their sites, you must configure your environment to support them. This article describes how to configure your environment to support apps. Use the Plan for apps for SharePoint 2013 article to review options and determine the values to use for configuration settings in this article.

Important:

The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server 2013.

The following illustration summarizes the steps to take to configure an environment for apps for SharePoint.

Overview of how to configure an environment for apps for SharePoint

These configuration steps result in example app URLs such as the following:
- http://Apps-12345678ABCDEF.ContosoApps.com/sites/SiteName/App1Name/Pages/Home.aspx
- https://Apps-3456789BCDEFG.ContosoApps.com/sites/SiteName/WebName/App2Name/Default.aspx
This article contains instructions for completing these steps.
Before you begin
- You must purchase a domain name from a domain name provider for your apps, for example, ContosoApps.com.
- You must be a member of the Farm Administrators group to perform the steps in this article. For some steps, you must also be a local administrator on the domain controller.
- Confirm that the SharePoint Administration (spadmin) and SharePoint Timer (sptimer) services are running.
  
  To verify this, click Start, point to Administrative Tools, and then click Services. In the Services list, verify that the SharePoint Administration and SharePoint Timer services are running.
Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
- Plan browser support
- Accessibility for SharePoint Products
- Accessibility features in SharePoint 2013 Products
- Keyboard shortcuts
- Touch
Configure the domain names in DNS (all hosting options)

You must configure a new name in Domain Name Services (DNS) to host the apps. To help improve security, the domain name should not be a subdomain of the domain that hosts the SharePoint sites. For example, if the SharePoint sites are at Contoso.com, consider ContosoApps.com instead of App.Contoso.com as the domain name. For more information, see Plan for apps for SharePoint 2013. When an app is provisioned, it provisions a unique DNS domain name (for example, Apps-12345678ABCDEF.ContosoApps.com, where 12345678ABCDEF is a unique identifier for the app). You need a wildcard Canonical Name (CNAME) entry for your DNS domain to support these unique names.

Depending on your configuration (for example, if you are using WINS forward lookup), you might have to create a new forward lookup zone first, or you can start with a wildcard CNAME entry in the same zone as the SharePoint site domain. In the following procedures, you create a forward lookup zone, and then create a wildcard alias record for the DNS domain name that allows for individual apps to create unique domain names within your app domain. In these procedures, we use DNS Manager for Windows Server 2008 R2. For more information about DNS server in Windows Server 2008 R2, see DNS Server. If you have a different type of DNS server, follow the procedures in the documentation for that server type.

To create a forward lookup zone for the app domain name

Verify that the user account that performs this procedure is a local administrator on the domain controller.
Click Start, point to Administrative Tools, and then click DNS.
In DNS Manager, right-click Forward Lookup Zones, and then click New Zone….
In the New Zone Wizard, click Next.
In the Zone Type page, accept the default of Primary zone, and then click Next.
In the Active Directory Zone Replication Scope page, select the appropriate replication method for your environment (the default is To all DNS servers in this domain), and then click Next.
In the Zone Name page, in the Zone name box type the name for your new app domain name (for example, ContosoApps.com), and then click Next.

The New Zone Wizard shows the new domain name for apps.
On the Dynamic Update page, select the appropriate type of dynamic updates for your environment (the default is Do not allow dynamic updates), and then click Next.
On the Completing the New Zone Wizard page, review the settings, and then click Finish.

For more information about how to create a forward lookup zone, see Add a Forward Lookup Zone.

You have now created a forward lookup zone (and a domain name) to use for apps in your environment.

To create a wildcard Alias (CNAME) record for the new domain name

Verify that the user account that performs this procedure is a local administrator on the domain controller.
In DNS Manager, under Forward Lookup Zones, right-click the new app domain name, and then click New Alias (CNAME).
In the New Resource Record dialog box, in the Alias name (uses parent domain if left blank) box, type *.

The Fully qualified domain name (FQDN) box displays *. followed by the domain name that you created for apps. For example, *.ContosoApps.com or *.Contoso-Apps.com.
Next to the Fully qualified domain name (FQDN) for target host box, type the FQDN of the server that hosts the SharePoint sites.

For example, SharePoint.Contoso.com.

Or:
1. Next to the Fully qualified domain name (FQDN) for target host box, click Browse and navigate to the Forward Lookup Zone for the domain that hosts the SharePoint sites.
For example, Contoso.com.
1. And then navigate to the record that points to the server that hosts the SharePoint site.
For example, SharePoint.

New Resource Record dialog box shows the wildcard alias for the app domain and the FQDN of the server that hosts the SharePoint sites.
Click OK.

For more information about how to create a wildcard alias record in DNS Manager, see Add an Alias (CNAME) Resource Record to a Zone.

You can verify the new domain name and alias by pinging them.

To verify the new domain name

Verify that the user account that is performing this procedure is a local administrator on the domain controller.
Click Start, and then click Command Prompt.
At the command prompt, type ping followed by a subdomain of the domain that you created, and then press ENTER.

For example, ping Apps-12345678ABCDEF.contosoapps.com

If the ping command returns the correct IP address, then your wildcard for the domain name was configured successfully.

Create a new wildcard SSL certificate

If you are using Secure Sockets Layer (SSL) for the SharePoint sites in your environment, or if you use any apps that use data external to the SharePoint sites, you should use SSL for your apps. To use SSL, you create an SSL certificate for your app domain (for example, ContosoApps.com).

The domain should be added in the form of a wildcard (for example, *.ContosoApps.com). You need a wildcard certificate instead of individual certificates because each installed app has its own subdomain.

Configure the Subscription Settings and App Management service applications

Apps rely on the App Management and Microsoft SharePoint Foundation Subscription Settings service applications. These service applications use the multi-tenancy features to provide app permissions and create the subdomains for apps. Therefore, even if you are not hosting multiple tenants, you must still establish a name for the default tenant for your environment (any SharePoint site that is not associated with a tenant will be in the default tenant).

Note:

You can use the SharePoint Central Administration website to set the default tenant name (also know as the app prefix) for non-hosting environments. You must use Windows PowerShell to configure tenant names for hosting environments. You perform the steps to set the app prefix in the next section, Configure the app URLs to use.

To configure these services, you first start the services in Central Administration. After the services are started, you use Windows PowerShell to create the Subscription Settings service application, and then use either Windows PowerShell or Central Administration to create the App Management service application.

To start the Subscription Settings and App Management services in Central Administration

Verify that you are a member of the farm administrators group in Central Administration.
In SharePoint 2013 Central Administration, click System Settings.
On the System Settings page, under Servers, click Manage services on server.
On the Services on Server page, next to App Management Service, click Start.
On the Services on Server page, next to Microsoft SharePoint Foundation Subscription Settings Service, click Start.
Verify that the App Management and Microsoft SharePoint Foundation Subscription Settings services are running. The following illustration shows the Services on Server page where you can verify that the App Management and Subscription Settings services are running.

Services on Server showing the App Management and Subscription Settings services running.

To configure the Subscription Settings service application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
First you must establish the application pool, run as account, and database settings for the services. Use a farm account for the SPManagedAccount (which will be used for the application pool runas account).

At the Windows PowerShell command prompt, type the following commands, and press ENTER after each one to create the application pool:

$account = Get-SPManagedAccount “<farm account>”
# Gets the name of the Farm administrators account and sets it to the variable $account for later use.

Where:

<farm account> is the name of the Farm administrators account in the SharePoint farm.

$appPoolSubSvc = New-SPServiceApplicationPool -Name SettingsServiceAppPool -Account $account
# Creates an application pool for the Subscription Settings service application.
# Uses the Farm administrators account as the security account for the application pool.
# Stores the application pool as a variable for later use.

At the Windows PowerShell command prompt, type the following commands, and press ENTER after each one to create the new service application and proxy:

$appSubSvc = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPoolSubSvc –Name SettingsServiceApp –DatabaseName <SettingsServiceDB>
# Creates the Subscription Settings service application, using the variable to associate it with the application pool that was created earlier.
# Stores the new service application as a variable for later use.

Where:

<SettingsServiceDB> is the name of the Subscription Settings service database.

$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $appSubSvc
# Creates a proxy for the Subscription Settings service application.

For more information, see Get-SPManagedAccount, New-SPServiceApplicationPool, New-SPSubscriptionSettingsServiceApplication, New-SPSubscriptionSettingsServiceApplicationProxy.

You can use either Windows PowerShell or Central Administration to create and configure the App Management service application. The following procedures provide the steps for each method.

To configure the App Management service application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
First you must establish the application pool, run as account, and database settings for the services. Use a farm account for the SPManagedAccount (which will be used for the application pool runas account).

At the Windows PowerShell command prompt, type the following commands, and press ENTER after each one to create the application pool:

$account = Get-SPManagedAccount “<farm account>”
# Gets the name of the Farm administrators account and sets it to the variable $account for later use.

Where:

<farm account> is the name of the Farm administrators account in the SharePoint farm.

$appPoolAppSvc = New-SPServiceApplicationPool -Name AppServiceAppPool -Account $account
# Creates an application pool for the Application Management service application.
# Uses the Farm administrators account as the security account for the application pool.
# Stores the application pool as a variable for later use.

At the Windows PowerShell command prompt, type the following commands, and press ENTER after each one to create the new service application and proxy:

$appAppSvc = New-SPAppManagementServiceApplication -ApplicationPool $appPoolAppSvc -Name AppServiceApp -DatabaseName <AppServiceDB>
# Creates the Application Management service application, using the variable to associate it with the application pool that was created earlier.
# Stores the new service application as a variable for later use.

Where:

<AppServiceDB> is the name of the App Management service database.

$proxyAppSvc = New-SPAppManagementServiceApplicationProxy -ServiceApplication $appAppSvc
# Creates a proxy for the Application Management service application.

For more information, see Get-SPManagedAccount, New-SPServiceApplicationPool, New-SPAppManagementServiceApplication and New-SPAppManagementServiceApplicationProxy.

To create the App Management service application in Central Administration

In SharePoint 2013 Central Administration, on the Application Management page, click Manage service applications.
On the ribbon, click New, and then click App Management Service.
In the New App Management Service Application page, in the Service Application Name box, type the name for the service application.
In the Database section, in the Database Server box, type the instance of SQL Server where you want to store the database, or use the default server.
In the Database Name box, type a database name, or use the default name.

The database name must be unique.
Under Database authentication, select the authentication that you want to use by doing one of the following:

If you want to use Windows authentication, leave this option selected. We recommend this option because Windows authentication automatically encrypts the password when it connects to SQL Server.
If you want to use SQL authentication, click SQL authentication. In the Account box, type the name of the account that you want the service application to use to authenticate to the SQL Server database, and then type the password in the Password box.

Note:

In SQL authentication, an unencrypted password is sent to SQL Server. We recommend that you use SQL authentication only if you force protocol encryption to SQL Server or encrypt network traffic by using IPsec.

In the Failover Database Server section, if you want to use a failover database server, specify the server name.
In the Application Pool section, do one of the following:

Click Use existing application pool, and then select the application pool that you want to use from the drop-down list.
Click Create a new application pool, type the name of the new application pool, and then under Select a security account for this application pool do one of the following:
- Click Predefined to use a predefined security account, and then select the security account from the drop-down list.
- Click Configurable to specify a new security account to be used for an existing application pool. You can create a new account by clicking the Register new managed account link.

In the Create App Management Service Application Proxy section, leave the Create App Management Service Application Proxy and add it to the default proxy group check box selected.
Click OK.

The following illustration shows the App Management service application and proxy that were created.

Manage Service Applications page showing the App Management service application and proxy.

Now you must start the service on the server.
In SharePoint 2013 Central Administration, click System Settings.
On the System Settings page, under Servers, click Manage services on server.
On the Services on Server page, next to App Management Service, click Start.

Configure the app URLs to use

In this section, you create the app domain prefix and the tenant name to use for apps in your environment. The app URL points to your app domain and a prefix that determines how each app is named. If you host multiple tenants in your environment, you must use Windows PowerShell to configure the app URLs.

Use the following procedure to configure app URLs for non-hosting (single tenant) environments by using Central Administration.

To configure app URLs

In Central Administration, click Apps.
On the Apps page, click Configure App URLs.
In the App domain box, type the isolated domain that you created for hosting apps.

For example, ContosoApps.com or Contoso-Apps.com.
In the App prefix box, type a name to use for the URL prefix for apps.

For example, you could use “apps“ as the prefix so that you would see a URL for each app such as “apps-12345678ABCDEF.ContosoApps.com“. The following illustration shows the Configure App URLs page after you have filled in the App domain and prefix.

The Configure App URLs page in Central Administration shows the App domain and App prefix.
Click OK.

Use the following procedure to configure app URLs for multi-tenant hosting environments.

To configure app URLs by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following commands and press ENTER after each one:

Set-SPAppDomain <appDomain>

Set-SPAppSiteSubscriptionName -Name “app” -Confirm:$false

Where:

<appDomain> is the domain name that you created.

For more information, see Set-SPAppSiteSubscriptionName and Set-SPAppDomain.

Configure the Internet-facing endpoints feature (Optional)

The SharePoint Store contains apps for SharePoint intended for use with sites that require Internet-facing endpoints. By default, these apps are not available (greyed out and cannot be purchased) because they are incompatible with most sites. However, if you have a site that uses Internet-facing endpoints, and want to be able to use these apps, you can turn on the Internet-facing endpoints feature to show these apps in the SharePoint Store. You turn this feature on at the web application level in Central Administration.

To configure Internet-facing endpoints for apps

In Central Administration, click Application Management.
On the Application Management page, click Manage Web applications.
On the Manage Web Applications page, select the web application that you want to change.
On the Ribbon, click Manage Features.
In the feature list, next to Apps that require accessible internet facing endpoints, click Activate.
Click OK.

Manage the App Catalog in SharePoint 2013

Published: July 16, 2012

Summary: You can configure and manage an App Catalog for SharePoint environments to control access to available apps.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

You can store apps for SharePoint and Office apps for your organization‘s internal use in an App Catalog site. This article contains an overview of the App Catalog site and shows how to configure the App Catalog for a web application.

In this article:
Before you begin

Before you begin:
- Before you configure and use the App Catalog, a member of the Farm Administrators group must configure the environment to support apps for SharePoint. For more information, see Configure an environment for apps for SharePoint 2013.
- You must be a member of the Farm Administrators group to perform the steps in this article.
Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Configure the App Catalog site for a web application
The App Catalog site is a special site collection on a web application. Because each web application can have an App Catalog site, a farm can have more than one App Catalog site.

When you create an App Catalog site, you get two libraries for apps:
- Apps for SharePoint
- Apps for Office
Because an App Catalog is scoped to a web application, all apps that you want to make available for a web application have to be in the App Catalog site collection for that web application. You create the App Catalog site collection from SharePoint Central Administration.

To create an App Catalog site collection for a web application

Verify that the user account that is performing this procedure is a member of the Farm administrators group.
In Central Administration, on the Apps page, in the App Management section, click Manage App Catalog.

If no App Catalog exists for the farm, the Web Application page opens, so you can select a web application.
On the Web Application page, select the web application for which you want to create a catalog.
In the App Catalog Site section, select Create a new app catalog site, and then click OK.
On the Create App Catalog page, in the Title box, type a title for the App Catalog site.
In the Description box, type the description for the site.
In the URL box, fill in the URL to use for the site.
In the Primary Site Collection Administrator section, in the User Name box, type the user who will manage the catalog.

Only one user name can be entered. Security groups are not allowed.
In the End Users section, in the Users/Groups box, type the names of the users or groups that you want to be able to browse the catalog.

Added users or groups have read access to the App Catalog site. You can add multiple user names and security groups. Users must be added as End Users to be able to browse the App Catalog from their site collections.
In the Select a quota template list box, select the quota template to use for the site.
Click OK.

To use an existing App Catalog site collection for a different web application

Verify that the user account that is performing this procedure is a member of the Farm administrators group.
In Central Administration, on the Apps page, in the App Management section, click Manage App Catalog.
On the Manage App Catalog page, next to Web Application, click the down arrow and click Change Web Application.
In the Select Web Application box, select the web application for which you want to create a catalog.
In the App Catalog section, select Enter a URL for an existing app catalog site.
In the URL box, type the URL to the App Catalog site, and then click OK.

To view an App Catalog site collection from Central Administration

Verify that the user account that is performing this procedure is a member of the Farm administrators group and has Read permission to the App Catalog site.
In Central Administration, on the Apps page, in the App Management section, click Manage App Catalog.
On the Manage App Catalog page, verify that the web application that is selected is the web application you want to manage.

If you want to switch to a different web application, click the down arrow next to the Web application URL to change to a different web application.
Under Site URL click the link to open the App Catalog for that web application.

Configure app requests and SharePoint Store settings

Farm administrators can determine whether users can purchase apps from the SharePoint Store. This setting is at the web application scope. If users cannot purchase apps, they can still browse the SharePoint Store, and request an app. Farm administrators and the App Catalog site owner can view and respond to app requests.

To configure SharePoint Store settings

Verify that the user account that is performing this procedure is a member of the Farm Administrators group.
In Central Administration, on the Apps page, in the SharePoint and Office Store section, click Configure Store Settings.
On the SharePoint Store Settings page, verify that the selected web application is the web application that you want to configure.

If you want to switch to a different web application, click the down arrow next to the web application URL to change to a different web application.
To allow or prevent purchases, select an option for Should end users be able to get apps from the SharePoint Store?

Select Yes to allow users to purchase apps.
Select No to prevent purchases but allow users to request apps.

To allow or prevent apps for Office from the Office Store to be started when a user opens a document in the browser, select an option for Should apps for Office from the store be able to start when documents are opened in the browser?

Select Yes to allow apps for Office from the Office Store to start.
Select No to prevent apps for Office from the Office Store from starting.

Click OK.

When users request an app for SharePoint from the SharePoint Store, users can request a specific number of licenses and provide a justification for the purchase of the app for SharePoint. Submitted requests are added to the App Requests list in the App Catalog of the web application that contains a user‘s site collection. The app request includes the following fields:

Requested by The user name of the person requesting the app for SharePoint.
Title The title of the app for SharePoint.
Seats and Site License The number of licenses the user requested for that app for SharePoint.
Justification The reason why the app for SharePoint would be useful for the organization.
Status By default, the status is set to New for new requests. The person who reviews the request can change the status to Pending, Approved, Declined, Withdrawn, Closed as Approved, or Closed as Declined.
View App Details A link to the app details page in the SharePoint Store.
Approver Comments The person who reviews the request can add comments for the requestor.

To view and manage app requests from the SharePoint Store Settings page

Verify that the user account that is performing this procedure is a member of the Farm Administrators group and is a member of the site Owners or Designers group for the App Catalog.
In Central Administration, on the Apps page, in the SharePoint and Office Store section, click Configure Store Settings.
On the SharePoint Store Settings page, verify that the selected web application is the web application that you want to configure.

If you want to switch to a different web application, click the down arrow next to the web application URL to change to a different web application.
In the App Requests section, click Click here to view app requests.

The App Requests list in the App Catalog site opens.
Select a request in the list, and then click the Edit button.
Review the details of the request.

Note:

At this time, the View app details link in the request details opens the SharePoint Store home page, instead of the details page for the app. Search for the app in the SharePoint Store to find more information about the app.

Change the Status to the appropriate value – Approved if you want to user to be able to purchase the app, or Declined if you do not want to allow the purchase.
Add comments in the Approver Comments box, and then click Save.

To view a request, requestors can go to the Add an App page in their site collection, and then click Your Requests.

To view and manage app requests from the App Catalog site

Verify that the user account that is performing this procedure is a member of the site Owners or Designers group for the App Catalog.
On the App Catalog site, click the App Requests list.
Select a request in the list, and then click the Edit button.
Review the details of the request.

Note:

Change the Status to the appropriate value – Approved if you want to user to be able to purchase the app, or Declined if you do not want to allow the app to be purchased.
Add any comments in the Approver Comments box, and then click Save.

To view a request, requestors can go to the Add an App page in their site collection, and then click Your Requests.

Add apps to the App Catalog

After you have configured the App Catalog, you can add apps that users can then install to their SharePoint sites or use in their Office documents.

To add an app to the App Catalog

Verify that the user account that is performing this procedure is a member of the site Owners or Designers group for the App Catalog.
On the App Catalog site, click the Apps for SharePoint list.

On the Apps for SharePoint page, click new item.
In the Choose a file box, click Browse, and then locate the folder that contains the app that you want to upload.

Tip:

You can also click Upload files using Windows Explorer instead to drag and drop an app for SharePoint into the App Catalog.

Select the app, and then click Open.
Click OK to upload the app.
In the Item details box, verify the Name, Title, Short Description, Icon URL, and other settings for the app.

Be sure that the Enabled check box is selected so that users can see the app in their sites.

You can select the Featured check box to list the app in the Featured content view of the App Catalog.
Click Save.

You can also categorize apps in the App Catalog. To add categories, edit the Category field for the App Catalog list and add the category names you want to use.

You can preview how the app will appear to users.

Remove apps from the App Catalog

If you no longer want to offer a particular app to your users, you can remove it from the App Catalog. Removal does not uninstall or remove the app from sites to which it has been added. It merely removes the app from the App Catalog, and users cannot add the app to other sites.

To remove an app from the App Catalog

Verify that the user account that is performing this procedure is a member of the site Owners or Designers group for the App Catalog.
On the App Catalog site, click the Apps for SharePoint list.
On the Apps for SharePoint page, select the app that you want to remove.
In the ribbon, on the Files tab, click Delete Document to remove the app.
In the dialog box, click OK to confirm that you want to send the item to the site Recycle Bin.

The app is removed.

Add apps for SharePoint to a SharePoint 2013 site

Published: July 16, 2012

Summary: Site owners can add apps for SharePoint to SharePoint sites so that they and other users of the site can use the app.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

Site owners can add apps for SharePoint from the SharePoint Store or an App Catalog to their sites. Adding an app installs an instance of that app to the site. In addition, several lists, libraries, and other SharePoint components, which are also called apps in SharePoint 2013, are available to add to a site.

Before you begin

Before you begin this operation, review the following information about prerequisites and permissions:

Before a user can add an app for SharePoint, a member of the Farm Administrators group must configure the environment to support apps for SharePoint. For more information, see Configure an environment for apps for SharePoint 2013.

A user must have the Manage Web site and Create Subsites permissions to add an app for SharePoint. By default, these permissions are available only to users who have the Full Control permission level or who are in the site Owners group.

When a user adds an app for SharePoint, the app requests permissions that it needs to function (for example, access to Search, or to create a list). Users who do not have those permissions are informed that they do not have sufficient permissions and the app cannot be added. The user can contact a site or farm administrator to see if the administrator can add the app.

A user logged in to a site as the system account cannot install an app. The system account cannot import app licenses because that could result in performance problems.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Plan browser support

Accessibility for SharePoint 2013

Accessibility features in SharePoint 2013

Keyboard shortcuts

Touch
Add apps for SharePoint to SharePoint sites

Site owners can add apps for SharePoint from the following sources to their sites:
- from the list of apps already available for a site (default apps, such as standard lists and libraries, and apps that have been purchased already).
- from the App Catalog.
- from the SharePoint Store.
The following procedures provide steps for adding apps from these sources.

To add an app from the list of available apps in a site

Verify that the user account that is performing this procedure is a member of the site Owners group.
On the home page, under Get started with your site, click Add lists, libraries, and other apps.

If the Get started with your site control does not appear on the home page, click the Settings icon, and click View Site Contents, and then on the Site Contents page, click Add an App.
In the Your Apps list, click the app you want to add.
Follow the instructions to Trust the app (if it is a custom component) or Name the app (if it is a SharePoint component).

The app for SharePoint is added and appears in the Apps section of your Site Contents list.

To add an app from an App Catalog

Verify that the user account that is performing this procedure is a member of the site Owners group.
On the home page, under Get started with your site, click Add lists, libraries, and other apps.

If the Get started with your site control does not appear on the home page, click the Settings icon, and click View Site Contents, and then on the Site Contents page, click Add an App.
Click FromName.

Where Name is the name of your organization’s App Catalog. For example, “From Contoso”.

Tip:

Apps marked as Featured in the App Catalog will also appear in the main list of Apps.

Click the app you want to add.
In the Grant Permission to an App dialog box, if you trust the app, click Allow Access.

The app for SharePoint is added and appears in Apps section of your Site Contents list.

To add an app from the SharePoint Store

Verify that the user account that is performing this procedure is a member of the site Owners group.
On the home page, under Get started with your site, click Add lists, libraries, and other apps.

If the Get started with your site control does not appear on the home page, click the Settings icon, and click View Site Contents, and then on the Site Contents page, click Add an App.
Click SharePoint Store.
Browse the SharePoint Store to find an app that you want.
Click the app you want to add.
Click Details, and then click Buy It.
Follow the steps to log in and purchase the app, if required.
In the Grant Permission to an App dialog box, if you trust the app, click Allow Access.

The app for SharePoint is added and appears in the Apps section of your Site Contents list.

You can also install an app by using Windows PowerShell. First, you import the app package from the file system, and then install it to the site collection. The following procedure contains a script to perform these steps.

To install an app by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Site Owners group on the site collection to which you want to install the app.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command to import the app and then press ENTER:

$spapp = Import-SPAppPackage -Path Path to app -Site URL -Source Source
# Imports the app and sets a variable that you can use to identify the app when you install it in the next step.

Where:

Path to app is the path to the app you want to import on the file system.
URL is URL for the site collection to which you want to import the app.
Source is one of the following: Marketplace, CorporateCatalog, DeveloperSite, ObjectModel, RemoteObjectModel, or InvalidSource.

At the question Are you sure you want to perform this action?, type Y to import the app.

The app is imported and information about the app, including the Asset ID, version string, and Product ID is displayed.
At the Windows PowerShell command prompt, type the following command to add the app to a site and then press ENTER:

Install-SPApp -Web URL -Identity $spapp
# Installs the app to the subweb you specify.
# Uses the $spapp variable you set previously to identify that app you want to install.

Where:

URL is URL for the site or subweb to which you want to install the app.

For more information, see Import-SPAppPackage and Install-SPApp.

Remove an app for SharePoint from a SharePoint 2013 site

Published: July 16, 2012

Summary: When administrators remove apps for SharePoint from SharePoint sites, the apps are uninstalled and functionality is no longer available to users.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

In this article:
- Before you begin
- Remove an app from a SharePoint site
Before you begin

Before you begin this operation, review the following information about permissions:
- A user must have the Manage Web site permission to remove an app for SharePoint. By default, this permission is only available to users with the Full Control permission level or who are in the site Owners group.
Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Remove an app from a SharePoint site

Site owners can remove apps for SharePoint from their sites. The following procedures provide steps for removing (or uninstalling) an app. When you remove an app, the data for that app will no longer be available.

To remove an app from a SharePoint site

Verify that the user account that is performing this procedure is a member of the Site owners group.
On the site, on the Settings menu, click View Site Contents.
In the Apps section, point to the app that you want to remove, click …, and then click Remove.
Click OK to confirm that you want to remove the app.

Before you use the following procedure, be sure to get the title for the app that you want to remove.

To remove an app by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Site Owners group on the site collection to which you want to install the app.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following commands, and press ENTER after each one:

$instances = Get-SPAppInstance -Web <URL>
# Gets all apps installed to the subsite you specify.

$instance = $instances | where {$_.Title -eq ‘<App_Title>‘}
# Sets the $instance variable to the app with the title you supply.

Uninstall-SPAppInstance -Identity $instance
# Uninstalls the app from the subsite.

Where:

<URL> is the path site collection or subsite that contains the app.
<App_Title> is the title of the app you want to remove.

At the question Are you sure you want to perform this action?, type Y to uninstall the app.

For more information, see Get-SPAppInstance, Uninstall-SPAppInstance.

Monitor apps for SharePoint for SharePoint Server 2013
Published: July 16, 2012

Summary: Learn how administrators and site owners can monitor the health and usage details for apps for SharePoint in SharePoint Server 2013.

Applies to: SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

You can use the SharePoint Central Administration website to add and remove apps for SharePoint and check details and errors.

Important:
- The steps in this article apply to SharePoint Server 2013 only.
- App monitoring is not available in SharePoint Foundation 2013.
- App monitoring is not supported for SharePoint Server 2013 on-premise, multi-tenancy environments.
In this article:
Before you begin

Before you can monitor apps, a member of the Farm Administrators group must configure the environment to support apps for SharePoint. For more information, see Configure an environment for apps for SharePoint 2013.

You must be a member of the Farm Administrators group or the site Owners group to perform the steps in this article.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Selecting apps to monitor in Central Administration

The Monitored Apps page displays the apps for SharePoint that a Farm Administrator monitors. Each app for SharePoint that is listed on this page includes details to help an administrator monitor performance. For example, each app for SharePoint provides the following properties: Name, Status, Source, Licenses in Use, Licenses Purchased, Install Locations, and Runtime Errors. A Farm Administrator chooses to add, remove, and monitor apps for SharePoint.

Important:

The Monitor Apps page requires the following search analytics and usage file import timer jobs to be active:
- ECM analytics timer job name: Usage Analytics timer job for Search Service
- Usage DB timer job name: Microsoft SharePoint Foundation Usage Data Import
For more information, see Timer job reference (SharePoint 2013)

To add an app to the monitor apps list

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
In Central Administration, click General Application Settings.
On the General Application Settings page, in the Apps section, click Monitor Apps.
On the Monitored Apps page, in the Action group of the ribbon, click Add App.

Note:

If the App Catalog is not already created, or if the App Management Service application and app domain settings are not configured correctly the Add App dialog may create an error.

Select the checkbox for the app that you want to monitor, or type a name in the Search for app name box, and then click the Search icon.
On the search results page, select the app that you want to monitor.

Note:

Apps that you add to the Monitored Apps list previously are not displayed in the search results.

Click Add App.

The app now appears in the list of monitored apps.

To remove an app from the monitor apps list

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
On the Monitored Apps page, select the checkbox next to the app that you want to remove.
In the Manage group of the ribbon, click Remove App.

Monitoring app details in Central Administration

This section explains how farm administrators can monitor and understand the apps for SharePoint details. There are multiple ways that an administrator can view the error and usage details for apps for SharePoint. By selecting an app in the Monitored Apps page, an administrator can use the ribbon to access the error or usage details for that app. An administrator can also click an app in the list on the Monitored Apps page to open the app details page and access the same error or usage details.

The app usage and app error details data that is in the app monitoring pages can be delayed for up to 29 hours. The app details depend on the when the ECM analytics timer job is scheduled to run. When the timer job runs, it collects events for the previous day. For example, if the timer job is scheduled to run at 5 A.M., then the most recent events that are collected are from 11:59 P.M. the previous day. Zn event that occurs at 12:01 A.M. will not appear in the app details pages until up to 29 hours later.

Note that if you view the app error details page for a specific instance of an app, the number of errors for the app is synchronized with the error messages in the list. This occurs because the number of errors appears in the app error details page instead of the events that are processed by the ECM analytics timer job.

To view the app usage details in Monitored Apps

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
On the Monitored Apps page, click the app that you want to view.

A new page opens and displays detailed information about the app, such as the following: licensing, errors, installations, and usage.

Note:

The administrator can also select an app in the monitored apps list and in the App Details group of the ribbon, click View Details.

In the Usage section, click Days, Months, or Years to change the chart to those time frames.

To view the app error details in Monitored Apps

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
On the Monitored Apps page, click the number in the Runtime Errors column for the app you want to view.

Note:

The administrator can also select an app in the monitored apps list and in the App Details group of the ribbon, click View Errors.

The App Monitoring Details dialog appears with information about each error for that app. You can use the Correlation ID to find the errors in the error log.
Click the URL in the Location column to view more error details for this app.
On the App Monitoring Details page, click the number next to Runtime Errors.
The App Monitoring Details dialog appears and includes a list of all Runtime Errors for this app, the time each error occurred, and the Correlation ID.

Note:

The app error list can help you determine if you want to remove the app because there are too many errors or if the app is working as it should.

Monitoring app details in a SharePoint site

This section explains how site owners can monitor and understand the usage of apps for SharePoint. A site owner can view the error and usage details for apps for SharePoint by selecting an app in the Site Contents page and then clicking Monitor in the app dialog box.

Note:

Be aware that in the app details page, the error dialog box can show more errors than are counted. The errors are counted every 24 hours, but the error messages are processed more often. As a result, the error dialog box can show error messages that are generated in the current day before the count is updated at the end of the day.

To view the app usage details in a SharePoint site

Verify that the user account that is performing this procedure is a member of the site Owners group.
On the Site Contents page, in the quick launch pane, click Apps.

A new page opens and displays all of the apps that are installed on this site.
On the Apps page click the icon next to the app you want to monitor and then click Details in the callout.

The App Details page appears for the selected app and the site owner can see the details for licenses, errors Installs and usage.
In the Errors section, click the number next to Install Errors, Runtime Errors, or Upgrade Errors to see the error details.

For example, click the number next to Runtime Errors and the Runtime Errors dialog appears. This includes a list of all Runtime Errors for this app, the time each error occurred, and the Correlation ID.

This app error list can help you determine if you want to remove the app because there are too many errors or if the app is working as it should.

Note:

The app errors that appear in this list have occurred within the previous four days.

In the Usage section, click Days, Months, or Years to change the chart to those time frames.

The chart displays two bars for each time period that represents the number of times the app has been launched and the number of specific users that use this app each day.

Note:

If the app uses connections to external data sources through Business Connectivity Services, a graph that shows the number of calls made to the external data sources is also shown. Dates that appear in the Usage and BCS Calls graphs are in Coordinated Universal Time (UTC).

Monitor and manage app licenses in SharePoint Server 2013

Published: July 16, 2012

Summary: Learn how SharePoint farm administrators assign, monitor, and manage the app for SharePoint licenses in SharePoint Server 2013.

Applies to: SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

You can use the SharePoint Central Administration website to monitor and manage licenses for the apps for SharePoint. Licenses for apps for SharePoint are digital sets of verifiable information that state the user rights for a app for SharePoint. All apps that are distributed through the SharePoint Store are the only apps that have built-in licenses that SharePoint Server 2013 recognizes.

Members of the Farm Administrators group manage licenses for apps and can also assign license managers for others to manage app for SharePoint licenses.

Important:

The steps in this article apply to SharePoint Server 2013 only.

Before you begin

Before you can monitor and manage app licenses you must configure your environment to support apps for SharePoint. You must be a member of the Farm Administrators group to perform these steps. For more information, see Configure an environment for apps for SharePoint 2013.

Important:

We support only one App Management Service Application per farm. This helps ensure that the app license feature functions correctly.

Before you begin this operation, review the following information about what SharePoint Server 2013 does and does not provide for apps for SharePoint licensing:

SharePoint Server 2013 provides:

Storefront to obtain apps

Storage and renewal of app for SharePoint licenses

User Interface (UI) to assign users to specific app for SharePoint licenses

APIs for developers to query for license information

SharePoint Server 2013 does not enforce app for SharePoint licenses.

Developers must add code in their apps for SharePoint to retrieve license information and react accordingly.

All app for SharePoint licenses are bound to a specific SharePoint Server 2013 deployment but can be transferred to a different SharePoint Server 2013 deployment three times.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Plan browser support

Accessibility for SharePoint Products

Accessibility features in SharePoint 2013 Products

Keyboard shortcuts

Touch
Monitoring and managing app licenses

A farm administrator or a license manager can check the licenses for all apps for SharePoint on the App Licenses page. It is important to track the number of licenses that are available for each app for SharePoint so that users do not exceed this number. An administrator can assign additional users to a app for SharePoint license, purchase additional licenses for an app, and also add managers to a license. For more information about how to monitor apps for SharePoint see, Monitor apps for SharePoint for SharePoint Server 2013.

To view app license details

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group or a license manager.
In Central Administration, click Apps.
On the Apps page, in the Store section, click Manage App Licenses.
On the Manage App Licenses page, click an app for SharePoint in the list to view the license details.

The Manage App License page shows detailed licensing information. This includes the name of the app, the developer, and current license details.
In the top section, click the drop-down arrow in the dialog box to see purchase details for the selected app for SharePoint.

