You are on page 1of 235

Overview of SharePoint 2010 Architecture

Learning Objectives
After completing this topic, you should be able to

classify the elements of SharePoint 2010 Server architecture as either logical or physical identify the roles of SharePoint servers match the SharePoint 2010 server farm topologies to their descriptions

1. SharePoint Server architecture


SharePoint Server 2010 is a portal solution that provides a platform for hosting web sites, storing data, and managing resources. It offers a wide range of features. To use these features, you must first install SharePoint. For a successful installation, you need to analyze and plan your implementation keeping the SharePoint architecture in mind. The architecture gives you an option of scaling up hardware and software with changing business needs. The SharePoint Server architecture is made up of many elements, which is broadly classified into two types: physical architecture and The physical architecture includes the actual hardware required to set up SharePoint 2010, without which you cannot proceed with the installation. To begin with, you need to install the SharePoint server and the database server. The number of servers or computers you need for this installation depends on the number of users that use the SharePoint setup. You can arrange servers in groups to maximize performance and manage large infrastructures and quantities of data. Such groups form different topologies of the SharePoint farm. logical architecture The logical architecture is a collection of elements designed within the physical architecture. Each element is designed for a specific purpose. Some elements are at a higher level than others, and so contain other elements. You can only design the logical architecture after your physical architecture is established. There are two elements in the physical architecture. They are

server and farm

The server and farm elements are closely related to each other because one or more servers make up a farm. So a server is the basic element of the physical architecture and the farm.

Graphic
The Physical architecture contains two boxes, one labeled Farm = Configuration Database and the other Server. The farm contains a single SharePoint server. This is because it needs to adhere to the SharePoint rule that each farm can only have one configuration database. The size of a farm can range from a single server to a group of servers organized in a single setup. If the farm consists of a group of servers, all of them are managed by the Central Administration web site. This site allows you to configure settings and is integral to the running of the SharePoint Server. Besides increasing the number of servers in a server farm, you can also increase the number of server farms. But this may depend on the specific requirements of your project. The number of server farms you use depends on several criteria:

using services that need exclusive allocation of server farms extensively assigning server farms to specific operations allocating limited funds for server farms allocating a data center location for each server farm making physical isolation a feature offered by server farms mandatory meeting standards and requirements for performance or external environment, and modifying goals and requirements, if required

Just like the physical architecture, the logical architecture also contains a number of different elements. They are

Graphic
The Logical architecture contains nine boxes in two columns. One column contains three boxes labeled Services, Service Applications, and Service Application Databases. The other column

contains six boxes labeled Web Applications, Content Database, Site Collections, Webs, Lists, and Items.

services service applications service application databases web applications content databases site collections, and sites

The first element in the logical architecture is services. Services are the actual functionalities or processes that are performed on servers. Unlike earlier versions, SharePoint Server 2010 hosts services in Microsoft SharePoint Foundation 2010 instead of Shared Services Provider, also known as SSP. The elements that provide these services are called service applications, which are the next logical element in the architecture. They act as a connecting link between users and services. SharePoint for example, provides a discussion service that allows users to communicate over the SharePoint site. To access this service, users need to use a service application called the discussion board, which allows them to initiate a discussion by posting a query on the site. Other users can reply to this query and continue or complete the discussion. Service applications can be deployed in different ways. A single service application can be used at two levels, across sites in a farm, and across server farms in a group. Service applications have a many-to-many relationship with web applications. So many service applications can service a single web application or a single service application can service many web applications. Sharing service applications across farms or web applications becomes easier because there is no limitation on the number of service applications that can be used.

Graphic
The Service Applications and Web Applications boxes in the SharePoint architecture, are connected by a Many to many double-headed arrow. Sometimes, depending on the kind of service they provide, service applications may contain large amounts of data. And to store such large amounts of data, service applications need databases called service application databases the next logical architecture element.

For example, if you allow file attachment as an option along with a discussion service, then the corresponding discussion board service application will require a database to store these documents.

Question
Match each element of SharePoint 2010 Server architecture with the type of architecture it belongs to. You may use each type of architecture more than once. Options: 1. 2. 3. 4. Services Farm Service application databases Service applications

Targets: 1. Physical 2. Logical

Answer
The physical architecture includes the actual hardware required to set up SharePoint 2010, without which you cannot proceed with the installation. Logical architecture is a collection of elements designed within the physical architecture. Each element is designed for a purpose. Correct answer(s): Target 1 = Option B Target 2 = Option A, Option C, Option D Web applications are the next logical architecture element after service application databases. They are the front-end web sites that users access. They act as a connecting link between the users and elements such as services, service applications, and service application databases. Because of the connection between important data and external users, web applications need to be protected. SharePoint Server 2010 enables you to protect web applications with security policies, which are usually based on the nature of users. For example, you can allow only administrators to modify configuration settings. This restriction of access helps to isolate web applications as well as service applications. It also helps to manage a large group of users.

Due to their many-to-many relationship with service applications, many web applications can share a single service application and vice versa. Also, there is no restriction on the number of web applications that can be used. Just like service applications, web applications also need to store information in databases called content databases another element of logical architecture. Content databases are created in two ways:

automatic creation when a corresponding web application is created and manual creation while scaling up

To ensure that manual creation doesn't affect site performance, you shouldn't deploy more than 100 content databases for each web application. In addition to the restriction on the number of content databases, the size of each content database is also limited. This size limit is decided by another element of the logical architecture site collections. Site collections are present in a single content database. Because they determine the limit of a content database, site collections cannot be shared by multiple content databases and cannot be more than 50,000 in number for a single content database. They help to monitor the judicious use of content databases. In addition to limiting the size of the content database, site collections also host the most fundamental element of the logical architecture sites. Sites are made up of web pages, lists, and other documents that are related to the content database. The maximum number of sites that can be hosted in a site collection is 250,000.

Question
Match each element of SharePoint 2010 Server architecture with the type of architecture it belongs to. You may use each type of architecture more than once. Options: 1. 2. 3. 4. Web applications Sites and site collections Server Content databases

Targets: 1. Physical 2. Logical

Answer
The physical architecture includes the actual hardware required to set up SharePoint 2010, without which you cannot proceed with the installation. Logical architecture is a collection of elements designed within the physical architecture. Each element is designed for a specific purpose. Some elements are at a higher level than the others and so contain other elements. Correct answer(s): Target 1 = Option C Target 2 = Option A, Option B, Option D

2. Roles of SharePoint Server


The elements of the SharePoint Server architecture and their functions are supported by hardware and software resources, which need storage space. A server is the basic element that provides this space. Depending on the nature of the element being serviced, the SharePoint Server architecture uses servers at three tiers. Each tier stores a different type of data, and so assumes different roles.

Drill Down Home Page


Based on each tier in the SharePoint Server architecture, servers in the farm have three different roles.

Page 1 of 3: Web server


The web server role provides users with content, such as web pages and applications. Also known as the web front-end or WFE servers, they use caching to limit resource usage. So every time users request a page, they retrieve and deliver these pages from the cache. Because of this, web servers don't require large memory allocations.

Page 2 of 3: Web server


Although you need less memory for this role, you still need to consider, plan, and determine the amount of memory you will need to allocate for the web server. Your planning for memory and selection of a hard drive, depends on two aspects:

memory space required for operations other than rendering pages from cache and

number of application pools processing requests

Page 3 of 3: Web server


For example, if you're designing a web server for a discussion forum service. Then the disk space required for its basic function of retrieving discussion thread pages will take only 10 GB. Besides this, 20 GB will be required to install updates or security patches, run other processes, and store temporary files. After you consider this, you identify five application pools you will be using for faster retrieval of pages. Each application pool needs to be around 10 GB. So the total disk space you should allocate for the web server is around 80 GB or more.

Page 1 of 5: Application server


In the application server role, a server hosts the resources that service applications need to provide services. Users indirectly access application servers through other servers. For example, users using an Excel service application access the related application server through the web server that stores the service application. The number of application servers you can use depends on the types of service applications and the frequency of its use. So you can host the service application resources on a single application server or a group of application servers. By determining the correct number of application servers and their sizes, you can achieve effective performance. This can often be better achieved with multiple application servers instead of a single high spec server. You can also use an application server exclusively for a service, check resource utilization after deployment, and sort services with similar characteristics.

Page 2 of 5: Application server


You can set up each application server to perform a specific function. There are four common functions and based on them, there can be four types of application servers:

query server index server Excel services service application, and Usage and Health Data Collection service application

Page 3 of 5: Application server

The query server plays an important role in the search function of a SharePoint web site. It processes search requests created by users. However, users don't directly access query servers. So web servers assist in processing requests. First a web server receives requests from users and forwards these requests to the query server. Then, based on the request, the query server retrieves the appropriate information. It sends the information back to the web server, which then presents it to the user in the form of search results. Hardware requirements for this process include CPU, cache memory, and RAM to store query requests. You should optimize these requirements depending on the size of the environment.

Page 4 of 5: Application server


An index server helps in indexing information that improves data retrieval. Unlike query servers, it doesn't store any information locally, but relies heavily on the CPU. So while dealing with hardware requirements for this server, you may have to focus on extra CPU space rather than additional memory. The Excel services functionality is a service application that performs tasks related to Microsoft Excel. Common tasks include transferring Excel spreadsheets from the web page to the server. Due to such tasks, service applications like Excel services and other MS Office service applications have a lot of CPU load. So while planning hardware requirements consider the CPU load. However, because this functionality is quite program-specific, plan for it only after ensuring a high demand and sustenance.

Page 5 of 5: Application server


The Usage and Health Data Collection service application helps to create a database that is useful in reporting. This database contains data about the entire SharePoint site, which provides usage statistics such as how long each process or task has run for, or how many users use the process. Sometimes, it also contains data that might help in diagnosing or troubleshooting issues. Because this service application contains so much data, it ends up having a large database. As a result, it needs a lot of storage capacity, which you need to consider while planning the server farm.

Page 1 of 3: Database server


The database server role is required to host databases for SharePoint. The number of servers used in this role depends on the size of the farm used. In a small farm, all databases can be stored on a single server. But in larger farms, you will need to group databases based on roles and store them on different servers.

For example, you can store databases that contain user information on one server, and databases that contain activity logs process records on another. In SharePoint, SQL Server is used to store these databases. However, maintaining SQL Server performance is a challenge. You can overcome this challenge by taking certain factors into account.