The app details include the following information:

Number of licenses available for users
License type
App purchaser name

At the end of the dialog box, a farm administrator can view the app details.

Click View in Store to see the app details.
- In the People with a License (number of licenses available)section, the number of available licenses and a list of the people who currently have licenses for this App are shown.
- In the License Managers section, all app managers are listed.

To add users to the app license

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
On the Manage App Licenses page, click an app for SharePoint for which you want to add users.
In the People with a License section, click assign people.
In the dialog box that appears below, enter the user name that you want to add and then, click Add User.

The user name is added to the list at the bottom of this section and the number of available licenses for this app is refreshed for the selected app for SharePoint.

To purchase more app licenses

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
On the Manage App Licenses page, click an app for SharePoint for which you want to purchase more licenses.
In the People with a License section, click buy more licenses.
The SharePoint Store opens with the specific app showing the details with links to purchase additional licenses. Choose the number of Apps you want to purchase and then click OK.

To remove app licenses

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
On the Manage App Licenses page, click an app for SharePoint for which you want to remove licenses.
In the top section, under the app for SharePoint name, at the end of the dialog box, click Remove this License.
Verification: Optionally, include steps that users should perform to verify that the operation was successful.

To recover app licenses

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
On the Manage App Licenses page, click an app for SharePoint for which you want to recover licenses.
In the top section, under the app name, at the end of the dialog box, click Recover License.

The app for SharePoint details show any changes the administrator has made.

To add a license manager

Verify that the user account that is performing this procedure is a member of the Farm Administrators SharePoint group.
On the Manage App License page, in the License Managers section, click add manager.

Below the License Managers section, the new App manager appears in the list.

Upgrade to SharePoint 2013

Published: July 16, 2012

Summary: Learn how to plan, prepare, and perform an upgrade to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The following downloadable resources, articles on TechNet, video recordings, and related resources provide information about performing an upgrade to SharePoint 2013.

Downloadable resources about upgrade

Download the following content for information about upgrade.

	Content	Description
	SharePoint 2013 Products Preview – Upgrade Process model	Describes the steps in the process for a database-attach upgrade.
	SharePoint 2013 Products Preview – Test Your Upgrade Process model	See a visual display of information about how to test the upgrade process.
	SharePoint 2013 Products Preview Upgrade Worksheet	Use this worksheet to record information about your environment while you test upgrade.

TechNet articles about upgrade

The following articles about upgrade are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

Content	Description
Get started with upgrades to SharePoint 2013	Find resources to help you understand how to upgrade databases and site collections from SharePoint 2010 Products to SharePoint 2013.
Plan for upgrade to SharePoint 2013	Find resources about how to plan to upgrade from SharePoint 2010 Products to SharePoint 2013.
Test and troubleshoot an upgrade to SharePoint 2013	Find resources about how to test and troubleshoot an upgrade from SharePoint 2010 Products to SharePoint 2013.
Upgrade databases from SharePoint 2010 to SharePoint 2013	Find resources to help you perform the steps to upgrade databases from SharePoint 2010 Products to SharePoint 2013.
Upgrade site collections to SharePoint 2013	Find out how to upgrade a site collection to SharePoint 2013.

Additional resources about upgrade

The following resources about upgrade are available from other subject matter experts.

	Content	Description
	Upgrade and Migration Resource Center for SharePoint 2013 Products	Visit the Resource Center to find additional information about upgrades to SharePoint 2013.
	Capabilities and features in SharePoint 2013 Resource Center	Visit the Resource Center to learn about what‘s new in SharePoint 2013.

Get started with upgrades to SharePoint 2013

Published: July 16, 2012

Summary: Find resources to help you understand how to upgrade databases and site collections from SharePoint 2010 Products to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The first step in any upgrade process is to learn about the process itself so that you can plan and prepare appropriately. These articles help you understand how the process of upgrading from SharePoint 2010 Products to SharePoint 2013 works. These articles also include overviews of how to upgrade service applications.

The following downloadable resources, articles on TechNet, video recordings, and related resources provide information about understanding upgrade for SharePoint 2013.

Downloadable resources about upgrade to SharePoint 2013

Download the following content for information about upgrade.

	Content	Description
	SharePoint 2013 Products Preview – Upgrade Process model	Describes the steps in the process for a database attach upgrade

TechNet articles about understanding upgrade

The following articles about understanding upgrade are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	What’s new in SharePoint 2013 upgrade	Find out about new requirements, approaches, and features that are available for upgrading to SharePoint 2013.
	Overview of the upgrade process to SharePoint 2013	Get a visual overview of the steps involved in performing an upgrade.
	Services upgrade overview for SharePoint Server 2013	SharePoint 2010 Products included several service applications, some of which have databases that can be upgraded when you upgrade to SharePoint 2013. Find out which service application databases can be upgraded and what steps that you must take before, during, and after upgrade for your service applications.
	Upgrade farms that share services (parent and child farms) to SharePoint 2013	In SharePoint Server 2010, it was possible to configure parent farms and child farms to share services. In such an environment, the parent farm hosts one or more service applications from which one or more child farms consume services. Learn how to approach upgrading these environments to SharePoint Server 2013.
	Best practices for upgrading to SharePoint 2013	Get off to the right start – review these best practices for testing and performing an upgrade to SharePoint 2013.
	Review supported editions and products for upgrading to SharePoint 2013	Understand the requirements for upgrade. And if you are planning to change SKUs or products during upgrade, understand which upgrade paths are supported.

Additional resources about upgrade to SharePoint 2013

The following resources about upgrade to SharePoint 2013 are available from other subject matter experts.

	Content	Description
	Upgrade and migration for SharePoint 2013 IT Pros Resource Center	Visit the Resource Center to access videos, community sites, documentation, and more.

What’s new in SharePoint 2013 upgrade

Published: July 16, 2012

Summary: SharePoint 2013 includes new upgrade features, such as upgrade for service applications, a site health checker, and upgrade for site collections.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

SharePoint 2013 does not support in-place upgrade for an existing environment. You must use the database-attach upgrade method to upgrade your databases to a new environment that is based on SharePoint 2013. Also, to provide more flexibility to farm administrators and site administrators, the upgrade process has changed to separate upgrade of the software and databases from upgrade of the sites.

In-place upgrade of the farm is not supported

An upgrade to SharePoint Server 2010 or SharePoint Foundation 2010 provides an option to install the new version over the earlier version on the same hardware. This is called an in-place upgrade. During this process, the complete installation, that includes databases and sites, is upgraded in a fixed order. Although this is a simple method, in-place upgrade presents problems in performance and control for a farm administrator. There was no way to control the order in which content is upgraded, and a failure in a particular site collection could stop the whole process.

The database-attach upgrade method offers more flexibility, more control, and a better success rate. To use a database attach upgrade, you complete the following tasks:

Create and configure a new farm that is separate from the old farm
Copy the content and services databases to the new farm
Upgrade the data and sites

You can upgrade the content databases in any order and upgrade several databases at the same time to speed up the overall process.

For more information, see Overview of the upgrade process to SharePoint 2013.

Database-attach upgrade is available for some service application databases
For the SharePoint 2013, you can use the database attach upgrade method to upgrade the following service application databases:
- Business Data Connectivity
  
  This service application is available for both SharePoint Server 2013 and SharePoint Foundation 2013.
- Managed Metadata
  
  This service application is available only for SharePoint Server 2013.
- PerformancePoint
  
  This service application is available only for SharePoint Server 2013.
- Secure Store
  
  This service application is available only for SharePoint Server 2013.
- User Profile (Profile, Social, and Sync databases)
  
  This service application is available only for SharePoint Server 2013.
- Search administration
  
  This service application is available only for SharePoint Server 2013.
For more information, see Services upgrade overview for SharePoint Server 2013.
Deferred site collection upgrade

In SharePoint 2010 Products, farm administrators use either the in-place upgrade process to upgrade sites immediately, or the command line to upgrade all sites at the same time or individually. In SharePoint 2013, farm administrators can now allow site collection owners to upgrade their sites to the new user interface on their own timeline. The commands for upgrading a site collection are on the Site Settings page in the Site Collection Administration section. There are also Windows PowerShell cmdlets to upgrade site collections to the new user interface. For more information, see Plan for site collection upgrades in SharePoint 2013, Upgrade a site collection to SharePoint 2013and Manage site collection upgrades to SharePoint 2013.
Site collection health checker

Site collection owners or administrators can use a site collection health checker to detect any potential issues with their site collections and address them before they upgrade sites to the new version. The checker is available after upgrade also to detect any health issues on an ongoing basis. Note that some issues can be repaired automatically, but others require manual steps to repair. During a site collection upgrade, if the checker finds issues that can be repaired automatically, they are repaired at that time. For more information, see Run site collection health checks in SharePoint 2013.
Upgrade evaluation site collections

In SharePoint 2013, the upgrade of the software and data was separated from the upgrade of the site. This means that the sites can truly remain running in SharePoint 2010 mode until a site owner or administrator explicitly upgrades the site to the new user interface. Site collection owners can request an evaluation site, which is a separate copy of the site, to review the new interface and functionality. After they have reviewed the site and made necessary changes in their original site, they can then upgrade their sites to the new version. Evaluation sites are set to automatically expire and be deleted. For more information, see Plan for upgrade evaluation sites, Create an upgrade evaluation site (Optional), and Manage site collection upgrades to SharePoint 2013.
Notifications for life-cycle events

An email message and a status bar notification in a site collection notifies site collection owners when an upgrade is available. Site collection owners can create an evaluation site from email and control the expiration and deletion of that site by using email also. A status bar notification in the site collection also informs all users if a site is in read-only mode. For more information, see Plan settings for upgrade notifications, self-service upgrade, and site collection creation and Manage site collection upgrades to SharePoint 2013.
Throttles for site collection upgrade

To make sure that site collection upgrades do not cause an outage on your farm, there are throttles built in at the web application, database, and content level. This means that even if 100 site collection owners decide to upgrade their site collections at the same time, only some are run at the same time, and the rest are put into a queue to run later. For more information, see Plan site collection upgrade throttling and queues and Manage site collection upgrades to SharePoint 2013.
True “SharePoint 2010” instead of visual upgrade
Visual upgrade in SharePoint 2010 Products lets site owners and administrators see what their site would be like in the new user interface. However, it is not a true preview because the site itself has already been upgraded to the new functionality. Consequently, some Web Parts or other elements do not display correctly.

SharePoint 2013 can host sites in both SharePoint 2010 and SharePoint 2013 modes. The installation contains both SharePoint 2010 and SharePoint 2013 versions of the following types of elements:
- Features, site templates, site definitions, and Web Parts
  
  The directories on the file system are duplicated in both the 14 and 15 paths, for example:
  - Web Server Extensions/14/TEMPLATE/Features
  - Web Server Extensions/15/TEMPLATE/Features
- IIS support directories:
  - _Layouts, _Layouts/15
  - _ControlTemplates, _ControlTemplates/15
- Solution deployment, which lets legacy solutions work in 2010 mode
  
  Note that existing SharePoint 2010 Products solutions can be deployed to SharePoint 2013 and continue to function for 2010 sites, usually without requiring any changes.
Because of these directories, you can continue hosting unupgraded sites in an upgraded environment until all site collections are ready to upgrade. For more information, see About site collection modes.
Log files now in ULS format

The format of the upgrade, upgrade error, and site upgrade log files now comply with the Unified Logging System (ULS) conventions for easier review. For more information, see Verify database upgrades in SharePoint 2013.
Overview of the upgrade process to SharePoint 2013

Published: July 16, 2012

Summary: Learn about the process of upgrading databases, service applications, My Sites, and site collections to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

To upgrade from SharePoint 2010 Products to SharePoint 2013, you use the database-attach method to upgrade. In the database-attach method, you first create and configure a SharePoint 2013 farm. Then you copy the content and service application databases from the SharePoint 2010 Products farm, and then attach and upgrade the databases. This upgrades the data to the new version. Site owners can then upgrade individual site collections.

Figure: The sequence of upgrade stages

This article helps you understand the upgrade sequence so that you can plan an upgrade project. To get detailed steps for an upgrade, see Upgrade databases from SharePoint 2010 to SharePoint 2013 and Upgrade site collections to SharePoint 2013.

Important:

This article applies to both SharePoint Foundation 2013 and SharePoint Server 2013, except for information about how to upgrade My Sites and specific service applications that are only in SharePoint Server 2013.
Create the SharePoint 2013 farm

The first stage in the upgrade process creates the new SharePoint 2013 farm:

A server farm administrator installs SharePoint 2013 to a new farm. The administrator configures farm settings and tests the environment.
A server farm administrator sets the SharePoint 2010 Products farm to read-only so that users can continue to access the old farm while upgrade is in progress on the new farm.

Figure: Create new farm, set old farm to read-only

Copy the SharePoint 2010 Products databases

The second stage in the upgrade process copies the databases to the new environment. You use SQL Server Management Studio for these tasks.

With the farm and databases in read-only mode, a server farm administrator backs up the content and service application databases from the SQL Server instance on the SharePoint 2010 Products farm.
The server farm administrator restores a copy of the databases to the SQL Server instance on the SharePoint 2013 farm and sets the databases to read-write on the new farm.

Figure: Use SQL Server tools to copy databases

Upgrade SharePoint 2010 Products databases and service applications

The third stage in the upgrade process upgrades the databases and service applications.

A server farm administrator configures the service applications for the new farm. The following service applications have databases that you can upgrade during this process:

SharePoint Server 2010 and SharePoint Foundation 2010
- Business Data Connectivity service application
SharePoint Server 2010 only
- Managed Metadata service application
- PerformancePoint Services service application
- Search service application
- Secure Store Service application
- User Profile service application

A server farm administrator creates a web application on the SharePoint 2013 farm for each web application on the SharePoint 2010 Products farm.

Figure: Create web applications for upgrade
A server farm administrator installs all server-side customizations.

Figure: Copy customizations to the new farm
A server farm administrator then attaches the content databases to the new farm and upgrades the content databases for those web applications.

Figure: Upgrade the databases by using Windows PowerShell
A server farm administrator confirms that the upgrade is successful.

Upgrade SharePoint 2010 Products site collections

The final stage in the upgrade process is to upgrade the site collections. In SharePoint 2013, site owners are in charge of upgrading their sites. The upgrade process for My Sites is slightly different from for other types of site collections.
- Upgrade My Sites
Important:

This section applies to SharePoint Server 2013 only.

A server farm administrator upgrades the My Site host and then individual users can upgrade their My Sites or the farm administrator can upgrade them by using Windows PowerShell. The following illustration shows four stages for the My Site host and My Sites during the upgrade process.

Figure: Stages in upgrading My Sites

The My Site host has not been upgraded. My Sites cannot be upgraded yet.
A server farm administrator has upgraded the My Site host. No My Sites have been upgraded.
Some users have upgraded their My Sites.
All My Sites have been upgraded.

Note:

A server farm administrator can choose to force an upgrade of My Sites without waiting for users to upgrade them. For details and steps, read Upgrade site collections to SharePoint 2013.

Upgrade other SharePoint 2010 Products site collections

Owners of all other site collections can start to upgrade their sites as soon as they see a notification on their site’s home page that the new version is available. The following illustration shows four stages for a site collection during the upgrade process.

Stages in upgrading site collections

The site owner runs the site collection health checks to determine readiness for upgrade. The site owner addresses issues before they continue with the next step.
Optionally, the site owner requests an upgrade evaluation site collection. A timer job runs to create the site collection and the site owner receives an email message when the evaluation site collection is ready. The site owner previews the new user interface. After several days or weeks, the evaluation site collection expires and is deleted by a timer job.

A server farm administrator can determine the length of time before expiration.
When the site owner is ready, the site owner starts the upgrade process. The site collection health checks are run again automatically. The site owner must address issues before upgrading. If health checks return no issues, the upgrade starts.
When upgrade is complete, the site owner sees the Upgrade Status page that contains the status and a link to the upgrade logs. The site owner reviews the site to make sure that everything works correctly.

Note:

A server farm administrator can also force specific site collections to be upgraded without waiting for the site owners to upgrade them. For details and steps, read Upgrade site collections to SharePoint 2013.

Services upgrade overview for SharePoint Server 2013
Published: July 16, 2012

Summary: Create a plan to upgrade data for service applications when you upgrade from SharePoint Server 2010 to SharePoint Server 2013.

Applies to: SharePoint Server 2013

The upgrade process for SharePoint Server 2013 uses the database attach upgrade method. When you move your databases to a new farm and upgrade the content, you must create your services infrastructure in the new farm, and configure the services appropriately for your new farm and new version. The following service applications have databases that can be upgraded when you upgrade from SharePoint Server 2010 to SharePoint Server 2013:
- Business Data Connectivity service application
- Managed Metadata service application
- PerformancePoint Services service application
- Search service application
- Secure Store Service application
- User Profile service application
Attaching and upgrading these databases configures these service applications. Settings for other services will have to be reconfigured when you upgrade.

Important:

The content in this article about the Business Data Connectivity service application applies to both SharePoint Foundation 2013 and SharePoint Server 2013. Other services are available only in SharePoint Server 2013.

Database attach upgrade with services

You must create the service applications on your new farm before you upgrade your content databases. The steps included in the installation guide above describe how to use the Farm Configuration Wizard to enable all service applications. Some service applications can be upgraded by using a service application database upgrade. If you want to upgrade these service applications by upgrading the service application databases, you should not use the Farm Configuration Wizard to configure these service applications when you set up your new farm.

The following service applications can be upgraded by performing a services database upgrade:

Business Data Connectivity service

The Business Data Connectivity service uses a database to store information about external data. This database must be upgraded as part of a services database attach upgrade. This service application is also available in SharePoint Foundation 2013.
Managed Metadata service

The Managed Metadata service uses a database to store metadata information. This database must be upgraded as part of a services database attach upgrade. You must attach and upgrade the database for this service and for the User Profile service before you can upgrade any My Sites.
PerformancePoint services

PerformancePoint Services use a database to store information. This database must be upgraded as part of a services database attach upgrade.
Search

In SharePoint Server 2010, the Search service application Administration database contains settings for the Search service application such as content sources, crawl rules, start addresses, server name mapping, and federated locations. You can upgrade a Search service application Administration database from SharePoint Server 2010 to SharePoint Server 2013 by using a database attach approach.

You cannot use the database attach approach to upgrade any other search databases, such as crawl databases or property databases. (These databases are re-created when you perform a full crawl in the new farm.) Also, the upgrade process does not preserve or upgrade logical components of the SharePoint Server 2010 farm topology. After you perform the upgrade, you must manually re-create a topology as appropriate for the requirements of the organization.
Secure Store service

The Secure Store Service uses a database to store information. This database must be upgraded as part of a services database attach upgrade. You have to upgrade the data for this service application so that any connections from Excel Services Application and Business Connectivity Services can work with existing passwords.
User Profile service

The User Profile service uses databases to store profile, social, and sync information. These databases must be upgraded as part of a services database attach upgrade. You have to attach and upgrade the databases for this service and for the Managed Metadata service before you can upgrade any My Sites.

Note:

My Sites are not available in SharePoint Foundation 2010 or SharePoint Foundation 2013.

Specifically, the following service application databases can be upgraded:

Service application	Default database name
Business Data Connectivity	BDC_Service_DB_ID
Managed Metadata	Managed Metadata Service_ID
PerformancePoint	PerformancePoint Service Application_ID
Search Administration	Search_Service_Application_DB_ID
Secure Store	Secure_Store_Service_DB_ID
User Profile: Profile and Social databases	User Profile Service Application_ProfileDB_ID User Profile Service Application_SocialDB_ID User Profile Service Application_SyncDB_ID

The steps to upgrade these service application databases are included in Attach databases and upgrade to SharePoint 2013.

Considerations for specific services

The following services in SharePoint Server 2013 also require additional steps to enable and configure when you upgrade:
- Excel Services
  
  You can enable this service by using the Farm Configuration Wizard, but you must make sure that you re-create all trusted data connections. For more information, see Manage Excel Services Trusted Data Providers.
- InfoPath Forms Service
  
  This service is not part of the Farm Configuration Wizard. If you want to use this service, you can use the Configure InfoPath Forms Services link on the General Application Settings page in SharePoint Central Administration to configure it. If you want to continue using form templates from your previous environment, you can export any administrator-deployed form templates (.xsn files) and data connection files (.udcx files) from your SharePoint Server 2010 environment, and then import them to your new SharePoint Server 2013 environment by using the Export-SPInfoPathAdministrationFiles Windows PowerShell cmdlet. If the URL of the new server differs from the URL of the previous server, you can run the Update-SPInfoPathAdminFileUrl Windows PowerShell cmdlet to update links that are used in the upgraded form templates. For more information, see Configure InfoPath Forms Services (SharePoint Server 2010).
- Office Web Apps
  
  If you installed Office Web Apps with SharePoint 2010 Products, Office Web Apps will not be available after you upgrade to SharePoint 2013 Products. You must deploy Office Web Apps Server and then connect SharePoint 2013 Products it to after the content databases are upgraded. You do not have to wait until the site collections are upgraded because Office Web Apps Server supports both the 2010 and 2013 site collection modes in SharePoint 2013 Products. For more information, see Office Web Apps.
Upgrade farms that share services (parent and child farms) to SharePoint 2013

Published: July 16, 2012

Summary: Understand how to upgrade environments that include services farms to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Some services in SharePoint 2010 Products can be shared across multiple farms. A services farm hosts services such as Business Data Connectivity service, Search, and User Profiles that other farms consume. When you upgrade to SharePoint 2013, you first upgrade the services farm, and then upgrade the farms that consume those services. This article describes how to upgrade farms that share services.

Before you begin, make sure that you have reviewed the overall upgrade process described in Overview of the upgrade process to SharePoint 2013.

Note:

This article applies to both SharePoint Server 2013 and SharePoint Foundation 2013. However, only the Business Data Connectivity service is available in SharePoint Foundation 2013. The other services are available only in SharePoint Server 2013.
Process for upgrading farms that share services

To upgrade farms that share services, you follow these steps:

1. Starting status: services farm and content farm running SharePoint 2010 Products

In your SharePoint 2010 Products environment, you have one or more content farms that use services from a services farm. The services farm provides cross-farm services and Enterprise Search indexes the content on the content farm.

Pre-upgrade state: 2010 content and services farms

2. Create the SharePoint 2013 services farm

Create a new farm to host the service applications, and install and configure SharePoint 2013.

Create 2013 Services farm

3. Upgrade the Search service application and optionally index the content in the SharePoint 2010 Products content farm

Upgrade the Search service application administration database and run a search crawl against the SharePoint 2010 Products content farm to create the index.

Upgrade the Search service application

4. Upgrade the other service applications.

Upgrade the databases for the other service applications.

Upgrade other service applications

5. Switch the services connection to SharePoint 2013 services farm

Change the SharePoint 2010 Products content farm to consume services from the SharePoint 2013 services farm and retire the SharePoint 2010 Products services farm.

Switch connection to 2013 services farm

6. Create SharePoint 2013 content farm

Create a new farm to host content, and install and configure SharePoint 2013.

Create 2013 content farm

7. Upgrade and index the 2013 content farm

Upgrade the data in the SharePoint 2013 content farm. Configure it to consume services from the SharePoint 2013 services farm. Index the SharePoint 2013 content farm.

Upgrade and index the 2013 content farm

8. Retire the SharePoint 2010 Products content farm

Now that the SharePoint 2013 content farm uses services from a SharePoint 2013 services farm, you can retire the SharePoint 2010 Products content farm.

Retire 2010 content farm

If more than one content farm uses services from the SharePoint 2010 Products services farm, repeat steps 5 through 7 for the remaining content farms until all farms are upgraded and are using services from SharePoint 2013. Except for the order of steps in this process, the process to create and upgrade each farm follows the database-attach upgrade steps outlined in Attach databases and upgrade to SharePoint 2013. This process does not explain how to upgrade site collections. For more information about how to upgrade sites, see Upgrade site collections to SharePoint 2013.
Best practices for upgrading to SharePoint 2013

Published: July 16, 2012

Summary: Understand how to get the most out of testing upgrade and how to guarantee a smooth upgrade to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

To increase your chances of a successful and faster upgrade to SharePoint 2013, follow these best practices to test and complete an upgrade.

Best practices for testing upgrade

To understand your environment before you upgrade it, and to plan for the time that an upgrade will require, you should try one or more trial upgrades. The goal of testing upgrade is to find and fix issues and develop confidence in the outcome before the real upgrade. To develop an accurate trial of the upgrade process from SharePoint 2010 Products to SharePoint 2013, follow these best practices:

Know what is in your environment. Do a full survey first.

Document the hardware and software in your environment, where server-side customizations are installed and used, and the settings that you need. This helps you plan the trial environment and also helps you recover if upgrade fails. A worksheet is available to record information about your environment. Download the worksheet at SharePoint 2013 Products Preview Upgrade Worksheet.
Make your test environment as similar as possible to your real environment.

If possible, use the same kind of hardware and use the same settings, the same URLs, and so on to configure it. Minimize the differences between your test environment and your real environment. As you introduce more differences, you are likely to spend time resolving unrelated issues to make sure that they will not occur during the actual upgrade.
Use real data.

Use copies of your actual databases to run the tests. When you use real data, you can identify trouble areas and also determine upgrade performance. You can also measure how long different upgrade sequences and actions take on different kinds of data. If you cannot test all the data, test a representative subset of the data. Make sure that you find issues with the different kinds and sizes of sites, lists, libraries, and customizations that are present in your environment. If you cannot test all data because of storage concerns, try going over the data in several passes, removing the old trial copies before going on to the next batch.
Run multiple tests.

A single test can tell you whether you will encounter big problems. Multiple tests will help you find all the issues that you might face and help you estimate a more accurate timeline for the process. By running multiple tests, you can determine the following:

The upgrade approaches that will work best for your environment
The downtime mitigation techniques that you should plan to use
How the process or performance may change after you address the issues that you uncovered in your first tests

Your final test pass can help you validate whether you have addressed the errors and are ready to upgrade your production environment.

Do not ignore errors or warnings.

Even though a warning is not an error, a warning could lead to problems in the upgrade process. Resolve errors, but also investigate warnings to make sure that you know the results that a warning might produce.
Test the upgraded environment, not just the upgrade process.

Check your service applications and run a search crawl and review the log files.

For more information about how to test upgrade, see Use a trial upgrade to SharePoint 2013 to find potential issues and the SharePoint 2013 Products Preview – Test Your Upgrade Process model.

Best practices for upgrading to SharePoint 2013

To guarantee a smooth upgrade from SharePoint 2010 Products to SharePoint 2013, follow these best practices:

Ensure that the environment is fully functioning before you begin to upgrade.

An upgrade does not solve problems that already exist in your environment. Therefore, make sure that the environment is fully functioning before you start to upgrade. For example, if you are not using web applications, unextend them before you upgrade. If you want to delete a web application in Internet Information Services (IIS), unextend the web application before you delete it. Otherwise, SharePoint 2013 will try to upgrade the web application even though it does not exist, and the upgrade will fail. If you find and solve problems beforehand, you are more likely to meet the estimated upgrade schedule.
Perform a trial upgrade on a test farm first.

Copy your databases to a test environment and perform a trial upgrade. Examine the results to determine the following:

Whether the service application data was upgraded as expected
The appearance of upgraded sites
The time to allow for post-upgrade troubleshooting
The time to allow for the upgrade process

Try a full search indexing crawl. For more information, see Use a trial upgrade to SharePoint 2013 to find potential issues.

Plan for capacity.

Ensure that you have enough disk, processor, and memory capacity to handle upgrade requirements. For more information about system requirements, see System requirements (SharePoint 2013 Preview). For more information about how to plan the disk space that is required for upgrade, see Plan for performance during upgrade to SharePoint 2013.
Clean up before you upgrade

Issues in your environment can affect the success of upgrade, and unnecessary or very large amounts of data can affect upgrade performance for both databases and site collections. If you don’t need something in your environment, consider removing it before upgrade. If there are issues detected, try to resolve them before you start to upgrade. For more information, see Clean up an environment before an upgrade to SharePoint 2013.
Back up your databases.

Perform a full backup of your databases before you upgrade. That way, you can try upgrade again if it fails.
Optimize your environment before upgrade.

Be sure to optimize your SharePoint 2010 Products environment to meet any limits or restrictions, either from your business or governance needs or from the SharePoint 2013 boundaries and limits before upgrade. This will help reduce errors during the upgrade process and prevent broken lists or sites after upgrade. For more information about limits in the product, see SharePoint Server 2010 Capacity Management: Software Boundaries and Limits. For more information about large lists and how to address the lower limit on site collections, see Clean up an environment before an upgrade to SharePoint 2013.
(Optional) Set the original databases to read-only if you want to keep your original environment available while you upgrade.

If you expect a long outage period while you upgrade, you can set the databases in the original environment to read-only. Users can continue to access the data but cannot change it. For more information, see Attach databases and upgrade to SharePoint 2013.
After upgrade, review the Upgrade Status page and upgrade logs to determine whether you must address issues. Then review the upgraded sites.

The Upgrade Status page reports on the upgrade progress, and the upgrade logs list any errors or warnings that occurred during the upgrade process. Verify all the sites and test them before you consider the upgrade finished. For more information, see Verify database upgrades in SharePoint 2013 and Review site collections upgraded to SharePoint 2013.
Defer upgrade for site collections until you can get updated customizations to support 2013 mode.

If you wait until the customizations are available, you can complete the initial upgrade of database and services without significantly affecting use of the existing sites in 2010 mode.

Review supported editions and products for upgrading to SharePoint 2013

Published: July 16, 2012

Summary: Understand the editions or versions of SharePoint 2010 Products that you can upgrade to specific editions or versions of SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013 Standard | SharePoint Server 2013 Enterprise

When you plan an upgrade process, make sure that you verify that the intended upgrade path is supported. This article describes the editions and products that are supported and unsupported to upgrade to SharePoint 2013.

Important:

Upgrade from a pre-release version of SharePoint 2013 to the release version of SharePoint 2013 is not supported.

Pre-release versions are intended for testing only and should not be used in production environments. Upgrading from one pre-release version to another is also not supported.

Supported topologies
For SharePoint 2013, the only upgrade method is the database-attach upgrade method. Because this method upgrades the databases instead of installing in place over an existing environment, you can attach the databases from a stand-alone installation to server farm (Complete) installation if you want to expand your environment.

Figure: Upgrade to either stand-alone or server farm (Complete) topologies

Before you create your new SharePoint 2013 environment and attach and upgrade the databases, determine the type and size of the environment that you need.
- Physical topology guidance
The SQL Server topology — in addition to network, physical storage, and caching considerations — can significantly affect system performance. To learn more about how to map your solution design to the farm size and hardware that will support your business goals, see Performance and capacity management. For more information about requirements, see System requirements (SharePoint 2013 Preview).

Supported editions for upgrade

The following table lists the editions available for SharePoint Server 2010 and the supported and unsupported ending editions when you upgrade to SharePoint Server 2013.

Starting edition	Supported ending edition	Unsupported ending edition
SharePoint Server 2010, Standard edition	SharePoint Server 2013, Standard edition	SharePoint Server 2013, Enterprise edition You can convert to Enterprise edition after upgrade.
SharePoint Server 2010, Enterprise Edition	SharePoint Server 2013, Enterprise edition	SharePoint Server 2013, Standard edition.
SharePoint Server 2010, Trial edition	SharePoint Server 2013, Trial edition	SharePoint Server 2013, full product You can convert to the full product after upgrade.

Supported cross-product upgrades

The following table lists which Microsoft server products can be upgraded to SharePoint Foundation 2013 or SharePoint Server 2013.

Starting product	Supported ending products	Unsupported ending product
SharePoint Foundation 2010	SharePoint Foundation 2013 SharePoint Server 2013
SharePoint Foundation 2013	SharePoint Server 2013
SharePoint Server 2010	SharePoint Server 2013	SharePoint Foundation 2013
SharePoint Server 2013	SharePoint Server 2013	SharePoint Foundation 2013
Search Server 2010	SharePoint Server 2013 or Search Server 2013	SharePoint Foundation 2013
Project Server 2010 with SharePoint Server 2010, Enterprise Edition	Project Server 2013 with SharePoint Server 2013, Enterprise Edition

Plan for upgrade to SharePoint 2013

Published: July 16, 2012

Summary: Find resources about how to plan to upgrade from SharePoint 2010 Products to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

In order to have a successful upgrade to SharePoint 2013, you must plan for the upgrade. This section contains articles that help you plan and prepare for upgrading from SharePoint 2010 Products to SharePoint 2013.

To understand how the upgrade process works, see the articles in Get started with upgrades to SharePoint 2013.

The following downloadable resources, articles on TechNet, video recordings, and related resources provide information about how to plan for upgrade.

TechNet articles about how to plan for upgrade

The following articles about how to plan for upgrade are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

Content	Description
Determine strategy for upgrade to SharePoint 2013	Understand how to minimize downtime and plan for special cases during an upgrade to SharePoint 2013.
Create a plan for current customizations during upgrade to SharePoint 2013	Learn how to identify and evaluate the customizations in your environment, and determine whether you will upgrade them, and how.
Plan for site collection upgrades in SharePoint 2013	Plan to upgrade site collections to SharePoint 2013. Plan for upgrade evaluation sites, notifications, and throttling.
Plan for performance during upgrade to SharePoint 2013	Understand upgrade performance and how to plan for the space and time that is required to upgrade to SharePoint 2013.
Create a communication plan for the upgrade to SharePoint 2013	Create a plan to coordinate and communicate with the upgrade team, site owners and users, and stakeholders.
Clean up an environment before an upgrade to SharePoint 2013	Make sure that your environment is in a healthy state, and delete unnecessary items before you upgrade to SharePoint 2013.

Additional resources about how to plan for upgrade to SharePoint 2013

The following resources about how to plan for upgrade to SharePoint 2013 are available from other subject matter experts.

Content

Description

Upgrade and Migration in SharePoint 2013 Resource Center

Visit the Resource Center to access videos, community sites, documentation, and more.
Determine strategy for upgrade to SharePoint 2013

Published: July 16, 2012

Summary: Understand how to minimize downtime and plan for special cases during an upgrade to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

When you upgrade your environment to SharePoint 2013, you want to limit how much downtime that users experience. You might also have a special case that you must address during upgrade. This article describes how to minimize downtime and work with these special cases.

In addition to the information in this article, make sure that you read Review supported editions and products for upgrading to SharePoint 2013 to understand exactly which upgrade situations are valid and lead to successful upgrades.
How to minimize downtime during upgrade

The following table lists the techniques that you can use during upgrade to reduce the time that users cannot access their content or to potentially increase upgrade performance.
- Read-only databases You can use read-only databases to continue to provide read-only access to content during the upgrade process. For this approach, you set the databases to read-only on the original farm while the upgrade is in progress on another farm. This method reduces perceived downtime for users. Also, if you encounter a problem with upgrade, you can restore the read-only farm to read-write and restore access to users while you rework your plans before you try upgrade again.
- Parallel database upgrades You can attach and upgrade multiple databases at a time to speed up the upgrade process overall. The maximum number of parallel upgrades depends on your hardware. This results in faster overall upgrade times for your environment. However, you must monitor the progress and your servers to make sure that the performance is acceptable, and for large databases, parallel upgrades can be slower than single upgrades.
  
  For more information about upgrade performance, see Plan for performance during upgrade to SharePoint 2013 and Use a trial upgrade to SharePoint 2013 to find potential issues.
The instructions for using these techniques are included in Attach databases and upgrade to SharePoint 2013.

Special cases

You might have other requirements or additional goals that you want to achieve when you perform an upgrade. The following table lists special cases and describes how to approach upgrade for each case.