Page 2 of 3: Database server


There are seven factors that you need to consider to maintain an efficient SQL Server performance:

ensure that the SQL Server version matches with SharePoint requirements consider a range of 8-32 GB of RAM for normal to heavily used environments use single or multiple quad-core processors consider the amount and shape of data you plan to store in SharePoint plan the spindles your SQL Server can access and their configuration store data and log files on different disks, and optimize log files for writing and databases for storage

Page 3 of 3: Database server


SQL servers can be grouped based on the three types of databases they host temporary, search, and content databases. To optimize these types for better performance, you must first optimize temporary databases and then the other databases depending on their size and impact on performance. The performance of the database server also depends on its hardware. So ensure that you use a memory ranging from 8-32 GB and a single or multiple quad-core processor depending on the usage. The different server roles can be deployed in different ways depending on the purpose and requirements of your SharePoint 2010 installation. You can deploy them on different servers in a large farm, or on a single server in a small farm. You can use a single server to deploy a web server, a database server, and application servers like query and index server.

Question
Match each application server type with its description.

Options: 1. 2. 3. 4. Usage and Health Data Collection Excel services Index server Query server

Targets: 1. A service application that creates a database and helps with reporting 2. A service application that transfers operations from a web page to the server and generates a large CPU load 3. An application server type that doesn't need extra memory and improves data retrieval 4. An application server type that plays an important role in the search function

Answer
The Usage and Health Data Collection service application helps to create a database containing the SharePoint data that indicates usage and diagnostic characteristics. The Excel services functionality performs tasks related to Microsoft Excel, like transferring Excel spreadsheets from the web page to the server. So they generate a lot of CPU load. An index server helps in indexing information that improves data retrieval. It doesn't store any information locally but relies heavily on the CPU. The query server processes user search requests. Web servers send user requests to query servers, which in turn return the required information to the web server. Correct answer(s): Target 1 = Option A Target 2 = Option B Target 3 = Option C Target 4 = Option D

Question
Match each SharePoint Server role to its description. Options: 1. Web server

2. Application server 3. Database server Targets: 1. A server role that reduces CPU load because their databases stores content in cache memory 2. A server role that stores resources needed for service applications 3. A server role that uses SQL Server to store information

Answer
The web server role helps servers to use content, such as web pages and services, related to the web in cache memory. The memory considerations depend on the memory space required for other operations and the number of application pools processing requests. So the CPU load is reduced. Service applications use the resources stored on the application server to provide the required services. The database server role helps store databases using SQL Server, and the number of servers used in this role depends on the size of the farm used. Correct answer(s): Target 1 = Option A Target 2 = Option B Target 3 = Option C

3. Topologies of SharePoint Server


When a server farm is small, it is easy to manage because the number of resources involved is low. But when you start scaling up your farm to meet increasing demands and changing business needs, maintaining it with the same ease becomes a challenge. So after understanding the architecture elements and roles of servers, it is important to decide on the structure that runs the SharePoint site. This structure helps manage larger farms with the same ease as small farms and enables you to scale up in future. The structure, known as the topology, uses the two basic elements of the SharePoint physical architecture servers and farms. So based on your topology, you can decide the number of servers and the extent of the farm. In addition to servers and farms, a topology is also influenced by the roles of the servers. Using these server roles, the farm is deployed at different levels called tiers, which leads to different topologies.

The three types of topologies that you can use to deploy SharePoint Server are single tier A single-tier topology means installing SharePoint Server and the database server on the same computer. This kind of topology is used when you are limited to using only one computer. two tier, and A two-tier topology includes two computers, one with SharePoint Server installed on it and the other with the database server installed. In this topology, the SharePoint Server performs the role of a web server. And because users directly connect to a web server, it is called the front-end server, whereas the database server is called the back-end server. This kind of topology is used for managing small server farms. three tier A three-tier topology includes three computers for the three server roles web server, database server, and application server, which are installed on the first, second, and third tiers respectively. SharePoint Server is installed on the web server, whereas the other two store database and service application resources. A three-tier topology is used for managing medium and large server farms. While designing farms, you can either use a single topology type or different combinations of the three types. Based on the combinations of tiers used, the topologies are divided into four categories:

limited deployments small-farm architecture medium-farm architecture, and large-farm architecture

Limited deployments are combinations of topologies that contain a small number of servers for limited users. They are usually used for evaluating an environment or demonstrating a selected design. Depending on the number of users, and the number of servers, there are two types of limited deployments: single-server farm and In a single-server farm, the web server role and the database server role are deployed on a single server. The application server can be added to this structure later, if required. Such a set up is typically only used for evaluation purposes for less than 100 users. two-server farm In a two-server farm, the web server and the application server roles are deployed on one server, whereas the database server role is separately installed on a SQL Server. About 10,000 users can access this farm. You can also bring down the number of users to 1000

to ensure high availability. Besides managing users, you can also use two clustered or mirrored databases for high availability. A small-farm architecture serves more users than the limited deployment. A typical small farm consists of at least three servers with a network load-balancing device. The load-balancing device prevents simultaneous outage of web servers if there is a fault, and thereby provides more fault tolerance. This architecture may deploy more than three servers at different levels as required. And if some of these tiers are used extensively, then they can be scaled out to accommodate the requirement. A medium-farm architecture, on the other hand, has at least two computers for performing each of the three roles web server, application server, and database server. This type of architecture is useful for a strong search application, in which there may be more than 40 million items to be searched. Just like a small-farm architecture, it can also use tiers or levels in its deployments. But unlike the small-farm architecture, it doesn't limit scaling out to heavily-used tiers. Instead, it scales out all tiers to cater to a broader range of services. Finally, a large-farm architecture is a variation of the medium-farm architecture that generally contains groups of servers. The servers can be grouped based on different functionalities. For example, you can group web servers that process search requests and another group that provides administration. Similarly, you can group query application servers that respond to search requests and others that perform indexing.

Question
Match each category of server topology to its description. Options: 1. 2. 3. 4. Single server Two server Large farm Medium farm

Targets: 1. A farm in which the web server role and the database server role are deployed on the same computer 2. A farm in which the web server and the application server roles are on one server, and the database server role is on a separate SQL Server 3. A farm that contains servers grouped on the basis of different functionalities 4. A farm with two servers for each type of role that can search 40 million items

Answer

In a single-server farm, the web server role and database server role are deployed on a single server. The application server can be added to this structure later, if required. In a two-server farm, the web server and application server roles are deployed on one server, whereas the database server role is separately installed on an SQL Server. A large-farm architecture is a variation of the medium-farm architecture that generally contains groups of servers based on different functionalities. A medium-farm architecture has at least two servers performing each of the web server, application server, and database server roles. This type of architecture is useful for a strong search application, where there may be more than 40 million items to be searched. Correct answer(s): Target 1 = Option A Target 2 = Option B Target 3 = Option C Target 4 = Option D

Summary
SharePoint Server 2010 has both a physical and a logical architecture. Each type of architecture is made up of different elements such as server farms, services, service applications, service application databases, web applications, content databases, site collections, and sites. Servers the most fundamental element can take up three roles based on the functionalities they provide. A web server that renders web pages and receives user requests. An application server that stores service application resources, and a database server that stores databases. These server roles form a basis for the topology of SharePoint a structure that runs the SharePoint site. The topology of the SharePoint Server can be deployed in one-tier, two-tier, and three-tier arrangements with one, two, and three servers respectively hosting the different server roles. A combination of different topologies results in different categories, such as limited deployments, small-farm architectures, medium-farm architectures, and large-farm architectures. So with the help of server roles, topologies, and categories of topologies, you can choose the best setup to provide a hassle-free SharePoint experience.

Table of Contents
| Print | Contents | Close |

SharePoint 2010 Products and Requirements


Learning Objectives
After completing this topic, you should be able to

distinguish between products of SharePoint 2010 recognize basic system requirements for SharePoint 2010

1. SharePoint 2010 products


In SharePoint 2007, there were two main products called Windows SharePoint Service, commonly known as WSS 3.0, and Microsoft Office SharePoint Server, sometimes known as MOSS. In this version, MOSS was implemented on WSS. The new version of SharePoint also works in a similar way, with two distinct products, one built on the other. WSS is now called SharePoint Foundation, and MOSS is known as SharePoint Server 2010. SharePoint Foundation includes many features that WSS had earlier and is an economical version of SharePoint. It allows you to add public communication tools, such as blogs and wikis. Users can use these tools to create and edit their own content as well as content added by others. You can also keep your users updated with news and events by using features such as RSS feeds and alerts. Besides providing content organization and alert functionality, SharePoint Foundation allows you to customize your site and modify settings by using the browser. It also allows you to create different types of sites such as team sites. After creating team sites and the lists and libraries within it, you can also interlink the content in these elements. From a development perspective, SharePoint Foundation provides many features:

a platform for building applications or sites a combination of storage, web presentation, authorization, and user management features an interface into the Windows Workflow Foundation easy accessibility through the object model, APIs, and web services, and development of an entire solution instead of separate development of each infrastructure element

After SharePoint Foundation, the next basic product is SharePoint Server 2010. This product adds functionalities to SharePoint Foundation that help you to better collaborate content and tasks. The additional tools simplify placing, structuring, and displaying content in a portal. It also has additional tools that provide web content management features to create web interfaces that users can interact with. SharePoint Server 2010 is available in two editions. They are SharePoint Server 2010 Standard and The Standard edition of SharePoint Server 2010 provides three basic functions as part of the SharePoint package. The first function includes features that enhance the social aspect of users, such as asynchronous discussion boards, e-mail alerts, and creating and modifying a contacts list. It also provides search functionality the second function that allows users to search for another user or a resource. The third basic function is managing the content and resources stored on the site. It allows you to upload, download, and edit files on the site with the appropriate rights. SharePoint Server 2010 Enterprise The Enterprise edition of SharePoint Server 2010 mainly provides additional functionalities. It provides business intelligence that helps in identifying, retrieving, and analyzing business data. It helps in integrating the line of business into the Enterprise portal, which gathers all services in a single location. It also provides new service applications, reporting features, and some Office client services, such as Visio. The Standard and Enterprise editions of SharePoint Server 2010 in your architecture are provided through the client access license or CAL model. In this model, the license key determines whether you can use only the Standard edition or both the Standard and the Enterprise editions. The CAL model is specific to a user accessing the SharePoint site. However, you must also contact your license vendor for more details on CAL and the editions you can use. Apart from the basic products, the new version of SharePoint also offers some additional products. You can select them based on your requirements. The three additional products are

Search Server 2010 Fast Search 2010, and SharePoint Online

The additional products help resolve potential difficulties or problems. One of them is the vastness of data in the SharePoint site, which makes manually searching through data a difficult task. So a search feature that saves time is necessary. Although SharePoint Foundation can search within a site collection, it cannot search across many site collections and add external data sources. To overcome this limitation, SharePoint has introduced a search-oriented product called the Search Server 2010. There are two versions of the Search Server product. They are Search Server 2010 Express and Search Server 2010 Express is a free product that allows you to search across the site and add content from external sources. Also known as SSX, this product has two limitations. Firstly, it doesn't provide good availability and has low fault tolerance. Secondly, it can only be installed on one server in a farm, because it doesn't have multiple-server installation support. Search Server 2010 Search Server 2010 is a product that needs to be purchased and provides search capabilities, content addition features, high availability, and fault tolerance. Unlike Search Server 2010 Express, it can be deployed on many servers and at the same time provide redundancy. Fast Search Server 2010 is another product that provides search functionality through its highend tools and features. It allows you to communicate in a language of your choice, scale usability with increasing documents, and manage structured and unstructured data. There are three licenses available for the Fast Search Server 2010 product: Fast Search Server 2010 for SharePoint You can use the Fast Search Server 2010 for SharePoint license for internal networks. It is deployed along with Server Enterprise CAL. Fast Search Server 2010 for Internet Sites, and The Fast Search Server 2010 for Internet Sites license is used while communicating with external web sites. It is open to everyone and is aligned with the For Internet Sites, FIS for short, license. Fast Search Server 2010 for Internet Business The Fast Search Server 2010 for Internet Business license is used for customized public web sites, but not aligned with SharePoint. Of the three licenses for Fast Search Server 2010, Fast Search Server 2010 for SharePoint and Fast Search Server 2010 for Internet Sites are completely integrated into the SharePoint platform. With the object model and a management interface, the Fast Search Server 2010 product performs search just like the normal SharePoint Server Search. So users already know how to use these products. It also has Windows PowerShell cmdlets that can be used in automation scripts.

The third additional product that SharePoint offers is SharePoint Online, which automates your administrative chores and maintains the server infrastructure for you. It also provides a licensing option called deskless worker, which grants users read-only access. This option allows economical addition of users and protects your resources and data from accidental or unwanted writing. To provide these features and options, SharePoint Online uses two models that use different approaches. The two models that SharePoint Online uses are shared and The shared model shares a farm for out-of-the-box uses. However, it doesn't allow you to implement server-deployed code and customizations. dedicated The dedicated model does not share a farm, but uses a whole farm for maintenance, in which licenses are bought for each user. It allows you to customize server settings or design. However, every customization must be checked by Microsoft, which you need to send in a solution package before being deployed. Apart from the version of SharePoint Online that provides the deskless worker option, there is another version of this product that allows you to host partner collaboration sites and publicfacing Internet sites.

Question
Match each SharePoint product to its function. Options: 1. 2. 3. 4. 5. 6. SharePoint Foundation SharePoint Server 2010 Standard SharePoint Server 2010 Enterprise Search Server 2010 Fast Search Server 2010 SharePoint Online

Targets: 1. 2. 3. 4. 5. Allows customization of settings and creation of team sites Allows content and resource management using appropriate rights Integrates the line of business into the portal Provides search capabilities and content addition among other features Provides high-end search tools and many language options

6. Automates administrative chores and maintains the infrastructure

Answer
SharePoint Foundation is an economical version of SharePont that allows you to customize settings, create team sites, and interlink the lists and libraries within the site. SharePoint Server 2010 Standard builds social communication with other users over the SharePoint site, through blogs and wikis. You can also manage content, because it allows you to upload, download, and edit files on the site with appropriate rights. SharePoint Server 2010 Enterprise provides new service applications and business intelligence. It combines the line of business with the Enterprise portal and gathers all services in one location. Search Server 2010 can be deployed on many servers at the same time to provide redundancy. It provides high availability and fault tolerance. Fast Search Server 2010 helps you to search data with high-end search tools. It also allows you to communicate in multiple languages and manage data. SharePoint Online maintains the server infrastructure for you. It provides a deskless worker option that provides read-only access to users. Correct answer(s): Target 1 = Option A Target 2 = Option B Target 3 = Option C Target 4 = Option D Target 5 = Option E Target 6 = Option F

2. System requirements for SharePoint 2010


Understanding the features of the different SharePoint products allows you to select them according to your requirements. But for them to function properly, there are some basic requirements that your system must meet. For example, if you decide to use Search Server 2010, you need servers that will optimize search and software that will support the product. Besides being affected by products, system requirements are also influenced by the kind of topology and farm you wish to deploy. So to deploy a small farm with a two-tier topology, you

will need two computers, one to host the SharePoint Server and another to host the database server. You may also need software that helps the database server to function efficiently. System requirements for SharePoint can be broadly classified into hardware requirements and Basic hardware requirements include the processor type, hard disk space, and RAM of the computer. In other cases based on specific requirements, such as a three tier topology, you may require a hardware network load balancer. software requirements Basic software requirements include specific products, such as SharePoint Server 2010 Standard or Enterprise edition, and its related version or service pack. You may also need to find out if your current operating system and browsers support the product you're installing. Hardware requirements for SharePoint 2010 depend on the three roles a server could take up in a farm:

web server application server, and database server

Hardware requirements for the web server and application server roles are similar, and these requirements apply to both single-server and multiple-server farms. Both the roles need a 64-bit, four core processor and an 80 GB hard drive. If the server is used for a production environment, you need to monitor the free space on the drive to ensure efficient operation. The free space should ideally be double the amount of the RAM you use. The amount of RAM used generally depends on the purpose of the server. For development or evaluation, you need 4 GB of RAM, whereas for production you need 8 GB of RAM. Similarly, for SharePoint Foundation and SharePoint Server 2010 you need 4 and 8 GB of RAM respectively. The hardware requirements for the database server role, on the other hand, are very different. Of the different hardware requirements, you can determine the RAM and processor specifications based on three types of deployment: small deployment A small-farm deployment of servers needs a 64-bit, four core processor and 8 GB of RAM. medium deployment, and A medium-farm deployment of servers needs a 64-bit, eight core processor and 16 GB of RAM.

large deployment For a large-farm deployment of servers that is about 2 terabytes, you need about 32 GB of RAM. But if the size goes beyond 2 terabytes and stays within 5 terabytes, you will need 64 GB of RAM. Because this is the database server, the hard disk space is important and needs to be 80 GB for both small and medium deployments. Because the database server stores the databases of the SharePoint site, this space will vary depending on the size of the SharePoint content. These hardware requirements do not apply to a database server in an evaluation environment. They apply only to multiple server farms in a production environment. After the hardware requirements for your project are determined and set up, you need to install the required software. The most basic software requirement is to set up the operating system to deploy the SharePoint products you've selected. You can install either Windows Server 2008 SP2 or later, or Windows Server 2008 R2. Whichever version you install, ensure that it is a 64-bit edition so that you don't have issues with memory and performance. Before you install SharePoint products, you need to install a set of prerequisite software for SharePoint Server 2010. You can do this by using the Microsoft SharePoint Products Preparation Tool on the SharePoint Server 2010 Start page. Besides installing the required software from the installation CD, the tool also downloads some additional required software from the Internet. Unlike the hardware requirements, the software requirements differ according to the four types of deployment:

deploying a database server in a farm deploying a single server with a built-in database deploying web and application servers in a farm, and deploying resources for client access

While deploying a database server in a farm, you can install either of the two SQL Server versions: Microsoft SQL Server 2008 or You can use any version of Microsoft SQL Server 2008, R2 or Service Pack 1 Cumulative Update 2, also known as SP1 CU2. While using Cumulative Updates, it is recommended that you only use CU2 or later versions. But for memory and performance advantages, you must ensure that in both versions you use the 64-bit edition. When you install the SP1 CU2 version on Windows Server 2008 R2, you may receive a compatibility warning, which you can ignore. The CU2 version helps you to request and

download hotfixes from the Microsoft web site. These hotfixes are software patches that help you to overcome issues in the software. Microsoft SQL Server 2005 Instead of Microsoft SQL Server 2008, you may also choose to install the 64-bit edition of Microsoft SQL Server 2005 with Service Pack 2 or later. With SP3 CU, you can request and download hotfixes from the Microsoft web site to fix any issues that might arise later. You can use this version for basic functions such as reporting and clustered database server. Unlike SQL Server 2008, it doesn't provide advanced features such as backup compression or Remote BLOB storage, sometimes known as RBS. The deployment of either a single server or a group of web and application servers in a farm has the same software requirements. For both deployments, a 64-bit edition of Windows Server 2008 Standard, Web Server, Enterprise, or Data Center is a must. You can use either the SP2 or the R2 version. If you do not have SP2, Microsoft SharePoint Products Preparation Tool installs it as part of the prerequisites. Microsoft SharePoint Products Preparation Tool installs some prerequisites required by single server and web and application server deployments for SQL Server and Windows:

SQL Server 2008 Express with SP1 SQL Server 2008 Native Client Windows Identity Foundation or WIF Microsoft SQL Server 2008 Analysis Services ADOMD.NET, and Windows PowerShell 2.0

Besides prerequisites for SQL Server and Windows, Microsoft SharePoint Products Preparation Tool also installs some additional prerequisites for single server and web and application server deployments:

Microsoft .NET Framework v3.5 SP1 with a hotfix Microsoft Sync Framework Runtime v1.0 (x64) Microsoft Filter Pack 2.0 Microsoft Chart Controls for Microsoft .NET Framework 3.5 ADO.NET Data Services Update for .NET Framework 3.5 SP1, and web server and application server roles

Besides deploying resources within a farm, you may also need to establish communication between client computers and the farm. So while deploying client access for this communication, the interface that clients use to access server software is the most important. This interface is usually the web browser, which needs to be checked for its suitability. You should ensure that the web browser provides services that align with SharePoint Server 2010 and the needs of the organization. A recommended browser that fits these requirements is the 32-bit web browser Internet Explorer 8, that has no known limitations.

Question
You work as a database administrator in your organization. You need to implement a database server role in a medium server farm. How much RAM do you need for this implementation? Options: 1. 2. 3. 4. 8 GB 16 GB 32 GB 64 GB

Answer
Option 1: This option is incorrect. Deploying a database server in a small farm needs a 64-bit, four core processor and 8 GB of RAM. Option 2: This option is correct. Deploying a database server in a medium farm needs a 64-bit, eight core processor and 16 GB of RAM. Option 3: This option is incorrect. When deploying a database server in a large-farm deployment of 2 terabytes, you need about 32 GB of RAM. Option 4: This option is incorrect. In a large-farm deployment of 2-5 terabytes, you will need 64 GB of RAM. Correct answer(s): 2. 16 GB

Question
Which factors should you consider when determining the software requirements for your server farm?