Case	Upgrade approach
Upgrading an environment that uses forms-based authentication?	Additional steps are required to upgrade when you are using forms-based authentication. For more information, see Configure forms-based authentication for a claims-based web application in SharePoint 2013.
Upgrading very large databases?	In general, very large databases — especially databases that have a large number or large size of document versions inside them — take longer to upgrade than smaller databases. However, the complexity of the data determines how long it takes to upgrade, not the size of the database itself. If the upgrade process times out, it is usually because of connection issues. For more information about how long upgrade might take for your environment, see Plan for performance during upgrade to SharePoint 2013.
Upgrading from the server products in the Office 2007 release?	Use a database attach upgrade method to upgrade to SharePoint 2010 Products, and then upgrade to SharePoint 2013.
Upgrading from SharePoint Foundation 2010 to SharePoint Server 2013?	Attach and upgrade the content databases from SharePoint Foundation 2010 to SharePoint Server 2013.
Changing languages?	You have two choices, depending on whether a single site or your whole environment is changing languages: To change the multiple user interface (MUI) language for a specific site, upgrade in the same language, and then install the new language pack and change to that language. Caution: You must have the appropriate language packs installed to upgrade any sites based on a localized site definition. If you do not have the new language pack, the sites will not be available. Wait for the new language packs to be released before you try to upgrade those sites. To change the installation language for your environment, set up your new environment in the new language, and then attach and upgrade your databases in the new language.

Create a plan for current customizations during upgrade to SharePoint 2013

Published: July 16, 2012

Summary: Identify all customizations in your environment and determine what to change or remove as you upgrade to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

If you have extensively customized your sites based on SharePoint 2010 Products, you must determine how you want to handle your customizations when you upgrade to SharePoint 2013. Your approach will vary based on the extent of the customizations, the kind of customization, the complexity of your site, and your goals for upgrading. Before you upgrade, you must identify and then evaluate the customizations in your environment and determine whether you will upgrade them, and how.

Identify customizations in your environment

As part of an upgrade testing process, you should create an inventory of the server-side customizations in your environment (solutions, features, Web Parts, event handlers, master pages, page layouts, CSS files, and so on). For more information about how to identify customizations, see Use a trial upgrade to SharePoint 2013 to find potential issues.

You can use the Upgrade Planning worksheet to list specific customizations and then record the results of your evaluation in the next section.

Evaluate the customizations

After you have identified the customizations, think about the potential upgrade effect of each one. The following table describes types of customizations and the kind of effect they can have during upgrade.

Category of customization	Types of customizations	Potential effect on upgrade
Visually-affecting	Master pages Themes Web Pages Web Parts Custom JavaScript Custom CSS files	Should not affect database upgrade. For site upgrades: likely to work well in 2010 mode, but need changes to work in 2013 mode. Test carefully in both modes.
Data structure affecting	Content types List types Web templates Site definitions	Can affect database upgrade if content or list type names conflict with new content or list types in the product, or if templates or definitions are missing.
Non-visually affecting	Web services Windows services HTTP handler HTTP module	Might not be compatible with SharePoint 2013. Test carefully to determine effect. Be prepared to remove or replace.

Now that you know what customizations that you have, and what type that they are, you can decide what to do about them. The following questions can help you evaluate the customizations:

Is the customization still valuable?
- Does it serve a useful business need?
- Is it widely deployed and used?
- Does it do something that you cannot do with standard features in the product?
Is the customization well-designed?
- Is it built on supported, predefined site definitions?
- Does it follow best practices for customizations?
- Is it a supported kind of customization, or does it introduce risk into your environment?

As you evaluate every customization, you can also think about your overall approach for customizations. You can choose from among these options:

Keep the customizations, don’t upgrade the sites You can continue to run the site in 2010 mode in the upgraded environment. Although you can use this approach to keep the same functionality, you will be unable to take advantage of the features and capabilities that are available in the new version. Use this approach only temporarily – eventually you must address the issue (such as before an upgrade to the next version of the product).
Replace or redo the customizations If you want to use new functionality, plan to redesign your sites, or are significantly changing the information architecture, the upgrade is your opportunity to start over with new features, a new look, or a new organization. When you replace or redo customizations, you can take advantage of the new capabilities, change your design slightly if you want, or move to a more manageable design.
Discard the customizations Replace the customizations by using default functionality. You can reset pages to the default site definitions and remove any Web Parts or features that you no longer want to support. In fact, the site collection health-checker checks for unghosted pages and can reset the pages to the default versions. If you decide to discard any customizations, you must fix any issues that result from removing the customizations in the sites that used them. You can use your customizations inventory to determine which sites require this kind of attention before or after upgrade.

Considerations for specific customizations

In addition to your overall decision about how to treat customizations in your environment during upgrade, you must examine specific types of customizations to determine whether you must perform any additional actions to make them work in the upgraded environment.

The following table lists some common customizations and a recommendation for addressing that kind of customization.

Customization type	Recommendation
Site definition	Migrate sites to a supported, predefined site definition, then apply custom features by using solution deployment. You can also continue to use a custom site definition. You do not have to create a new site definition that is based on SharePoint 2013. However, if you must perform custom upgrade actions for the definition, you might have to create an upgrade definition file for that site definition. For more information, see Upgrade Definition Files (http://go.microsoft.com/fwlink/p/?LinkId=182339) on MSDN.
“Fabulous 40” application templates	Microsoft is not creating new versions of these templates. Environments that contain sites based on these templates can be upgraded as long as the templates are installed. But there might be issues when you try to upgrade the site collections. Make sure that you test each site before you upgrade the production environment. For more information, see Troubleshoot database upgrade issues in SharePoint 2013.
Feature	Evaluate, then redesign or redeploy if it is necessary.
Workflows and server controls	Depends on the solution. Contact the vendor to discover whether there is an updated solution. If a workflow is compatible with the new version, redeploy.
Event handler	Most event handlers will continue to work without changes. However, if the code for the event handler makes calls to APIs which were deprecated, you will have to rewrite it, and then redeploy it as a feature.
Managed paths (inclusions/exclusions)	Re-create inclusions to make sure that you can access all site collections under those paths. Exclusions were not used in SharePoint 2010 Products. If you had any remaining from an earlier version, they do not have to be re-created.
Themes	Re-create your themes following the SharePoint 2013 theming guidance, or select a new theme available in SharePoint 2013.
Master pages and CSS files	Rework to accommodate the new user experience.
JavaScript	Test to determine whether any actions are required. In some cases, you might have to adjust the scripts to work with the new page model. Verify that it works in both 2010 and 2013 modes.
Search provider or security trimmer	Test to determine whether any actions are required.
Web Parts	Test to determine whether any actions are required. You might have to adjust the Web Parts to work with strict XHMTL mode. Test to verify that there have not been changes to any object models or Web services that you call from the Web Part. If a Web Part is located on a page but not in a Web Part Zone (so that it is, basically, HTML code embedded directly in a page), it will not work if you reset the page to the default template. There is a site collection health rule that will identify files in this status inside a site collection. There is a link from that rule to the page where they can reset to template.
Services	Test to determine whether any actions are required. Redesign or adjust code, as needed.
Authentication providers	Test to determine whether any actions are required. Redeploy the provider with the same provider name (exactly. This includes the letter case) on a test farm and make sure that it works correctly.
Custom search solutions that use SQL syntax	Rework to use FQL syntax and KQL syntax. Custom search solutions in SharePoint Server 2013 do not support SQL syntax. Search in SharePoint Server 2013 supports FQL syntax and KQL syntax for custom search solutions. You cannot use SQL syntax in custom search solutions using any technologies. This includes the query server object model, the client object model, and the Search REST service. Custom search solutions that use SQL syntax with the index server object model and the Query web service that were created in SharePoint Server 2010 will not work when you upgrade them to SharePoint Server 2013. Queries submitted via these applications will return an error. For more information about how to use FQL syntax and KQL syntax, see Keyword Query Language (KQL) syntax reference and FAST Query Language (FQL) syntax reference.

While you are reviewing customizations in your environment, you should also make sure that the environment is not using any features or elements that are deprecated. For example, Web Analytics from SharePoint 2010 Products are not available in SharePoint 2013 and you should turn them off before upgrading. Also, SQL Server Search queries are not available in SharePoint 2013. For more information, see Changes from SharePoint 2010 to SharePoint 2013.

Some methods of deploying customizations might require additional steps in SharePoint 2013. The following table lists methods of deploying customizations and any issues that you might encounter.

Deployment method	Recommendation
Customizations deployed as MSI files	Contact the vendor for updated files. Most likely, you will have to get a replacement file compatible with SharePoint 2013.
Manually deployed features, files, or changes	You can re-deploy them to the equivalent directory in SharePoint 2013. However, consider packaging them into a deployable solution package for easier administration.
Sandbox solutions	No special steps. Sandbox solutions are upgraded with the content databases.
Solution packages	Redeploy to SharePoint 2013. Make sure that you deploy it to the appropriate directory (/14 or /15), depending on the version. Note that you can no longer add partial trust solution packages to the \bin directory. Any files deployed to the \bin directory must be full trust. Be sure to test any such solutions to make sure that deploying them in full trust does not introduce security vulnerabilities. Also, update any deployment scripts to make sure that they specify the correct trust level. For more information, see Install-SPSolution.
Administrator-deployed form templates	You must extract them from SharePoint Server 2010 and redeploy them to SharePoint Server 2013. For more information, see Services upgrade overview for SharePoint Server 2013.

The following kinds of customizations are not supported. If you have any of these customizations in your environment, you must replace them by using a supported kind of customization before you can upgrade. Otherwise, you might experience upgrade issues that cannot be fixed:

Predefined files, features, or site definitions that were changed.

Warning:

Some predefined file types — such as document icons or actions — can be carried forward in a supportable way, although this does not occur automatically. Do not copy over the old version files as that can cause other issues, instead, make the same changes to the new version file Modifications to other predefined files, such as server-side ASPX pages, will be lost during upgrade if you reset to the site template or if you don’t make the same changes in the new version files. Depending on the files that were changed and the extend of these changes, the upgrade experience can vary significantly.

SharePoint databases that were changed, either by directly changing data or changing the schema. This includes adding or removing triggers, tables, views, or indexes.

If you have any of these kinds of customizations, remove them and replace them with supported customizations before you attempt to upgrade. This is a best practice for helping to make sure that not only your current upgrade will work, but any future upgrades will go more smoothly. Changing predefined files and databases will remain unsupported.

Ensure that future customizations follow best practices

Ensure that your environment performs well and follows best practices. Deploy only those customizations that follow the best practices as described on the following page on MSDN: Developer Best Practices Resource Center.

Best practices for upgrading to SharePoint 2013
Plan for site collection upgrades in SharePoint 2013

Published: July 16, 2012

Summary: Explains how plan to upgrade site collections to SharePoint 2013 and how to plan for upgrade evaluation sites, notifications, and throttling in SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

When you upgrade from SharePoint 2010 Products to SharePoint 2013, site collections are not upgraded when you upgrade the content databases to a new version. The upgrade process is split to allow site collection administrators to decide when to upgrade their site collections. For a visual overview of the upgrade process, see Overview of the upgrade process to SharePoint 2013.

Server farm administrators can control settings for upgrading site collections, such as settings for upgrade evaluation site collections, notifications, and upgrade throttling. This article helps you plan the settings to use to controlling the upgrade of a site collection.
Determine the site collections that farm administrators should upgrade
By default, site collection administrators are in charge of when they upgrade their site collections, and they perform the upgrade themselves. However, under certain circumstances a farm administrator should probably perform the upgrade. For example, for sites that meet the following characteristics, the upgrade team at the farm level should perform tests before upgrade, and potentially upgrade the site collection:
- Extremely important sites
  
  If a site is very important to your business, farm administrators should carefully test it before they upgrade it, and then upgrade it themselves to make sure that the site collection is available for users as quickly as possible.
- Very large sites
  
  By default, if a site collection administrator starts to upgrade a site that is larger than 10 MB or with more than 10 subsites, the site is added to the upgrade queue, instead of being upgraded immediately. For very large site collections (larger than 10 GB), we recommend that you have a farm administrator upgrade the site collections instead of allowing the site collection administrators to start the upgrade. This way, the farm administrators can test these sites and then monitor the progress of the upgrade.
- Highly-customized sites
  
  Carefully test sites that are based on custom site definitions or that have many other customizations before you upgrade them. If there are issues with server-side customizations, then farm administrators should address them, test again, and then perform the upgrade so that they can troubleshoot any issues that occur. If there are issues with the design of a site, a designer and site collection administrator can address them.
Farm administrators can upgrade sites by using Windows PowerShell. For more information, see Upgrade a site collection to SharePoint 2013.

Plan settings for upgrade notifications, self-service upgrade, and site collection creation

When a site collection is available to upgrade, a status bar on a site indicates that site collection administrators can upgrade it. They can choose to upgrade the site collection then, or be reminded later.

Farm administrators can determine whether to allow site collection administrators to upgrade their sites at all. You can set a property to prevent the site collection administrators from starting to upgrade, which also turns off the notification in the status bar. Then you can perform the upgrades yourself by using Windows PowerShell. If you choose to upgrade some sites centrally, you should have a plan to decide when each site will be upgraded and who will verify the site after upgrade.

Although administrators can upgrade all site collections immediately, we do not recommend this, for the following reasons:

You would risk that some sites would have unforeseen issues that you’d have to address. This could create or prolong an outage.
A high volume of issues could arrive at your helpdesk or troubleshooting process when users start to work with upgraded sites at the same time.

You can control settings for site collection upgrade and site creation. You can determine the following:

Whether the site collection administrator can upgrade the site collection.
Which mode (2010 or 2013, or both) can be used when a user creates a site collection.

For example, you might want users to keep creating 2010 mode sites for a while, until most of site collections are upgraded, or you might want to force new sites to be created in 2013 mode so that you don’t have to upgrade them later.
- Properties that control site collection upgrade and site creation

Property

Description

SPSite.AllowSelfServiceUpgrade

Determines whether an upgrade notification can be set for a site collection.

Default is true – notifications are set automatically.

If set to false, the upgrade notification will not appear on the status bar.

SPWebApplication.CompatibilityRange

Determines in which modes a site collection can be created. For example, 2010 mode (14) or 2013 mode (15). The following ranges are available:

OldVersions Use this range to enable users to create only 2010 mode sites.
NewVersion Use this range to enable users to create only 2013 mode sites.
AllVersions Use this range to enable users to create either 2010 or 2013 mode sites.

You can use these ranges or set your range by using the New-Object command to set the Microsoft.Shareoint.SPCompatibilityRange property.

For more information about how to set these properties, see Manage site collection upgrades to SharePoint 2013.

You can also control settings upgrade notifications. You can determine the following:

Whether to add a link to more information from the Upgrading now status bar.
How many days to wait before reminding a site collection administrator about upgrade if they choose Remind me later on the status bar.

If a user clicks Remind me later, the current date is added to the number that is set for the UpgradeReminderDelay and the notification is hidden until that new date occurs. For example, if the setting is 30, then the notification will appear 30 days from the current date.

The following properties control site collection upgrade notifications:

Properties that control upgrade notifications

Property

Description

SPWebApplication.UpgradeMaintenanceLink

Adds another link to the upgrading now status message so that users can follow it, and find more information.

Default is empty.

SPWebApplication.UpgradeReminderDelay

Sets the number of days to suspend the upgrade notification in the status bar after a user clicks Remind me later.

Default is 30 days.

If set to 0, then the upgrade notification is not removed from the status bar and the notification cannot be set to Remind me later.

For more information about how to set these properties, see Manage site collection upgrades to SharePoint 2013.

Plan for upgrade evaluation sites

Site collection administrators can request a preview of their site collection. This preview site is called an upgrade evaluation site collection. An upgrade evaluation site collection enables site collection administrators to see their site‘s content in a new, separate copy of the site that is running on the SharePoint 2013. Unlike visual upgrade in SharePoint Server 2010, the upgrade evaluation site collection is a complete copy of the site collection. It is separate from the original and has its own URL. Actions that the site collection administrators perform in the upgrade evaluation site collection do not affect the original site. Both the original site and the upgrade evaluation site are available for search, and timer jobs that run for all site collections also run on the upgrade evaluation sites.

When a site collection administrator requests an evaluation site collection, the request is added to a timer job (known as “Create Upgrade Evaluation Site Collections”) which runs one time per day. This timer job creates a full copy of the site collection at a unique URL. Upgrade evaluation site collections are set to expire automatically and be deleted. The default time for expiration is 30 days, which can be configured by setting a value for the web application or by changing a value on the evaluation site collection itself.

Farm administrators can choose to prevent users from creating upgrade evaluation sites by setting the SPSite.AllowSelfServiceUpgradeEvaluation property for a site collection.

Timer jobs create and delete upgrade evaluation sites. The following timer jobs are used:

Timer jobs for upgrade evaluation site collections

Job name	Description	When run
Create Upgrade Evaluation Site Collections (job-create-upgrade-eval-sites)	Creates upgrade evaluation sites.	Runs daily, between 1:00 and 1:30 AM
Delete Upgrade Evaluation Site (job-delete-upgrade-eval-sites)	Deletes expired upgrade evaluation sites and sends notifications for sites near their expiration date.	Runs daily, between 1:00 and 1:30 AM
Upgrade site collections (job-upgrade-sites)	Upgrades site collections in the queue for a content database.	Runs every 1 minute

You can decide when and how often these timer jobs run, and you can also run them manually.

How the upgrade evaluation site collections are created

The Create Upgrade Evaluation Site Collections job timer collects the list of site collections that were queued for evaluation sites, and then copies the sites to new URLs and Site IDs. It also adds the sites to the upgrade queue so that they will be picked up by the Upgrade Site Collections timer job later. To create the copy of the site:

If you have an Enterprise version of SQL Server, the Create Upgrade Evaluation Site Collections job timer takes a snapshot of the database and reads the data from the snapshot to a destination database (with the source database being the default target). This doesn‘t affect the read-only status of the source site throughout the whole process.
For other versions of SQL Server that do not have snapshot capabilities, the Create Upgrade Evaluation Site Collections job timer backs up a site collection and restores it to a new URL. This makes the source site read-only for the whole duration of the process.

The Upgrade Site Collections job collects the list of site collections that were queued for upgrade and then upgrades the queued sites from oldest to newest. The recently added evaluation site is then upgraded (or at least upgrade is tried).

Plan site collection upgrade throttling and queues

To make sure that site collection upgrades do not cause an outage on your farm, there are throttles built in at the web application, database, and content level. This means that even if 100 site collection administrators decide to upgrade their site collections at the same time, only some are run at the same time, and the rest are put into a queue to run later.

Site collection upgrades are throttled:

Throttle levels for site collection upgrade

Level	Maximum number of site collections that can be upgraded at a time	Property that controls the throttle setting
Web application	Default is 5 per web application instance. Additional requests are queued.	SPWebApplication.SiteUpgradeThrottleSettings AppPoolConcurrentUpgradeSessionLimit
Content database	Default is 10 per content database. Additional requests are queued.	SPContentDatabase.ConcurrentSiteUpgradeSessionLimit
Content of a site collection (size and number of subwebs)	Default is that a site that is more than 10 MB, or has more than 10 subwebs, cannot be upgraded in a self-service manner by the site collection administrator, but must be upgraded by the farm administrator.	SPWebApplication.SiteUpgradeThrottleSettings UsageStorageLimit and SubwebCountLimit

The following illustration shows the relationship between the web application and content database upgrade throttle limits.

Upgrade throttles and the site upgrade queue for web applications and content databases

In this illustration, the content database contains fifteen sites, and all sites were requested to start upgrade.

Because of the web application throttle limit, only five sites can start to upgrade for web application 1 – instance 1 on Web server 1.
An additional five sites start to upgrade on web application 1 – instance 2 on Web server 2.
Because of the content database throttle, five sites are sent to the upgrade queue to wait their turn.

You can use the default throttling settings, or you can specify your own values for how many site collections can be upgraded at the same time. Farm administrators can also override throttle settings when they upgrade a site by using Windows PowerShell. Exercise caution when you change these values and make sure that you verify the settings that you want to use in a test environment before you implement them in production. If you increase throttling too much, you could create performance problems in your environment. For example, too many parallel upgrades could affect site rendering. For information about how to change these settings, see Manage site collection upgrades to SharePoint 2013.

About site collection modes

In order to make it possible to upgrade site collections separately from upgrading content databases, SharePoint 2013 introduces the concept of site collection “modes” (also known as compatibility levels). Site collections are in 2010 mode in the new environment until they are specifically upgraded to 2013 mode. You can create new site collections in either mode. Although farm administrators can configure this setting, the default setting is to create sites in 2010 mode). When a site collection is in 2010 mode, the user interface resembles the SharePoint 2010 Products interface, and only features that were available in SharePoint 2010 Products are enabled. In 2013 mode, the interface and features are updated to SharePoint 2013.

You have to make sure that the solution packages, features, and other custom components are available for both site modes. For more information, see Create a plan for current customizations during upgrade to SharePoint 2013.
Train site collection administrators

It is important to train users about how to upgrade their site collections and how to review their sites in an upgrade evaluation site collection. Educated users are prepared and know what to expect, which will minimize helpdesk support and frustrations.

Inform users about changes and new features. Also, let them know about possible issues that they can expect. For instance, they might have issues with customizations, such as pages that do not display correctly. For information about general upgrade issues, see Review site collections upgraded to SharePoint 2013 and Troubleshoot site collection upgrade issues in SharePoint 2013.

Explain to site collection administrators that their upgrade evaluation sites are copies, and any changes they make there will not persist in their upgraded sites. There is also a notification bar in the preview site that indicates that it is a copy.

By default, site collection administrators control upgrade for their sites. They can use upgrade evaluation site collections to preview the new user interface and features. This gives them time to make sure that everything works correctly, and they can address any issues in their original site before upgrading it. When site collection administrators are ready, they can upgrade their sites.

We recommend that you have a plan and set a time limit for how long to allow site collection administrators to postpone upgrade of their sites. For example, each site collection administrator may be given 90 days to work with his or her site collection administrators to evaluate and then upgrade their sites. This time limit makes sure that users are given a reasonable time to become familiar with the new user interface and to resolve any issues in their sites. Ensure that you communicate the time limit to the users, and that they know that you can force through an upgrade of all sites. Also, you can use a Windows PowerShell command to check the compatibility level for sites in a content database so that you can see how many sites are in 2010 mode and how many are in 2013 mode. For more information, see Manage site collection upgrades to SharePoint 2013.

It is important to tell site collection administrators that as long as sites use the 2010 mode, new features will not be available. However, as soon as sites are upgraded to the new version, application features automatically appear.
Plan for performance during upgrade to SharePoint 2013

Published: July 16, 2012

Summary: Understand upgrade performance and how to plan for the space and time that is required to upgrade to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

An important part of planning an upgrade from SharePoint 2010 Products to SharePoint 2013 is determining how long the upgrade process will take and how much storage space will be required. Every environment is unique and includes different hardware capabilities and different database and site characteristics. The space and the length of time required to run an upgrade will vary greatly depending on your environment. The best way to estimate these factors is to perform one or more trial upgrades, and then review the space and time that it took. For more information about how to perform a trial upgrade, see Use a trial upgrade to SharePoint 2013 to find potential issues.
About upgrade performance for SharePoint 2013

One of the main reasons that database upgrade and site collection upgrade are now separate actions for SharePoint 2013 is to give you more control over upgrade performance.
- How upgrade works for SharePoint 2010 Products
  
  During an upgrade to SharePoint 2010 Products, when the database was upgraded, all of the site collections in that database were also upgraded. That meant that for certain steps, such as activating features or updating the Quick Launch control, the upgrade process needed to perform the step repeatedly for each site collection in a database before the database upgrade was completed.
  
  Upgrade process for SharePoint 2010 Products
- How upgrade works for SharePoint 2013
  
  When you upgrade to SharePoint 2013, the database upgrade no longer starts these site-specific steps. Therefore, the database upgrade stage is much faster. Some tests have found that a database can be upgraded to SharePoint 2013 in two-thirds of the time that it took to upgrade the same data to SharePoint 2010 Products. These site-specific steps must still be performed. However, they are performed only when the site collection is upgraded, and then only for that site. Because each site collection is upgraded independently, you can manage the performance effect of those upgrades on your environment.
  
  Upgrade process for SharePoint 2013 Products
For SharePoint 2013, you can control the performance effect of site collection upgrades by controlling how many sites can be upgraded at a time. There is a site collection upgrade queue that maintains a list of site collections currently requested to be upgraded. And there are throttles on the content database and web application levels to control how many site collection upgrades can occur at a time. For more information about these controls, see Plan for site collection upgrades in SharePoint 2013 and Manage site collection upgrades to SharePoint 2013.

In addition to planning for performance during upgrade, you must also plan for the performance of your production environment after upgrade. Test your planned environment to make sure that you can support your environment by using the hardware that you have planned.
Estimate the space that you must have for the upgrade

As the databases are upgraded, they expand temporarily. Also, many transactions occur while the upgrade process runs. Therefore, you must make sure that the log files have room to expand to accommodate the changes that are occurring. Therefore, you have to plan for growth in both the databases and the log files.
- Database growth
Because of the changes in table structures in the new version, the databases grow temporarily while the data is reorganized. This space can be recovered after upgrade, but you should make sure that there is room for the databases to grow up to 50 percent larger than their current sizes during upgrade (be aware that after upgrade, you can reduce the database again to recover much of this space).

You should also make sure that there is room on your database servers for your databases to grow over time with typical use. To check how large your databases currently are, use Enterprise Manager in SQL Server.
- Transaction log growth
In addition to database space, you must also have room for the transaction log files for the databases. These log files must grow quickly to accommodate the number of changes occurring in the databases

In very large environments, there is a possibility that the default growth rate for the transaction log files (10 percent) is not enough to keep up with the upgrade process. This can cause a time-out. Again, a trial upgrade is the best way to determine whether the transaction log files can keep up with the upgrade process. If your environment is very large, or if the process timed out during a trial upgrade, consider expanding the SQL Server transaction log files beforehand to make sure that you have room for the number of transactions that must be processed. For more information about how to expand the SQL Server transaction logs, see Expanding a Database (SQL Server 2008 R2).
Estimate how long the upgrade will take

With your disk space estimates in hand, and some testing done, you can now calculate a rough estimate of how long the actual upgrade process will take. Upgrade times vary widely among environments. The performance for an upgrade depends greatly on the hardware being used, the complexity of the sites, and the particular characteristics of your implementation. For example, if you have many large document libraries, these may take longer to upgrade than a simpler site.

Factors that influence performance for upgrade are described in the following list.
- Environment factors The following factors can affect the performance for both database and site collection upgrade:
  - Simultaneous upgrades
  - SQL Server disk input/output per second
  - SQL Server database to disk layout
  - SQL Server temporary database optimizations
  - SQL Server CPU and memory characteristics
  - Web server CPU and memory characteristics
  - Network bandwidth and latency
- Database factors The following factors can affect the performance of database upgrade. The number of:
  - Site collections
  - Subwebs
  - Lists
  - Rowspan within lists
  - Document versions (number and size)
  - Documents
  - Links
    
    Plus the overall database size itself.
- Site collection factors The following factors can affect the performance of site collection upgrade. The number of:
  - Subwebs
  - Lists
  - Activated upgrading features
  - Document versions (number and size)
  - Documents
  - Links
How your data is structured can affect how long it takes to upgrade it. For example, 10,000 lists with 10 items each will have a longer upgrade time than 10 lists with 10,000 items. The actions required to upgrade the list infrastructure must be performed for each list, regardless of the number of items. Therefore, more lists equals more actions. The same goes for most of the items under database factors or site collection factors.

The structure of your hardware can also have a big effect on performance. Generally, the database server performance is more important than web server performance, but underpowered hardware or connectivity issues at either tier can significantly affect upgrade performance. Web servers have a significant part to play in database upgrade performance, mainly by issuing the commands to make data and structural changes in the databases. The database servers have to process those changes and work with a large set of data for every command. Web server performance becomes a bigger issue during site collection upgrade, when the upgrade process iterates several actions for each site collection (which might occur for multiple site collections at a time). Site collection upgrade also affects the database server as each action must occur in SQL Server.

The best way to estimate overall time is to do a trial upgrade of the data, and then review the upgrade log files. The log files contain the duration for an upgrade — look for Total Elapsed Time at the bottom of the upgrade log file. Use this time to estimate the duration for your full set of content. You can also use the log files to check your progress during the upgrade process. The upgrade.log file is located at %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions\15\LOGS.

To determine durations from the logs, examine:
- The times spent in each upgrade sequence per log.
- The times spent per upgrade action instance per log.
- The minimum, maximum, and average times.
Make sure that you separate out the database upgrade times from time that is spent upgrading site collections for accurate planning. Perform multiple trial upgrades to guarantee more accurate data. Then collate the data from multiple tests to determine likely performance per sequence, action, and database. You can use the Get-SPUpgradeActions cmdlet in Windows PowerShell to see how many actions occur for the farm. For more information, see Get-SPUpgradeActions.

The estimate you arrive at based on your trial upgrade is for the actual upgrade process for the data. It does not include all of the steps that you have to perform before and after this step, which can take more time than the upgrade of the data itself. When estimating how long the upgrade will take, in addition to the time that is required for data to be processed, you must also estimate how long the activities during the upgrade phases will take.

Consider the following factors:
- Creating custom elements Upgrading Web Parts or re-doing custom templates to take advantage of new features will take some time. The process of creating custom elements should begin early, during the evaluation phase of your project.
- Backing up the databases You must perform a full backup — not a differential backup — of your databases for a database-attach upgrade. For large environments, this step can take significant time. In particular, if you are backing up to a network location, network latency issues can slow this process down.
- Creating service applications and configuring services Creating service applications and configuring services does not take long. However, if you must contact a database administrator to create the databases for you before you create service applications, you might need a day or two of lead time.
- Running a search crawl on all content For large sites, this step can take more than 24 hours. Unless you run a crawl, searches cannot return results because the index is not upgraded.
- Verifying the environment after upgrade For large environments, it can take a while to verify the environment and check the site collections to make sure that they are in a good state before you allow users access to them. For more information, see Verify database upgrades in SharePoint 2013.
For site collection upgrade, consider the following factors:
- Verifying sites and making changes Allow enough time for users to validate their sites after the upgrade. This may take several days. For more information, see Review site collections upgraded to SharePoint 2013.
Additional factors in your environment can also contribute to longer upgrade times. They include the following:
- Very large document libraries A document library with more than 250,000 documents all in the root of the document library (instead of in folders) will take a long time to upgrade, and the upgrade might not be successful. Following the guidelines for using folders to break up large document libraries can help you manage the library size. For example, if you rearrange the same document library so that the 250,000 documents are divided into 125 folders, it should upgrade more easily.
- Very large databases Databases larger than 100 GB can take a long time to upgrade.
  
  If you have content databases that are larger than 100 GB and include mixed site types (such as My Sites and team sites together with published sites), we recommend that you divide them up into smaller databases that contain a consistent type of data before you run the upgrade.
Note:

My Sites are available only with SharePoint Server, not SharePoint Foundation.

You can use the Move-SPSiteWindows PowerShell cmdlet to move sites between databases. For more information, see Move-SPSite.

Be sure that you are following the capacity planning guidelines from the previous and new versions before you attempt the upgrade. If you have exceeded the guidelines for best performance, the upgrade process might take longer, or it might fail (for example, the process might time out repeatedly on the same large document library). If your deployment does not meet the recommended capacity guidelines, consider whether you have to do some work to meet those guidelines before you try the upgrade. Again, a trial upgrade can help you with that decision.
- Wide lists (lists with many columns)
  
  Wide lists are lists with more columns than fit in a single rowspan in the content database. These lists can take longer to process during upgrade, or might not upgrade. For more information, see Clean up an environment before an upgrade to SharePoint 2013.
- Sites with many subwebs
  
  Site collections that contain hundreds or thousands of subwebs will take much longer to process during site collection upgrade. For example, a site collection with thousands of subwebs might take many hours instead of many minutes, or longer, to upgrade.
- Communications requirements
  
  You have to notify the users and your team of the upgrade schedule, and give them time to do their tasks. For more information, see Create a communication plan for the upgrade to SharePoint 2013.
- Managing system center alerts and alarms
  
  You have to monitor system performance during upgrade, but you will not have to monitor specific features. Pause any unnecessary alarms and alerts from Microsoft Systems Center Operations Manager or Microsoft Operations Manager, and then turn them on again after upgrade.
- Turning SQL Server mirroring and log shipping (or AlwaysOn Availability Groups) on/off
  
  You should turn off mirroring and log shipping before you upgrade, and then turn them on again after you are sure that your environment is running correctly after the upgrade. We recommend that you do not run mirroring or log shipping during upgrade, because this creates additional load on the servers that are running SQL Server and also wastes resources mirroring or shipping temporary data.
  
  This also applies to AlwaysOn Availability Groups in SQL Server 2012.
Test the upgrade process to discover how long it may take, then create a schedule for the upgrade operations and test that to determine your timeline. You should include the time that that is required to do the pre-upgrade and post-upgrade steps in your operations timeline: If it takes 5 hours to back up your databases, you must include that time in your timeline. Also include buffer time in case you have to restore or recover — you should determine both your planned outage (realistic case) and your emergency outage (worst case) timelines.
Environment performance after upgrade

After you complete an upgrade, the environment will likely experience some lag in performance as it works through the changes. Make sure that you confirm the actual performance against your expected performance after upgrade to make sure that your new farm is performing within acceptable bounds. Check SQL Server responsiveness: is the disk queue length too long? Are CPU and memory usage too high? Also look for web and application server responsiveness: is the number of requests per second (RPS) acceptable? What about page load time (initial and secondary page requests). Review your overall environment performance and make adjustments as needed.
Create a communication plan for the upgrade to SharePoint 2013
Published: July 16, 2012

Summary: Communicate timelines, requirements, and how to obtain help with site owners and users during upgrade to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

It is important that you communicate with users during the upgrade process from SharePoint 2010 Products to SharePoint 2013. Site users have to know what to expect when they visit their sites again after you have upgraded the environment. Site owners have to know how they can help prepare for upgrade and what they have to do to upgrade their site collections in SharePoint 2013 and My Sites in SharePoint Server 2013. Both site users and site owners have to know when the upgrade will occur. As part of the planning process, determine the following:
- Who are the members of the upgrade team, what other stakeholders are involved, and who will be affected by the upgrade?
- What information must the upgrade team have, and when?
- What information must site users and other stakeholders have, and when?
This article describes how to create a communication plan so that the upgrade team, stakeholders, and users know what to expect before, during, and after the upgrade.

Who is a member of the upgrade team?
For small deployments in which sites were not customized extensively, the upgrade team might consist of only one person. For larger deployments, on the other hand, several people with different roles can be required, as described in the following list:
- Server administrators Server administrators perform most of the upgrade tasks. There must be at least one server administrator on the upgrade team because running the Setup wizard requires someone who is a member of the Administrators group on each front-end web server.
Note:

Farm administrators might not be local administrators for the server.
- Site designers and developers and third-party solution providers If you have custom templates, Web Parts, Web services, or other custom elements that are associated with your sites, you must work with the associated site designers and developers or third-party solution providers. Because custom elements can fail or perform differently in an upgraded environment, you have to make sure that designers or developers can create new versions of these custom elements or verify that these elements were upgraded correctly. Because their work can have a big influence on the upgrade schedule, work with these stakeholders early in the process. For more information about potential issues with custom elements, see Use a trial upgrade to SharePoint 2013 to find potential issues.
- Site users Although you do not have to include site users in making decisions about the upgrade process, you must tell site users when it will occur and what they should expect.
- Sponsors and other stakeholders Other people in your organization might be involved in the upgrade planning process. Make sure that you include them in your communication plan appropriately.
Note:

An upgrade team can include one or more members in each role, depending on your organization.
When and what to communicate to the upgrade team
In general, the server administrators and service application administrators set the timeline for upgrade, and site owners are notified only when the process is about to begin. However, because team members have their own tasks to perform at particular points in the overall upgrade process, it is very important that you have a solid plan to communicate the progress of the upgrade to all team members so that everyone knows when it is time to perform their particular tasks.

The whole upgrade team must work together to determine the dates and times to perform the upgrade. We recommend that you choose an upgrade window to occur when site usage is lowest. For small single-server deployments, upgrade may be completed in less than a day. Larger deployments can take more time, up to a weekend. There is no way to determine the precise length of time that will be required to upgrade any particular site collection. Because of this, it is very important to communicate with other team members involved in the upgrade process in addition to users. The day or days that you choose for upgrading should be far enough in the future that the upgrade team has enough time to complete all of the preliminary steps. When you plan the timeline, make sure that you schedule time to validate the upgraded sites and time to implement any changes or do any work to re-brand sites.