Options: 1. 2. 3. 4. A web server role in the farm Deployment of a database server in a farm An application server role in the farm Deployment of a single server with a built-in database

Answer
Option 1: This option is incorrect. Hardware requirements depend on the role of a server in the farm. Software requirements depend on the deployment type. Option 2: This option is correct. Software requirements depend on deployment, such as deploying a database server in a farm, a single server with a built-in database, web and application servers in a farm, or client access. Option 3: This option is incorrect. Hardware requirements depend on the role of a server in the farm. Software requirements depend on the deployment type. Option 4: This option is correct. Software requirements depend on deployment, such as deploying a database server in a farm, single server with a built-in database, web and application servers in a farm, or client access. Correct answer(s): 2. Deployment of a database server in a farm 4. Deployment of a single server with a built-in database

Summary
The SharePoint package has two basic products, SharePoint Foundation and SharePoint Server 2010 with the Standard and Enterprise editions. It also has additional products that provide search functionality and web communication. These products are Search Server 2010, Fast Search 2010, and SharePoint Online. For these SharePoint products to work, there are system requirements such as hardware and software requirements that need to be met. Hardware requirements can be basic like the processor, hard drive, and RAM. But software requirements are related to the operating system, SharePoint products, and other software that the products depend on. With a thorough understanding of different SharePoint products and their system requirements, you are prepared for the installation of SharePoint 2010.

Microsoft SharePoint 2010 Architecture and Planning

Learning Objectives
After completing this topic, you should be able to

recognize the architectural features of SharePoint 2010 identify the different products of SharePoint and their systems requirements

Exercise overview
In this exercise, you're required to identify the different features of the SharePoint architecture, such as elements, roles, and topologies. You also need to identify the features of the various products that SharePoint 2010 offers. In addition to the architectural features and the various products, you also need to identify the system requirements for running the SharePoint site. This involves the following tasks:

reviewing architecture aspects and recognizing products and requirements

Studying architecture aspects


Question
While reviewing the SharePoint architecture, which elements will you include in the physical architecture? Options: 1. 2. 3. 4. 5. Server Sites Service application Content databases Farm

Answer
Option 1: This option is correct. The physical architecture comprises the actual hardware for setting up SharePoint 2010. A server is the basic element of this physical architecture, without which you cannot proceed with the installation. Option 2: This option is incorrect. Sites are the basic element of the logical architecture and are present in site collections. They contain web pages, lists, and other documents that are related to the content database.

Option 3: This option is incorrect. Service applications are elements of the logical architecture. They provide services and act as the connecting link between users and services. Option 4: This option is incorrect. Content databases are elements of the logical architecture. They store resources the web applications require to function. They are automatically created with each web application. Option 5: This option is correct. The physical architecture comprises the actual hardware for setting up SharePoint 2010. A farm is made up of servers, and it may contain a single server or many servers. Correct answer(s): 1. Server 5. Farm You are a Windows Server administrator in your organization, which needs to install SharePoint 2010 for a new project. So you need to review the SharePoint architecture, server roles, and topologies.

Question
In SharePoint, which elements are part of the logical architecture? Options: 1. 2. 3. 4. 5. 6. Site collections Farm Services Server Web applications Service application databases

Answer
Option 1: This option is correct. Site collections determine the size of a content database and help to monitor the judicious use of content databases. Option 2: This option is incorrect. Physical architecture comprises the actual hardware for setting up SharePoint 2010. A farm is made up of servers, and it may contain a single server or many servers. Option 3: This option is correct. Services are the first element in the logical architecture. They are the actual functionalities or processes that are performed on servers.

Option 4: This option is incorrect. A server is the basic element of the physical architecture, without which you cannot proceed with the installation. Option 5: This option is correct. Web applications are logical-architecture elements that connect users to services, service applications, and service application databases. Option 6: This option is correct. Service application databases store large amounts of data. This data is used by service applications to provide services. Correct answer(s): 1. Site collections 3. Services 5. Web applications 6. Service application databases

Question
After identifying the architecture elements for the SharePoint installation, which server roles would you consider in your farm? Options: 1. 2. 3. 4. 5. Web server Single server Database server Two server Application server

Answer
Option 1: This option is correct. The web server role stores content and resources related to the web. They are also called web front-end or WFE servers. Option 2: This option is incorrect. Single server is not a server role, but a type of limited deployment that is used for evaluation or demonstration purposes. Option 3: This option is correct. The database server role helps to store databases. The number of servers used in this role depends on the size of the farm used. You can store all databases on a single server, or you can group databases on different servers based on roles. Option 4: This option is incorrect. Two server is not a server role, but a type of limited deployment that is used for evaluation or demonstration purposes. Limited deployment is a category of topology based on the combination of server tiers used.

Option 5: This option is correct. Application servers store the resources that service applications use to provide services. Service users indirectly access application servers through other servers. Correct answer(s): 1. Web server 3. Database server 5. Application server

Question
After determining server roles for your installation, which categories of topologies can you select to manage farms? Options: 1. 2. 3. 4. 5. 6. Single-server farm Two-tier topology Two-server farm Large-farm architecture Three-tier topology Medium-farm architecture

Answer
Option 1: This option is correct. A single-server farm is a limited deployment topology that has the web server and database server roles deployed on a single server. It is usually required for evaluation purposes, and used by less than 100 users. Option 2: This option is incorrect. Two-tier topology is not a category, but a type of topology. This topology type depends on the ways in which the topology of the SharePoint Server can be deployed. Whereas the category of a topology depends on the combinations of tiers used. Option 3: This option is correct. A two-server farm is a limited deployment topology that has a web server and an application server deployed on one server, and the database server role separately installed on an SQL Server. Option 4: This option is correct. A large-farm architecture is a variation of the medium-farm architecture that generally contains groups of servers based on different functionalities. Option 5: This option is incorrect. The three-tier topology is not a category, but a type of topology. This topology type depends on the ways in which the topology of the SharePoint Server can be deployed. Whereas the category of a topology depends on the combinations of tiers used.

Option 6: This option is correct. A medium-farm architecture has two servers for each of the web server, application server, and database server roles. It is useful for a strong search application, where there may be more than 40 million items to be searched. Correct answer(s): 1. Single-server farm 3. Two-server farm 4. Large-farm architecture 6. Medium-farm architecture

Recognizing products and requirements


You need to install SharePoint in your organization, and have already determined the elements, server roles, and topology categories. Now you need to consider the different SharePoint products and the necessary system requirements.

Question
Of the different products that SharePoint offers, which basic products can you choose for your company's installation? Options: 1. 2. 3. 4. Search Server 2010 SharePoint Foundation SharePoint Online SharePoint Server 2010 Enterprise

Answer
Option 1: This option is incorrect. Search Server 2010 is an additional product provided by SharePoint. It can be deployed on many servers for redundancy. It provides high availability and fault tolerance, and unlike Search Server 2010 Express, needs to be purchased by the user. Option 2: This option is correct. SharePoint Foundation is a basic and economical SharePoint product. It is essential for your installation because SharePoint Server 2010 is installed on it. It allows you to add public communication tools and update your users with news and events. Option 3: This option is incorrect. SharePoint Online automates administrative chores and maintains the site. It has a shared model that shares a farm but doesn't allow customization. It also has a dedicated model that owns a whole farm, allowing approved customizations. Option 4: This option is correct. SharePoint Server 2010 a basic product of SharePoint provides the Enterprise edition. It provides additional functionalities such as new service applications and business intelligence.

Correct answer(s): 2. SharePoint Foundation 4. SharePoint Server 2010 Enterprise

Question
In addition to the basic SharePoint functionalities, your company requires a functionality that allows you to search across the site. You want it to be available every time and not be prone to many faults. Which SharePoint product will you select for this purpose? Options: 1. 2. 3. 4. 5. SharePoint Server 2010 Standard Search Server 2010 Express Fast Search Server 2010 SharePoint Foundation Search Server 2010

Answer
Option 1: This option is incorrect. SharePoint Server 2010 Standard builds social communication of with other users over the SharePoint site through blogs and wikis. It allows users to search for users and resources within a site, but doesn't allow searching across site collections. Option 2: This option is incorrect. Search Server 2010 Express is free, and allows you to search across the site and add content from external sources. But it doesn't provide good availability and has low fault tolerance. Option 3: This option is incorrect. Fast Search Server 2010 helps you to search data with highend tools. It allows you to communicate in multiple languages, scale usability with increasing documents, and manage structured and unstructured data. But it may not provide high availability and fault tolerance. Option 4: This option is incorrect. SharePoint Foundation is a basic and economical SharePoint product. It is essential for your installation because SharePoint Server 2010 is installed on it. It allows you to add public communication tools and update your users with news and events. It hosts SharePoint Server 2010, which helps in search but doesn't allow searching across many sites. Option 5: This option is correct. Search Server 2010 is an additional product provided by SharePoint, which allows you to search across the site. It can be deployed on many servers for

redundancy. It provides high availability and fault tolerance, and unlike Search Server 2010 Express, needs to be purchased by the user. Correct answer(s): 5. Search Server 2010

Question
After selecting different products, you need to identify the hardware requirements, which depend on server roles. In your SharePoint installation, you have decided to use a farm with the web server, application server, and database server roles. In addition to an 80 GB hard drive, how much RAM would you need for each of these roles? Options: 1. 4-8 GB RAM for the web server and application servers, and 8-64 GB for the database server 2. 8-16 GB RAM for the web server and application servers, and 16-64 GB for the database server 3. 8-32 GB RAM for the web server and application servers, and 8-64 GB for the database server 4. 4-8 GB RAM for the web server and application servers, and 32-64 GB for the database server

Answer
Option 1: This option is correct. The amount of RAM used for web and application servers depends on the purpose of the server. You need 4 GB of RAM for development or evaluation, but 8 GB of RAM for production. The amount of RAM used for database servers differs according to three types of deployments. A small deployment needs 4 GB of RAM, a medium deployment needs 16 GB, and large-farm deployment of 2 or 2-5 terabytes needs 32 or 64 GB of RAM respectively. Option 2: This option is incorrect. The amount of RAM used for web and application servers depends on the purpose of the server. You need 4-8 GB RAM for the web server and application servers. Whereas, for database servers you need 8-64 GB RAM, which again differs according to three types of deployments. 16-64 GB RAM would only be applicable to medium and large deployments. Option 3: This option is incorrect. The amount of RAM used for web and application servers depends on the purpose of the server. You need 4-8 GB RAM for the web server and application servers. Whereas, for database servers you need 8-64 GB RAM, which again depends on three types of deployments. A small deployment needs 4 GB of RAM, a medium deployment needs 16 GB, and large-farm deployment needs 32 or 64 GB of RAM respectively.

Option 4: This option is incorrect. The amount of RAM used for web and application servers depends on the purpose of the server. You need 4-8 GB RAM for the web server and application servers. Whereas, for database servers you need 8-64 GB RAM, which again differs depending on three types of deployments. A 32-64 GB RAM would serve only a large-farm deployment of 2 or 2-5. Correct answer(s): 1. 4-8 GB RAM for the web server and application servers, and 8-64 GB for the database server

Question
With hardware requirements in place, you now need to implement the software requirements for your farm. Which factors should you consider for this? Options: 1. 2. 3. 4. 5. 6. A web server role in the farm Deployment of a database server in a farm An application server role in the farm Deployment of a single server with built-in database Deploying web and applications servers in a farm Deploying resources for client access

Answer
Option 1: This option is incorrect. Hardware requirements depend on the role of a server in the farm. Software requirements depend on the deployment. Option 2: This option is correct. Software requirements depend on types of deployment, such as deploying a database server in a farm, a single server with a built-in database, web and application servers in a farm, or client access. You can either use Microsoft SQL Server 2008 R2 or Service Pack 1 Cumulative Update 2, or Microsoft SQL Server 2005 with Service Pack 2 or later. Option 3: This option is incorrect. Hardware requirements depend on the role of a server in the farm. Software requirements depend on the deployment. Option 4: This option is correct. Software requirements depend on types of deployment, such as deploying a database server in a farm, a single server with built in database, web and applications servers in a farm, or client access. The deployment of a single server needs a 64-bit edition of Windows Server 2008 Standard, Web Server, Enterprise, or Data Center. This can be either an SP2 or R2 version.

Option 5: This option is correct. Software requirements depend on types of deployment, such as deploying a database server in a farm, a single server with built in database, web and applications servers in a farm, or client access. The deployment of web and application servers in a farm needs a 64-bit edition of Windows Server 2008 Standard, Web Server, Enterprise, or Data Center. This can be either an SP2 or R2 version. Option 6: This option is correct. Software requirements depend on types of deployment, such as deploying a database server in a farm, a single server with built in database, web and applications servers in a farm, or client access. While deploying client access, you need to use a web browser that provides services aligned with SharePoint Server 2010 and the needs of the organization. The 32-bit web browser Internet Explorer 8 is recommended for this purpose. Correct answer(s): 2. Deployment of a database server in a farm 4. Deployment of a single server with built-in database 5. Deploying web and applications servers in a farm 6. Deploying resources for client access | Print | Contents | Close |

Installing SharePoint 2010


Learning Objectives
After completing this topic, you should be able to

recognize how to prepare for a SharePoint 2010 installation distinguish between Standalone and Server farm SharePoint installations

1. SharePoint 2010 installation preparation


Before installing Microsoft SharePoint Server 2010, you first need to prepare an environment for it. This involves installing and configuring software prerequisites that are required to install SharePoint Server 2010 and make a farm run. You can easily set up these prerequisites by using the Microsoft SharePoint 2010 Products Preparation Tool. Then you can install SharePoint Server 2010 using one of two options - Standalone and Server Farm. The Microsoft SharePoint 2010 Products Preparation Tool is an executable file called PrerequisiteInstaller.exe. You can find this file in the root directory of the SharePoint 2010 installation disc. But if you download OfficeServer.exe or SharePoint.exe from the Microsoft site, then you need

to extract the EXE file. To do this, you access the command prompt, navigate to the drive or folder where you saved the OfficeServer.exe file, and run this extract command.

Graphic
The command you run is the following: OfficeServer.exe/extract:c:\install All of the SharePoint files are extracted, and the Microsoft SharePoint 2010 Products Preparation Tool or the PrerequisiteInstaller.exe file is available at this location.

Graphic
The location path is the following: C:\install When you run the Microsoft SharePoint 2010 Products Preparation Tool, the tool first configures Internet Information Services, commonly known as IIS, if it is not already configured. Then the tool checks whether the prerequisite programs are already installed on your computer, including

Web Server (IIS) role Microsoft SQL Server 2008 Analysis Services ADOMD.NET Application Server role Microsoft Sync Framework Runtime v1.0 (x64), and Microsoft Chart Controls for the Microsoft .NET Framework 3.5

The Microsoft SharePoint 2010 Products Preparation Tool also checks for other prerequisite programs, such as

Microsoft .NET Framework v3.5 SP1 ADO.NET Data Services v1.5 CTP2 Microsoft Framework Microsoft Filter Pack 2.0, and Windows PowerShell 2.0 CTP3

The Microsoft SharePoint 2010 Products Preparation Tool may detect that some prerequisite programs are not installed, or are installed with the incorrect versions. In this case, the tool accesses the Internet, downloads the required programs from the Microsoft Download Center, and installs them. After the installations are complete, the Microsoft SharePoint 2010 Products Preparation Tool might prompt you to reboot your server. This reboot is not always necessary. It is required only when multiple changes are made to the server. After you reboot, the Microsoft SharePoint 2010 Products Preparation Tool continues the installation from the point where it stopped.

Question
If you downloaded SharePoint.exe from the Microsoft site, where can you get the Microsoft SharePoint 2010 Products Preparation Tool? Options: 1. 2. 3. 4. In the Install folder of the SharePoint 2010 installation disc In the Microsoft Download Center In the folder where you extracted SharePoint files from SharePoint.exe In Windows PowerShell 2.0

Answer
Option 1: This option is incorrect. The Microsoft SharePoint 2010 Products Preparation Tool is available in the root of the SharePoint 2010 installation disc. But, in this case, the EXE has been downloaded from the Microsoft site. Option 2: This option is incorrect. The Microsoft Download Center is used by the Microsoft SharePoint 2010 Products Preparation Tool to download the required prerequisite programs. Option 3: This option is correct. When you download SharePoint.exe from the Microsoft site, you need to extract this EXE file. The extracted SharePoint files contain the Microsoft SharePoint 2010 Products Preparation Tool. Option 4: This option is incorrect. The Microsoft SharePoint 2010 Products Preparation Tool checks whether the Windows PowerShell 2.0 program is installed on the server. The tool itself is not a part of the program. Correct answer(s): 3. In the folder where you extracted SharePoint files from SharePoint.exe The Microsoft SharePoint 2010 Products Preparation Tool will check for the prerequisites for a SharePoint installation. If any of the prerequisite programs are not present, it automatically accesses the Internet to download and install them. However, your servers may not have access

to the Internet because of security reasons. So you can download the required programs manually from the Internet. To do this, you click the Learn more about these prerequisites link on the Welcome page of the Microsoft SharePoint 2010 Products Preparation Tool. This opens a TechNet page with links to all of the prerequisite programs. You can click the relevant links to download the required programs and then install each program. This method is best when you need to perform a one-time installation of SharePoint Server 2010 on a single server. The other method of manually installing the prerequisite programs is to use the command-line options of the prerequisite installer. To display these options, you run this command.

Graphic
The command you run is the following: Prerequisitelnstaller.exe /? You can install the required programs by including the relevant options in your command. This method is best when you need to install SharePoint Server 2010 on multiple servers.

Question
Mary needs to install SharePoint Server 2010 on a server. She comes to know that all of the programs required for this installation are present on the server. To be sure, she runs the Microsoft SharePoint 2010 Products Preparation Tool. Identify the actions that the tool will perform. Options: 1. 2. 3. 4. Check for the presence of the prerequisite programs Configure IIS Prompt for a reboot of the server Remove certain programs from the server

Answer
Option 1: This option is correct. The Microsoft SharePoint 2010 Products Preparation Tool will check if the required prerequisite programs are already installed on the server. This is the second action that the tool will perform. Option 2: This option is correct. When Mary runs the Microsoft SharePoint 2010 Products Preparation Tool, the first action it will perform is to configure IIS with the required settings.

Option 3: This option is incorrect. As all of the required programs are already installed on the server, there will not be any changes to it. So the Microsoft SharePoint 2010 Products Preparation Tool will not prompt for a server reboot. Option 4: This option is incorrect. The Microsoft SharePoint 2010 Products Preparation Tool never removes any programs from a server. It only installs the missing prerequisite programs. Correct answer(s): 1. Check for the presence of the prerequisite programs 2. Configure IIS While using the Microsoft SharePoint 2010 Products Preparation Tool, you can encounter two common problems that may lead to its failure. One problem is that an Internet connection may not be available on the server on which you want to install SharePoint Server 2010. You can tackle this issue by manually downloading the required program files. The other problem is that Windows PowerShell 1.0 is installed on your server. One reason for this is that you have Windows Server 2008 as your operating system, and you have activated its Windows PowerShell feature. Another reason might be that PowerShell 1.0 was installed automatically while you were installing an application such as SQL Server. You need PowerShell 2.0 to install SharePoint Server 2010. So when you run the Microsoft SharePoint 2010 Products Preparation Tool and it detects that PowerShell 2.0 is not installed on the server, it tries to install PowerShell 2.0. But as you already have PowerShell 1.0 on your server, the installation of PowerShell 2.0 fails. This, in turn, leads to the failure of the Microsoft SharePoint 2010 Products Preparation Tool installation. To solve this problem, you need to deactivate the Windows PowerShell feature by using Windows Server Manager, and then run the tool again.

Question
What should you do if the Microsoft SharePoint 2010 Products Preparation Tool fails on your server because of the absence of an Internet connection? Options: 1. 2. 3. 4. Install Windows PowerShell 1.0 Install Microsoft Filter Pack Download the missing prerequisite programs manually Run SharePoint.exe

Answer

Option 1: This option is incorrect. Installing Windows PowerShell 1.0 will not resolve the Internet connection issue. But it will cause more problems, because Windows PowerShell 2.0, and not 1.0, is required for installing SharePoint Server 2010. Option 2: This option is incorrect. Installation of Microsoft Filter Pack itself requires an Internet connection. It cannot resolve the issue of a missing Internet connection. Option 3: This option is correct. The Microsoft SharePoint 2010 Products Preparation Tool requires an Internet connection to download the prerequisite program files. If a connection is not present on the server, the tool fails. In such a case, you need to download the required programs manually. Option 4: This option is incorrect. When you run SharePoint.exe, it starts the installation of SharePoint Server 2010. It does not resolve the issue of a missing Internet connection. Correct answer(s): 3. Download the missing prerequisite programs manually The Microsoft SharePoint 2010 Products Preparation Tool installs all of the prerequisite programs. But to install and deploy SharePoint Server 2010 on a server farm, you will also need certain service accounts. These service accounts are

SQL Server service account Setup user account server farm account, and managed account

You need the SQL Server service account to run two SQL Server services MSSQLSERVER and SQLSERVERAGENT. The way that these services are displayed depends on whether you are using the default SQL Server instance in the Windows Services console. If you are not using that instance, the services are displayed with their respective instance names like this.