It is important to communicate with site owners, designers, and developers at the following points during the upgrade process:
- Before the trial upgrade so that they know the general timeline and their roles in the process.
- After you perform a trial upgrade to find issues. For example, issues such as customized site templates or custom Web Parts should be reported to the appropriate site owner, designer, or developer before you schedule the upgrade, to give them time to investigate the issues and take preliminary steps. Or a developer might decide that it would be prudent to rebuild a Web Part before the upgrade occurs. And site owners might want to note any customizations that were done to their sites, such as site templates and changes to core Active Server Page Extension (ASPX) files.
- After the environment is upgraded so that they can review the sites and make any changes that are needed.
- When you are ready for them to upgrade their site collections.

When and what to communicate to site users

It is equally important to communicate with the users of the sites to tell them about the following issues:
- How the upgrade might affect them and what they should know about the new environment For example, the site will look different and function slightly differently in the new user interface. You can also point them to available content, such as What’s New articles or training materials, to learn about the new version. For more information about feature changes, see What’s new in SharePoint Server 15 Beta.
- How to obtain help If they find an issue with their site after upgrade, how can they obtain help in addressing it?
You can use the new system status bar in the site collections to notify users of these items. For more information about how to set notifications for the status bar, see Plan settings for upgrade notifications, self-service upgrade, and site collection creation in the article Plan for site collection upgrades in SharePoint 2013.
Clean up an environment before an upgrade to SharePoint 2013

Published: July 16, 2012

Summary: Make sure that your environment is in a healthy state, and delete unnecessary items before you upgrade to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Before you start to upgrade from SharePoint 2010 Products to SharePoint 2013, you should make sure that your environment is functioning in a healthy state and that you clean up any content that you do not have to upgrade. You can also take the time to remove or rearrange content so that you will have the structure that you want after you perform the upgrade.

Items to clean up
Many of these items can be removed or repaired by using Stsadm command-line tool or Windows PowerShell cmdlets.

Important:

To use the Stsadm command-line tool, you must be a member of the Administrators group on the local computer.

To use Windows PowerShell cmdlets in the SharePoint 2013 Management Shell, you must have the following memberships:
- securityadmin fixed server role on the SQL Server instance.
- db_owner fixed database role on all databases that are to be updated.
- Administrators group on the server on which you are running the Windows PowerShell cmdlets.
- Delete unused or underused site collections and subwebs
You do not want to upgrade content that you do not have to keep. If it was unused for a long time and is not needed in the future, back it up, and then delete it to free storage and administrative resources, improve upgrade performance, and reduce upgrade risk. Be sure to communicate with site owners or organizational contacts regarding the site status — you want to make sure that the site is not needed before you delete it (for example, you do not want to delete sites that are required for compliance, such as emergency procedures, even though they may not be frequently updated).

For more information about how to delete site collections and subwebs, see the following articles:
- Remove-SPSite
- Remove-SPWeb
  - Check large lists (lists with lots of data)
By default, large list query throttling is turned on in SharePoint 2010 Products. This behavior has not changed in SharePoint 2013. If a list is very large, and users use a view or perform a query that exceeds the limit or throttling threshold, the view or query will not be permitted. If you are upgrading content from the server products in the Office 2007 release, check any large lists and have the site owner or list owner address the issue. For example, they can create indexed columns with filtered views, organize items into folders, set an item limit on the page for a large view, or use an external list. For more information about large list throttling and how to address issues with large lists, see Manage lists and libraries with many items on Office Online.
- Delete excess columns from wide lists (lists with too many columns) or remove wide lists
Wide lists are lists with more columns than fit in a single rowspan in the content database. During upgrade, the underlying storage in the database is changed to a sparse table structure, and a very wide list can cause upgrade to fail. Use the Test-SPContentDatabase command in Windows PowerShell to look for wide lists in the content databases and then remove excess columns, or remove the wide list before you upgrade.

For more information about maximum column sizes in a list, see Column limits.
- Consider moving site collections into separate databases
If you have 5,000 or more site collections in a database, consider breaking them out into multiple databases. In SharePoint 2010 Products, there was a default warning at 9,000 site collections and a hard limit at 15,000 site collections. In SharePoint 2013, these values change to 2,000 site collections for the warning and 5,000 site collections for the limit. To avoid errors during upgrade or broken sites after upgrade, we recommend that you move some site collections into separate databases. If you have multiple content databases, you can also speed up an upgrade process by upgrading multiple databases in parallel.

For more information about site collection limits, see Content database limits. For more information about how to move site collections to a new database, see Move site collections between databases in SharePoint 2013.
- Remove extraneous document versions
Large numbers of document versions can slow down an upgrade significantly. If you do not have to keep multiple versions, you can have users delete them manually or use the object model to find and remove them. For more information about how to programmatically remove extraneous versions, see Versions Web Service on MSDN.
- Remove unused templates, features, and Web Parts
First, verify that no sites are using the template, feature, or Web Part. You can use the Stsadm -o EnumAllWebs operation with the –includefeatures and –includewebparts parameters to identify these customizations in your environment. This operation identifies Web Parts, features, event handlers, and setup files that are being used in your environment. The EnumAllWebs command also specifies which files are used by which sites. Changes were made to the EnumAllWebs command in the February 2011 Cumulative update to make it return both site collection and web-level features. For more information, and to get the cumulative update, see Description of the SharePoint Foundation 2010 cumulative update package (SharePoint Foundation server-package): March 3, 2011.

You can remove a feature during site collection upgrade. Simple features can also be removed by deprecating them in the template. You can use feature upgrade to remove more complex features. For more information, see Upgrading Features and Feature Upgrade Overview on MSDN.

For more information about how to identify customizations in your environment, see Use a trial upgrade to SharePoint 2013 to find potential issues. If customizations are not being used, delete them. For more information about how to manage these kinds of customizations, see Features and Templates and Solutions and Web Part Packages on MSDN.
- Remove PowerPoint Broadcast sites
These sites and site templates are not available in SharePoint 2013 because the Office Web Apps Server are now installed separately from the SharePoint 2013 environment. Sites based on these templates will not work in SharePoint 2013. Remove these types of sites before you upgrade.

You can use the Get-SPSiteWindows PowerShell command together with the following options to find these sites:

Get-SPSite | Where-Object{$_.RootWeb.Template -eq “PowerPointBroadcast#0”}

This will return all sites that use that template.

You can also use the Get-SPSite and Remove-SPSiteWindows PowerShell commands together with the following options to remove these sites:

Get-SPSite | Where-Object{$_.RootWeb.Template -eq “PowerPointBroadcast#0”} | Remove-SPSite

Be sure to back up these sites before you remove them. For more information, see Get-SPSite and Remove-SPSite.
- Finish Visual Upgrades in SharePoint 2010 Products
During an upgrade from the server products in the Office 2007 release to SharePoint 2010 Products, you could allow site owners to use Visual Upgrade to keep sites in the old experience on the upgraded environment. When you upgrade to SharePoint 2013, all sites that are still in the old experience in SharePoint 2010 Products are automatically upgraded to the 2010 experience. If you want the opportunity to address any issues and review the sites before they are switched to the new experience, upgrade them to the new experience in your SharePoint 2010 Products environment and review them before you upgrade them to SharePoint 2013. We recommend that you finish visual upgrades before you upgrade to SharePoint 2013. Finishing visual upgrades before you upgrade provides the following benefits:
- You can address issues while you still have the server products in the Office 2007 release components available.
- You can have users be involved in reviewing and fixing issues in their sites.
- You can roll back to the old experience temporarily if it is necessary. You cannot roll back when you are in the SharePoint 2013 experience.
- You avoid adding potential errors to the upgrade process. The fewer operations occurring during upgrade, the better. Trying to troubleshoot errors is more difficult when you have more processes involved. And users might think that upgrade has caused an issue when it’s really the experience changing to the new version. If you have an issue with how the site interface is displaying, how will you know whether it is an old issue from the site that was forced through visual upgrade, a problem with the 2010 mode in SharePoint 2013, or a problem with a new CSS file?
To check for sites in the old experience, on the SharePoint 2010 Products environment, you can use the Get-SPSite Windows PowerShell command.

To check for and upgrade sites still in the old experience in the SharePoint 2010 Products environment by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2010 Products.
Click SharePoint 2010 Management Shell.
At the Windows PowerShell command prompt, type the following command to return all site collections that are in or have subwebs in the old experience:

Get-SPSite | ForEach-Object{$_.GetVisualReport()}
At the Windows PowerShell command prompt, type the following command to upgrade those sites to the new experience:

Get-SPSite | ForEach-Object{$_.VisualUpgradeWebs()}

For more information, see Get-SPSite and Manage visual upgrade (SharePoint Server 2010).

Repair data issues

Make sure that you repair all issues in your databases or site content before you upgrade. In particular, check the following items:

Check databases for corrupted data

Clean up your databases to remove any orphaned sites or other corrupted data, such as a corrupted list. Consider defragmenting if you have removed sites or subsites from the database. For more information, see:
- Databaserepair: Stsadm operation
- Forcedeletelist: Stsadm operation
Check databases for duplicate or orphaned site collections

Make sure that site collections exist in only one content database. Occasionally, site collections can leave behind duplicate or orphaned references in old content databases if they are moved to new databases, or if a copy of a database was attached to the farm, or if there was an error when a site collection was provisioned. If a site collection is referenced in more than one content database or there is more than one instance of the site collection in a content database, it can cause issues when you upgrade by using the database attach upgrade method. If you upgrade a duplicate version of the site collection first, the site map in your configuration database might end up pointing to that version of the site instead of the current version.

Before you upgrade, use the Enumallwebs operation in stsadm command-line tool to discover which sites are in which content databases and compare the results. Also, examine each site collection in the results and check whether it is listed as missing in the site map. Being listed as missing indicates that it is an orphaned site. For more information, see Enumallwebs: Stsadm operation. If you find duplicate or orphaned sites, you can use the Remove-SPSite cmdlet in Windows PowerShell to remove the duplicate or orphaned sites from the database.

For more information, see Remove-SPSite.
Check variations

In publishing environments, check for any variations that must be fixed. For more information, see Variationsfixuptool: Stsadm operation.

How to make structural changes

To make structural changes to your environment, such as moving site collections or changing how your databases are allocated, you can use the following methods:
- Move-SPSite Use this to move site collections between databases. If a database is very large or contains lots of site collections, you can move sites to address this to make upgrade more efficient. Also, you can move all collaboration sites into one database and all My Sites into another to make the upgrade administration easier for those different sets of sites. You can also use this operation to divide large databases if they contain multiple site collections. This can also help increase upgrade efficiency.
  
  For more information, see Move-SPSite.
- Export-SPWeb and Import-SPWeb Use this method to move subwebs or site collections inside a farm or between farms. For more information, see Export-SPWeb and Import-SPWeb.
Test and troubleshoot an upgrade to SharePoint 2013

Published: July 16, 2012

Summary: Find resources about how to test and troubleshoot an upgrade from SharePoint 2010 Products to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Before you upgrade from SharePoint 2010 Products to SharePoint 2013, you should take time to test an upgrade process and understand the issues that you might face in an actual upgrade. After you perform a test upgrade, or after you upgrade your actual databases, you might find issues that have to be addressed. After you address issues, you can restart the upgrade to try again.

The following downloadable resources, articles on TechNet, video recordings, and related resources provide information about how to test and troubleshoot upgrade.

Downloadable resources about how to test and troubleshoot upgrade

Download the following content for information about how to test and troubleshoot upgrade.

	Content	Description
	SharePoint 2013 Products Preview – Test Your Upgrade Process model	See a visual display of information about how to test the upgrade process.
	SharePoint 2013 Products Preview Upgrade Worksheet	Use this worksheet to record information about your environment while you test upgrade.

TechNet articles about how to test and troubleshoot upgrade

The following articles about how to test and troubleshoot upgrade are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

Content	Description
Use a trial upgrade to SharePoint 2013 to find potential issues	Find out how to plan for success by testing upgrade by using your actual data in either a physical or virtual environment.
Troubleshoot database upgrade issues in SharePoint 2013	Follow these recommendations to troubleshoot any issues that occur during database-attach upgrade. You can also look up common issues and discover how to address them.
Troubleshoot site collection upgrade issues in SharePoint 2013	Follow these recommendations to troubleshoot any issues that occur during a site collection upgrade. You can also look up common issues and discover how to address them.
Restart a database-attach upgrade or a site collection upgrade to SharePoint 2013	If you encounter errors during upgrade, you can address them by using the troubleshooting article, and then use this article to restart or resume upgrade.

Additional resources about how to test and troubleshoot upgrade

The following resources about how to test and troubleshoot upgrade are available from other subject matter experts.

	Content	Description
	Upgrade and Migration Resource Center for SharePoint 2013 Products	Visit the Resource Center to find additional information about upgrades to SharePoint 2013.

Use a trial upgrade to SharePoint 2013 to find potential issues
Updated: October 16, 2012

Summary: Prepare for upgrade to SharePoint 2013 by testing the upgrade process on copies of real data.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Before you start an upgrade from SharePoint 2010 Products to SharePoint 2013, you should test the upgrade process to make sure that you know exactly what you have to do to have a successful upgrade. A trial upgrade to test the process can reveal the following issues:
- Whether an upgrade plan will work or if you must make adjustments.
- The customizations that are in your environment so that you can plan to deal with them during upgrade.
- Whether you should upgrade your hardware to make an upgrade run more efficiently and more quickly.
- The timing for upgrade, or how long upgrade will take for your environment.
- What you must plan for, operationally — for example, resources to have available.
In addition, you can use the trial upgrade to become familiar with the upgrade tools and the process itself so that you know what to expect when you perform the actual process. Through testing, you can discover the following issues:
- What does the upgrade user interface look like? How do you know when you have finished one phase and are moving through another?
- Where are the log files, and how do you read them? What information do they provide?
- Whether you must adjust any scripts or commands that are used during the upgrade process, especially if you are relying on any scripts that were used in upgrading to SharePoint 2010 Products.
- Whether you have the right plan to address any outages.
This article describes basic steps for testing upgrade, and it gives recommendations for reviewing the results and adjusting an upgrade plan based on what you learn during the tests.

In addition, the following resources can be helpful when you test the upgrade process:
- SharePoint 2013 Upgrade Worksheet
  
  Download the SharePoint 2013 Products Preview Upgrade Worksheet and use it to record information about your environment while you test upgrade.
- SharePoint 2013 – Test Your Upgrade Process model
  
  Download the SharePoint 2013 Products Preview – Test Your Upgrade Process model poster to see a visual display of information about how to test the upgrade process.
- See best practices for testing the upgrade process in Best practices for upgrading to SharePoint 2013.
Set up a test environment

You can use either virtual or physical hardware to test the upgrade process. Every environment is unique. Therefore, there are no general guidelines for how long upgrade will take or how difficult a particular customization will be to upgrade. The best way to gauge how upgrade will go is to perform a series of trial upgrades.

Here are some things to consider when you create your test environment:
- Be sure that you transfer all the settings and customizations to the test environment. The section Identify and install customizations provides information about collecting this information.
Make sure that actions that you take in the test environment do not affect the live environment. Be cautious with the following:
- External data connections
  
  Even though you are working with a copy of the environment, the link to the data source is real. Changes that you make to the data in the test environment affect the production environment.
- Running commands against a live database still in production
  
  Make sure that you use copies of your databases for testing, not a live version in your production environment. For example, if you run Test-SPContentDatabase against a live database, instead of a copy, you might affect performance on your production environment.
  - Using a virtual test environment
When you test by using a virtualized environment, you do not have to have lots of hardware. You can replicate your environment by using just two servers that are running Hyper-V. One server has images for the front-end web servers and application servers, and the other server has images for the database servers.

However, virtual environments might not have the same performance metrics as physical environments. If your production environment is physical, you must consider this difference when you calculate the time that is required to upgrade your production environment. Generally, you can get better performance estimates if you use a physical server for SQL Server. Make sure that it has similar performance specifications to your server that runs SQL Server in your production environment.

Distribution of servers in a virtual test environment
- Using a physical test environment
When you test by using a physical environment, you must replicate your proposed production server farm environment as closely as possible. If you simplify the number of front-end web servers, application servers, or database servers too much, you will not have an accurate estimate of how long the upgrade process will take. You may not account for complications that arise from interactions between servers in the same role (such as SQL Server transactions). If you have multiple servers in a role in your proposed production farm, use at least two servers for that role in the test farm to test for such issues.

Distribution of servers in a physical test environment
Identify and install customizations

To have an accurate test process, you must find all the customizations in your current environment and copy them to the test environment. For more information about the types of customizations that you have to identify, see Create a plan for current customizations during upgrade to SharePoint 2013.
- Use the Stsadm –o enumallwebs operation on all content databases in your SharePoint 2010 Products environment to identify specific customizations in subsites. This operation lists an ID for each site collection and subsite in your environment and the templates that the site relies on. For more information, see Enumallwebs: Stsadm operation.
- Use a tool such as WinDiff (a tool that is provided with most Microsoft operating systems) to compare your production environment servers with your test farm servers. You can use this tool to see which files exist on your servers and the differences between them.
- Check the web.config files for any changes, and look in the SafeControls element to find any custom controls.
- Use the SharePoint Diagnostics Tool (SPDiag) to find deployed solutions. For more information, see SharePoint Diagnostics Tool (SPDiag).
- Create a list of all customizations that you find. Identify the source of the customizations, if it is possible. For example, are there third-party add-ins or templates that were customized in-house? After you identify the source, you can then check for updated or upgraded versions of the customizations. Download the SharePoint 2013 Products Preview Upgrade Worksheet and record information about your environment, based on your research on your customizations.
Tip:

Whom do you contact about customizations that you did not create?
- Contact Microsoft if you have problems with a template that you downloaded from the Microsoft website.
- Contact your third-party solution vendor if you have problems with a template or component that they supplied you for the earlier version. An upgraded version may be available.
After you identify all the customizations, copy them to the appropriate servers in your test farm. Ensure that the following customizations are deployed:
- Solutions – by default legacy solutions are deployed to the /14 directories. Use the CompatibilityLevel parameter when you install the solutions to deploy them to the /15 directories. For more information, see Install-SPSolution.
- Custom Master Pages
- Custom JavaScript
- Custom CSS files (including those for themes)
- Custom workflow actions (must be included in actions file)
- Confirm large list query throttling settings to make sure that large lists are displayed as expected.
When you test customizations, use the following guidance:
- Check for visual changes.
- Check for behavioral changes.
- Test in both 2010 and 2013 mode site collections.
- Look for any language or resource loading issues.
  
  This is an issue that can occur when customizations exist in 2010 mode and new customizations replace them in 2013 mode. Because there is only one global directory for language resources, there can be an issue loading the correct file. Make sure that replacement 2013 customizations include the 2010 resources so that the customizations can continue to work correctly in both modes.
- Validate that upgrade did not affect customizations. Ensure that customizations do not block site collection upgrade.
You can use the Test-SPContentDatabase Windows PowerShell cmdlet before you attach a database to SharePoint 2013 to determine whether any customizations are missing from the environment. Run this command for each database after you restore the databases to your database server but before you run the upgrade. Note that this cmdlet runs silently — it will not return any output unless there is an issue found.
Copy real data to the test environment and upgrade databases
You cannot achieve your testing goals unless you use your actual data. Use the Microsoft SQL Server backup and restore tools to create a copy of your content and services databases.

There is no better way to tell what may occur during upgrade than to perform the test on a copy of all the data. However, this might not always be a realistic option for initial testing. You can test in phases by testing one database at a time (if the databases are large) so that you can make sure that you test whatever is unique about that dataset. Or, you can assemble a subset of data from representative sites in your environment. If you want to first test by using a subset of your data, be sure that the subset has the following characteristics:
- The data subset contains sites that are typical of the sites that you support in your environment.
- The size and complexity of the data subset closely resembles the actual size and complexity of your environment.
Important:

Testing a subset of your data does not produce a valid benchmark for how long it will take to process the whole volume of data for your environment.
After you copy the data, take a first pass through the upgrade process to see what happens. This is just the preliminary round. Follow the steps in Attach databases and upgrade to SharePoint 2013 to try the database attach upgrade process.

When you test the upgrade process, make sure that you test services that are shared across farms. Consider all states, such as the following:
- A SharePoint Server 2010 farm connected to a SharePoint Server 2013 services farm.
- A SharePoint Server 2013 farm connected to a SharePoint Server 2013 services farm.
- Different version farms for different services.
Use the test environment to find any security, configuration, compatibility, and performance issues for service applications.
Review results after you upgrade databases
After your test upgrade has finished, you can review the results and revisit your plans. Look at the log files, look at the upgraded sites, and review your customizations. How did upgrade work for your environment? What did you discover? What do you have to rethink about the upgrade plan?
- Review the log files
Review the upgrade log file and the upgrade error log file (generated when you run the upgrade). The upgrade log file (.log) and the upgrade error log file (.err) are located at %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\15\LOGS. The log files are named in the following format: Upgrade-YYYYMMDD-HHMMSS-SSS.log, where YYYYMMDD is the date and HHMMSS-SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds).

The format of the log files complies with the Unified Logging System (ULS) conventions. To review the log files to find and troubleshoot issues, start at the top of the files. Errors or warnings may be repeated if they occur for several site collections in the environment, or if they block the upgrade process completely. For example, if you cannot connect to the configuration database, the upgrade process will try (and fail) several times and these tries will be listed in the log file.
- Review sites in 2010 mode
Verify that the site collections that were not upgraded work as expected in 2010 mode. Sites should look and behave as they did in SharePoint 2010 Products. Some changes are expected. For example, Office Web Apps and the web analytics features have changed in SharePoint Server 2013 and sites that used these features will be affected. For information about specific things to look for, see Review site collections upgraded to SharePoint 2013.
- Run upgrade again, if it is necessary
If you have to, you can restart the upgrade process for a database by using the Upgrade-SPContentDatabase Windows PowerShell cmdlet. For more information about this cmdlet, see Upgrade-SPContentDatabase. For more information, see Restart a database-attach upgrade or a site collection upgrade to SharePoint 2013.
Upgrade site collections and My Sites

After you have tested and validated upgrade for the content and services databases, you can test the upgrade process for site collections. Follow the steps in Upgrade site collections to SharePoint 2013 to test the site collection upgrade process. If you have My Sites in your environment, see Overview of the upgrade process to SharePoint 2013 for more information about the process of upgrading them.

Note:

Content about My Sites applies only to SharePoint Server 2013.
Review results after you upgrade site collections

Review upgraded sites visually to identify any issues that have to be addressed before you run the upgrade process on your production environment. For more information about specific things to look for, see Review site collections upgraded to SharePoint 2013.

Review the site collection upgrade log files to check for any issues, starting from the top down. Check the summary section near the end of the log file to see a count of issues and the actual upgrade status (if there is no status, that means that the upgrade process failed and site upgrade must be retried). The site collection log files are stored both in the site collection itself (in the _catalogs/Upgrade document library), and on the file system. The file system log file has more information if you want details about issues. The file system version of the site upgrade log file is located at %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\15\LOGS. The log files are named in the following format: SiteUpgrade-YYYYMMDD-HHMMSS-SSS.log, where YYYYMMDD is the date and HHMMSS-SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds).
Adjust your plans and test again

Repeat the testing process until you are sure that you have found all the issues that you may face and that you know how to deal with them. Your goal is to know what your plan is if it is 4:00 P.M. on Sunday, you have to be back online Monday morning, and it is not going well. Is there a point of no return? Test your fallback plan and make sure that it works before you begin your real upgrade.

Troubleshoot database upgrade issues in SharePoint 2013

Published: July 16, 2012

Summary: Learn how to address problems that may occur after you upgrade a database to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Even after you test the upgrade process to identify potential issues, you might experience unexpected issues during an upgrade from SharePoint 2010 Products to SharePoint 2013. If you experience issues after upgrade, the sooner you detect and fix them, the better the end-user experience will be.

This article includes a list of common issues and describes general principles to help you identify and address upgrade issues. After you identify and address the issues, you can resume upgrade. For more information about how to resume upgrade, see Restart a database-attach upgrade or a site collection upgrade to SharePoint 2013.
General principles to identify issues
Check the upgrade status to see where upgrade stopped (if it did stop), and check log files to find errors or warnings. Next, address the issues that you find before you resume the upgrade.
- First, check upgrade status and log files
Upgrade status indicators and log files indicate what went wrong during the upgrade process. We recommend that you carefully review all the errors that were logged in the upgrade log files. Warnings might not always indicate an issue, but you should review them all to determine whether any of them are likely to cause even more issues.

Review the Upgrade Status page in the SharePoint Central Administration website.

For more information about how to check upgrade status, see Verify database upgrades in SharePoint 2013.
Review the following log files:

The upgrade error log file and the upgrade log file (which contains more detailed information than the upgrade error log file).
ULS or trace log files.

These files are stored in the %COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\15\LOGS folder and are named Servername_YYYYMMDD–MMSS.log.
The application event log file.

This file can be viewed by using the Event Viewer.

For more information about the upgrade log files, see Verify database upgrades in SharePoint 2013. For more information about the trace log file, see Trace Logs on MSDN.
Then, address issues in order

Some issues have more effect than others. For example, a missing server-side file can cause many seemingly unrelated errors at the site level.

Address issues in the following order:

Missing server-side files or customizations, such as features or Web Parts.

Be sure to install all server-side customizations, such as features, Web Parts, and so on. Be sure to install customizations to the correct location in your new farm. For example, additional style sheets that you must have for SharePoint 2010 Products should be installed in the /14 path, not the new /15 path so that site collections that you have not upgraded can use them. Also, make sure that that you transfer all unique settings from the Web.config files for each web application to the new servers.
Configuration issues in the server farm, web application, or service applications, such as managed paths or service applications that are not started.
Additional issues that you discover on a site-by-site basis, starting with high-profile or very important sites.

As you identify and fix the top-level issues, you can try to run upgrade again to see whether any issues that occurred later in the upgrade process have also been fixed.

Common issues
Check to see whether any of the following issues cause an upgrade error or warning.
- Q: I want to upgrade from a pre-release version of SharePoint 2013
- A: Upgrade from a pre-release version of SharePoint 2013 to the release version of SharePoint 2013 is not supported.
  
  Pre-release versions are intended for testing only and should not be used in production environments. Upgrading from one pre-release version to another is also not supported.
  
  Q: The log says I have missing templates, features, or other server-side customizations
One common error during upgrade is missing server-side files — either files that were installed with SharePoint 2010 Products or customized files. When you prepared for upgrade, you should have created an inventory of the server-side customizations (such as site definitions, templates, features, Web Parts, assemblies) that your sites required. Check this inventory to make sure that all the files that are needed for your customizations are installed in your new environment.

You can use the test-spcontentdatabaseWindows PowerShell cmdlet before you upgrade the database to identify missing files. You can also use the enumallwebs operation in Stsadm.exe to identify server-side customizations that are being used.

In the upgrade log files, you may see errors such as the following:
- ERROR Found Reference Count web(s) using missing web template Site Template Identifier (lcid: Site Template Language Code) in ContentDatabase Content Database Name.
- ERROR Found a missing feature Id = [Feature Identifier]
- WARNING File [Relative File Path] is referenced [Reference Count] times in the database, but is not installed on the current farm.
- WARNING WebPart class [Web Part Identifier] is referenced [Reference Count] times in the database, but is not installed on the current farm.
- WARNING Assembly [Assembly Path] is referenced in the database, but is not installed on the current farm.
- WARNING Feature could not be upgraded. Exception: Feature definition id ‘Feature Identifier’ could not be found.
If you can obtain a missing server-side file or dependency, install it, and then run upgrade again for the affected sites. If the file or dependency (such as a Web Part) was deprecated, you have to investigate whether you want to rebuild the site, page, or Web Part to use a different template, feature, or Web Part. If you can redo the customization by using dependencies that were not deprecated, you can run upgrade again for the affected sites. If you cannot remove the dependency, you cannot upgrade the site.

After you install the missing file or dependency, use the test-SPContentDatabase Windows PowerShell cmdlet on a test server to determine whether any other files for that database are missing. If you only run upgrade again, the error might not appear in the log files, even though it might still be occurring.
- Q: The log file says that something is not right with my farm, web application, or service application configuration settings
- A: Verify your farm and web application settings.
- A: Create and start missing service applications
- A: Verify that managed paths (included paths) are configured correctly for each web application.
In the upgrade log files, you may see errors such as the following:
- A: Clean up orphaned sites, lists, and other database corruptions before you try upgrade again. For more information about how to clean up data issues, see Clean up an environment before an upgrade to SharePoint 2013.
  
  In the upgrade log files, you may see errors such as the following:
  - WARNING The orphaned sites could cause upgrade failures.
  - ERROR Database [Content Database Name] contains a site (Id = [Site Collection Identifier], Url = [Site Collection URL]) that is not found in the site map.
    
    Fix any orphaned items or database corruptions, and then run upgrade again.
  - Q: I ran out of disk space
- A: Free some space, or increase the size of the transaction log file before you resume upgrade. If you run out of space (for example, for transaction log files on your database servers), upgrade cannot continue.
  
  For more information, see Managing the Size of the Transaction Log File.
  
  Q: I see an error about authentication
A mismatch in authentication methods can cause problems when you upgrade. The following resources can help if you have a mismatch between authentication methods:
- Classic-to-claims authentication
  
  Make sure that the web applications that you created in SharePoint 2013 use the same authentication method that was used in SharePoint 2010 Products. Claims-based authentication is the default authentication method for web applications in SharePoint 2013. If the web application was using classic mode, you can either update it to claims before you upgrade the database, or create the web application in classic mode and then migrate it to claims. For more information about how to change to claims authentication in SharePoint 2010 Products, see Migrate from classic-mode to claims-based authentication in SharePoint 2013. For more information about how to create a web application that uses classic mode, and then migrating to claims, see Create web applications that use classic mode authentication in SharePoint 2013 and Migrate from classic-mode to claims-based authentication in SharePoint 2013
- Forms-based authentication
  
  Additional steps are necessary if you are upgrading an environment that uses forms-based authentication. Follow the steps in Configure forms-based authentication for a claims-based web application in SharePoint 2013 to upgrade forms-based authentication providers.
  - Q: SQL Server says I don’t have permissions

Troubleshoot site collection upgrade issues in SharePoint 2013

Updated: October 2, 2012

Summary: Learn how to address problems that may occur after you upgrade a site to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

When you upgrade a site collection to SharePoint 2013, errors can occasionally occur. This article helps you understand those errors and address them.

For more information about how to review UI issues in sites, see Review site collections upgraded to SharePoint 2013.
Check upgrade status and log files

Upgrade status indicators and log files should give you an indication of what went wrong during the upgrade process. We recommend that you carefully review all the errors in the upgrade log files. Warnings might not always indicate an issue, but you should review them all to determine whether any of them are likely to cause even more issues.

Review the upgrade status page for your site collection.

On the Site Settings page for the site collection, in the Site Collection Administration section, click Site collection upgrade. On the Site Collection Upgrade page, click Review Site Collection Upgrade Status.
Review the site collection upgrade log files. You can review the site collection upgrade logs from the following locations:

For site collection administrators: There are also log files for site collection upgrade stored inside the site collection itself, in the Maintenance Logs catalog at (http://<SiteName>/_catalogs/MaintenanceLogs/YYYYMMDD-HHMMSS-SSS.txt , where YYYYMMDD is the date and HHMMSS-SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds).
For farm administrators: The site collection upgrade log file and the upgrade error log file are located at %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\15\LOGS. The logs are named in the following format: SiteUpgrade-YYYYMMDD-HHMMSS-SSS.log, where YYYYMMDD is the date and HHMMSS-SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds). These file system logs have more information if you want details about issues.

Common issues

Check to see whether any of the following issues are causing an upgrade error or warning or a problem in your site.
- Q: I don’t see a UI control on the page that used to be there
- A: Reset the page to the default version (that is, reghost it).
Making changes to the site UI can cause problems in site upgrades. If a page was customized to place a UI control in a non-standard location, you can reset the page to the default version to recover the control.

To reset the page, you can use the Reset to site definition link under Site Actions on the Site Settings page or use the Reset to Template command in SharePoint Designer.
- Q: The view on a large list is not working any longer
- A: Create indexed columns, folders, or new views for large lists. You might have to add the indexed column to your existing views.
If a list is very large, and users use a view or perform a query that exceeds the limit or throttling threshold, the view or query will not be permitted. You can create indexed columns with filtered views, organize items into folders, set an item limit on the page for a large view, or use an external list. For more information about large list throttling and how to address issues with large lists, see Manage lists and libraries with many items on Office Online.
- Q: I see an error about a duplicate content type name
- A: Rename content types or fields that conflict with default names.
Occasionally, custom elements (such as a content type) may have a name that conflicts with a name in the new version.

In the upgrade log files, you may see an error such as the following:
- Failed to activate site collection features on site Site Url. Exception: A duplicate content type name “name” was found.
  
  This error indicates that a third-party content type was added to the specified site in SharePoint Server 2010. During upgrade to SharePoint Server 2013 its name conflicted with the default content type by the same name. Rename the third-party content type in the specified site to a different name and run upgrade again. Note that either renaming or removing a content type can cause any customizations dependent on that content type to stop working.
  - Q: My site looks ugly, doesn’t behave as expected, or I see script errors
- A: Either edit the page or reset the page to the default version, or remove or replace the custom files.
  
  A problem with custom or inline JavaScript or CSS files can cause these issues.
  - Q: Custom content in my site disappeared or doesn’t work
- A: Change the master page, or change the content so that it doesn’t require specific zones.
  
  The master page might have different zone layouts and the content might no longer reference it correctly. As a last resort, you can also reset the page to the default version. However, if you reset the page, you might lose zone specific content.
  - Q: I receive an error that says a control or page cannot render
- A: Do one of the following:
  - If a Web Part was added that is not installed, contact the farm administrator to have it installed. If is a Web Part that is no longer available or not supported, then use the Web Part maintenance view to remove the Web Part from the page (remove, do not just close the Web Part).
  - If a page was directly edited, either edit it again to remove the control or Web Part or reset the page to the default version.
    
    A Web Part or other control might have been added to the page that is not installed or is no longer supported. Either a Web Part was added to a zone or the page was directly edited to add a control or Web Part reference directly inline (possibly on a master page).
  - Q: I receive an error that I cannot create a subsite based on a site template because the site template uses the 2010 experience version and my site collection is in the 2013 experience version
- A: Recreate the site template in the 2013 experience.
  
  To recreate the site template, create a new subsite based on the 2013 experience, customize it again to match the template that you had, and then save the customized subsite as a template (on the Site Settings page, click Save site as template).
Restart a database-attach upgrade or a site collection upgrade to SharePoint 2013

Published: July 16, 2012

Summary: Learn how to restart a database-attach upgrade or a site collection upgrade to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

In some cases, you might have to restart upgrade to finish a database-attach upgrade from SharePoint 2010 Products to SharePoint 2013. For example: if a template or language pack is missing from the environment, or if you lose the connection to SQL Server, you will have to resolve the issue and then restart upgrade. You might also need to retry or restart a site collection upgrade if it was unable to complete.

Note:

One frequent cause of failures during upgrade is that the environment is missing customized features, solutions, or other elements. Be sure that any custom elements that you must have are installed on your front-end web servers before you start the upgrade process. You can use the test-spcontentdatabaseWindows PowerShell cmdlet to identify any custom elements that your sites might be using. For more information, see Identify and install customizations in the article “Use a trial upgrade to find potential issues.”
Restart upgrade for a database by using Windows PowerShell

If the upgrade ran into issues during the database-attach upgrade, you can restart the upgrade process for the database after you have addressed the issue by using a Windows PowerShell cmdlet.

To restart upgrade for a database by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt (PS C:\>), type the following command:

upgrade-spcontentdatabase <Name>

Where:

Name is the database name that you want to upgrade.