Graphic
The MSSQLSERVER service is displayed as MSSQL$InstanceName, and the SQLSERVERAGENT service is displayed as SQLAgent$InstanceName. To set up the SQL Server service account, you can use a domain user account or a Local System account. Both of these accounts need access to the external resource that you will use for backup and restore purposes.

To use a domain user account, you need to grant it permission to access the external resource. To use a Local System account, you need to allow access of the external resource to the machine account with this syntax.

Graphic
The syntax is the following: domain_name\SQL_hostname$ Another service account that you need to install SharePoint Server 2010 is the Setup user account. You need this account to run the setup file and the SharePoint Products Configuration Wizard. For the Setup user account, you require a domain user account and a SQL Server login on the computer running SQL Server. You also need to make the account a member of the Administrators group on each server where you want to run the setup, and assign it the securityadmin and dbcreator fixed server roles. In addition to the Setup user account, you need the server farm account for installing SharePoint Server 2010. This account helps in configuring and managing the server farm. It also helps in running the Microsoft SharePoint Foundation Workflow Timer Service. The account also functions as an application pool identity for the SharePoint Central Administration web site. To set up the server farm account, you require a domain user account. However, the server farm account, by default, gets extra permissions on Web servers and application servers connected to a server farm. The server farm account also gets a SQL Server login on the computer running SQL Server. The account is assigned the securityadmin and dbcreator fixed server roles and the db_owner fixed database role for all SharePoint databases in the server farm. The last account you need for the installation of SharePoint Server 2010 is a managed account. When you register a domain account as a managed account, SharePoint itself maintains and manages the account. This means that SharePoint handles all changes, such as password changes, related to the account. For example, if your company has a policy that passwords for all the domains need to be changed every 90 days, then SharePoint enforces this change automatically. So you are free from the responsibility of managing domain account passwords. The account that you use for installing SharePoint Server 2010 becomes a managed account by default. But you can register any number of accounts as managed accounts by specifying the domain, the username, and the password for each of them.

Question

Sophie needs an application pool identity for the SharePoint Central Administration web site. She also needs to run the SharePoint Products Configuration Wizard. Which service accounts should she use? Options: 1. 2. 3. 4. Server farm account SQL Server service account Managed account Setup user account

Answer
Option 1: This option is correct. The server farm account helps in configuring and managing the server farm. This account also acts as an application pool identity for the SharePoint Central Administration web site. Option 2: This option is incorrect. The SQL Server service account runs the SQL Server services MSSQLSERVER and SQLSERVERAGENT. Option 3: This option is incorrect. A managed account is maintained by SharePoint, and does not require much involvement from the administrator. Option 4: This option is correct. You require the Setup user account for running the setup file and the SharePoint Products Configuration Wizard when installing SharePoint 2010. Correct answer(s): 1. Server farm account 4. Setup user account

2. Types of SharePoint installation


After you've prepared the environment for installing SharePoint Server 2010, you can run setup.exe. This executable file does not start the setup process directly. It first checks if all the prerequisite programs are installed on your server. After this check has been carried out, and the presence of all the programs is confirmed, Setup determines whether the server needs to be rebooted and, if necessary, prompts you to do so. If this initial check fails, you get information about the problems from the logs available at this location.

Graphic

The location is the following: C:\program files\common files\Microsoft shared\web server extensions\14\logs After the initial check is completed, setup.exe gives you two options for installing SharePoint Server 2010:

Standalone and Server Farm

If you select the Standalone option, you do not need to provide any inputs during the installation process. The process starts and installs all the required SharePoint components. Then, the Microsoft SharePoint Products Configuration Wizard runs automatically, and a web application is created with this link.

Graphic
The link is the following: http://<YourServerName> Then you just need to select the template that you want to use for the root site collection. You can also use your own template by uploading it to the gallery. The Standalone install simplifies the installation of SharePoint Server 2010 as it does not require any input from you. You just select this option and you get a complete SharePoint farm. This install option performs most of the tasks for you including

installing a new instance of SQL Server Express 2008 configuring SharePoint to store all databases on the SQL Server Express 2008 instance configuring service applications, and creating a web application and a site collection

Despite the fact that the Standalone install does all the installation work for you, it has its limitations. Selecting this install option leads to a permanent commitment to it. This means that you cannot make many changes to your SharePoint setup or topology in future. For example, you cannot add more SharePoint servers to your farm. If you really need to add a server, you have to perform the tedious task of backing up data, formatting the server, and performing the installation process again. The other limitation is that you might not be able to upgrade SharePoint 2010 to a later version.

Along with its own limitations, the Standalone install brings the limitations of SQL Server Express 2008, which it installs and uses. This SQL Server instance limits the size of a database to 4 GB. The other drawback of SQL Server Express 2008 is that it does not provide a GUI tool to help you manage it. If you need such a tool, you have to download it separately from the Microsoft site. The other option is to manage SQL Server using the command-line tool osql.exe.

Question
Which facts are correct about the Standalone install? Options: 1. 2. 3. 4. Requires regular inputs during the installation Results in a permanent commitment to the SharePoint setup Prompts you to create the web application Installs a new instance of SQL Server Express 2008

Answer
Option 1: This option is incorrect. The Standalone install does not require regular inputs during the installation. The only input required is the selection of the template for the root site collection. Option 2: This option is correct. Selecting the Standalone install means that you cannot make many changes to the SharePoint setup, such as adding servers. Option 3: This option is incorrect. When you select the Standalone install, it automatically creates a web application and a site collection. Option 4: This option is correct. The Standalone install creates a new instance of SQL Server Express 2008 and configures SharePoint to store all databases on that instance. Correct answer(s): 2. Results in a permanent commitment to the SharePoint setup 4. Installs a new instance of SQL Server Express 2008 The limitations of the Standalone install and its SQL Server instance mean that it's often better to select the other option Server Farm - when installing SharePoint Server 2010. But even after you select the Server Farm install, Stand-alone is still the default option for installation. So to avoid the Standalone install again, you must select the Complete option. When you select the Complete option, all of the required SharePoint components are installed, but you need to configure them yourself. This method gives you more flexibility and control, as

you are free to select the features and service accounts that you want. Additionally, you can reconfigure your server or add more servers to your farm to meet changing business needs. The Complete option is available on the Server Type tab. In addition to this tab, there is another tab called File Location. You can use this tab to change the locations of the SharePoint Server files and the search index files, whose default location is the system drive. If you're not sure about the locations you want to use at the time of installation, you can also change them later. However, there are certain files, called the 14 hive, whose location you cannot change. These files take up to 1 GB of disk space and need to be present on the system drive at this location.

Graphic
The location is the following: %ProgramFiles%\common files\Microsoft Shared\web server extensions\14 After you've changed the locations of the SharePoint Server files, you click Install Now to start the installation of these files. While the installation of the SharePoint files is in progress, the 14 hive files are created. After the installation of SharePoint files is complete, you are prompted to run the SharePoint Products Configuration Wizard. You can use this wizard to configure the installed files. Configuring SharePoint involves a great deal of typing and clicking. If you want to save this effort, you can automate the configuration by using the scripted install. All you need to do is decide the configuration settings you want to use, and then specify them in the config.xml file. Once you specify the required settings, you can use the same config.xml file to install SharePoint Server 2010 across multiple servers. If you downloaded the OfficeServer.exe file from the Microsoft site and extracted the SharePoint files, the config.xml file is available in various folders at this location.

Graphic
The location is the following: C:\install\files

Question
Match each SharePoint installation type with its description. You can use each installation type more than once. Options:

1. Standalone 2. Server Farm Targets: 1. 2. 3. 4. Prompts the administrator to configure the SharePoint components Limits the chances of modifying or upgrading your SharePoint 2010 setup Does not require any inputs from the administrator Provides the administrator flexibility and control during the SharePoint installation

Answer
The Server Farm install installs the SharePoint components, but prompts you to configure them. When you select the Standalone install, you cannot make many changes to the SharePoint 2010 setup, and you might not be able to upgrade it to later versions. The Standalone install does not require any inputs from you during the installation process, and at the end of the process, you get a complete SharePoint farm. You get more flexibility and control with the Server Farm install, as you can select the SharePoint features and service accounts yourself. Correct answer(s): Target 1 = Option B Target 2 = Option A Target 3 = Option A Target 4 = Option B

Summary
Before the installation of SharePoint Server 2010, you need to install some prerequisite programs using the Microsoft SharePoint 2010 Products Preparation Tool. This tool can fail if you do not have an Internet connection, or if you have Windows PowerShell 1.0 running on your server. In addition to the prerequisite programs, you need to set up four service accounts for installing SharePoint Server 2010: SQL Server service account, Setup user account, server farm account, and managed account. After installing the prerequisites and setting up the service accounts, you get two options for installing SharePoint 2010 Standalone and Server Farm. The Standalone install does not require your input and gives you a complete SharePoint farm. But this option limits your

opportunities to modify and upgrade the SharePoint setup. The Server Farm install installs the SharePoint components, but asks you to configure them, giving you more flexibility and control. You can also automate the installation of SharePoint Server 2010 by using the scripted install.

Table of Contents
| Print | Contents | Close |

The Configuration Wizard


Learning Objectives
After completing this topic, you should be able to

configure an installation of SharePoint 2010 identify and resolve common configuration wizard issues

1. Configuring SharePoint 2010


After you install SharePoint Server 2010, you need to create a SharePoint farm, which is a collection of two or more servers that share configuration data. You need to create a farm because it is the top-level element of SharePoint 2010, and enables sharing of other elements between servers. A farm can be created by using the SharePoint Products Configuration Wizard. This wizard helps you to set up and manage your farm by configuring the required databases and files. During the configuration, certain common errors might occur, but these errors can be resolved. Using the Configuration Wizard, you can

create a new SharePoint farm and add a server to an existing farm

Creating a new SharePoint farm involves installing and configuring two databases - the configuration database and the content database. It also includes installation of the SharePoint Central Administration web site. To start creating a new farm, you first open the Configuration Wizard.

Graphic
To do this, you select Start - SharePoint 2010 Products Configuration Wizard.

After opening this wizard, you move ahead with the configuration by navigating to the next page.