You can also use the -id parameter and provide the database GUID instead of a database name. You can run the following cmdlet to find the GUID for a content database:

Get-SPContentDatabase -Identity <content_database_name>

For more information, see Upgrade-SPContentDatabase and Get-SPContentDatabase.

Restart upgrade for a site collection

If upgrade ran into issues during a site collection upgrade, you can restart the upgrade process for the site collection after you have addressed the issue. You can use either the Site Settings page or a Windows PowerShell cmdlet to restart upgrade for a site collection.

To restart upgrade for a site collection

Verify that the user account that performs this procedure is a site collection administrator.
On the Site Settings page for the site collection, in the Site Collection Administration section, click Site collection upgrade.
On the Site Collection Upgrade page, click Upgrade this Site Collection.

This option starts to upgrade your site collection. A box opens to verify that you want to start the process.
Click I’m ready to start the actual upgrade.

Note:

The site collection health checks are run automatically in repair mode before the upgrade starts. The results from the health checks are included in the upgrade log for the site collection. If there is an error, you must address it before you can continue to upgrade.

The upgrade starts, and the Upgrade status page for the site collection is displayed. This page automatically updates while the upgrade is in progress and displays information about the process, such as the following:

Errors or warnings
When the upgrade started
Where you can find the upgrade log file

After the upgrade is complete, the Upgrade status page is displayed in the new user interface with the message, Upgrade Completed Successfully.

Click Let’s see the new site to go to the home page.

Farm administrators can restart upgrade by using Windows PowerShell.

To restart upgrade for a site collection by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Windows PowerShell

Upgrade-SPSite <http://site> -VersionUpgrade [-Unthrottled]

Where:

<http://site> is the URL for the site collection.
Add the option -Unthrottled option to skip the site collection upgrade queue and start the upgrade immediately.

For more information, see Upgrade-SPSite.

Upgrade databases from SharePoint 2010 to SharePoint 2013

Published: July 16, 2012

Summary: Find resources to help you perform the steps to upgrade databases from SharePoint 2010 Products to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

After you learn about the upgrade process, plan for your upgrade, and test your upgrade process by following the steps in the articles in Test and troubleshoot an upgrade to SharePoint 2013, you are ready to perform a database-attach upgrade to SharePoint 2013. Follow the steps in this section for both a trial upgrade and your actual upgrade for your production farm.

The following downloadable resources, articles on TechNet, video recordings, and related resources provide information about upgrading databases to SharePoint 2013.
Downloadable resources about upgrading databases

Download the following content for information about upgrading databases.

Content

Description

SharePoint 2013 Products Preview – Upgrade Process model

Describes the steps in the process for a database-attach upgrade

TechNet articles about upgrading databases

The following articles about how to upgrade databases are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

	Content	Description
	Checklist for database-attach upgrade (SharePoint 2013)	Use this checklist to make sure that you follow all necessary steps as you prepare for upgrade, perform the upgrade, and perform post-upgrade steps.
	Attach databases and upgrade to SharePoint 2013	Follow these steps to configure a new SharePoint 2013 environment, and then attach and upgrade content and service application databases.
	Verify database upgrades in SharePoint 2013	Verify that the upgrade for your databases has succeeded and that you are ready to begin to upgrade sites.
	Migrate from classic-mode to claims-based authentication in SharePoint 2013	Convert SharePoint 2010 Products or SharePoint 2013classic-mode web applications to claims-based authentication or create new claims-based web applications in SharePoint 2013.
	Configure forms-based authentication for a claims-based web application in SharePoint 2013	Learn how to configure forms-based authentication with an LDAP provider for a new SharePoint 2013 web application.

Additional resources about upgrade

The following resources about upgrade to SharePoint 2013 are available from other subject matter experts.

	Content	Description
	Upgrade and Migration Resource Center for SharePoint 2013 Products	Visit the Resource Center to find additional information about upgrades to SharePoint 2013.
	What’s New in SharePoint 2013 Products Resource Center	Visit the Resource Center to learn about what‘s new in SharePoint 2013.

Checklist for database-attach upgrade (SharePoint 2013)

Updated: October 16, 2012

Summary: Use this checklist as you upgrade from SharePoint 2010 Products to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

This checklist helps you confirm that you follow all the steps that you must follow as you prepare for upgrade, perform the upgrade, and perform post-upgrade steps. This checklist applies only to upgrade of the content and service application databases. It does not apply to upgrade of My Sites or other site collections. For more information, see Upgrade site collections to SharePoint 2013.

In this article:
Some steps include notes about how long that step might take. These rough estimates only give you a relative idea of the duration of the step. To discover how much time each step will take for your environment, we recommend that you perform trial upgrades in a test environment. For more information, see Use a trial upgrade to SharePoint 2013 to find potential issues and Plan for performance during upgrade to SharePoint 2013.

Important:

The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server 2013, except for the steps about how to upgrade the service applications, which apply mostly to SharePoint Server 2013 (the Business Data Connectivity service application applies to both).

Prepare for upgrade

Follow these steps in order before you start an upgrade to SharePoint 2013:

Pre-upgrade steps

Step		Notes
[ ]	Create an inventory of server-side customizations in the environment Create an inventory of the server-side customizations in your environment (solutions, features, Web Parts, event handlers, master pages, page layouts, CSS files, and so on). Record all customizations needed for your environment in the upgrade worksheet. Detailed steps: Identify and install customizations in the “Use a trial upgrade to find potential issues” article.	Complete this step for the whole environment. Check each web server to make sure that you don’t miss any customizations. Keep the inventory up to date as you prepare for the upgrade.
[ ]	Clean up your environment Before you begin to upgrade, make sure that your environment is functioning in a healthy state and that you clean up any content that you do not have to upgrade. Clean up any orphaned sites or data, address any large lists and large ACLs, remove extraneous document versions, and remove any unused templates, features and Web Parts. Detailed steps: Clean up an environment before an upgrade to SharePoint 2013.	Complete this step one time for the whole environment. This process might take days or weeks to finish.
[ ]	Test the upgrade process Try out upgrade in a test environment to find any issues and determine how long your actual upgrade might take. Detailed steps: Use a trial upgrade to SharePoint 2013 to find potential issues	Perform this step multiple times, until you are prepared to perform the actual upgrade.

Complete the database attach upgrade

Follow these steps in order while you upgrade the content and service application databases for your environment.

Detailed steps: Attach databases and upgrade to SharePoint 2013.

Prepare the new environment

Step		Notes
[ ]	Install and configure SharePoint 2013 and any language packs Install the prerequisite software, and then install and configure SharePoint 2013.	Complete these steps on each server in your farm. This step might take one hour or more, depending on the number of servers are in your environment.
[ ]	Configure service applications Enable and configure the services that you need in your new environment. Do not configure the following service applications – you will configure them while you upgrade their databases later in the process: Business Data Connectivity service Managed Metadata service PerformancePoint services Search Secure Store service User Profile service	Complete this step one time for the whole environment.
[ ]	Configure general farm settings Reapply any general farm settings that you must have from your previous farm — such as blocked file types, e-mail setting, and quota settings — and add users or groups to the Farm Administrators group. Configure new settings such as usage and health data collection, diagnostic logging, and mobile accounts. Important: If you had disabled the Workflow Auto Cleanup timer job in your SharePoint 2013 environment, make sure that you disable this timer job in your new environment also. If this timer job is enabled in the new environment and disabled in the previous version environment, you might lose workflow associations when you upgrade. For more information about this timer job, see Disable preservation of workflow history (SharePoint Server 2010).	Complete this step one time for the whole environment.

Back up and restore databases

Step		Notes
[ ]	Record the passphrase for the Secure Store service application The Secure Store service application uses a passphrase to encrypt information. You must record this passphrase so that you can use it in the new environment.	Complete this step one time for each Secure Store service application in the environment.
[ ]	Set the previous version databases to be read-only If you want your original environment to remain available to users in a read-only state, set the databases to read-only before you back them up.	Complete this step for each content database in your environment. Depending on your organization, you might need a database administrator to complete this step.
[ ]	Back up databases Back up all the content databases and the following service application databases before you begin the database attach upgrade process: Business Data Connectivity Managed Metadata PerformancePoint Search Administration Secure Store User Profile: Profile, Social, and Sync databases	Complete this step for each content database and supported service application database in your environment. This step can take an hour, several hours, or longer, depending on your dataset and your environment. Depending on your organization, you might need a database administrator to complete this step.
[ ]	Export the encryption key for the User Profile service application The User Profile Service service application requires an encryption key that is stored separately from the database and is needed if you want to upgrade the User Profile Sync database.	Complete this step one time for each User Profile service application in the environment.
[ ]	Restore a backup copy of the databases Restore the databases from the backup.	Complete this step for each content database and supported service application database in your environment. This step can take an hour or longer, depending on your dataset and your environment. Depending on your organization, you might need a database administrator to complete this step.
[ ]	Set the restored databases to be read-write Before you can attach and upgrade the databases that you copied to the new environment, you must set them to read-write.	Complete this step for each content database and supported service application database in your environment. Depending on your organization, you might need a database administrator to complete this step.

Upgrade service application databases

Step		Notes
[ ]	Start the service application instances Start the following service instances from Central Administration: Business Data Connectivity service Managed Metadata service PerformancePoint services Secure Store service User Profile service Start the instance of the Search service application by using Windows PowerShell.	Complete this step one time for the whole environment.
[ ]	Upgrade the Secure Store service application Use Windows PowerShell to create the new service application and upgrade the database, create a proxy and add it to the default proxy group, and then restore the passphrase from the previous environment.	Complete this step one time for each Secure Store service application in the previous environment.
[ ]	Upgrade the Business Data Connectivity service application Use Windows PowerShell to create the new service application and upgrade the database. You do not have to create a proxy for the Business Data Connectivity service application. Note: The Business Data Connectivity service application is available in both SharePoint Foundation 2013 and SharePoint Server 2013.	Complete this step one time for each Business Data Connectivity service service application in the previous environment.
[ ]	Upgrade the Managed Metadata service application Use Windows PowerShell to create the new service application and upgrade the database, and then create a proxy and add it to the default proxy group. You must upgrade the Managed Metadata service application before you can upgrade the User Profile service application.	Complete this step one time for each Managed Metadata service application in the previous environment.
[ ]	Upgrade the User Profile service application Use Windows PowerShell to create the new service application and upgrade the database, and then create a proxy and add it to the default proxy group. After you have created the User Profile service application, you must import the Microsoft Identity Integration Server Key (MIIS) encryption key. Finally, you can start the User Profile Synchronization service.	Complete this step one time for each User Profile service application in the previous environment.
[ ]	Upgrade the PerformancePoint Services service application Use Windows PowerShell to create the new service application and upgrade the database, and then create a proxy and add it to the default proxy group.	Complete this step one time for each PerformancePoint Services service application in the previous environment.
[ ]	Upgrade the Search service application Use Windows PowerShell to create the new service application and upgrade the database, and then create a proxy and add it to the default proxy group. Note: This step applies to only SharePoint Server 2013. Although SharePoint Foundation 2013 includes search functionality, it is not the same Search service application that is in SharePoint Server 2013 and it cannot be upgraded.	Complete this step one time for each Search service application in the previous environment.
[ ]	Verify that all of the new proxies are in the default proxy group Use the Get-SPServiceApplicationProxyGroup cmdlet to verify that all of the service application proxies are in the default proxy group.	Complete this step one time for the whole environment.

Create web applications

Step		Notes
[ ]	Create and configure web applications Create a web application for each web application that existed in the old environment.	Complete this step one time for the whole environment.
[ ]	Reapply server-side customizations Manually transfer all server-side customizations to your new farm. Refer to the inventory that you created in the upgrade worksheet to make sure that you install all components that your sites depend on to work correctly. When you install solutions, make sure that you add it to the appropriate path (/14 or /15). If you want a solution to be available to both paths, install it two times, and the second time use the CompatibilityLevel parameter when you install it, and it will be installed to the /15 path.	Make sure that you reapply customizations to all web servers in the farm.
[ ]	Verify custom components Use the Test-SPContentDatabase Windows PowerShell cmdlet to verify that you have all the custom components that you need for that database.	Complete this step for each content database in your environment. Running the cmdlet takes only a few minutes, but addressing issues might take longer.

Attach and upgrade content databases

Step

Notes

[ ]

Attach a content database to a web application

Attach the content database that contains the root site collection first. For My Sites, attach the content database that contains the My Site host before attaching databases that contain the My Sites.

You must perform this action from the command line. Use the Mount-SPContentDatabaseWindows PowerShell cmdlet.

Complete this step for one content database in your environment.

This step might take several minutes or several hours, depending on your dataset and hardware on the web servers, database servers, and storage subsystem.

[ ]

Verify upgrade for the first database

Verify that upgrade succeeded for the first database, and review the site to see whether there are any issues.

Detailed steps: Verify database upgrades in SharePoint 2013.

Complete this step for the content database that you just attached.

[ ]

Attach remaining databases

Attach and upgrade the remaining content databases in your environment. You must complete this action from the command line.

Complete this step for each of the remaining content databases in your environment.

This step might take several minutes or several hours, depending on your dataset, whether you are upgrading multiple databases in parallel, and the hardware on the web servers, database servers, and storage subsystem.

[ ]

Monitor upgrade progress

Use the Upgrade Status page in the SharePoint Central Administration website to monitor progress as your databases are upgraded.

Detailed steps: Verify database upgrades in SharePoint 2013.

Complete this step for each content database that you upgrade.

This step might take several minutes, an hour, several hours, or days, depending on your content.

[ ]

Verify upgrade for the remaining database

Verify that upgrade succeeded for the remaining databases.

Detailed steps: Verify database upgrades in SharePoint 2013.

Complete this step for each of the remaining content databases in your environment.

This step might take several minutes, an hour, several hours, or days, depending on your content.

Complete post-upgrade steps

Follow these steps in order after you perform a database-attach upgrade.

Post upgrade steps for database attach upgrade

Step		Notes
[ ]	Verify that site collections are working as expecting in 2010 mode Review the site collections and make sure that they work in 2010 mode before you begin to upgrade any site collections. You can use a similar review list as the one provided for upgraded sites in Checklists for reviewing upgraded sites	Complete this step one time for your whole environment.
[ ]	Migrate user accounts to claims authentication, if it is necessary By default, new web applications in SharePoint 2013 use claims authentication. If you were using classic authentication in the previous environment, you must migrate the users to claims authentication. For more information, see Migrate from classic-mode to claims-based authentication in SharePoint 2013.	Complete this step one time for every web application that has changed authentication methods.
[ ]	Update links that are used in any upgraded InfoPath form templates For a database-attach upgrade, you exported and imported all InfoPath form templates in your environment when you created the new environment. After upgrade, you can now update the links that are used in those upgraded form templates to point to the correct URLs by using a Windows PowerShell cmdlet. For more information, see Configure InfoPath Forms Services (SharePoint Server 2010).	Complete this step one time for your whole environment.
[ ]	Configure your Search topology The architecture for the Search service has changed for SharePoint Server 2013. Plan and configure your Search topology to suit your environment and the new architecture. For more information, see Scale search for performance and availability (SharePoint Server 2013) and Manage search topology (SharePoint Server 2013).	Complete this step one time for your whole environment.
[ ]	Start a full crawl After all content is upgraded and all settings are configured, you can start a full search crawl of your content. For more information, see Start, pause, resume, or stop a crawl (SharePoint Server 2013).	Complete this step one time for your whole environment. A full crawl can take several hours or days to complete, depending on how much content is in your environment.
[ ]	Back up your farm Back up your farm so that you have a current backup of your upgraded environment before you start to upgrade site collections. For more information, see Back up a farm in SharePoint 2013.	Complete this step one time for your whole environment.

Attach databases and upgrade to SharePoint 2013

Updated: October 16, 2012

Summary: Learn how to upgrade content and service application databases from SharePoint 2010 Products to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

When you use the database-attach upgrade approach to upgrade from SharePoint 2010 Products to SharePoint 2013, you upgrade the content databases and several service application databases. You do not upgrade the configuration database for your farm.

This article describes how to set up your new environment and perform a database-attach upgrade. This article does not provide steps for how to upgrade a site collection. For steps to upgrade a site collection, see Upgrade site collections to SharePoint 2013.

For an overview of the whole upgrade process, see Overview of the upgrade process to SharePoint 2013. For an overview of how to upgrade services, see Services upgrade overview for SharePoint Server 2013.

Important:

Although this article applies to both SharePoint Foundation 2013 and SharePoint Server 2013, the sections about how to upgrade service applications apply to SharePoint Server 2013. (The exception is the section about how to upgrade the Business Data Connectivity service application which applies to SharePoint Foundation 2013 and SharePoint Server 2013).

This article is about 35 printed pages.
Before you begin
Before you start to upgrade, you must collect information and settings about your existing environment. You have to know what is in your SharePoint 2010 Products environment before you can start to build your SharePoint 2013 environment. Gather information such as the following:
- Alternate access mappings
- Authentication providers and authentication modes that are being used
- Quota templates
- Managed paths
- Self-service site management settings
- Incoming and outgoing e-mail settings
- Customizations
Before you create the new environment for a database-attach upgrade, review the following information about permissions, hardware requirements, and software requirements.
- Hardware and software requirements (SharePoint 2013)
- Initial deployment administrative and service accounts in SharePoint 2013
Before you attach and upgrade databases, review the following information about permissions, hardware requirements, and software requirements. Follow the specified steps to install or configure prerequisite software or to change settings.
- Ensure that the account that you use to attach the databases is a member of the db_owner fixed database role for the content databases that you want to upgrade.
- Check for and repair all database consistency errors.
  
  For more information, see Database maintenance for SharePoint Server 2010.
You also have to turn off or remove services or components in the SharePoint 2010 Products environment that could cause errors in the upgrade process. The following services or components should be removed or stopped before you back up your databases:
- Web Analytics The architecture for the Web Analytics service application is different in SharePoint 2010 Products. The presence of SharePoint Server 2010 Web Analytics information in your content databases could cause an error during upgrade. Stop the Web Analytics service application before you back up the content databases. Features and Web Parts from Web Analytics in SharePoint Server 2010 will not exist in SharePoint Server 2013, even for a site collection in 2010 mode. Remove any Web Analytics Web Parts or features from SharePoint Server 2010site collections before upgrade.
  
  For more information about this change to Web Analytics, see Changes from SharePoint 2010 to SharePoint 2013.
- PowerPoint Broadcast Sites The Office Web Apps have changed into a separate server product, Office Web Apps Server, which can serve multiple SharePoint farms for viewing and editing documents. Because of this change, PowerPoint Broadcast sites cannot be upgraded to SharePoint Server 2013. For more information about how to install and use Office Web Apps Server with SharePoint 2013, see Deploy Office Web Apps (Installed on SharePoint 2010 Products).
Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Back to top
Install SharePoint 2013 in a new environment

Before you can upgrade your databases, you must use SharePoint 2013 to configure a new server or server farm. The first step in creating your new environment is to install SharePoint Server 2013 or SharePoint Foundation 2013 and configure your new server or server farm. You must do the following:

Run the Microsoft SharePoint Products Preparation Tool to install all required software.
Run Setup to install the product.
Install all language packs that you want in your environment.

Note:

For more information about how to install available language packs, see Install or uninstall language packs for SharePoint 2013.

Run the SharePoint Products Configuration Wizard to configure your server or servers.

Important:

Some service applications can be upgraded by using a service application database upgrade. If you want to upgrade these service applications by upgrading the service application databases, do not use the Farm Configuration Wizard to configure these service applications when you set up your new farm.

For step-by-step instructions for these tasks, see Install SharePoint 2013.

Configure service applications and farm settings

You must create the service applications on your new farm before you upgrade your content databases. The steps in Install SharePoint 2013 describe how to use the Farm Configuration Wizard to enable all service applications.

You can upgrade the following service applications by performing a services database upgrade:
- Business Data Connectivity service
- Managed Metadata service
- PerformancePoint services
- Search
- Secure Store service
- User Profile service
For an overview of how to upgrade these service applications, see Services upgrade overview for SharePoint Server 2013. The steps that you must follow to upgrade these service application databases are included in the Upgrade service application databases section.

The following services in SharePoint Server 2013 also require additional steps to enable and configure when you upgrade:
- Excel Services
  
  You can use the Farm Configuration Wizard to enable this service, but you must make sure that you create all trusted data connections again. For more information, see Configure Excel Services in SharePoint.
- InfoPath Forms Service
  
  This service is not part of the Farm Configuration Wizard. To use this service, use the Configure InfoPath Forms Services link on the General Application Settings page in Central Administration to configure it. To continue to use form templates from your previous environment, export all administrator-deployed form templates (.xsn files) and data connection files (.udcx files) from your SharePoint Server 2010 environment, and then import them to your new SharePoint Server 2013 environment. For more information, see Configure InfoPath Forms Services (SharePoint Server 2010)
- Office Web Apps
  
  Office Web Apps Server is a new stand-alone server product that delivers Office Web Apps functionality on your private network. You install and managed it separately from SharePoint Server 2013. It cannot be installed on the same server or virtual machine instance as SharePoint 2013. For more information, see Deploy Office Web Apps Server 2013.
The next step in creating the new environment is to apply general farm settings. You must manually reapply configuration settings from your SharePoint 2010 Products farm, such as the following:
- Incoming and outgoing e-mail settings
  
  For more information, see Configure incoming email for a SharePoint 2013 farm and Configure outgoing email for a SharePoint 2013 farm.
- All farm–level security and permission settings, such as adding user or group accounts to the Farm Administrators group
- Blocked file types
  
  For more information, see Manage blocked file types (SharePoint 2013).
And you must configure all new farm-level settings that you want to use, such as the following:
- Usage and health data collection
  
  For more information, see Configure usage and health data collection (SharePoint 2013).
- Diagnostic logging
  
  For more information, see Configure diagnostic logging (SharePoint 2013).
- Settings and schedules for timer jobs
Important:

If you had disabled the Workflow Auto Cleanup timer job in your SharePoint 2010 Products environment, make sure that you disable this timer job in your new environment also. If this timer job is enabled in the new environment and disabled in the SharePoint 2010 Products environment, you might lose workflow associations when you upgrade. For more information about this timer job, see Disable preservation of workflow history (SharePoint Server 2010).

You will create web applications later in the process, after you upgrade the service application databases. For more information, see Create web applications.

Back to top
Record the passphrase for the Secure Store service application

The Secure Store service application uses a passphrase to encrypt information. You have to know what this passphrase is so that you can use it in the new environment. Otherwise, you will not have access to the information in the Secure Store. If you do not know the passphrase, you can refresh the key, and then back up the Secure Store database. For more information, see Working with encryption keys.
Set the previous version databases to be read-only

To maintain user access to your original environment, set the SharePoint 2010 Products databases to read-only before you back up the databases. Even if you don‘t want to maintain access over the long term, set the databases to read-only to make sure that you capture all the data in the backup so that you restore and upgrade the current state of the environment without allowing additional changes to be made. If the databases are set to read-only, users can continue to view content. However, they will be unable to add or change content.

Important:

You cannot upgrade a database that is set to read-only. Make sure that you set the databases to read-write before you attach and upgrade the databases. For more information about how to set the databases to read-write, see the steps in the Set the databases to read-write section.

To set a database to read-only in SQL Server 2005, SQL Server 2008, or SQL Server 2008 R2

Verify that the user account that is performing this procedure is a member of the db_owner fixed database role for the databases.
In SQL Server Management Studio, in Object Explorer, connect to an instance of the Database Engine, expand the server, and then expand Databases.
Find the database that you want to configure to be read-only, right-click the database, and then click Properties.
In the Database Properties dialog box, in the Select a page section, click Options.
In the details pane, under Other options, in the State section, next to Database Read-Only, click the arrow, and then select True.

You can use Transact-SQL to configure the READ_ONLY database availability option. For more information about how to use the SET clause of the ALTER DATABASE statement, see Setting Database Options.

Back up the SharePoint 2010 Products databases by using SQL Server tools

You back up the databases in SQL Server Management Studio. A backup copy of the database guarantees that you have the data in a safe state if you must enable the original farm again and is required for a database-attach upgrade. Repeat the procedure for the following databases in the SharePoint 2010 Products server farm:

All content databases (default database name: WSS_Content_ID

The following service application databases:

Service application	Default database name
Business Data Connectivity	BDC_Service_DB_ID
Managed Metadata	Managed Metadata Service_ID
PerformancePoint	PerformancePoint Service Application_ID
Search Administration	Search_Service_Application_DB_ID
Secure Store	Secure_Store_Service_DB_ID
User Profile: Profile, Social, and Sync databases	User Profile Service Application_ProfileDB_ID User Profile Service Application_SocialDB_ID User Profile Service Application_SyncDB_ID

The Business Data Connectivity service application is available in both SharePoint Foundation 2010 and SharePoint Server 2010. The other service applications are available only in SharePoint Server 2010. Although SharePoint Foundation 2010 includes search functionality, it is not the same Search service application that is in SharePoint Server 2010 and it cannot be upgraded.

You do not have to back up the configuration or admin content databases, because you recreated these databases when you set up the SharePoint 2013 server farm. Upgrading the configuration or admin content databases and the Central Administration site collection is not supported.

After you complete this procedure, you will have created backups of the read-only content databases.

To back up a database in SQL Server 2005, SQL Server 2008, or SQL Server 2008 R2

Verify that the user account that is performing this procedure is a member of the db_owner fixed database role for the databases.
In Management Studio, in Object Explorer, connect to an instance of the Database Engine, expand the server, and then expand Databases.
Right-click the database that you want to back up, point to Tasks, and then click Back Up.

The Back Up Database dialog box appears.
In the Source area, in the Database box, verify the database name.
In the Backup type box, select Full.
Under Backup component, select Database.
In the Backup set area, in the Name box, either accept the backup set name that is suggested or type a different name for the backup set.
In the Destination area, specify the type of backup destination by selecting Disk or Tape, and then specify a destination. To create a different destination, click Add.
Click OK to start the backup process.

Repeat the previous procedure to back up all the content and appropriate service application databases that SharePoint 2010 Products uses in your environment.

Important:

Before you can back up the Search service application Administration database, you must stop the Search service on your SharePoint Server 2010 farm. To stop the Search service, on the original farm, on the Start menu, click Administrative Tools, and then click Services. Right-click SharePoint Server Search 14, and then click Stop. Be sure to start the service again after you back up the database.

Export the encryption key for the User Profile service application

The User Profile Service service application requires an encryption key that is stored separately from the database and is needed if you want to upgrade the User Profile Sync database. You must export the Microsoft Identity Integration Server Key (MIIS) encryption key from your SharePoint Server 2010 environment. You will import this exported key to the SharePoint Server 2013 environment after you upgrade the User Profile service application databases. By default, the key is located on the server that is running SharePoint Server 2010 and that is hosting the Microsoft Forefront Identity Manager services in the following directory: <root directory drive>\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin.

To export the encryption key for the User Profile service application

Verify that you have the following memberships:

Administrators group on the server on which you are running the command.

Open the Command Prompt window, and then change to the following folder:

%Program Files%\Microsoft Office Servers\14.0\Synchronization Service\Bin\
To export the key, type the following at the command prompt, and then press ENTER:

miiskmu.exe
In the Microsoft Identity Integration Server Key Management Utility wizard, verify that Export key set is selected, and then click Next.
In the Account Name box, type the account name for the farm administrator.
In the Password box, type the password for the farm administrator.
In the Domain box, type the domain that contains the farm administrator account, and then click Next.
In the Specify export file name and location box, type or click browse to select the path and file name to use for the exported key, and then click Next.

The key is exported as a file that has a .BIN file name extension.
Verify the information, and then click Finish.

A message appears indicating that the key was successfully exported.
Click Close to close the Microsoft Identity Integration Server Key Management Utility.

For more information, see Back up a User Profile Service application (SharePoint Server 2010).

Restore a backup copy of the database

After you configure the new SharePoint 2013 server farm, you can restore the backup copies of the databases to SQL Server 2008 R2. Start with one database, and then verify that the restoration has worked before you restore the other databases.

Important:

Be sure to keep a copy of your original backups in reserve, just in case upgrade fails and you have to troubleshoot and try again.

To restore a backup copy of a database in SQL Server 2008 R2

Verify that the user account that is performing this procedure is a member of the db_owner fixed database role for the databases.
After you connect to the appropriate instance of the SQL Server 2008 Database Engine, in Object Explorer, expand the server name.
Right-click Databases, and then click Restore Database.

The Restore Database dialog box appears.
In the Restore Database dialog box, on the General page, type the name of the database to be restored in the To database list.

Tip:

When you type the name for the restored database, you do not have to use the original name. If you want to change the database name from a name with a long GUID to a shorter, more friendly name, this is an opportunity to make that change. Be sure to also change the database and log file names in the file system (the MDF and LDF files) so that they match.

In the To a point in time text box, keep the default (Most recent possible).
To specify the source and location of the backup sets to restore, click From device, and then use the browse button to select the backup file.
In the Specify Backup dialog box, in the Backup media box, be sure that File is selected.
In the Backup location area, click Add.
In the Locate Backup File dialog box, select the file that you want to restore, click OK, and then, in the Specify Backup dialog box, click OK.
In the Restore Database dialog box, under Select the backup sets to restore grid, select the Restore check box next to the most recent full backup.
In the Restore Database dialog box, on the Options page, under Restore options, select the Overwrite the existing database check box.
Click OK to start the restore process.

Set the databases to read-write

You must also set the databases back to read-write on your SharePoint 2013 farm before you attach and upgrade them.

To set a database to read-write in SQL Server

In SQL Server Management Studio, in Object Explorer, connect to an instance of the Database Engine, expand the server, and then expand Databases.
Select the database that you want to configure to be read-write, right-click the database, and then click Properties.
In the Database Properties dialog box, in the Select a page section, click Options.
In the details pane, under Other options, in the State section, next to Database Read-Only, click the arrow, and then select False.

About upgrading the service application databases

To upgrade a service application database, you create a new service application and provide the name of the existing database to use for the new service application. As the service application is created, the database is upgraded. This process has several steps.

Start the service instances

The first step is to start service instances for the five service applications that you can upgrade: the Business Data Connectivity service, Managed Metadata Web Service, PerformancePoint Services service, Secure Store service, User Profile service, and Search service. Most of these service instances can be started from Central Administration. However the SharePoint Server Search service instance must be started by using Windows PowerShell.
Create the service applications and upgrade the databases

After you have started the service instances, the next step is to create the service applications and upgrade the databases. You must use Windows PowerShell to restore the service application databases.
Create proxies for the service applications

After you have upgraded the service application databases, you create the proxies for the service applications and add them to the default proxy group. You must create proxies for the following service applications:

Managed Metadata service application
Search service application
Secure Store service application
PerformancePoint Services service application
User Profile service application

The Business Data Connectivity service application automatically creates a proxy and assigns it to the default proxy group when you create the service application.

Verify that the proxies are in the default group

The following sections provide procedures to complete these steps.

Note:

The Business Data Connectivity service application is available in both SharePoint Foundation 2013 and SharePoint Server 2013. The other service applications are available only in SharePoint Server 2013. Although SharePoint Foundation 2013 includes search functionality, it is not the same Search service application that is in SharePoint Server 2013 and it cannot be upgraded.

Start the service instances

The following procedures start the service instances.

To start service application instances from Central Administration

Start SharePoint 2013 Central Administration.

For Windows Server 2008 R2:

Click Start, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Central Administration.

For Windows Server 2012:

On the Start screen, click SharePoint 2013 Central Administration.

If SharePoint 2013 Central Administration is not on the Start screen:

Right-click Computer, click All apps, and then click SharePoint 2013 Central Administration.

For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

In SharePoint 2013 Central Administration, on the Application Management page, in the Service Applications section, click Manage Services on Server.
Next to the Business Data Connectivity service, click Start.
Next to the Managed Metadata Web Service, click Start.
Next to the PerformancePoint Services service, click Start.
Next to the Secure Store Service, click Start.
Next to the User Profile Service, click Start.

The Search service instance must be started by using Windows PowerShell because you cannot start it from Central Administration unless a Search Service application already exists.

To start the Search service instance by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

To start the Search service instance, at the Windows PowerShell command prompt, type the following commands and press ENTER after each one:

$SearchInst = Get-SPEnterpriseSearchServiceInstance
# Stores the identity for the Search service instance on this server as a variable
Start-SPServiceInstance $SearchInst
# Starts the service instance

For more information, see Get-SPEnterpriseSearchServiceInstance and Start-SPServiceInstance.

Upgrade the Secure Store service application

To upgrade the Secure Store service application, you create the new service application and upgrade the database, create a proxy and add it to the default proxy group, and then restore the passphrase from the previous environment.

To upgrade the Secure Store service application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

To store the application pool for a particular service application as a variable, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$applicationPool = Get-SPServiceApplicationPool -Identity ‘SharePoint Web Services default‘

Where:

SharePoint Web Services default is the name of the service application pool that will contain the new service applications.

This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you have multiple application pools and have to use a different application pool for a particular service application, you can repeat this step to get the appropriate application pool before you create the service application.

To upgrade the Secure Store service application, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$sss = New-SPSecureStoreServiceApplication -Name ‘Secure Store‘ -ApplicationPool $applicationPool -DatabaseName ‘SecureStore_Upgrade_DB‘ -AuditingEnabled

Where:

SecureStore is the name that you want to give the new Secure Store service application.
SecureStore_Upgrade_DB is the name of the service application database that you want to upgrade.

This command sets a variable, $sss, that you use when you create the proxy later.

For more information, see New-SPSecureStoreApplication.

After you create the Secure Store service application and upgrade the database, you have to refresh the encryption key. For information about how to refresh the encryption key, see Refresh the encryption key.

Type the following command to create a proxy for the Secure Store service application:

Windows PowerShell

New-SPSecureStoreServiceApplicationProxy -Name ProxyName -ServiceApplication $sss -DefaultProxyGroup

Where:

ProxyName is the proxy name that you want to use.
$sss is the variable that you set earlier to identify the new Secure Store service application.

Tip:

If you do not use the variable $sss, then you must use an ID to identify the Secure Store service application instead of a name. If you have to find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of all service application IDs.

DefaultProxyGroup adds the Secure Store service application proxy to the default proxy group for the local farm.

For more information, see New-SPSecureStoreServiceApplicationProxy.

Type the following command to restore the passphrase for the Secure Store service application:

Update-SPSecureStoreApplicationServerKey -Passphrase <Passphrase>

Where:

<Passphrase> is the Passphrase for the Secure Store service application from your previous environment.

For more information, see Update-SPSecureStoreApplicationServerKey.

Upgrade the Business Data Connectivity service application

To upgrade the Business Data Connectivity service application, you create the new service application and upgrade the database. You do not have to create a proxy for the Business Data Connectivity service application. The Business Data Connectivity service application automatically creates a proxy and assigns it to the default proxy group when you create the service application.

Note:

The Business Data Connectivity service application is available in both SharePoint Foundation 2013 and SharePoint Server 2013.

To upgrade the Business Data Connectivity service application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

To store the application pool for a particular service application as a variable, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$applicationPool = Get-SPServiceApplicationPool -Identity ‘SharePoint Web Services default‘

Where:

SharePoint Web Services default is the name of the service application pool that will contain the new service applications.

This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you have multiple application pools and have to use a different application pool for a particular service application, you can repeat this step to get the appropriate application pool before you create the service application.

To upgrade the Business Data Connectivity service application, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

New-SPBusinessDataCatalogServiceApplication -Name ‘BDC Service‘ -ApplicationPool $applicationPool -DatabaseName ‘BDC_Service_DB‘

Where:

BDC Service is the name that you want to give the new Business Data Connectivity service application.
BDC_Service_DB is name of the service application database that you want to upgrade.

For more information, see New-SPBusinessDataCatalogServiceApplication.

Upgrade the Managed Metadata service application

To upgrade the Managed Metadata service application, you create the new service application and upgrade the database, and then create a proxy and add it to the default proxy group. You must upgrade the Managed Metadata service application before you can upgrade the User Profile service application.