Graphic
To do this, you click Next on the Welcome to SharePoint Products page. This page specifies the information that you have to provide for the configuration, including the name of database server and the database where server farm configuration data will be stored. The other information that you need to provide is the username and password for the database access account that will administer the server farm. You can click Next to continue or Cancel to exit the wizard. And to start the wizard again, you can click on the Start Menu shortcut.

Keyboard Sequence
The keyboard alternative for clicking Next is Alt+N. You are then presented with dialog box that lists some services that might need to be started or reset during the configuration. This reset is required so that SharePoint can read the new dynamic link libraries, commonly known as DLLs, that have been copied to the server as part of the installation. To continue, you must confirm the restart in this dialog box.

Graphic
To confirm the restart, you click Yes. You can also exit the wizard by clicking No. The services listed in the dialog box are Internet Information Services, SharePoint Administration Service V4, and SharePoint Timer Service V4.

Keyboard Sequence
The keyboard alternatives for clicking Yes and No are Alt+Y and Alt+N respectively. Next you specify that you want to create a new server farm.

Graphic
To do this, you select the Create a new server farm option on the Connect to a server farm page, and then click Next. This page defines a server farm as a collection of two or more computers that share configuration data. Additionally, this page provides another option - Connect to an existing server farm - that you can select if you want to connect to an existing server farm. The page also contains the Back and Cancel buttons.

Keyboard Sequence
The keyboard alternative for selecting the Create a new server farm option is Alt+R.

Then you specify the database details in the relevant fields to create a new configuration database or reuse an existing one. The database server must be a computer running SQL Server. You also need to specify the database access account details.

Graphic
To do this, you use the Specify Configuration Database Settings page. This page informs you that all servers in a server farm need to share a configuration database, and you need to enter the database server and database name. If the entered database does not exist, SharePoint will create it. And to reuse an existing database, the database must be empty. So you enter the database server in the Database server field and the database name in the Database name field. In this example, the Database server is specified as SQL034, and the Database name is SharePoint_Config_Farm21. The Specify Configuration Database Settings page also mentions that you need to specify an existing Windows account that your computer will always use to connect to the configuration database. If the configuration database is hosted on another server, you need to specify a domain account. The account details you need to enter include the username in the DOMAIN\User_Name form and the password. So you enter the username in the Username field and the password in the Password field. In this example, the Username is given as Earthfarm.com\sp_farm. Then you click Next. Next you need to specify a passphrase to safeguard all communications on the farm, and then confirm the passphrase. SharePoint will ask for this passphrase when you try to add additional servers to the farm. The passphrase should be strong and must consist of at least eight characters to ensure optimum security. The characters should be made up of any three or all four of the character groups, which are numerals from 0 to 9, English lowercase letters, English uppercase letters, and nonalphabetic characters.

Graphic
You enter the passphrase in the Passphrase field on the Specify Farm Security Settings page, reenter it in the Confirm passphrase field, and then click Next. You can change the passphrase after the farm is configured. The next step is to specify the Central Administration settings, which are the port number and the authentication method for the Central Administration web site. You should use a port number that is easy to recall. You also have the choice of using the default port number. Additionally, NTLM is the default authentication method, but you can also use the Kerberos method. If you use NTLM for Central Administration, you can use Kerberos for another SharePoint web application.

Graphic

You specify the port number and the authentication method on the Configure SharePoint Central Administration Web Application page. This page informs you that a SharePoint Central Administration Web Application allows you to manage configuration settings for a server farm. The first server added to a server farm must host this web application, and the port number for the application must be between 1 and 65535. So to specify the port number, you select the Specify port number check box and enter the required port number. Here, the Specify port number check box is selected and the port number is specified as 3780. The Configure SharePoint Central Administration Web Application page also specifies that Kerberos is the recommended security configuration to use with Integrated Windows authentication. Kerberos requires special configuration by the domain administrator. NTLM authentication works with any application pool account and the default domain configuration. So the Configure SharePoint Central Administration Web Application page provides two options - NTLM and Negotiate (Kerberos). Here, the NTLM option is selected. After specifying the port number and the authentication method, you click Next.

Keyboard Sequence
The keyboard alternative for selecting the Specify port number check box is Alt+S. You confirm the farm settings you specified and start the farm creation.

Graphic
To do this, you click Next on the Completing the SharePoint Products Configuration Wizard page. This page displays all the specified settings, including the Configuration Database Server, Configuration database Name, whether to Host the Central Administration Web Application, and if yes, the Central Administration URL, and Authentication provider are . These settings are specified in the Configuration Database Server, Configuration Database Name, Host the Central Administration Web Application, Central Administration URL, and Authentication provider fields. Completing the SharePoint Products Configuration Wizard page also contains an Advanced Settings button, which is currently disabled. Finally you complete the creation of your farm.

Graphic
To do this, you click Finish on the Configuration Successful page. This page gives the configuration settings that were applied. These settings are the same as those that were specified in the previous pages. The page also informs you that clicking Finish will close the Configuration Wizard and launch the SharePoint Central Administration web site to continue configuring the SharePoint installation. Users trying to access the web site might be prompted to enter a username in the DOMAIN\User_Name form, and the password. At this prompt, you need to enter the credentials that you used to logon to your computer. Also, you need to add the SharePoint Central Administration web site to the list of trusted sites when prompted.

Keyboard Sequence
The keyboard alternative to click Finish is Alt+F.

Try It
Now you try creating a new farm by using the SharePoint Products Configuration Wizard. The wizard is already open and the Connect to a server farm page is open. To complete the task 1. Specify that you want to create a new server farm To do this, select the Create a new server farm option and click Next. 2. Specify the configuration database name as SharePoint_Config_Farm22 Enter the database name in the Database name field and click Next. 3. Enter the passphrase for the farm as sp_pass@10 and confirm it Enter the passphrase in the Passphrase field, confirm it by entering it again in the Confirm passphrase field, and then click Next. 4. Specify the Central Administration settings by using the port number 4210 and ensuring that the NTLM authentication method is selected To do this, select the Specify port number check box, enter 4210, and click Next. 5. Confirm your settings and move ahead with the creation of the farm To do this, click Next. A new SharePoint farm has been created. After creating your SharePoint farm by using the Configuration Wizard, you are presented with the Central Administration web site. From this site, you can launch the Farm Configuration Wizard. Using this wizard, you can configure your farm by selecting the services you want on it and creating a site.

Graphic
The Farm Configuration Wizard can be launched by using the Launch the Farm Configuration Wizard link available after clicking the Configuration Wizards link in the navigation pane. The Farm Configuration Wizard gives you two options for configuring your farm automatic configuration using the wizard and manual configuration. You can select any option according to your preference. But when you decide to configure the farm manually, you get the freedom to plan its logical architecture as you want.

Graphic
You get the two configuration options on the Configure your SharePoint farm page of the Farm Configuration Wizard. The first option is Yes, walk me through the configuration of my farm

using this wizard. The other option is No, I will configure everything myself. The Configure your SharePoint farm page also informs you that the wizard will help you with the initial configuration of your SharePoint farm. You can select the services to use in the farm and create your first site. Additionally, you can launch this wizard again from the Configuration Wizards page in the Central Administration site.

Question
You are using the Configuration Wizard to create a new farm. While running the wizard, you need to specify the Central Administration settings. Identify the setting you need to configure. Options: 1. 2. 3. 4. SQL Server number Passphrase Configuration database name Authentication method

Answer
Option 1: This option is incorrect. The Central Administration settings include the port number, and not the SQL Server number, for the Central Administration web site. Option 2: This option is incorrect. A passphrase is a farm security setting. It is used to protect all farm communication. Option 3: This option is incorrect. As a configuration database setting, you need to specify the name of the configuration database. Option 4: This option is correct. Authentication method is a Central Administration setting, and NTLM is the default authentication method. Correct answer(s): 4. Authentication method In addition to creating a new farm, you can use the SharePoint Products Configuration Wizard to add a server to an existing farm. When you do this, the wizard relocates the Central Administration web application. To add a server to an existing farm, you first access the Connect to a server farm page of the SharePoint Products Configuration Wizard. Then, you select the Connect to an existing server farm option, if it is not already selected, and click Next.

Graphic
The other option on this page is Create a new server farm. And in addition to the Next button, there are the Back and Cancel buttons.

Keyboard Sequence
The keyboard alternative for selecting the Connect to an existing server farm option is Alt+O. In the Specify Configuration Database Settings page that opens, you type the SQL Server instance name in the Database server field and click Retrieve Database Names to reuse an existing configuration database.

Graphic
SQL034 is specified in the Database server field. The Specify Configuration Database Settings page also informs you that all servers in a server farm need to share a configuration database. And for additional information about database server security configuration and network access, you can click the help link.

Keyboard Sequence
The keyboard alternative for clicking Retrieve Database Names is Alt+R. You then select the configuration database to be used from the Database name drop-down list, and click Next.

Graphic
SharePoint_Config is selected as the configuration database. Some other database names in the Database Name drop-down list include SharePoint_Config_Farm10, SharePoint_Config_Farm11, SharePoint_Config_Farm15, and SharePoint_Config_Farm16

Keyboard Sequence
The keyboard alternative for accessing the Database name drop-down list is Alt+A. On the Specify Farm Security Settings page, you specify the farm passphrase and click Next.

Graphic
You specify the passphrase in the Passphrase field of the Specify Farm Security Settings page. This page informs you that the farm passphrase is used to secure farm configuration data, and is required for each server that joins the farm. Additionally, the passphrase can be changed after configuring the farm.

Keyboard Sequence
The keyboard alternative is Alt+N. You then check the specified settings in the Completing the SharePoint Products Configuration Wizard page and click Next to move ahead.

Graphic
The page specifies the configuration settings that will be applied, such as the configuration database server and name. In this case, SQL034 is specified in the Configuration Database Server field and SharePoint_Config in the Configuration Database Name field. And the Advanced Settings button is enabled. On the Configuration Successful page, you click Finish to complete the configuration.

Graphic
The Configuration Successful page gives the configuration settings that were applied. These settings are same as those that were specified in the previous pages. The page also informs you that clicking Finish will close the Configuration Wizard and launch the SharePoint Central Administration web site to continue configuring the SharePoint installation. Users trying to access the web site might be prompted to enter a username in the DOMAIN\User_Name form, as well as the password. Then you enter the credentials that you used to log on to your computer. Also, you need to add the SharePoint Central Administration web site to the list of trusted sites when prompted. To verify that the new server is a part of the farm, you click the Manage servers in this farm link on the Central Administration home page.