To upgrade the Managed Metadata service application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

To store the application pool for a particular service application as a variable, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$applicationPool = Get-SPServiceApplicationPool -Identity ‘SharePoint Web Services default‘

Where:

SharePoint Web Services default is the name of the service application pool that will contain the new service applications.

This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you have multiple application pools and have to use a different application pool for a particular service application, you can repeat this step to get the appropriate application pool before you create the service application.

To upgrade the Managed Metadata service application, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$mms = New-SPMetadataServiceApplication -Name ‘Managed Metadata Service Application‘ -ApplicationPool $applicationPool -DatabaseName ‘Managed Metadata Service_DB‘

Where:

Managed Metadata Service Application is the name that you want to give the new Managed Metadata service application.
Managed Metadata Service_DB is name of the service application database that you want to upgrade.

This command sets a variable, $mms, that you use when you create the proxy later.

For more information, see New-SPMetadataServiceApplication.

At the Windows PowerShell command prompt, type the following command to create a proxy for the Managed Metadata service application:

Windows PowerShell

New-SPMetadataServiceApplicationProxy -Name ProxyName -ServiceApplication $mmd -DefaultProxyGroup

Where:

ProxyName is the proxy name that you want to use.
$mmd is the variable that you set earlier to identify the new Managed Metadata service application.
DefaultProxyGroup adds the Managed Metadata service application proxy to the default proxy group for the local farm.

For more information, see New-SPMetadataServiceApplicationProxy.

Upgrade the User Profile service application

To upgrade the User Profile service application, you create the new service application and upgrade the database, and then create a proxy and add it to the default proxy group. After you have created the User Profile Service service application, you must import the Microsoft Identity Integration Server Key (MIIS) encryption key. Finally, you can start the User Profile Synchronization service.

Note:

You must upgrade the Managed Metadata service application before you can upgrade the User Profile service application.

To upgrade the User Profile service application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

To store the application pool for a particular service application as a variable, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$applicationPool = Get-SPServiceApplicationPool -Identity ‘SharePoint Web Services default‘

Where:

SharePoint Web Services default is the name of the service application pool that will contain the new service applications.

This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you have multiple application pools and have to use a different application pool for a particular service application, you can repeat this step to get the appropriate application pool before you create the service application.

To upgrade the User Profile service application, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$upa = New-SPProfileServiceApplication -Name ‘User Profile Service Application‘ -ApplicationPool $applicationPool -ProfileDBName ‘User Profile Service Application_ProfileDB‘ -SocialDBName ‘User Profile Service Application_SocialDB‘
-ProfileSyncDBName ‘User Profile Service Application_SyncDB‘

Where:

User Profile Service Application is the name that you want to give the new User Profile service application.
User Profile Service Application_ProfileDB is name of the User Profile service application Profile database that you want to upgrade.
User Profile Service Application_SocialDB is name of the User Profile service application Social database that you want to upgrade.
User Profile Service Application_SyncDB is name of the User Profile service application Sync database that you want to upgrade.

This command sets a variable, $upa, that you use when you create the proxy later.

For more information, see New-SPProfileServiceApplication.

Type the following command to create a proxy for the User Profile service application:

Windows PowerShell

New-SPProfileServiceApplicationProxy -Name ProxyName -ServiceApplication ServiceApplicationID -DefaultProxyGroup

Where:

ProxyName is the proxy name that you want to use.
$upa is the variable that you set earlier to identify the new User Profile service application.
ServiceApplicationID is ID of the User Profile service application that you created earlier.

Tip:

If you do not use the variable $upa, then you must use an ID to identify the User Profile service application instead of a name. If you have to find the ID, you can run the Get-SPServiceApplication cmdlet to return a list of all service application IDs.

DefaultProxyGroup adds the User Profile service application proxy to the default proxy group for the local farm.

For more information, see New-SPProfileServiceApplicationProxy.

After you have created the User Profile Service service application, you must import the Microsoft Identity Integration Server Key (MIIS) encryption key. Import this key to the following directory: <root directory drive>\Program Files\Microsoft Office Servers\15.0\Synchronization Service\Bin.

To import the encryption key for User Profile service application

Verify that you have the following memberships:

Administrators group on the server on which you are running the command.

Open the Command Prompt window, and then change to the following folder:

%Program Files%\Microsoft Office Servers\15.0\Synchronization Service\Bin\
To import the key, type the following at the command prompt, and then press ENTER:

miiskmu.exe /i Path {0E19E162-827E-4077-82D4-E6ABD531636E}

Where:

Path is the path and file name for the key that you want to import.

You might also have to enter a user name and password. These are the credentials for the farm administrator.

For more information, see Install a software update (SharePoint Server 2010).

After you have imported the encryption key, you can start the User Profile Synchronization service.

Start the User Profile Synchronization service

Start SharePoint 2013 Central Administration.

For Windows Server 2008 R2:
- Click Start, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Central Administration.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Central Administration.
  
  If SharePoint 2013 Central Administration is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Central Administration.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

In Central Administration, on the System Settings page, under Servers click Manage services on Server.
Next to the User Profile Synchronization Service, click Start.
In the Select the User Profile Application section, select the User Profile service application that you upgraded.
In the Service Account Name and Password section, type the account name and password to use for the User Profile Synchronization service.

Upgrade the PerformancePoint Services service application

To upgrade the PerformancePoint Services service application, you create the new service application and upgrade the database, and then create a proxy and add it to the default proxy group.

To upgrade the PerformancePoint Services service application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

To store the application pool for a particular service application as a variable, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$applicationPool = Get-SPServiceApplicationPool -Identity ‘SharePoint Web Services default‘

Where:

SharePoint Web Services default is the name of the service application pool that will contain the new service applications.

This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you have multiple application pools and have to use a different application pool for a particular service application, you can repeat this step to get the appropriate application pool before you create the service application.

To upgrade the PerformancePoint Services service application, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$pps = New-SPPerformancePointServiceApplication -Name ‘PerformancePoint Service‘ -ApplicationPool $applicationPool -DatabaseName ‘PerformancePoint Service Application_DB‘

Where:

PerformancePoint Service is the name that you want to give the new PerformancePoint Services service application.
PerformancePoint Service Application_DB is name of the PerformancePoint Services service application database that you want to upgrade.

This command sets a variable, $pps, that you use when you create the proxy later.

For more information, see New-SPProfileServiceApplication.

Type the following command to create a proxy for the PerformancePoint Services service application:

Windows PowerShell

New-SPPerformancePointServiceApplicationProxy -Name ProxyName -ServiceApplication ServiceAplicationNameorID -Default

Where:

ProxyName is the proxy name that you want to use.
$pps is the variable that you set earlier to identify the new PerformancePoint Services service application.
Default adds the PerformancePoint Services service application proxy to the default proxy group for the local farm.

For more information, see New-SPPerformancePointServiceApplicationProxy.

Upgrade the Search service application

To upgrade the Search service application, you create the new service application and upgrade the database, and then create a proxy and add it to the default proxy group.

Note:

This section applies to only SharePoint Server 2013. Although SharePoint Foundation 2013 includes search functionality, it is not the same Search service application that is in SharePoint Server 2013 and it cannot be upgraded.

To upgrade the Search service application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

To store the application pool for a particular service application as a variable, at the Windows PowerShell command prompt, type the following command:

Windows PowerShell

$applicationPool = Get-SPServiceApplicationPool -Identity ‘SharePoint Web Services default‘

Where:

SharePoint Web Services default is the name of the service application pool that will contain the new service applications.

This cmdlet sets the service application pool as a variable that you can use again in the cmdlets that follow. If you have multiple application pools and have to use a different application pool for a particular service application, you can repeat this step to get the appropriate application pool before you create the service application.

To upgrade the Search service application, at the Windows PowerShell command prompt, type the following command:

$searchInst = Get-SPEnterpriseSearchServiceInstance -local
# Gets the Search service instance and sets a variable to use in the next command

Restore-SPEnterpriseSearchServiceApplication -Name ‘<SearchServiceApplicationName>‘ -applicationpool $applicationPool -databasename ‘<SearchServiceApplicationDBName>‘ -databaseserver <ServerName> -AdminSearchServiceInstance $searchInst

Where:

SearchServiceApplicationName is the name of the Search service application.
AppPoolName is the application pool name.
SearchServiceApplicationDBName is the name of the Search service application Administration database that you want to upgrade.
AdminSearchServiceInstanceID is the ID for the Search Service application instance.

Note:

A Search service application upgrade might fail because of an issue that occurs during upgrade, such as network or SQL Server latency. If an error message appears during the Search service application upgrade, do the following:

Delete the Search Administration database that you were trying to upgrade.
Using the backup copy that you made of the Search Administration database, repeat the following procedures in this article for the Search service application only:
1. Restore a backup copy of the database
2. Set the databases to read-write
Upgrade the Search service application by typing the command again at the Windows PowerShell command prompt.

For more information, see Restore-SPEnterpriseSearchServiceApplication.

You must follow several steps to create the Search service application proxy and add it to the default proxy group. You must complete separate actions to find the ID for the Search service application, create the new proxy, get the proxy ID, and then add the proxy to the default proxy group.

Type the following command to get the ID for the Search service application and store it as a variable:

Windows PowerShell

$ssa = Get-SPEnterpriseSearchServiceApplication

For more information, see Get-SPEnterpriseSearchServiceApplication.
Type the following command to create a proxy for the Search service application:

Windows PowerShell

New-SPEnterpriseSearchServiceApplicationProxy -Name ProxyName -SearchApplication $ssa

Where:

ProxyName is the proxy name that you want to use.
$ssa is the variable that you set earlier to identify the new Search service application.

For more information, see New-SPEnterpriseSearchServiceApplicationProxy.

Type the following command to get the Search service application proxy ID for the proxy you just created and set it as the variable $ssap:

Windows PowerShell

$ssap = Get-SPEnterpriseSearchServiceApplicationProxy

For more information, see Get-SPEnterpriseSearchServiceApplicationProxy.
Type the following command to add the Search service application proxy to the default proxy group:

Windows PowerShell

Add-SPServiceApplicationProxyGroupMember –member $ssap -identity “ “

Where:

$ssap is the variable that you set earlier to identify the ID for the proxy you just created for the Search service application.
You use an empty identity parameter (“ “) to add it to the default group.

For more information, see Add-SPServiceApplicationProxyGroupMember.

Verify that all of the new proxies are in the default proxy group

Use the following procedure to verify that the steps to create the proxies and add them to the default proxy group worked.

To verify that all of the new proxies are in the default proxy group by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following commands:

$pg = Get-SPServiceApplicationProxyGroup -Identity “ “
$pg.Proxies

Where:

$pg is a variable you set to represent the default proxy group.
You use an empty identity parameter (“ “) to specify the default proxy group.

This returns a list of all proxies in the default proxy group, their display names, type names, and IDs.

For more information, see Get-SPServiceApplicationProxyGroup.

Now that the service applications are upgraded, you can start the process to upgrade the content databases. The first step in that process is to create the web applications that are needed for each content database.

Create web applications

Create a web application for each web application that existed in the SharePoint 2010 Products environment. For each web application, do the following:
- Use the same authentication method.
  
  For example, if you use Windows Classic authentication in your old environment, and you want to continue to use it, then you must create a web application that uses Windows Classic authentication. Because claims-based authentication is now the default option for SharePoint 2013, you must use Windows PowerShell to create a web application that uses Windows Classic authentication. For more information, see Create web applications that use classic mode authentication in SharePoint 2013 and Create claims-based web applications in SharePoint 2013.
  
  Alternatively, you can migrate to claims authentication. For more information, see Migrate from classic-mode to claims-based authentication in SharePoint 2013.
- Recreate included paths.
- Recreate quota templates.
- Configure email settings for the web application.
  
  For more information, see Configure email integration for a SharePoint 2013 farm.
- Enable self-service site creation for any web application that used it in the previous environment. Recreate any self-service site creation settings.
- Create the managed path for the My Sites (/personal) on the web application that hosts My Sites. My Sites are available in SharePoint Server only.
- Recreate any web application policies or other web application settings that you had configured in the previous environment.
Back to top
Reapply customizations

One frequent cause of failures during upgrade is that the new environment does not have customized features, solutions, or other elements. Make sure that all custom elements from the SharePoint 2010 Products environment are installed on your front-end web servers before you upgrade any content databases.

In this step, you manually transfer all customizations to your new farm. Make sure to install any components that your sites depend on to work correctly, such as the following:
- Custom site definitions
- Custom style sheets, such as cascading style sheets, and images
- Custom Web Parts
- Custom Web services
- Custom features and solutions
- Custom assemblies
- Web.config changes (such as security)
  
  Ensure that you transfer all unique settings from the Web.config files for each web application to the new servers.
- Administrator-approved form templates (.xsn files) and data connection files (.udcx files) for InfoPath. InfoPath is available in SharePoint Server 2010 only.
- Any other components or files on which your sites depend.
SharePoint 2013 can host sites in both SharePoint 2010 Products and SharePoint 2013 modes. The installation for SharePoint 2013 contains both SharePoint 2010 Products and SharePoint 2013 versions of many elements. The directories on the file system are duplicated in both the 14 and 15 paths, for example:
- Web Server Extensions/14/TEMPLATE/Features
- Web Server Extensions/15/TEMPLATE/Features
There are also two versions of the IIS support directories: _Layouts, _Layouts/15 and _ControlTemplates, _ControlTemplates/15.

Be sure to install customizations to the correct location in your new farm. For example, additional style sheets for SharePoint 2010 Products should be installed in the /14 path, not the new /15 path so that site collections that you haven‘t upgraded can use them. If you want a solution to be available to both paths, install it two times, and the second time use the CompatibilityLevel parameter when you install it, and it will be installed to the /15 path. For more information, see Install-SPSolution.

For more information about how to update customizations for use in SharePoint 2013, see Redeploying Customizations and Solutions in SharePoint Foundation 2010 and SharePoint Server 2010. For more information about how to deploy customizations to your environment, see Install and manage solutions for SharePoint 2013.

Back to top
Verify custom components

To make sure that you have identified all custom components for your environment, use the Stsadm -o enumallwebs operation in the SharePoint 2010 Products environment and use the includefeatures and includewebparts parameters. This operation can report the templates, features, Web Parts, and other custom elements that are used for each site. For more information about how to use the enumallwebs operation, see Enumallwebs: Stsadm operation (Office SharePoint Server) and Clean up an environment before an upgrade to SharePoint 2013.

You can also use the Get-SPWeb Windows PowerShell cmdlet in your SharePoint 2010 Products environment to see template that are associated with each site and then verify that the template is installed in your SharePoint 2013 environment. For more information about this operation, see Get-SPWeb.

Before you attach the content databases to the web applications, use the Test-SPContentDatabase Windows PowerShell cmdlet to verify that you have all the custom components that you must have for that database.

To verify custom components are available by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

Windows PowerShell

Test-SPContentDatabase -Name DatabaseName -WebApplication URL

Where:

DatabaseName is the name of the database that you want to test.
URL is the URL for the web application that will host the sites.

For more information, see Test-SPContentDatabase.

Attach a content database to a web application and upgrade the database

When you attach a content database, you upgrade the database and add the site collections in that database to the web application that you specify. However, for SharePoint 2013, the process does not upgrade the site collections.

When you attach a content database, include the root site for the web application in the first content database that you attach. In other words, before you continue, examine the root of the web application in the SharePoint 2010 Products server farm to determine the first site collection. After you attach the database that contains the root site, attach the other content databases for the web application in any order. You do not have to create any site collections to store the content before you attach the database. This process attaches the content databases and the site collections inside that database. Make sure that you do not add new site collections until you have restored all the content databases.

    Tip:

Each site collection in a content database has a GUID that is registered in the configuration database and associated with the site collection. Therefore, you cannot add the same site collection two times to the farm, even in separate web applications. Although you can successfully attach the database in this situation, you will be unable to browse to the site collection.

If you must have a copy of a site collection in the same farm, first attach the database that contains the site collection to a separate farm, and then use the Backup-SPSite and Restore-SPSite Windows PowerShell cmdlets to copy the site collection to the other farm. The backup and restore process creates a new GUID for the site collection. For more information about these cmdlets, see Backup-SPSite and Restore-SPSite.

For My Sites, attach the content database that contains the My Site host before attaching databases that contain the My Sites.

By default, when you created the web applications in the new SharePoint 2013 environment, a content database was created for each web application. You can ignore these default databases until after you have attached your SharePoint 2010 Products databases, and then you can delete the default databases.

    Important:

If you are moving the content databases across domains or forests or to another environment that has different service accounts, make sure that the permissions for the service accounts are still correct before you attach the databases.

You must use the Mount-SPContentDatabase cmdlet to attach a content database to a web application. Using the SharePoint Central Administration pages to attach a content database is not supported for upgrading.

Ensure that the account that you use to attach the databases is a member of the db_owner fixed database role for the content databases that you want to upgrade.

    Note:

One frequent cause of failures during upgrade is that the environment is missing customized features, solutions, or other elements. Be sure that all custom elements from the SharePoint 2010 Productsenvironment are installed on your front-end web servers in the SharePoint 2013 environment before you start the upgrade process. Use the test-spcontentdatabase Windows PowerShell cmdlet to identify custom elements that your sites might be missing.

To attach a content database to a web application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

Windows PowerShell

Mount-SPContentDatabase -Name DatabaseName -DatabaseServer ServerName -WebApplication URL

Where:

DatabaseName is the name of the database that you want to upgrade.
ServerName is server on which the database is stored.
URL is the URL for the web application that will host the sites.

For more information, see Mount-SPContentDatabase.

Tip:

To upgrade from SharePoint Foundation 2010 to SharePoint Server 2013, attach the SharePoint Foundation 2010 content databases directly to the SharePoint Server 2013 environment. Just follow the same steps in this article, only use the SharePoint Foundation 2010 databases and a SharePoint Server 2013 farm. The upgrade process will upgrade the version and the product at the same time.

Verification: Verify upgrade for the first database

After you attach a database, you can use the Upgrade Status page in Central Administration to check the status of upgrade on your databases. After the upgrade process is complete, you can review the upgrade log file to see whether upgrade produced issues. You can use a Windows PowerShell cmdlet to check the upgrade status for all the content databases. For more information about verifying and troubleshooting upgrade, see Verify database upgrades in SharePoint 2013 and Troubleshoot database upgrade issues in SharePoint 2013.

To view the Upgrade Status page
- Verify that the user account that is performing this procedure is a member of the db_owner fixed database role for the databases.
- In Central Administration, click Upgrade and Migration, and then click Check upgrade status.
To view the upgrade log file
- The upgrade error log file and the upgrade log file are located at %COMMONPROGRAMFILES%\Microsoft Shared\web server extensions\15\LOGS. The upgrade log file contains more detailed information than the upgrade error log. Be sure to check the summary at the bottom of the log files for information about the overall status and a count of the warnings and errors in the file.
  
  The logs are text files named in the following format:
  - Upgrade-YYYYMMDD-HHMMSS-SSS-error.log
  - Upgrade-YYYYMMDD-HHMMSS-SSS.log
    
    Where
  - YYYYMMDD is the date
  - HHMMSS-SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds)
    
    An example for an upgrade error log is Upgrade-20120105-132126-374-error.log, and an example for an upgrade log is Upgrade-20120105-132126-374.log.
    
    Note:
  The format of the upgrade log for SharePoint 2013 is based on the same structure as ULS.
  
  The upgrade log file includes the name of the content database being upgraded.
To view upgrade status for all databases by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

Start the SharePoint 2013 Management Shell.

For Windows Server 2008 R2:
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.
For Windows Server 2012:
- On the Start screen, click SharePoint 2013 Management Shell.
  
  If SharePoint 2013 Management Shell is not on the Start screen:
- Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.
  
  For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

At the Windows PowerShell command prompt, type the following command:

Windows PowerShell

Get-SPContentDatabase | ft Name, NeedsUpgradeIncludeChildren

This cmdlet returns a table-style list of databases in your farm and indicates whether the database needs an upgrade to SharePoint 2013.

Attach the remaining databases

After you restore the first content database and verify success, you can continue to restore and upgrade other databases. You can perform parallel database attach upgrades to upgrade more than one database at a time. Use separate Command Prompt windows to run multiple upgrades. It is recommended that you separate the start time for each new database upgrade session by several minutes to prevent issues with temporary locks set for the web application during attachment. Otherwise you might receive an error on the upgrade session. The wait time to clear temporary locks varies depending on the number of site collections, or the speed of the database server hardware.

Back to top
Verification: Verify upgrade for additional databases

After you upgrade all additional databases, view the Upgrade Status page to monitor progress and verify that the upgrade process is complete. Review the log file to identify any other issues.

Back to top
Next steps

After you upgrade the databases, you might want to perform additional steps to make sure that your farm is ready for use. For example:
- Verify that site collections are working as expecting in 2010 mode.
  
  Visually review site collections. You can use a similar review list as the one provided for upgraded sites in Checklists for reviewing upgraded sites.
- Migrate user accounts to claims authentication, if it is necessary.
  
  By default, new web applications in SharePoint 2013 use claims authentication. If you were using classic authentication in the previous environment, you must migrate the users to claims authentication. For more information, see Migrate from classic-mode to claims-based authentication in SharePoint 2013.
- Update links that are used in any upgraded InfoPath form templates.
  
  For a database-attach upgrade, you exported and imported all InfoPath form templates in your environment when you created the new environment. After upgrade, you can now update the links that are used in those upgraded form templates to point to the correct URLs by using a Windows PowerShell cmdlet.
  
  For more information, see Configure InfoPath Forms Services (SharePoint Server 2010).
  
  InfoPath is available in SharePoint Server only.
- Configure your Search topology
  
  The architecture for the Search service has changed for SharePoint Server 2013. Plan and configure your Search topology to suit your environment and the new architecture. For more information, see Scale search for performance and availability (SharePoint Server 2013) and Manage search topology (SharePoint Server 2013).
- Perform a full crawl
  
  For more information, see Start, pause, resume, or stop a crawl (SharePoint Server 2013).
- Back up your farm
  
  For more information, see Back up a farm in SharePoint 2013.
  
  Although SharePoint Foundation 2013 includes search functionality, it is not the same Search service application that is in SharePoint Server 2013. These steps apply only to SharePoint Server 2013.
After your farm is ready, you can enable access to users, and then start to upgrade site collections. For information about how to upgrade site collections, see Upgrade site collections to SharePoint 2013.
Verify database upgrades in SharePoint 2013

Published: July 16, 2012

Summary: Learn how to verify when a database-attach upgrade to SharePoint 2013 has finished, and identify any problems that may have occurred.

After you upgrade databases to SharePoint 2013, you must verify that the content was successfully upgraded to the new version. You can verify the status of the database-attach upgrade (is it still in progress, or has it been completed successfully or with errors or failures?) to see whether issues remain for you to address. When you follow these steps as part of a trial upgrade, you can use them to identify customizations that have to be reworked before you attempt to upgrade your production environment. When you upgrade your production environment, it is even more important that you know whether the upgrade has completed and what issues remain to be addressed.

In some cases, you might have to restart upgrade to finish upgrading your databases. For more information about how to restart upgrade, see Restart a database-attach upgrade or a site collection upgrade to SharePoint 2013. For information about how to restart a site collection upgrade, see Manage site collection upgrades to SharePoint 2013.
Verify upgrade status for databases
You can use the following methods to verify upgrade:
- Use the Upgrade Status page in Central Administration
  
  This page lists all farm, service, or content database upgrades and their statuses. This includes a count of errors or warnings.
- Review the log files to look for errors or warnings
  
  If upgrade was not successfully completed, you can view the log files to find the issues, address them, and then restart the upgrade process.
  - Review the log files for database attach upgrade
To verify that upgrade has succeeded, you can review the following log and error files:
- The upgrade log file and the upgrade error log file.
  
  Review the upgrade log file and the upgrade error log file (generated when you run the upgrade). The upgrade log file and the upgrade error log file are located at %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\15\LOGS. The logs are named in the following format: Upgrade-YYYYMMDD-HHMMSS-SSS.log, where YYYYMMDD is the date and HHMMSS-SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds). The upgrade error log file combines all errors and warnings in a shorter file and is named Upgrade-YYYYMMDD-HHMMSS-SSS-error.log.
  
  The format of the log files complies with the Unified Logging System (ULS) conventions. To review the log files to find and troubleshoot issues, start at the top of the files. Errors or warnings may be repeated if they occur for several site collections in the environment, or if they block the upgrade process completely. For example, if you cannot connect to the configuration database, the upgrade process will try (and fail) several times and these tries will be listed in the log file.
If you find blocking issues in the log file, you can resolve the issues and then restart upgrade to continue with the process.
- Check upgrade status for databases
The Upgrade Status page lists the upgrade sessions and gives details about the status of each session — whether it succeeded or failed, and how many errors or warnings occurred for each server. The Upgrade Status page also includes information about the log and error files for the upgrade process and suggests remedies for issues that might have occurred.

To view upgrade status in SharePoint Central Administration

Verify that you have the following administrative credentials:

To use SharePoint Central Administration, you must be a member of the Farm Administrators group.

On the Central Administration home page, in the Upgrade and Migration section, click Check upgrade status.

Validate the upgraded environment
After you determine whether upgrade was completed successfully, validate your environment. Review the following items:
- Service applications
  - Are they configured correctly?
  - Are the service application proxies configured the way that you want?
  - Do you have to create new connections between farms?
- Site collections
  - Are sites that were not upgraded working as expected in 2010 mode?
  - Are all features associated with the sites working?
- Search
  - Run a crawl, and review the log files.
  - Run search queries, and verify that the queries work as expected and provide appropriate results. Twenty-four hours later, view the query reports and look for issues.
  - Search for people and profiles.
  - Check any Search customizations to make sure that they work as expected.

Migrate from classic-mode to claims-based authentication in SharePoint 2013

Published: July 16, 2012

Summary: Convert SharePoint 2010 Products or SharePoint 2013 classic-mode web applications to claims-based authentication or create new claims-based web applications in SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Claims-based authentication is an essential component to enable the advanced functionality of SharePoint 2013. To move classic-mode web applications from SharePoint 2010 Products to SharePoint 2013, you can convert them to claims-based web applications within SharePoint 2010 Products, and then migrate them to SharePoint 2013. The procedures in this article illustrate various supported scenarios.

The Windows PowerShellConvert-SPWebApplication cmdlet in SharePoint 2013 converts classic-mode web applications to claims-based web applications.

Warning:

After you convert a web application to claims-based authentication, you cannot revert it to classic-mode authentication.

Convert SharePoint 2010 Products classic-mode web applications to claims-based authentication in SharePoint 2010 Products and then upgrade to SharePoint 2013

In SharePoint 2010 Products, complete the following procedure to convert an existing web application to claims-based authentication. After you convert the web application to claims-based authentication, complete the additional step to migrate the web application to SharePoint 2013. To complete this procedure, you need the following information:

The URL of the web application that you are converting: http://yourWebAppUrl
A user account to set as a site administrator: yourDomain\yourUser

To convert a SharePoint 2010 Products web application to claims-based authentication

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.

db_owner fixed database role on all databases that are to be updated.

Administrators group on the server on which you are running Windows PowerShell cmdlets.

You must read about_Execution_Policies (http://go.microsoft.com/fwlink/p/?LinkId=193050).
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

Note:

From the Windows PowerShell command prompt, type the following to set the specified user account as an administrator for the site:

$WebAppName = “http://<yourWebAppUrl>“
$wa = get-SPWebApplication $WebAppName
$wa.UseClaimsAuthentication = $true
$wa.Update()

Where:

<yourWebAppUrl> is the URL of the web application.

From the Windows PowerShell command prompt, type the following to configure the policy to enable the user to have full access:

Windows PowerShell

$account = “yourDomain\yourUser”
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
$wa = get-SPWebApplication $WebAppName
$zp = $wa.ZonePolicies(“Default”)
$p = $zp.Add($account,”PSPolicy”)
$fc=$wa.PolicyRoles.GetSpecialRole(“FullControl”)
$p.PolicyRoleBindings.Add($fc)
$wa.Update()

For more information, see Get-SPWebApplication.
From the Windows PowerShell command prompt, type the following to perform user migration:

$wa.MigrateUsers($true)
After user migration completes, type the following from the Windows PowerShell command prompt to perform provisioning:

Windows PowerShell

$wa.ProvisionGlobally()

For more information, see New-SPClaimsPrincipal.

Note:

After you complete the previous procedures, you might experience one or more of the following issues:

Users who submit valid credentials when accessing the migrated web application might be notified that they do not have permissions. If this occurs, the portalsuperuseraccount property and the portalsuperreaderaccount property of the web application were probably configured prior to migration. If this is the case, update the portalsuperuseraccount property and the portalsuperreaderaccount property to use the new claims-based account name. After migration, you can find the new claims-based account name in the web application policy for the migrated web application.
If existing alerts are not invoked after migration, you might have to delete and recreate the alerts.
If Search crawl does not function on the web application after migration, make sure that the Search crawl account lists the new converted account name. If the new converted account name is not listed, you must manually create a new policy for the crawl account.

To migrate a claims-based SharePoint 2010 Products web application to SharePoint 2013

In SharePoint 2013, create a claims-based web application. For more information, see Create claims-based web applications in SharePoint 2013.
Attach the two existing SharePoint 2010 Products content databases to the newly created SharePoint 2013 claims-based web application. For more information, see Attach or detach content databases in SharePoint 2013.

Note:

When you attach the SharePoint 2010 Products content databases to the SharePoint 2013 claims-based web application, the databases will be upgraded to the SharePoint 2013 database format. You have to verify that the content databases work correctly after you attach them.

Convert SharePoint 2010 Products classic-mode web applications to SharePoint 2013 claims-based web applications

In SharePoint 2013, complete the following procedure to convert an existing SharePoint 2010 Products classic-mode web application to a SharePoint 2013 web application that uses claims-based authentication.

To convert a SharePoint 2010 Products classic-mode web application to a SharePoint 2013 claims-based authentication

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running Windows PowerShell cmdlets.
You must read about_Execution_Policies (http://go.microsoft.com/fwlink/p/?LinkId=193050).
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

Note:

In the SharePoint 2013 environment, on the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
Change to the directory where you saved the file.
At the Windows PowerShell command prompt, type the following command:

New-SPWebApplication –name “ClassicAuthApp” –Port 100 –ApplicationPool
“ClassicAuthAppPool” –ApplicationPoolAccount (Get-SPManagedAccount
“<domainname>\<user>“)

Where:

<domainname>\<user> is the domain to which the server belongs and the name of the user account.

Attach the two existing SharePoint 2010 Products content databases to the new SharePoint 2013 classic-mode web application. For more information, see Attach or detach content databases in SharePoint 2013.

Note:

When you attach the SharePoint 2010 Products content databases to the SharePoint 2013 classic-mode web application, the databases are upgraded to the SharePoint 2013 database format. You have to verify that the content databases work correctly after you have attached them.

From the Windows PowerShell command prompt, type the following:

Convert-SPWebApplication –Identity <yourWebAppUrl>
–To Claims
-RetainPermissions [ -Force]

Where:

<yourWebAppUrl> is the URL of the web application.

Note:

Convert-SPWebApplication converts the web application to claims-based authentication. You have to verify that the users can access the web application after you have converted it.

If necessary, attach a third SharePoint 2010 Products content database to the new SharePoint 2013 classic-mode web application, and verify that the content database working correctly after you have attached it.
From the Windows PowerShell command prompt, type the following:

Convert-SPWebApplication –Identity yourWebAppUrl
–To Claims
-RetainPermissions [ -Force]

Verify that users can access the web application after you have converted it to claims-based authentication.

For more information, see New-SPWebApplication, Get-SPManagedAccount, and Convert-SPWebApplication.

Note:

Convert SharePoint 2013 classic-mode web applications to claims-based web applications

In SharePoint 2013, complete the following procedures to first create a classic-mode Web application, and then convert it to claims-based authentication.

To create a classic-mode Web application in SharePoint 2013
- Verify that you have the following memberships:
  - securityadmin fixed server role on the SQL Server instance.
  - db_owner fixed database role on all databases that are to be updated.
  - Administrators group on the server on which you are running Windows PowerShell cmdlets.
  - You must read about_Execution_Policies (http://go.microsoft.com/fwlink/p/?LinkId=193050).
  - Add memberships that are required beyond the minimums above.
    
    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.
    
    Note:
  If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Permissions and Add-SPShellAdmin.
- From the Windows PowerShell command prompt, type the following:
  
  New-SPWebApplication –Name <Name>
  –ApplicationPool <ApplicationPool>
  -AuthenticationMethod <WindowsAuthType>
  –ApplicationPoolAccount <ApplicationPoolAccount>
  -Port <Port> -URL <URL>
  
  Where:
  - <Name> is the name of the new web application that uses classic-mode authentication.
  - <ApplicationPool> is the name of the application pool.
  - <WindowsAuthType> is either “NTLM“ or “Kerberos“. Kerberos is recommended.
  - <ApplicationPoolAccount> is the user account that this application pool will run as.
  - <Port> is the port on which the web application will be created in IIS.
  - <URL> is the public URL for the web application.
    
    Note:
  For more information, see New-SPWebApplication.
  
  Note:
  
  After you successfully create the web application, when you open the Central Administration page, you see a health rule warning that indicates that one or more web applications is enabled with classic authentication mode. This is a reflection of our recommendation to use claims-based authentication instead of classic mode authentication.
To convert a SharePoint 2013 classic-mode web application to claims-based authentication
- From the Windows PowerShell command prompt, type the following:
  
  Convert-SPWebApplication -Identity “http:// <servername>:port” -To Claims
  –RetainPermissions [-Force]
  
  Where:
  - <servername> is the name of the server.
Verify that users can access the web application after you have converted it to claims-based authentication.

For more information, see New-SPWebApplication, Get-SPManagedAccount, and Convert-SPWebApplication.

Note:

We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.
Migrate SharePoint 2010 Products classic-mode web applications to SharePoint 2013 classic-mode web applications

In SharePoint 2013, complete the following procedure to create a classic-mode web application, and then migrate an existing SharePoint 2010 Products classic-mode Web application to SharePoint 2013.

To migrate a SharePoint 2010 Products classic-mode web application to SharePoint 2013

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running Windows PowerShell cmdlets.
You must read about_Execution_Policies (http://go.microsoft.com/fwlink/p/?LinkId=193050).
Add memberships that are required beyond the minimums above.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 15 Products cmdlets.

Note:

From the Windows PowerShell command prompt, type the following:

New-SPWebApplication –name “ClassicAuthApp” –Port 100 –ApplicationPool
“ClassicAuthAppPool” –ApplicationPoolAccount (Get-SPManagedAccount
“<domainname>\<user>“)

Where:

<domainname>\<user> is the domain to which the server belongs and the name of the user account.

Attach the two existing SharePoint 2010 Products content databases to the new SharePoint 2013 classic-mode web application. Verify that the content databases work correctly after you have attached them. For more information, see Attach or detach content databases in SharePoint 2013.

Note:

After migration has successfully completed, you might find a user who has not been migrated listed in the ULS log. Determine if the user still exists in your Active Directory domain, and then:

If the user does not exist in your Active Directory domain, assign someone else as the site owner and designate the user as deleted in the UserInfo table. To designate a user as deleted, change the tp_deleted value in the UserInfo table for that user to 1.
If the user does exist in your Active Directory domain, run the migration procedure again.

For more information, see New-SPWebApplication and Get-SPManagedAccount.

Note:

Upgrade site collections to SharePoint 2013

Published: July 16, 2012

Summary: Find out how to upgrade a site collection to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

The following downloadable resources, articles on TechNet, video recordings, and related resources provide information about upgrading site collections to SharePoint 2013.

Downloadable resources how to upgrade site collections

Download the following content for information about how to upgrade site collections.

	Content	Description
	SharePoint 2013 Products Preview – Upgrade Process model	Describes the steps in the process for a database-attach upgrade.

TechNet articles about how to upgrade site collections

The following articles about how to upgrade site collections are available to view online. Writers update articles on a continuing basis as new information becomes available and as users provide feedback.

Content	Description
Run site collection health checks in SharePoint 2013	Run the site collection health checks to verify your site is running well. Check each site before you upgrade to SharePoint 2013.
Upgrade a site collection to SharePoint 2013	Site collection administrators can preview a copy of their sites in SharePoint 2013 mode, and then upgrade their sites.
Review site collections upgraded to SharePoint 2013	Review site collections after you have upgraded them to SharePoint 2013.
Manage site collection upgrades to SharePoint 2013	Farm administrators manage the upgrade queue and throttling settings and upgrade site collections to SharePoint 2013.

Additional resources about how to upgrade to SharePoint 2013

The following resources about upgrade to SharePoint 2013 are available from other subject matter experts.

	Content	Description
	Upgrade and Migration Resource Center for SharePoint 2013 Products	Visit the Resource Center to find additional information about upgrades to SharePoint 2013.
	What’s New in SharePoint 2013 Products Resource Center	Visit the Resource Center to learn about what‘s new in SharePoint 2013.

Upgrade to SharePoint 2013

Run site collection health checks in SharePoint 2013

Published: July 16, 2012

Summary: Run the site collection health checks on each site to find issues before you upgrade to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

SharePoint 2013 includes a set of rules that you can run against a site collection to verify that it is working as expected. These rules are part of the site collection health checks. You can run the health checks from the Site Settings page or by using Windows PowerShell.

If you are upgrading a site collection to SharePoint 2013, the first step in the process is to run the health checks.

Upgrade step 1: Run site collection health checks

For a visual overview of the entire upgrade process, see Overview of the upgrade process to SharePoint 2013.

You run the health checks manually to prepare for an upgrade. In addition, the health checks are run automatically in repair mode when you start to upgrade a site collection. You can also run the health checks at any time to verify that a site is working as expected. The site collection pre-upgrade health checks examine a site collection and list potential upgrade issues, such as missing or unsupported elements. For example, the results itemize customized files so that you can identify the custom file and reset it to the default template in the site definition, if you want. After you run the checks, a report lists potential issues. The report also has information about how to address the issues.

The site collection health checker includes the following rules:

Site collection health check rules

Rule name	Description	Rule ID
Customized Files	This rule checks for any files that were customized (or unghosted) in the site collection or subsites. When run in repair mode, it can reset the page to the default (reghost the file).	cd839b0d-9707-4950-8fac-f306cb920f6c
Missing Galleries	This rule checks for all default galleries and reports if any are missing from the site collection or subsites.	ee967197-ccbe-4c00-88e4-e6fab81145e1
Missing Site Templates	This rule checks to make sure that the template the site is based on is available and reports if any elements are missing.	5258ccf5-e7d6-4df7-b8ae-12fcc0513ebd
Unsupported Language Pack References	This rule checks to make sure that the language packs that are used by the site collection exist and are referenced correctly by the site collection.	99c946f7-5751-417c-89d3-b9c8bb2d1f66
Unsupported MUI References	This rule checks to make sure that the multi-user interface elements that are used by the site collection exist and are referenced correctly by the site collection.	6da06aab-c539-4e0d-b111-b1da4408859a

Before you begin

This is the first step in upgrading a site collection. Before you upgrade a site collection, you must have already configured the environment that uses SharePoint 2013 and upgraded the databases. For more information about these steps, see Attach databases and upgrade to SharePoint 2013.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:
Run the site collection pre-upgrade health checks by using Site Settings

Site collection owners can run the site collection health checks from the Site Settings page in their site collections.

To run the pre-upgrade checks for a site collection

Verify that the user account that performs this procedure is a site collection administrator.
On the Site Settings page for the site collection, in the Site Collection Administration section, click Site collection health checks.
On the Run site collection health checks page, click Start checks.

A report lists all checked issues and issues that you should resolve.
Resolve all issues, and then click Try it again to verify that you fixed them.

Run the site collection pre-upgrade health checks by using Windows PowerShell

Farm administrators can use the following Windows PowerShell cmdlets to run the site collection health checks and to repair issues: Test-SPSite Repair-SPSite.

To run the site collection health checks in test mode by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.

db_owner fixed database role on all databases that are to be updated.

Administrators group on the server on which you are running the Windows PowerShell cmdlets.

Either a site collection administrator or be granted full read (for test mode) for the web application by policy. For more information about permission policies for web applications, see Manage permission policies for a web application (SharePoint Server 2010).

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Test-SPSite -Identity <SiteURL> [-Rule <RuleID>]

Where:

<SiteURL> is URL for the site collection you want to check.
<RuleID> is ID for a specific rule that you want to run.

To run the site collection health checks in repair mode by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.
Either a site collection administrator or be granted full control (for repair mode) for the web application by policy. For more information about permission policies for web applications, see Manage permission policies for a web application (SharePoint Server 2010).

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Repair-SPSite -Identity <SiteURL> [-Rule <RuleID>]

Where:

<SiteURL> is URL for the site collection you want to repair.
<RuleID> is ID for a specific rule that you want to run.

Additional steps

If you are performing an upgrade to SharePoint 2013, you can start the site collection upgrade after you have addressed all issues from the health checks. You can create an upgrade evaluation site to try the new user interface for your site, or you can upgrade your site collection directly. To learn about how to create evaluation site collections or upgrade a site collection, see Upgrade a site collection to SharePoint 2013.
Upgrade a site collection to SharePoint 2013

Published: July 16, 2012

Summary: Learn how site collection administrators can preview a copy of their sites in SharePoint 2013 mode, and then upgrade their sites.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

After a server farm administrator has upgraded the databases, site collection administrators can upgrade individual site collections. When site collection administrators first browse to their sites after the database has been upgraded, a notification bar at the top of the site indicates that their sites can be upgraded. The choices are to Start now or Remind me later. Start now begins the site collection upgrade process.

To upgrade a site collection, site collection administrators complete the following steps:

Run the site collection health checks to verify the site is ready to upgrade. For more information, see Run site collection health checks in SharePoint 2013.
Create an upgrade evaluation site to preview the differences between versions. (Optional)
Upgrade the site collection.
Verify that upgrade was successful and the site works as expected. For more information, see Review site collections upgraded to SharePoint 2013.

This article discusses the second and third steps, and includes procedures for performing these tasks from Site Settings. For information about using Windows PowerShell cmdlets to upgrade sites from the command line, see Manage site collection upgrades to SharePoint 2013.

Upgrade step 2: Request evaluation site collection and Step 3: Upgrade the site

For a visual overview of the upgrade process, including site collection upgrade, see Overview of the upgrade process to SharePoint 2013. For more information about how farm administrators can control site collection upgrades, see Manage site collection upgrades to SharePoint 2013. For more conceptual information about site upgrade, including how to plan for upgrade, see Plan for site collection upgrades in SharePoint 2013.

Important:

If you upgrade from SharePoint Server 2010 to SharePoint Server 2013, there are special considerations for My Sites. (My Sites are not available in SharePoint Foundation 2013.) Make sure that you upgrade the My Site Host site collection before you allow users to access their individual My Sites in SharePoint Server 2013. This makes sure that the server software and database changes are complete so that users can upgrade their individual My Sites successfully.

A user can upgrade his or her My Site by following the steps to upgrade a site collection later in this article, or a farm administrator can upgrade My Sites by using Windows PowerShell.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Create an upgrade evaluation site (Optional)

As a site collection administrator, you can request a preview of your site collection; this is called an upgrade evaluation site collection. An upgrade evaluation site collection enables you to see your site‘s content in a new, separate copy of the site that is running on the SharePoint 2013. Unlike visual upgrade in SharePoint Server 2010, the upgrade evaluation site collection is a complete copy of the site collection, separate from the original. Actions that you take in the upgrade evaluation do not affect the original site.

When you request an evaluation site collection, the request is added to a Timer job (named “Create Upgrade Evaluation Site Collections”) which runs once a day. You will receive an e-mail message when the upgrade evaluation site is available. This might take up to 24 hours. The message includes a link to the evaluation site. Upgrade evaluation site collections are set to automatically expire (after 30 days by default). If yours expires before you have finished evaluating the changes, you can request another upgrade evaluation site collection.

To request an upgrade evaluation site collection

Verify that the user account that performs this procedure is a site collection administrator.
On the Site Settings page for the site collection, in the Site Collection Administration section, click Site collection upgrade.
On the Step up to SharePoint 2013 page, click Try a demo upgrade.

This option starts the process of generating an upgrade evaluation site collection.
In the Create Upgrade Evaluation Site Collection box, click Create Upgrade Evaluation Site Collection.

A box opens and informs you that a demo site request was received.
Click Close to close the box.

You will receive an e-mail message when the upgrade evaluation is available. The e-mail message will contain a link to the site collection. Review the site and confirm that your site collection will look and behave as expected in the new user interface.

After you have reviewed the upgrade evaluation and made any necessary changes in your original site based on your evaluation, you can upgrade your site collection.

Farm administrators can use Windows PowerShell to request an upgrade evaluation site collection. For more information, see Manage site collection upgrades to SharePoint 2013.

Upgrade a site collection

After you run the pre-upgrade checks and optionally review an upgrade evaluation site collection, you can upgrade your site collection to SharePoint 2013.

To upgrade a site collection

Verify that the user account that performs this procedure is a site collection administrator.
On the Site Settings page for the site collection, in the Site Collection Administration section, click Site collection upgrade.
On the Site Collection Upgrade page, click Upgrade this Site Collection.

This option starts the process of upgrading your site collection. A box opens to verify that you want to start the process.
Click I’m ready to start the actual upgrade.

Note:

Errors or warnings
When the upgrade started
Where you can find the upgrade log file

After the upgrade is complete, the Upgrade status page is displayed in the new user interface with the message, Upgrade Completed Successfully.

Click Let’s see the new site to go to the home page.

Farm administrators can use Windows PowerShell to upgrade a site collection. For more information, see Manage site collection upgrades to SharePoint 2013.

Verification

To verify that upgrade has succeeded, check the Upgrade status page for the site collection.
- View upgrade status in Site Settings
Site collection administrators can view the Upgrade Status page in Site Settings to verify that upgrade has succeeded for a site collection.

To view upgrade status in Site Settings

Verify that the user account that performs this procedure is a site collection administrator.
On the Site Settings page for the site collection, in the Site Collection Administration section, click Site collection upgrade.
On the Site Collection Upgrade page, click Review Site Collection Upgrade Status.

The Upgrade Status page for the site collection is displayed.

Farm administrators can use Windows PowerShell to view site collection upgrade status. For more information, see Manage site collection upgrades to SharePoint 2013.

Additional steps

Next, review your upgraded site collection to be sure that everything is working as expected. For more information see Review site collections upgraded to SharePoint 2013.
Review site collections upgraded to SharePoint 2013
Published: July 16, 2012

Summary: Learn what to look for when you review site collections after you upgrade to SharePoint 2013 and find tips to address issues.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Use these steps in your test environment to identify any issues before you upgrade your production environment. And review your upgraded sites to fix any issues after you have upgraded a site collection.

When you perform tests before upgrading your environment:
- Begin by validating high-impact or high-profile sites, and then move on to lower-priority sites. As part of the planning process, you should have identified which sites are high-impact and high-profile and require immediate attention, and which can wait a bit longer.
- To verify basic functionality, create a new site collection by using a representative set of lists, libraries, Web Parts, and so on. Review the new site to make sure that the common, basic elements of your sites are working.
- If pages do not render, you can check the Site Settings page by going directly to the URL (http:// siteurl/_layouts/settings.aspx). If the Site Settings page works and the upgrade has succeeded, there might be issues with the master page or home page. If the Site Settings page does not work, go to the site collection upgrade log file to see whether you can get more information about the problem.
You can review the site collection upgrade logs from the following locations:
- For site collection administrators: There are also log files for site collection upgrade stored inside the site collection itself, in the Maintenance Logs catalog at (http://<SiteName>/_catalogs/MaintenanceLogs/YYYYMMDD-HHMMSS-SSS.txt , where YYYYMMDD is the date and HHMMSS-SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds).
- For farm administrators: The site collection upgrade log file and the upgrade error log file are located at %COMMONPROGRAMFILES%\Microsoft Shared\Web server extensions\15\LOGS. The logs are named in the following format: SiteUpgrade-YYYYMMDD-HHMMSS-SSS.log, where YYYYMMDD is the date and HHMMSS-SSS is the time (hours in 24-hour clock format, minutes, seconds, and milliseconds). These file system logs have more information if you want details about issues.
Use the following checklists to review your upgraded sites and look for issues for either trial upgrades or upgrades in a production environment.

Checklists for reviewing upgraded sites

Web Parts

The following table lists issues with Web Parts that can occur after upgrade and how to address them.

Tip:

To test your Web Parts quickly, you can build a new Web Part page that contains all the custom Web Parts before you test an upgrade, and then review the page for any missing or broken Web Parts after the trial upgrade.

What to check	What to do if there is a problem
Do all the Web Parts from your original site appear in your upgraded site?	If a Web Part zone exists in a customized (unghosted) page, but not in the site definition, the Web Parts from that Web Part zone may have been moved into the bottom zone on the page during the upgrade. Either in Edit Mode for the page in the browser or in SharePoint Designer 2013, look for missing Web Parts in the bottom zone or other zones, or check whether the Web Parts were closed. For more information about how to work with Web Parts and Web Part zones in SharePoint Designer 2013, see the SharePoint Designer Help system.
Are there any broken Web Parts pages and are the Web Parts displayed correctly (in the correct zone, location, and size)?	Either in Edit Mode for the page in the browser or in SharePoint Designer 2013, drag the Web Part into the correct zone or modify the Web Part properties to correct any sizing or positioning problems.
Are there any extra or missing Web Parts?	Open the page either in Edit Mode for the page in the browser or in SharePoint Designer 2013. If you see additional Web Parts on your page, look for closed or inactive Web Parts on the original version of the page. Were the closed or inactive Web Parts opened by the upgrade process? If so, you can modify the Web Part properties to close these Web Parts. If Web Parts are missing, look for errors in SharePoint Designer 2013 such as “Error Rendering Control” or “Missing Assembly.” These errors indicate that the Web Part was not installed or was configured incorrectly for the new environment and must be reinstalled or reconfigured.
Do the Web Parts work correctly?	Open the page either in Edit Mode for the page in the browser or in SharePoint Designer 2013, and look for errors that indicate that a component or service is missing. Make sure that any components or services that the Web Parts rely on exist in the upgraded site. Particularly for the database attach upgrade approach, you must make sure that you have installed all the components or services that you must have for your Web Parts, and that you have configured them correctly (for example, you have configured the Web.config Safe Controls list). Update and redeploy any Web Parts that exist but no longer function correctly.
Are any Web Parts pages still checked out?	If you check out a page to make changes, make sure that you check in the page again.
Are your Excel Web Access Web Parts working correctly? Did you create your connections again correctly? Are external data sources still working?	Verify all connections and external data sources.

Tip:

If you have problems with a Web Part, append ?contents=1 to the end of the URL syntax (http:// siteurl/default.aspx?contents=1), and then press ENTER. This opens the Web Part Maintenance page where you can remove and repair the broken Web Part.

Large lists

By default, large list query throttling is turned on in SharePoint 2013. If a list is very large, and users use a view or perform a query that exceeds the limit or throttling threshold, the view or query will not be permitted. Check any large lists in your environment and have the site administrator or list owner address the issue. For example, they can create indexed columns with filtered views, organize items into folders, set an item limit on the page for a large view, or use an external list. For more information about large list throttling and how to address issues with large lists, see Manage lists and libraries with many items on Office Online.

Styles and appearance

The following table lists common issues with the style and appearance of your web site after upgrade and how to address them.

Tip:

Most of the issues in this section can be resolved by correcting the links to an item.

What to check	What to do if there is a problem
Are all the images on your pages displayed correctly?	Verify or fix the links to the images.
Are the appropriate cascading style sheet colors and styles used in the appropriate locations?	Verify or fix the links to the cascading style sheet file. Verify the link on the master page.
Theme choices are different in SharePoint 2013 – which theme do you want to use?	Your site’s home page, or other pages on your site, may look different after the site is upgraded. You may have to re-create or revise a theme and reapply it.
Do you have any JavaScript controls that are not working?	Verify or fix the links to the controls.
Are your pages displayed correctly in the browser?	Verify that any HTML on the page is in strict XHTML mode.
Are any script errors displayed on any pages?	Verify the scripts and links, and verify that any HTML is in strict XHTML mode.

Customized (unghosted) pages

Customized (also known as unghosted) pages are pages that were edited and are now unique versions of the pages for the site, instead of the default template pages. The following table lists issues with customized pages that can occur after upgrade and how to address them.

What to check	What to do if there is a problem
Are your customizations still in place?	Determine whether you have only one issue or a larger problem with the whole page. If you added a brand-new page to your original site (for example, if you replaced Default.aspx with a different file instead of changing the existing Default.aspx file), the new page has no association with the site definition. Therefore, it might not resemble the other pages on the upgraded site — nor can it be reset to resemble them. If you want your customized page to have the same appearance and behavior as the other pages on your site, consider creating a brand-new page that is based on the site definition and then transferring your customizations to that new page.
Can you still access the editing controls on the pages?	If you customized the editing controls (for example, the Site Actions link or the Edit Page link in SharePoint 2010 Products), check whether they still appear. If they don’t appear, you can replace them with the editing controls of the new version by resetting the page to the default version. Use the Reset to Template command in SharePoint Designer to reset the page to the default version (also known as reghosting). After you have restored the default page, you can then reapply your customizations in the browser by applying a different master page, or by reapplying the customizations in SharePoint Designer.
Are your customizations still appropriate in the new environment, or do you want to update to the new functionality and look?	If you want the new functionality and features, you must reset any customized pages to use the template. Resetting the page basically discards the customizations and attaches your page to the appropriate master page. Any customizations that you want can then be transferred to the master page instead of being stored in individual pages. Use the Reset to Template command in SharePoint Designer to reset the page to the default version (that is, reghost it). After you have restored the default page, you can then reapply your customizations in the browser by applying a different master page, or by reapplying the customizations in SharePoint Designer.
Are any pages still checked out?	If you check out a page to make changes, make sure that you check in the page again.

Manage site collection upgrades to SharePoint 2013

Published: July 16, 2012

Summary: Learn how farm administrators can manage the upgrade queue and throttling settings and upgrade site collections to SharePoint 2013.

Applies to: SharePoint Foundation 2013 | SharePoint Server 2013

Even though site collection administrators can now upgrade their own sites to SharePoint 2013, server farm administrators can still control when and whether a site collection is upgraded by managing the upgrade queue. You can also view and manage the upgrade throttling settings for a web application or content database to manage your farm’s performance for site collection upgrades.

Before you begin to upgrade site collections to SharePoint 2013

Farm administrators can control settings for site collection upgrade, such as notifications, throttling, and the upgrade queue, and can upgrade site collections by using Windows PowerShell. Before you change these settings or upgrade a site collection, you should understand the settings and the implications for making changes. For more information about the settings for site collection upgrade, see Plan for site collection upgrades in SharePoint 2013. For information about how to upgrade a site collection from the Site Settings page, see Upgrade a site collection to SharePoint 2013.

Note:

Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

Plan browser support

Accessibility for SharePoint Products

Accessibility features in SharePoint 2013 Products

Keyboard shortcuts

Touch
Control upgrade notifications and self-service upgrade

When a site collection is available to upgrade, site collection administrators see a status bar on their sites indicating that they can upgrade them. They can choose to upgrade the site collection then or be reminded later. You can control settings for these notifications and control whether site collection administrators can upgrade their site collections. For more information about these properties, see Plan settings for upgrade notifications, self-service upgrade, and site collection creation.

To view the upgrade notification and self-service upgrade settings by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following commands to view the upgrade notification settings for a web application:

$wa=Get-SPWebApplication <URL>
$wa.UpgradeReminderDelay
$wa.UpgradeMaintenanceLink

Where:

<URL> is URL for the web application that you want to check.

This command returns the Upgrade reminder delay setting for the specified web application.

At the Windows PowerShell command prompt, type the following command to view the self-service upgrade setting for a site collection:

$site=Get-SPSite <URL>
$wa.AllowSelfServiceUpgrade

Where:

<URL> is URL for the site collection that you want to affect.

For more information, see Get-SPWebApplication and Get-SPSite.

To change the upgrade notification and self-service upgrade settings for a web application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command to change the upgrade notification settings for a web application:

$wa=Get-SPWebApplication <URL>
$wa.UpgradeReminderDelay=<Value>
$wa.UpgradeMaintenanceLink=’<LinkURL>‘

Where:

<URL> is URL for the web application that you want to affect.
<Value> is the numeric value that you want to set for the delay (for example, 10 for 10 days).
<LinkURL> is a link where the user can find more information.

At the Windows PowerShell command prompt, type the following command to change the self-service upgrade setting for a site collection:

$site=Get-SPSite <URL>
$wa.AllowSelfServiceUpgrade=<Value>

Where:

<URL> is URL for the site collection that you want to affect.
<Value> is either ‘true’ to allow site collection administrators to upgrade the site, or ‘false’ to not show them the notification and not allow them to upgrade.

For more information, see Get-SPWebApplication and Get-SPSite.

Control the compatibility range for site creation modes

You can control which mode (2010 or 2013, or both) can be used when a user creates a site collection. The CompatibilityRange property on a web application controls the site modes available for a web application. You can view or change the settings for CompatibilityRange by using Windows PowerShell.

To view the compatibility range for site creation modes for a web application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following commands to view the compatibility range settings for a web application:

$wa=Get-SPWebApplication <URL>
# Stores the web application at that URL as a variable
$wa.CompatibilityRange
# Returns the CompatibilityRange for the specified web application

Where:

<URL> is URL for the web application that you want to check.

This command returns the compatibility range for the specified web application. For example:

MaxCompatibilityLevel MinCompatibilityLevel DefaultCompatibilityLevel Singular
——————— ——————— ————————-   ——–

       15                    14
      15
False

At the Windows PowerShell command prompt, type the following commands to view the maximum, minimum, and default settings for a specific range:

[Microsoft.SharePoint.SPCompatibilityRange]::<RangeName>

Where:

RangeName is one of the following values: OldVersions, NewVersion, AllVersions.

This command returns the compatibility range for the specified value. For example, for NewVersion:

MaxCompatibilityLevel MinCompatibilityLevel DefaultCompatibilityLevel Singular
——————— ——————— ————————-   ——–
               15
              15
      15
True

For more information, see Get-SPWebApplication.

To change compatibility range for site creation modes for a web application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command to change the compatibility range settings to a specific range:

$wa=Get-SPWebApplication <URL>
# Stores the web application at that URL as a variable
$wa.CompatibilityRange = [Microsoft.SharePoint.SPCompatibilityRange]::<RangeName>
# Specifies which range to use
$wa.Update()
# Updates the CompatibilityRange setting to use only the range you specified
$wa.CompatibilityRange
# Returns the new CompatibilityRange for the web application

Where:

<URL> is URL for the web application that you want to change.
RangeName is one of the following values: OldVersions, NewVersion, AllVersions.

At the Windows PowerShell command prompt, type the following command to change the values for the CompatibilityRange manually:

$wa=Get-SPWebApplication <URL>
# Stores the web application at that URL as a variable
$range = New-Object Microsoft.SharePoint.SPCompatibilityRange(<Integer>,<Integer>)
# Creates a new compatibility range from <Integer> to <Integer>
$wa.CompatibilityRange = $range
# Specifies which range to use
$wa.Update()
#Updates the CompatibilityRange setting to use only the range you specified with $range
$wa.CompatibilityRange
# Returns the new CompatibilityRange for the web application

Where:

<URL> is URL for the web application that you want to change.
Integer is a number to use as the minimum or maximum value. For example, (14,15) would set the MinCompatibilityLevel to 14 (2010) and the MaxCompatibilityLevel to 15 (2013). The DefaultCompatibilityLevel is automatically set to the lower of the MaxCompatibilityLevel and the current major version (for example, 15).

This command sets and then returns the range that you specified. For example:

MaxCompatibilityLevel MinCompatibilityLevel DefaultCompatibilityLevel Singular
———————   ——————— ————————-   ——–
                15                     14
      15
False

For more information, see Get-SPWebApplication.

Control the queue for upgrades of sites to SharePoint 2013
Every site that is set to upgrade is added to the queue, even if it is processed immediately. A site is removed from the queue after it is upgraded, or if it has encountered an error that must be addressed by a site collection or server administrator. If an unexpected failure occurs during the process (such as a power outage or service interruption), the site remains in the queue and the timer service will try the upgrade again automatically. Server farm administrators can manage the queue to remove a site from the queue, add a site to the queue, or upgrade a site manually.

Server farm administrators can manage the queue to do the following:
- Determine site collections that are in the upgrade queue.
  
  Each web application has its own upgrade queue. You can show the sites that are in the queue for a specific content database associated with that web application.
- See all sites that are currently being upgraded.
  
  You can view the queue and filter it to show only the sites that are currently being upgraded for a specific content database.
- Add a site collection to the upgrade queue.
  
  If you want to upgrade a site collection, you can add it to the queue.
- Remove a site collection from the upgrade queue.
  
  You can remove a site collection from the upgrade queue. Stop the timer job, remove the site from the queue, and then restart the timer job to resume upgrade for the remaining sites in the queue. You cannot remove a site collection from the queue if it is currently being upgraded.
The following procedure contains steps to view and manage the site collection upgrade queue.

To manage the upgrade queue by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
To view all site collections in the queue for a content database, at the Windows PowerShell command prompt, type the following command:

Get-SPSiteUpgradeSessionInfo -ContentDatabase <DatabaseName> -ShowInProgress -ShowCompleted -ShowFailed |ft

Where:

<DatabaseName> is name of the database that you want to check. You can also use the GUID for the database instead of the name.

For more information, see Get-SPSiteUpgradeSessionInfo.

To see all sites that are currently being upgraded, at the Windows PowerShell command prompt, type the following command:

Get-SPSiteUpgradeSessionInfo -ContentDatabase <DatabaseName> -ShowInProgress

Where:

<DatabaseName> is name of the database that you want to check. You can also use the GUID for the database instead of the name.

For more information, see Get-SPSiteUpgradeSessionInfo.

To see whether a particular site is in the queue, at the Windows PowerShell command prompt, type the following command:

Get-SPSiteUpgradeSessionInfo -Site <http://site>

Where:

<http://site> is URL for the site collection you want to add to the upgrade queue.

For more information, see Get-SPSiteUpgradeSessionInfo.

To add a site collection to the upgrade queue, at the Windows PowerShell command prompt, type the following command:

Upgrade-SPSite <http://site> -VersionUpgrade -QueueOnly

Where:

<http://site> is URL for the site collection you want to add to the upgrade queue.

For more information, see Upgrade-SPSite.

To remove a site collection from the upgrade queue, at the Windows PowerShell command prompt, type the following command:

Remove-SPSiteUpgradeSessionInfo -Identity <URL>

Where:

<URL> is URL for the site collection you want to add to the upgrade queue.

For more information, see Remove-SPSiteUpgradeSessionInfo.

Control site throttle settings for upgrade to SharePoint 2013

You can view and change the upgrade throttle settings for a content database and web application by viewing and setting the SPContentDatabase.ConcurrentSiteUpgradeSessionLimit and SPWebApplication.SiteUpgradeThrottleSettings properties. For descriptions of the properties that control throttle levels and the default values, see Plan for site collection upgrades in SharePoint 2013.

For more information about web application properties, see SPWebApplication Properties. For more information about content database properties, see SPContentDatabase Properties.

The following procedure provides steps to view upgrade throttling settings for a web application.

To view the upgrade throttle settings for a web application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

$wa = Get-SPWebApplication <URL>
$wa.SiteUpgradeThrottleSettings

Where:

<URL> is URL for the web application that you want to check.

This command returns the set of throttling settings for the specified web application. For example:

AppPoolConcurrentUpgradeSessionLimit : 5
UsageStorageLimit : 10
SubwebCountLimit : 10
Name :
TypeName : Microsoft.SharePoint.Administration.SPSiteUpgradeThrottleSettings
DisplayName :
Id : ca76dda0-7050-4c6b-a126-05917da39f8a
Status : Online
Parent : SPWebApplication Name=SharePoint – 80
Version : 8222
Properties : {}
Farm : SPFarm Name=SharePoint_ConfigUpgradedPersistedProperties : {}

For more information, see Get-SPWebApplication.

You can change the upgrade throttle settings for a web application. The following procedure provides steps to change the upgrade throttling settings for a web application.

To change the upgrade throttle settings for a web application by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

$wa=Get-SPWebApplication <URL>
$wa.SiteUpgradeThrottleSettings.AppPoolConcurrentUpgradeSessionLimit=<Value>
$wa.SiteUpgradeThrottleSettings.UsageStorageLimit=<Value>
$wa.SiteUpgradeThrottleSettings.SubwebCountLimit=<Value>

Where:

<URL> is URL for the web applications that you want to affect.
Value is the numeric value that you want to set for that limit (for example, 8).

This command changes the throttling settings for a web application to the value that you supply.

For more information, see Set-SPWebApplication.

The following procedure provides steps to view upgrade throttling settings for a content database.

To view the throttle settings for a content database by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

$db = Get-SPContentDatabase <DatabaseName>

# Stores the database name as a variable to use in the next command

$db.ConcurrentSiteUpgradeSessionLimit
# Returns the value for the limit for that database

Where:

<DatabaseName> is name of the database that you want to check. You can also use the GUID for the database instead of the name.

This command returns the set of throttling settings for the specified content database.

For more information, see Get-SPContentDatabase.

You can change the upgrade throttle settings for a content database. The following procedure provides steps to change the upgrade throttling settings for a content database.

To change the throttle settings for a content database by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following commands:

$db = Set-SPContentDatabase <DatabaseName>
# Stores the database name as a variable to use in the next command

$db.ConcurrentSiteUpgradeSessionLimit=<value>
# Changes the limit to the value you specify.

Where:

<DatabaseName> is name of the database that you want to affect. You can also use the GUID for the database instead of the name.
<value> is a numeric value to set the property to, such as 9.

This command changes the throttling settings for the specified content database to the value that you supply.

For more information, see Set-SPContentDatabase.

Create upgrade evaluation site collections by using Windows PowerShell

Site collection administrators can request a preview of their site collection. This preview site is called an upgrade evaluation site collection. Farm administrators can request an upgrade evaluation site collection by using Windows PowerShell.

To request an upgrade evaluation site collection by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.

db_owner fixed database role on all databases that are to be updated.

Administrators group on the server on which you are running the Windows PowerShell cmdlets.

Either a site collection administrator or be granted full control (for repair mode) for the web application by policy. For more information about permission policies for web applications, see Manage permission policies for a Web application (SharePoint Server 2010).

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Request-SPUpgradeEvaluationSiteCollection -identity URL to site

Where:

URL to site is the URL to a site collection in 2010 mode.

For more information, see Request-SPUpgradeEvaluationSite.

Upgrade site collections by using Windows PowerShell

You can upgrade a single site collection or all site collections in a specific database by using Windows PowerShell.

To upgrade a single site collection in a database by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Windows PowerShell

Upgrade-SPSite <http://site> -VersionUpgrade [-Unthrottled]

Where:

<http://site> is the URL for the site collection.
Add the option -Unthrottled option to skip the site collection upgrade queue and start the upgrade immediately.

This cmdlet upgrades the specific site collection to 2013 mode. For more information, see Upgrade-SPSite.

To upgrade all site collections in a database, use Windows PowerShell. However, because sites can continue to run in 2010 mode in the SharePoint 2013 environment, this is not a necessary procedure for most environments. If you do choose to upgrade all site collections immediately, site collection owners do not have an opportunity to use an upgrade evaluation site to preview the new user interface or change their original site before upgrading. We do not recommend that you upgrade all site collections immediately as part of your initial upgrade. However, you might want to upgrade all site collections after some time has passed and all customizations were verified in 2013 mode.

To upgrade all site collections in a database by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Windows PowerShell

Get-SPSite -ContentDatabase <DBName> -Limit All | Upgrade-SPSite -VersionUpgrade -QueueOnly

Where:

<DBName> is the name of the content database for which you want to upgrade all site collections.

The -QueueOnly parameter adds the site collections to the upgrade queue. This allows the timer job to perform parallel upgrades when it is possible and can save time. The sites are upgraded in the order in which they are added to the queue.

This cmdlet upgrades all site collections in the specific content database to 2013 mode.

View upgrade status by using Windows PowerShell

You can view upgrade status for all databases, for a single site collection, or for all site collections.

To view upgrade status for a single site collection by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Get-SPSiteUpgradeSessionInfo -Site <http://site>

Where:

<http://site> is the URL of the site collection.

This cmdlet returns the upgrade status for the specified site collection together with information about the upgrade session and a link to the log files for more information. For more information, see Get-SPSiteUpgradeSessionInfo.

Or, you can use the following command to view the information about a specific site collection upgrade:

$sc = Get-SPSite <http://site>
# Sets a variable for the site collection
$sc.CompatibilityLevel
# Returns the compatibility level for the site collection (either 14 or 15 for 2010 or 2013 mode)
$sc.UpgradeInfo
# Returns the upgrade information for the site collection

Where:

<http://site> is the URL of the site collection.

This command returns the compatibility level and upgrade information (such as a pointer to the log file) for the specified site collection. If the compatibility level is “15,” then it has been upgraded to 2013 mode. For more information, see Get-SPSite.

To view upgrade status for a single database by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Windows PowerShell

Get-SPSiteUpgradeSessionInfo –ContentDatabase <DatabaseName> -ShowInProgress -ShowCompleted -ShowFailed

Where:

<DatabaseName> is the name of the database that you want to check.

This cmdlet returns any site collections that have an upgrade in progress, completed, or failed and lists their status, plus a link to the log files for more information. You can use only one parameter to find only in progress, completed, or failed upgrades. For more information, see Get-SPSiteUpgradeSessionInfo.

To view upgrade status for all site collections by using Windows PowerShell

Verify that you have the following memberships:

securityadmin fixed server role on the SQL Server instance.
db_owner fixed database role on all databases that are to be updated.
Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

Note:

On the Start menu, click All Programs.
Click Microsoft SharePoint 2013 Products.
Click SharePoint 2013 Management Shell.
At the Windows PowerShell command prompt, type the following command:

Get-SPSite -Limit All

This cmdlet returns the URL for all site collections in the environment and the compatibility level (14 or 15) for each site collection.

Capacity Planning for Microsoft SharePoint 2010My Sites and Social Computing features

Posted on 29 Oct 201229 Oct 2012 by escapebusinesssolutions in Uncategorized

Capacity Planning for

Microsoft SharePoint 2010

My Sites and Social Computing features

This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

Capacity Planning for

Microsoft SharePoint 2010

My Sites and Social Computing features

Gaurav Doshi, Wenyu Cai
Microsoft Corporation

Applies to: Microsoft SharePoint Server 2010

Summary: This whitepaper provides guidance on performance and capacity planning for a My Sites and Social computing portal based on Microsoft® SharePoint® 2010. This documents covers:

Test environment specifications, such as hardware, farm topology and configuration
Test farm dataset
Test data and recommendations for how to determine the hardware, topology, and configuration that you need to deploy a similar environment, and how to optimize your environment for appropriate capacity and performance characteristics.

Table of Contents

Executive Summary…………………………………………………………………………………………………………………………….4

Introduction5

Scenario5

Assumptions and prerequisites5

Glossary5

Overview7

Scaling approach7

Correlating lab environment with production environment7

Test notes8

Test setup…………………………………………………………………………………………………………………………………………..9

Hardware9

Software9

Topology and configuration10

Dataset and disk geometry11

Transactional Mix12

Results and analysis15

Comparison of all iterations15

Impact of people search crawl19

Analysis20

Recommendations23

Appendix24

Executive summary

Overall, here are the key findings from our testing for the My Sites and Social Computing Portal:

The environment scaled up to eight front-end Web servers for one application server and one database server; increase in throughput was almost linear throughout. After eight front-end Web servers, there are no additional gains to be made in throughput by adding more front-end Web servers because the bottleneck at this point was the database server CPU utilization.
Further scale can be achieved by separating the Content database and Services database on two separate database servers.
We maxed out the 8x1x2 topology. At that point both front-end Web server and application server CPU utilization was the bottleneck. That leads us to believe that for the given hardware, dataset, and test workload, the maximum RPS possible is represented by Max Zone RPS for 8x1x2, which is about 1877.
Looking at the trends, it seems possible to extract the same throughput with a healthy farm, if the bottlenecks on the front-end Web server and application server are addressed. The front-end Web server bottleneck can be addressed by adding more front-end Web servers, and the application server bottleneck can be addressed by using two computers to play the role of application server. We did not try it out in the lab though.
Latency is not affected by throughput or hardware variations.
If you have security trimming turned ON, one front-end Web server can support about 8-10 RPS of Outlook Social Connector traffic. This means, one front-end Web server can support about 28,000 to 36,000 employees using Outlook Social Connector all day. Thus, if you are rolling out Outlook Social Connector to 100,000 employees, you can support the traffic that is generated by three front-end Web servers. These values can vary depending on social tagging usage at your company. If you imagine your company to have less social tagging activity than what we used in the dataset for this testing effort, you might get better throughput per front-end Web server.
The incremental people search crawl doesn’t have much effect on the farm’s throughput as long as the farm is maintained in a healthy state.

Introduction

Scenario

This document outlines the test methodology and results to provide guidance for the capacity planning of a social computing portal. A social computing portal is a Microsoft® SharePoint® 2010 deployment where each person in the company maintains a user profile, finds experts in the company, connects with other employees through newsfeeds and maintains a personal site for document storage and sharing. In addition to this traffic caused by social computing features, there is good amount of typical collaboration traffic caused by people uploading, sharing, viewing, and updating documents on their personal sites. We expect these results to help in designing a separate portal dedicated to My Sites and social features.

Different scenarios will have different requirements, so it is important to supplement this guidance with additional testing on your own hardware and in your own environment.

When you read this document, you will understand how to:

Estimate the hardware required to support the scale you need to support: number of users, load, and the features enabled.
Design your physical and logical topology for optimum reliability and efficiency. High Availability/Disaster Recovery are not covered in this document.
Account for effect of ongoing people search crawl and profile sync on the RPS of a social computing portal-like deployment

Before you read this document, you should read the following:

Capacity Planning and Sizing for Microsoft SharePoint 2010 Products and Technologies
Office SharePoint Server 2010 Software Boundaries
SharePoint Server 2010 Technical Case Study: Social Environment, available for download on TechNet

If you are interested in reading capacity planning guidance on typical collaboration scenarios, please read: SharePoint Server 2010 Capacity Lab Study: Enterprise Intranet Collaboration Solution

Assumptions and prerequisites

There is no custom code running on the social computing portal deployment in this case. We cannot guarantee the behavior of custom code or third party solutions that are installed on top of your My Site and social computing portal.
Authentication mode was NTLM

Glossary

There are some specialized terms you will encounter in this document. Here are a few key terms and their definitions.

RPS: Requests per second. The number of requests received by a farm or server in one second. This is a common measurement of server and farm load.
Note that requests are different from page loads; each page contains several components, each of which creates one or more requests when the page is loaded. Therefore, one page load creates several requests. Typically, authentication checks and events that are consuming negligible resources are not counted in RPS measurements.
Green Zone: This is the state at which the server can maintain the following set of criteria:
- The server-side latency for at least 75 percent of the requests is less than 0.5 second.
- All servers have a CPU utilization of less than 50 percent.
  Note: Because this lab environment did not have an active search crawl running, the database server was kept at 40 percent CPU utilization or lower, to reserve 10 percent for the search crawl load. This assumes Microsoft SQL Server® Resource Governor is used in production to limit Search crawl load to 10 percent CPU.
- Failure rate is less than 0.01 percent.
Max Zone: This is the state at which the server can maintain the following set of criteria:
- HTTP request throttling feature is enabled, but no 503 errors (Server Busy) are returned.
- Failure rate is less than 0. 1 percent.
- The server-side latency is less than 1 second for at least 75 percent of the requests.
- Database server CPU utilization is less than 80 percent, which allows for 10 percent to be reserved for the Search crawl load, limited by using SQL Server Resource Governor.
AxBxC (Graph notation): This is the number of Web servers, application servers, and database servers in a farm. So for example, 8x1x2 means that this environment has eight Web servers, one application server, and two database servers.
VSTS Load: Threads used internally by Visual Studio Team System (VSTS) to simulate virtual users. We used increasing VSTS Load to generate more and more RPS for the topology.

Overview

Scaling approach

This section describes the specific order that we recommend for scaling computers in your environment, and it is the same approach we took for scaling this lab environment. This approach will allow you to find the best configuration for your workload and can be described as follows:

First, we scaled out the Web servers. These were scaled out as far as possible under the tested workload, until the database server became the bottleneck and was not able to accommodate any more requests from the Web servers.
Until this point, content database and services databases (user profile database, Social database, etc.) were all on the same database server. When we noticed that the database server was the bottleneck, we scaled out the database server by moving the content databases to another database server. At this point, the Web servers were not creating sufficient load on the database servers, so they were scaled out further.
In lab environment, we did not test scale out further. But, if you need more scale, then the next logical step will be to have two computers share application server responsibilities.

We started off with a minimal farm configuration of one front-end Web server, one application server, and one SQL Server-based computer. Through multiple iterations, we finally ended at eight front-end servers, one application server, two SQL Server farm configurations. In the “Results and Analysis” section, you will find a comparison of Green Zone and Max Zone performance characteristics across different iterations. Details of how we found out Green Zone and Max Zone for each iteration is covered in “Appendix”.

Correlating lab environment with a production environment

The lab environment outlined in this document is a smaller scale model of a production environment at Microsoft, and although there are significant differences between the two environments, it can be useful to look at them side by side because they are both My Site and social computing environments where the patterns observed should be similar.

The lab environment contains a dataset that closely mimics the dataset from the production environment. The workload that is used for testing is largely similar to the workload seen in the production environment with few notable differences.

The most notable of the differences is that in the lab environment. We use fewer distinct users to perform the operations, and we perform operations on a smaller number of user profiles compared to the production environment. Also, the lab test runs happen over a shorter period of time.

All this has an effect on how many cache hits we have for the User Profile cache that is maintained on the application server. User Profile Service caches recently used user profiles on the application server. The default size of this cache is 256 MB, which approximately translates into 500,000 user profiles. Because the number of user profiles that was used in testing was limited to 1,500, and the duration of the tests were less than the recycle time of the cache, we almost always had cache hits. Thus, the throughput numbers presented in this document are on the higher side. You should definitely account for cache misses in your environment and hence, expect a lower throughput number.

For a detailed case study of a production My Sites and social computing portal at Microsoft, see SharePoint 2010 Technical Case Study: Social Environment.

Test notes

This document provides results from a test lab environment. Because this was a lab environment and not a production environment, we were able to control certain factors to show specific aspects of performance for this workload. In addition, certain elements of the production environment, in the following list, were left out of the lab environment to simplify testing overhead. Note that we do not recommend omitting these elements for production environments.

Between test runs, we modified only one variable at a time, to make it easy to compare results between test runs.
The database servers used in this lab environment were not part of a cluster because redundancy was not necessary for the purposes of these tests.

Search crawl was not running during the tests, whereas it might be running in a production environment. To take this into account, we lowered the SQL Server CPU utilization in our definition of Green Zone and Max to accommodate the resources that a search crawl would have consumed if it had been running simultaneously with our tests.

Test setup

Hardware

The following table presents hardware specifications for the computers that were used in this testing. Every front-end Web server (WFE) that was added to the server farm during multiple iterations of the test complies to the same specifications.

Front-end Web server

Application server

Database server

Server model

PE 2950

Dell PE 6850

Processor(s

)

2px4c@2.33 GHz

4px4c@ 3.19 GHz

RAM

8 GB

32 GB

Number

of NICs

2

1

NIC speed

1 Gigabit

Load balancer type

F5 – Hardware load balancer

n/a

ULS Logging level

Medium

n/a

Table 1: Hardware specifications for server computers

Software

The following table explains the software that was installed and running on the servers that were used in this testing.

Front-end Web server

Application server

Database server

Operating System

Windows Server® 2008 R2 x64

Windows Server 2008 R2 x64

Windows Server 2008 x64

Software version

Microsoft SharePoint 4763.1000 (RTM), Office Web Applications 4763.1000 (RTM)

Microsoft SharePoint 4763.1000 (RTM), WAC 4763.1000 (RTM)

SQL Server 2008 R2 CTP3

Load balancer type

F5 – Hardware load balancer

n/a

ULS Logging level

Medium

n/a

Antivirus Settings

Disabled

Table 2: Software specifications for server computers

Topology and configuration

The following topology diagram explains the hardware setup that was used for the tests.

Diagram 1: Farm Configuration

Refer to Diagram 1 for the services that are provisioned in the test environment.

Dataset and disk geometry

The test farm was populated with a total of 166.5 GB of MySite content, evenly distributed across 10 content databases, 27.7 GB of Profile database content, 3.7 GB of Social database content (GUIDs for Social tags, notes and ratings) and 0.14 GB of Metadata Management database content (text for social tags and corresponding GUIDs).

The following table explains the dataset in detail:

Number of user profiles	~150K
Average number of memberships / user	74
Average number of direct reports / user	6
Average number of colleagues / user	28
Number of total profile properties	101
Number of multivalue properties	21
Number of audiences	130
Number of MySites	~10K
Number of blog sites	~600
Total number of events in activity feed	798K*
Number of social tags/ratings	5.04M**

Table 3: Dataset detail

*
Social tagging study from del.icio.us suggests that an active user creates 4.2 tags/month. (Tags here mean any activity of assigning metadata to URLs, and hence includes keyword tags, ratings and notes.) This means an active user creates 4.2/30 = 0.14 tags/day. Assuming 1/3^rd users of the social portal are actively tagging, we have 150K/3*0.14 tagging events per day. Activity feed tables maintain activity for 14 days, hence total number of tagging activity in the activity feed table comes to 150K/3*0.14*14. In addition to tagging events, if we assume that active user generates 1 more event per day such as a profile property update or status update, we have 150K/3*1*14 events added to activity feed tables. Thus, total number of events in activity feed tables comes to 150K/3*1.14*14 = 798K Among that, 98K of events is tagging activities which may trigger security trimming; rest of the events will be randomly distributed among status update and profile property changes.

**
Assume 1/3 of population are active users, each create 4.2 tags / month, where a tag can mean a keyword tag, a note or a rating. Assuming the farm is in use for 2 years, total tags will be 150K/3 * 4.2 * 12 * 2 = 5.04M.

The table below explains the disk geometry in details:

Database	ContentDB 1, 2, 3, 4	ContentDB 5, 6	ContentDB 7, 8	ContentDB 9, 10	Profile	Social	Metadata
Database Size	61.4 GB	39 GB	32.3 GB	33.7 GB	27.7 GB	3.7G B	0.14
RAID configuration	0	0	0	0	0	0	0
Number of spindles for MDF	1	1	1	1	6	1	1
Number of spindles for LDF	one physical spindle shared by all databases

Table 4: Disk geometry detail

Transactional mix

Important notes

The tests only model prime time usage on a typical social computing portal. We did not consider the cyclical changes in user generated traffic that is seen with day-night cycles. Timer jobs, which require significant resources, such as Profile Synchronization and People Search Crawl, were tested independently with the same test workload to identify their citizenship effect.

This test focuses more on social operations, such as newsfeeds, social tagging, and reading people profiles. It does have a small amount of typical collaboration traffic, but that is not the focus. We expect these results to help in designing a separate portal dedicated to My Sites and social features.

Test mix does not include traffic from Search Content Crawl. However this was factored into our tests by modifying the Green Zone definition to be 40 percent SQL Server CPU usage as opposed to the standard 50 percent to allow 10percent for the search crawl. Similarly, we used 80 percent SQL Server CPU as the criteria for max RPS.
In addition to the test mix listed in the following table, we also added eight RPS per front-end Web server for Outlook Social Connector traffic. We had security trimming turned ON, and we saw Secure Token Service being stressed as we approached about 8 RPS of Outlook Social Connector’s traffic on single front-end Web server to get activities of colleagues. This is a function of the dataset, test workload, and hardware we used in lab for testing, and you might see entirely different behavior. To avoid further stress on Secure Token Service, we decided to add Outlook Social Connector traffic as a function of the number of front-end Web servers in each iteration. Thus for 1X1X1, we have eight RPS of Outlook Social Connector traffic, while for 2X1X1 we have 16 RPS of Outlook Social Connector traffic, and so on.

Overall transaction mix is presented in the following table:

Description	Read/write	% of mix
Add a colleague	Write	2.11%
Create a rating on a URL, write a note or tag a URL	Write	3.22%
List operations document	Read/Write	2.36%
Get published links to model client calls to PublishedLinksService.asmx	Read	6.92%
Get RSS feeds from lists	Read	3.72%
View all items in document libraries and lists on My Site	Read	1.07%
View a blog post	Read	0.04%
View various My Site pages (my content, colleagues, newsfeed, my profile, someone else’s profile, organization browser, memberships, tags, and notes)	Read	3.87%
Sync for Shared OneNote files	Read	10.0%
Edit my profile page or status message, update picture	Write	2.31%
Office Web Applications: Open and scroll files (PowerPoint®, Word, Excel®)	Read	0.13%
List sync with Outlook®	Read	48.16%
Upload a document	Write	0.09%
Loading pages, document libraries, folders from Content DB	Read	15.93%
Co-authoring of documents	Read/Write	0.17%

Table 5: Transactional Mix

Additional Outlook Social Connector scenario test mix generating 8 RPS per front-end Web server:

Auto-sync my colleagues	Read	4%
Auto-sync my colleagues’ news feeds	Read	96%

Table 6: Outlook Social Connector scenario text mix

Results and analysis

Comparison of all iterations

As mentioned earlier, we started off with a minimal farm configuration of one front-end Web server, one application server and one SQL Server-based computer. Through multiple iterations, we finally ended at eight front-end Web servers, one application server, two SQL Server-based farm configurations. For each of these iterations, we performed step load tests to identify Green Zone and Max Zone. Details of step load tests within each iteration are provided in the Appendix. In the following table, you will find comparison of these Green Zone and Max Zone performance characteristics across different iterations.

The following table and charts provide a summary for comparison and analysis.

Green Zone results:

First let’s take a look at Green Zone performance characteristics across topologies. The following table provides a summary of results:

Topology	1x1x1	2x1x1	3x1x1	5x1x1	8x1x1	8x1x2
Green Zone RPS	137.25	278.08	440.72	683.07	793.67	873.4
Green Zone 75^th Percentile Latency	0.12	0.16	0.14	0.16	0.31	0.32
Green Zone front-end Web server CPU	47.84	46.88	48.68	46.13	31.79	36.90
Green Zone application server CPU	9.45	18.88	26.91	35.58	48.73	47.20
Green Zone SQL Server CPU	5.45	10.61	16.46	24.73	30.03	32.40 (17.9 for Content DB and 14.5 for Services DB)

Table 7:Green Zone performance

The following chart presents variation in CPU utilizations plotted on RPS, and offered by different topologies for Green Zone results.

From the chart above:

RPS increased throughout as we added more computers to topologies.
It is clear that front-end Web server CPU was the driving factor leading the topology to the boundary of Green Zone until 5X1X1, and at 8X1X1 application server CPU reached the boundary for Green Zone before the front-end Web servers could reach Green Zone boundaries.
Throughout, SQL Server CPU was in a very healthy territory.

Max Zone results:

The following table provides a summary of results across topologies for Max Zone.

	1x1x1	2x1x1	3x1x1	5x1x1	8x1x1	8x1x2
Max Zone RPS	203.28	450.75	615.00	971.13	1655	1877
Max Zone Latency	0.22	0.23	0.22	0.22	0.31	0.32
Max Zone front-end Web server CPU	75.13	78.17	70.00	67.02	67	71.6
Max Zone application server CPU	12.97	27.07	28.40	48.28	67.1	73.4
Max Zone SQL Server CPU	7.64	16.06	21.00	38.38	79.5	74.9 (45.9 for Content DB and 29 for Services DB)

Table 8: Results across topologies for Max Zone

The following chart presents variation in CPU utilizations plotted on RPS, and offered by different topologies for Max Zone results.

From the preceding chart:

RPS increased throughout as we added more computers to topologies.

It is clear that front-end Web server CPU was the bottleneck until 5X1X1, and at 8X1X1 SQL CPU became the bottleneck.
Initially, application server CPU utilization was higher than SQL Server CPU utilization, but it is apparent that the growth rate of SQL Server CPU utilization is more than the growth rate of application server CPU utilization. At higher throughput, SQL Server CPU utilization overtook application server CPU utilization and became the bottleneck.

Green Zone vs. Max Zone:

The following charts compare throughput and latencies for Green Zone and Max Zone across different topologies.

From the charts above:

Latencies don’t vary much with throughput or topologies. In our testing we saw all latencies under 0.5 seconds, which is very acceptable.
Throughput increase is almost linear.

A note on I/Ops:

The following table and chart presents I/Ops observed on each database in different topologies. We did not run into disk I/O as a bottleneck, and looking at the trend, we did not record the data for later topologies.

	1x1x1 Max Zone	2x1x1 Max Zone	3x1x1 Max Zone	5x1x1 Max Zone
Reads/Sec (ContentDB)	21.33	20.80	24.24	22.42
Reads/Sec (ProfileDB)	14.97	17.20	19.82	13.50
Reads/Sec (SocialDB)	1.81	1.83	2.10	2.01
Writes/Sec (ContentDB)	50.12	76.24	80.02	99.16
Writes/Sec (ProfileDB)	9.01	24.31	23.35	38.29
Writes/Sec (SocialDB)	4.12	9.47	10.63	19.45

Table 9: Observed I/Ops

Effect of people search crawl

We wanted to measure the effect of people search crawl on throughput offered by a configuration and by end user latencies. For this testing, we used results given by 8X1X1 configuration as baseline and started the incremental people search crawl. The incremental crawl indexed 49,375 items in 53 minutes.

Comparison of performance characteristics exhibited by the 8X1X1 configuration with and without people search incremental crawl are presented in the following table:

	Baseline 8X1X1 Green Zone results	8X1X1 with People Search crawl Green Zone results
Throughput [RPS]	1024.00	1026.00
Front-end Web server CPU [%]	39.84	41.6
Application server CPU [%]	41.40	43.1
Content/Service SQL Server CPU [%]	36.63	39.5
Indexer CPU [%]	0.52	34.6
Search SQL CPU [%]	3.62	14.8

Table 10: Comparison of performance characteristics

From the table above:

RPS nearly remained the same. Because there was no resource bottleneck in the 8X1X1 Green Zone, there is no reason for RPS to be affected.

The front-end Web server and Content/Service SQL Server CPU utilization became only slightly higher.
Search Indexer and SQL Server CPU increased from 0.5% to 34.6%, and 3.6% to 14.8%.

Analysis

Application Server Scale

You might have noticed that in none of the configurations did we find application server as a bottleneck. Further, if you see application server CPU utilization for different VSTS loads in any single configuration, you will notice that it grows and then flattens out. An ideal example of this is seen in the 8X1X1 configuration (detailed results are in Appendix):

VSTS Load	416	616	816	1016	1216	1416	1616
Application server CPU	37.6	49.4	57.9	61.9	67.1	65.3	63.10

This is expected. In the case of a social portal, most of the operations require dealing with a SharePoint service called User Profile Service. Most of the operations require fetching a user’s profile from Profile DB that is provisioned when User Profile Service is created.

To avoid frequent SQL Server round trips, application server for User Profile Service maintains a cache of User Profiles. Initially, as the test environment is warming up, this cache is empty, and the application server is responding to incoming requests from the front-end Web server by constantly fetching User Profiles from SQL Server. These profiles are then cached, and subsequently, all requests from the front-end Web server can be responded to by the application server without causing a SQL Server round trip, by just looking up in the cache.

Because the number of user profiles used in testing was limited, we saw the application server warm up to cache all those user profiles, hence it showed an increasing utilization. When all the profiles were cached, it was a steady operation of cache lookups, and hence we see the application server CPU utilization stabling down.

Outlook Social Connector traffic and security trimming

Outlook Social Connector is an add-in that ships with Office 2010, which shows activities by your SharePoint Colleagues in Outlook. This add-in is also available for free download for Office 2007 and Office 2003.

Outlook Social Connector pings SharePoint server once every hour to fetch activities by colleagues of the user who is using it. It caches those activities for the hour. Next hour, it only asks for the delta of activities since the last time it called SharePoint. Thus, it follows a very predictable traffic pattern. For a 100,000-people deployment of Outlook Social Connector and SharePoint, assuming everyone is using it all day long, it generates 100,000 requests per hour, which translates to 27.77 requests per second.

Showing activities by other people leads to a possibility of information disclosure; if the URL that is tagged by a colleague is something confidential that a user does not have access to, then the user can find out about existence of that confidential piece of content by seeing it in Outlook Social Connector. To prevent this information disclosure, SharePoint filters all activities and shows only those URLs in activities that a user has access to. This filtering is what we call security trimming. It is ON by default, but it can be turned off.

Not every activity requires security trimming. Out of 16 activity type SharePoint supports, only 4 (tagging, note board comments, rating and DL membership changes) require security trimming. Also, because Outlook Social Connector asks only for a delta of activities that have happened since last time it synced, the number of activities per user that would require security trimming would be reasonably low.

Every request from Outlook Social Connector requiring security trimming results in an authenticated WCF call to Search Service’s application server. To get the authentication token for making this call, a WCF call is initially made to Secure Token Service.

We found out that if the Outlook Social Connector RPS goes beyond eight RPS per front-end Web server, Secure Token Service was under stress. This might or might not happen to each customer, because it is affected by the number of total users and total social tagging being made to a user’s colleagues. In the dataset we created, and the users we used, we probably had enough activities requiring security trimming that we saw this happen. Hence, we increased Outlook Social Connector traffic as a function of the number of front-end Web servers available. For the 1X1X1 configuration, we generated 8 RPS of Outlook Social Connector traffic, while for a 2X1X1 configuration we generated 16 RPS of Outlook Social Connector traffic, and so on.

This means, for the dataset, test mix, and hardware we had for testing, we could support about 8*60*60, that is, 28,800 requests per hour. With the way Outlook Social Connector works, this means that we could have supported 28,800 employees using Outlook Social Connector on a single front-end Web server with security trimming ON. Similarly, we could support 28,800*3, which is 86,400 employees using Outlook Social Connector on three front-end Web servers with security trimming ON.

This should help you estimate the hardware that is required to support Outlook Social Connector traffic, but keep in mind that the results we saw are specific to the dataset, test mix, and hardware we used for testing. Also, keep in mind that you have the option of turning off security trimming using PowerShell, or changing the frequency of Outlook Social Connector sync with SharePoint. Both of these options will have significant effect on hardware requirements.

Recommendations

Overall, in our testing, we found that:

The environment scaled up to eight front-end Web servers for one application server and one database server; increase in throughput was almost linear throughout. After eight front-end Web servers, there are no additional gains to be made in throughput by adding more front-end Web servers because the bottleneck at this point was the database server CPU utilization.
Further scale can be achieved by separating content database and services database on two separate database servers.
We maxed out the 8x1x2 topology. At that point both the front end Web server and the application server CPU utilization was bottleneck. That leads us to believe that for the given hardware, dataset, and test workload, max RPS possible is represented by Max Zone RPS for 8x1x2, which is about 1877.
Looking at the trends, it seems possible to extract the same throughput with a healthy farm, if the bottlenecks on front-end Web server and application server are addressed. The front end Web server bottleneck can be addressed by adding more front-end Web servers, and the application server bottleneck can be addressed by using two computers to play the role of application server. We did not try it out in the lab though.
Latency is not affected by throughput or hardware variations.
If you have security trimming turned ON, one front-end Web server can support about 8-10 RPS of Outlook Social Connector traffic. This means, one front-end Web server can support about 28,000 to 36,000 employees using Outlook Social Connector all day. Thus, if you are rolling out Outlook Social Connector to 100,000 employees, you can support the traffic generated by three front-end Web servers. These values can vary depending on social tagging usage at your company. If you imagine your company to have less social tagging activity than what we used in the dataset for this testing effort, you can get better throughput per front-end Web server.
Incremental people search crawl doesn’t have much effect on the farm’s throughput as long as farm is maintained in a healthy state.

Appendix

Results from iterations

1 X 1 X 1 topology

Summary of results

In addition to the test mix presented above, this farm had eight RPS traffic of Outlook Social Connector asking for feed events by a user.
On a one front-end Web servers, one application server and one SQL Server-based farm, clearly the front-end Web server was the bottleneck. As presented in the data in the following table, front-end Web server CPU reached about 90 percent utilization when the farm was subjected to RPS of 238, using the transactional mix that is described earlier in this document.
This configuration delivered Green Zone RPS of 137.25, with 75^th percentile latency being 0.12 sec, and front-end Web servers CPU hovering around 47.8 percent utilization. This indicates that this farm can healthily deliver an RPS of about 137.25. Max Zone RPS delivered by this farm was 203.2 with latencies of 0.22 sec and front-end Web server CPU hovering around 85 percent.
Because the front-end Web server was bottlenecked, for the next iteration, we added another front-end Web server to the farm.

Performance counters and graphs

Various performance counters captured during testing a 1 X 1 X 1 farm, at different steps in VSTS load, are presented below.

VSTS Load	52	77	102	127	152	177
RPS	99.8	147	188	218	238	243
Front-end Web server CPU	33.9	50	71.8	81.1	90.8	89
Application Server CPU	7.92	11.7	13.5	14.1	13.9	13.3
SQL Server CPU	4.7	6.48	7.99	8.21	8.41	8.88
75th Percentile [sec]	0.13	0.16	0.17	0.25	0.3	0.45
95th Percentile [sec]	0.29	0.47	0.41	0.55	0.55	0.77

Table 1: Performance counters in a 1X1X1 farm configuration

2 X 1 X 1 farm configuration

Summary of results

In addition to the test mix presented above, this farm had 16 RPS traffic of Outlook Social Connector asking for feed events by a user.
On a two front-end Web server, one application server, and one SQL Server-based farm, the front-end Web server was the bottleneck. As presented in the data below, the front-end Web server CPU reached about 89 percent utilization when the farm was subjected to RPS of 520, using the transactional mix described earlier in this document.
This configuration delivered Green Zone RPS of 278, with 75^th percentile latency being 0.16 sec, and the front-end Web server CPU hovering around 47 percent utilization. This indicates that this farm can healthily deliver an RPS of about 278 with the test mix and hardware used for tests. Max Zone RPS delivered by this farm was 450 with latencies of 0.23 sec and the front-end Web server CPU hovering around 78 percent.
Because the front-end Web server CPU was the bottleneck in this iteration, we relived the bottleneck by adding another front-end Web server for the next iteration.

Performance counters and graphs

Various performance counters captured during testing 2 X 1 X 1 farm, at different steps in VSTS load, are presented in the following table and chart.

VSTS Load	104	154	204	254	304	354
RPS	190	278	390	455	500	520
Front-end Web server CPU	36	50.9	71.9	86.9	87.1	89.5
Application server CPU	16	24.9	28.3	26.5	26.5	24.9
SQL Server CPU	8.06	10.6	14.2	16.4	17.9	18.9
75th Percentile [sec]	0.16	0.22	0.22	0.33	0.42	0.53
95th Percentile [sec]	0.42	0.64	0.51	0.69	0.73	0.89

Table 2: Performance Counters during 2 X 1 X 1 configuration

3 X 1 X 1 farm configuration

Summary of results

In addition to the test mix presented above, this farm had 24 RPS traffic of Outlook Social Connector asking for feed events by a user.
On a three front-end Web server, one application server, and one SQL Server-based farm, the front-end Web server was the bottleneck. As presented in the data below, the front-end Web server CPU reached about 76 percent utilization when the farm was subjected to RPS of 629, using the transactional mix described earlier in this document.
This configuration delivered Green Zone RPS of 440, with 75^th percentile latency being 0.14 sec, and the front-end Web server CPU hovering around 48 percent utilization. This indicates that this farm can healthily deliver an RPS of about 440 with the test mix and hardware used for tests. Max Zone RPS delivered by this farm was 615 with latencies of 0.22 sec and the front-end Web server CPU hovering around 70 percent.
Because the front-end Web server CPU was the bottleneck in this iteration, we decided to add more front-end Web servers. Considering the delta between iterations seen previously by addition of a front-end Web server, we decided to add two front-end Web servers. We hoped to find application server or SQL Server as a bottleneck by doing so.

Performance counters and graphs

Various performance counters captured during testing the 3 X 1 X 1 farm, at different steps in VSTS load, are presented in the following table and charts.

VSTS Load	156	231	306	381	456	531
RPS	264	393	532	624	634	629
Front-end Web server CPU	30.5	46.3	62.55	72.95	75.4	76
Application server CPU	22.7	35.6	34.2	32.5	32.5	29.4
SQL Server CPU	10.4	14.8	20.8	22.5	22.8	22.4
75th Percentile [sec]	0.17	0.26	0.27	0.28	0.31	0.40
95th Percentile [sec]	0.63	1.08	0.76	0.68	0.88	0.98

Table 3: Performance counters during 3X1X1 configuration

5 X 1 X 1 farm configuration

Summary of results

In addition to the test mix presented above, this farm had 40 RPS traffic of Outlook Social Connector asking for feed events by a user.
On a five front-end Web server, one application server, and one SQL Server-based farm, we saw significant increase in SQL Server CPU and application server CPU utilization, but still, the front-end Web server CPU was the bottleneck. As presented in the data below, the front-end Web server CPU reached about 88 percent utilization when the farm was subjected to RPS of 1315, using the transactional mix described earlier in this document.
This configuration delivered Green Zone RPS of 683, with 75^th percentile latency being 0.16 sec, and the front-end Web server CPU hovering around 46 percent utilization. This indicates that this farm can healthily deliver an RPS of about 683 with the test mix and hardware used for tests. Max Zone RPS delivered by this farm was 971 with latencies of 0.22 sec and the front-end Web server CPU hovering around 68percent.
Looking at the trend, we decided to add three front-end Web servers and test for 8X1X1 configuration. We hoped to find application server or SQL Server as a bottleneck with that configuration

Performance counters and graphs

Various performance counters captured during testing 5 X 1 X 1 farm, at different steps in user load, are presented below. Because we saw no significant effect of VSTS load or configuration changes on latency, we stopped recording it.

VSTS Load	260	385	510	635	760	885
RPS	359	560	901	1188	1281	1315
front-end Web server CPU	20.5	34	56.2	77.5	86.1	88
Application server CPU	40.2	50.6	66.9	71.3	66.3	58.7
SQL Server CPU	13.9	20.3	34.9	53.6	58.4	64

Table 4: Performance counters during 5X1X1 configuration

8 X 1 X 1 farm configuration

Summary of results

In addition to the test mix presented above, this farm had 64 RPS traffic of Outlook Social Connector asking for feed events by a user.
On eight front-end Web servers, one application server, and one SQL Server-based farm, finally, SQL Server CPU was the bottleneck. As presented in the data below, SQL Server CPU reached about 80 percent utilization when the farm was subjected to RPS of 1664, using the transactional mix described earlier in this document.
This configuration delivered Green Zone RPS of 793, with 75^th percentile latency being 0.31 sec, and SQL Server CPU hovering around 30 percent utilization, while application server CPU was about 48 percent. This indicates that this farm can healthily deliver an RPS of about 793 with the test mix and hardware used for tests. Max Zone RPS delivered by this farm was 1655 with latencies of 0.31 sec and SQL Server CPU hovering around 80 percent.
Because SQL Server CPU was the bottleneck in this iteration, we relived the bottleneck by separating out the content database and services database on two different instances of SQL Server for the next iteration.

Performance counters and graphs

Various performance counters captured during testing the 8 X 1 X 1 farm, at different steps in VSTS load, are presented in the following table and chart.

VSTS Load	416	616	816	1016	1216	1416	1616
RPS	664	1101	1359	1530	1655	1664	1617.00
Front-end Web server CPU	26.7	44.4	54.7	61.5	67	65.9	65.10
Application server CPU	37.6	49.4	57.9	61.9	67.1	65.3	63.10
SQL Server CPU	23.2	42	57.9	69.5	79.5	80.8	77.30

Table 5: Performance counters during 8X1X1 configuration

8 X 1 X 2 farm configuration

Summary of results

In addition to the test mix presented above, this farm had 64 RPS traffic of Outlook Social Connector asking for feed events by a user.
On an eight front-end Web server, one application server, and two SQL Server-based farms, we could take the configuration to its extreme. The front-end Web server and application server, both were bottlenecked, while combined SQL Server utilization was also in the higher 70s. The farm exhibited RPS of 1817 at max.
This was the last iteration we tried. But clearly, if you need more scale, the next step would be to use two computers to perform application server duties. That would allow you to have many more front-end Web servers, and hence load on each front-end Web server will be less.

Performance counters and graphs

Various performance counters captured during testing 8 X 1 X 2 farm, at different steps in VSTS load, are presented in the following table and chart.

VSTS Load	466	666	866	1066	1266	1416
RPS	466.00	873.40	1431.00	1703.00	1766.00	1817.00
Front-end Web server CPU	19.90	36.90	57.60	68.00	71.40	71.60
Application server CPU	29.80	47.20	63.50	71.40	71.90	73.40
Total SQL Server CPU	19.61	32.40	55.20	63.60	68.50	74.90
Content SQL Server CPU	9.93	17.90	31.90	40.10	42.30	45.90
Services SQL Server CPU	9.68	14.50	23.30	23.50	26.20	29.00

Table 6: Performance counters during 8X1X2 configuration

Plan for business continuity management (SharePoint Foundation 2010)

Related content

Protecting content by using recycle bins

Protecting content by using versioning

Related content

Backup architecture

Recovery processes

Related content

Availability overview

Choosing an availability strategy and level

Disaster recovery overview

Choose a disaster recovery strategy

Planning for hot standby data centers

System requirements for disaster recovery

Back up all or part of a farm

Concepts

Considerations when backing up a farm

Task requirements

Use Windows PowerShell to back up a farm

Use Central Administration to back up a farm

Use SQL Server tools to back up a farm

Related content

Task requirements

Use Windows PowerShell to back up a farm configuration

Use Central Administration to back up a farm configuration

Concepts

Considerations when backing up a Web application

Related content

Task requirements

Use Windows PowerShell to back up a service application

Use Central Administration to back up a service application

Concepts

Task requirements

Use Windows PowerShell to back up a site collection

Use Central Administration to back up a site collection

Concepts

Task requirements

Use Windows PowerShell to back up a content database

Use Central Administration to back up a content database

Use SQL Server tools to back up a content database

Concepts

Task requirements

Use SQL Server tools to back up a database to a snapshot

Other Resources

Task requirements

Use Windows PowerShell to export a site, list, or document library

Use Central Administration to export a site, list, or document library

[Essential] Back up transaction logs

[Recommended] Collect usage data

Permissions for the SPTimerV4 timer service and SQL Server account

Group memberships required to run backup and restore operations in Central Administration

Setting permissions for running backup and restore operations by using Windows PowerShell

Permissions for the SPTimerV4 timer service and SQL Server account

Group memberships required to run backup and restore operations in Central Administration

Setting permissions for running backup and restore operations by using Windows PowerShell

Recover all or part of a farm

Concepts

Use Windows PowerShell to restore a farm

Use Central Administration to restore a farm

Use SQL Server tools to restore a farm

Related content

Overview

Use Windows PowerShell to restore a farm’s configuration

Use Central Administration to restore a farm’s configuration

Use SQL Server to restore a farm’s configuration

Concepts

Example of using a cmdlet

Back up and recover a farm without content databases to copy configuration settings

Back up and recover configuration settings only

Create a scripted deployment to copy configuration settings

Considerations when restoring a Web application

Use Windows PowerShell to restore a Web application

Use SQL Server tools to restore databases associated with a Web application

Related content

Use Windows PowerShell to restore a service application

Use Central Administration to restore a service application

Use SQL Server tools to restore the databases for a service application

Use Windows PowerShell to restore a site collection

Concepts

Restoring solution packages