Graphic
This link is available under the System Settings category. Next, on the Servers in Farm page, you select the name of the new server to start the services that you want on it.

Graphic
This page lists the servers in the farm, the SharePoint products installed on each of them, the services running on each server, the status of each server given as No Action Required, and the Remove Server link that you can click if you want to remove a server from the farm. In this case, the added server is SRV046 and has Microsoft SharePoint Server 2010 installed on it. Some of the services on this server are Access Database Service, Application Registry Service, Business Data Connectivity Service, and Excel Calculation Services.

Then, on the Services on Server page, you start the services that you want to run on the new server.

Graphic
This page lists services, such as Access Database Service, Application Registry Service, Business Data Connectivity Service, Central Administration, and Claims to Windows Token Service. On the right side of the list are two columns Status and Action. The status of all the services is Stopped, and the Action column has the Start link. You can start a service by clicking this link.

Question
Ben had set up a SharePoint farm, and now he needs to add a server to the farm. So he opens the Configuration Wizard. Sequence the remaining steps that Ben should perform in the correct order. Options: 1. 2. 3. 4. 5. Select the configuration database used in the farm Specify the name of the SQL Server instance Select the option to connect to an existing server Start the services to be run on the new server Enter the passphrase for the farm

Answer
Correct answer(s): Select the option to connect to an existing server is ranked as the first step. After opening the Configuration Wizard, Ben needs to select the option to connect to an existing server. Specify the name of the SQL Server instance is ranked as the second step. Before specifying the name of the SQL Server instance, Ben needs to indicate that he wants to add the new server to a farm. Select the configuration database used in the farm is ranked as the third step. Ben can select the configuration database only after entering the SQL Server instance name. Enter the passphrase for the farm is ranked as the fourth step. After selecting the configuration database, Ben needs to enter the passphrase for the farm to which he wants to add the new server. Start the services to be run on the new server is ranked as the fifth step. Ben can select the services that he wants to run on the server only after completing the process of the Configuration Wizard.

2. Identifying Configuration Wizard issues


When you install and configure SharePoint, you might encounter some common issues. These issues could appear while running setup.exe or the Configuration Wizard. One issue that might appear when you run setup.exe is that the setup does not move ahead. The error message corresponding to this issue says that a system restart from a previous installation or update is pending, and you need to restart your computer and run setup again. This error message is displayed when the value of the UpdateExeVolatile registry key is not 0 or the PendingFileRenameOperations registry key has a value. To resolve this setup issue, you need to open the registry editor and access this folder.

Graphic
The folder path is the following: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\ Then you must change the value of the UpdateExeVolatile key to 0. Additionally, you need to delete the PendingFileRenameOperations key that exists at this registry path.

Graphic
The registry path is the following: HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\Session Manager\ Another issue that can arise while running setup.exe is related to the language of the installation. The error message for this issue says that the language of the installation is not supported by your system. This issue usually occurs when the binary files are corrupted. You can find out more about these damaged binary files by using the extract command on the command prompt and checking the logs. Alternatively, you can download the binary files and run setup.exe again. In addition to the issues related to setup.exe, you might face issues when you run the Configuration Wizard. One such issue is a failure to create the configuration database. The error message for this issue specifies that an exception of type System.Security.Cryptography.CryptographicException was thrown, and the additional information is that the data is invalid. You can solve this issue by modifying the access control list, commonly known as ACL, for the folder named 14, which is the SharePoint root folder. To do this, you first need to disconnect

from the existing configuration database by opening the command prompt and entering the psconfig command in this directory.

Graphic
The directory path is the following: Program Files\Common Files\Microsoft Shared\Web Server Extensions\14 And the psconfig command is the following: psconfig cmd configdb disconnect Next you open the SQL Server Management Studio or SqlCmd, and delete the current configuration database so that when you rerun the Configuration Wizard, it creates a new database and does not use the existing one. The next step is to access the folder 14 in the Windows Explorer so that you can modify its ACL.

Graphic
The directory path for the folder 14 is the following: Program Files\Common Files\Microsoft Shared\Web Server Extensions\ Then, to open the Properties dialog box for the folder 14, you select Organize - Properties.

Graphic
Other options in the Organize menu include Cut, Copy, Select all, Layout, Folder and search options, Delete, Rename, and Close. In the 14 Properties dialog box that opens, you click the Security tab and then click Edit to change access permissions for the folder 14.

Graphic
The Security tab of the 14 Properties dialog box displays the names of the groups or users who have access to the folder 14 in the Group or user names section. The CREATOR OWNER group is selected and this group does not have any of these permissions Full control, Modify, Read & execute, List folder contents, Read, and Write listed in the Permissions section. The dialog box also has an Advanced button for special permissions or advanced settings.

Keyboard Sequence
The keyboard alternative to click Edit is Alt+E.

In the Permissions for 14 dialog box that opens, you click Add to add the Network Service group to the ACL for the 14 folder.

Graphic
The other button in the Permissions for 14 dialog box is Remove. You can also select any group or user in the Group or user names section and modify its permissions in the Permissions section by selecting the Allow or Deny check box against each permission.

Keyboard Sequence
The keyboard alternative is Alt+D. In the Select Users, Computers, Service Accounts, or Groups dialog box that opens, you type Network Service in the Enter the object names to select field, and click OK. This will add the Network Service group to the ACL for the folder 14.

Graphic
One field in the Select Users, Computers, Service Accounts, or Groups dialog box is Select this object type. This field is disabled and contains the text Users, Groups, or Built-in security principals. Next to this field is the Object Types button. The other disabled field is From this location, and the location is specified as earthfarm.com. Next to this field is the Locations button. There is also a Check Names button next to the Enter the object names to select field, which you can use to check whether the names you enter in this field exist. You select Full Control under Permissions for NETWORK SERVICE to provide full control of the folder 14 to this group. Then you click OK twice, once in the Permissions for 14 dialog box, and again in the 14 Properties dialog box.

Graphic
The NETWORK SERVICE group appears in the Group or user names section. If these steps do not resolve the issue of failure in the creation of the configuration database, you need to delete the FarmAdmin registry key and run the Configuration Wizard again. The key is available at this location in the registry editor.

Graphic
The registry location is the following: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\Secure\

Question
You are running setup.exe to install SharePoint Server 2010, and the installation stops suddenly. The error that you get specifies that the system was not restarted after installing a program or its update. What could be the possible cause of this error? Options: 1. The UpdateExeVolatile registry key is 0 2. The PendingFileRenameOperations registry key has a value 3. The binary files on your system are corrupted

Answer
Option 1: This option is incorrect. You will, however, get the specified error when the UpdateExeVolatile registry key is any value other than 0. Option 2: This option is correct. The specified error can appear when the PendingFileRenameOperations registry key has a value. To resolve the problem, you need to delete this registry key. Option 3: This option is incorrect. When the binary files are corrupted, you will get an error stating that the language of the installation is not supported by your system. Correct answer(s): 2. The PendingFileRenameOperations registry key has a value Yet another issue related to the Configuration Wizard is the failure to register SharePoint services. The error message that is displayed states that an exception of type System.ServiceProcess.TimeoutException was thrown, which means that timeout has expired, but the operation is not complete. A solution for this issue is to download and install KB976462 for Windows Server 2008 R2. Then you need to run the Configuration Wizard again. The download is available at this URL.

Graphic
The URL is the following: http://support.microsoft.com/kb/976462 If you have Windows Server 2008, you should download KB971831 from this URL.

Graphic
The URL is the following: http://code.msdn.microsoft.com/Project/Download/FileDownload.aspx?ProjectName=KB97183 1&DownloadId=7285 There is another exception error that can come up while running the Configuration Wizard. This error says that an exception of type Microsoft.Office.Server.UserProfiles.UserProfileException was thrown because of an unrecognized attribute allowInsecureTransport. To resolve this error, you need to download and install KB976462 for Windows Server 2008 R2 from this URL.

Graphic
The URL is the following: http://support.microsoft.com/kb/976462 And if you have Windows Server 2008 installed, you need to download KB971831 from this URL.

Graphic
The URL is the following: http://code.msdn.microsoft.com/Project/Download/FileDownload.aspx?ProjectName=KB97183 1&DownloadId=7285 One more issue with the Configuration Wizard relates to the global assembly cache. The error message for this issue mentions that the specified assembly cannot be added to this global assembly cache.

Graphic
The global assembly cache is the following: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\policy\Policy.11.0.Microsoft.SharePoint.dll To resolve this issue, you must first delete the contents of this folder.

Graphic

The folder is the following: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\policy Then you should run the Configuration Wizard again. In addition to the issues that arise when you run the Configuration Wizard for the first time on a server, you can face problems while adding a second server to a farm. These problems come up when you use two service accounts for setting up your farm: install service account and The install service account is used to run the installation and Configuration Wizard of SharePoint Server 2010. This account is also used to create the administration database during the configuration. farm service account The farm service account is used for application pools and database connectivity. This account also creates the configuration database. Now consider a situation where you have set up a farm on a server by using the install service account and the farm service account. Later, you try to add a server to your farm. When you run the Configuration Wizard and click the Retrieve Database Names button, you get an error. This error tells you that a configuration database cannot be found at the specified database server, and you need to select another database server. Alternatively, if you enter the name of the database and click Next, you get another error. This error informs you about a failure to connect to the existing server farm at the specified database server and database name. The error also says that the database name is not a valid configuration database. These two errors have a single cause. When you try to add a second server to the existing farm, you use the install service account to run the Configuration Wizard on this server. But it was the farm service account that created the configuration database when you installed the first server. So the install service account does not have access to the configuration database. To resolve this problem, you need to give the install service account full access to the configuration database. This involves giving db_owner rights to the account.

Question
You want to install SharePoint Server 2010 on your server. So you run setup.exe. What are the common issues you might encounter? Options:

1. 2. 3. 4.

The system does not support the language of the installation The creation of the configuration database has failed The specified assembly cannot be added to the global assembly cache The system has not been restarted after completing an installation or update

Answer
Option 1: This option is correct. This issue can be resolved by re-downloading the binary files and running setup.exe again. Option 2: This option is incorrect. This issue can occur when you run the Configuration Wizard. To solve this issue, you need to modify the ACL for the folder 14. Option 3: This option is incorrect. This issue relates to the Configuration Wizard, and can be resolved by deleting the contents of the policy folder in the directory 14. Option 4: This option is correct. To solve this issue, you need to set the value of the UpdateExeVolatile registry key to 0 and delete the PendingFileRenameOperations registry key. Correct answer(s): 1. The system does not support the language of the installation 4. The system has not been restarted after completing an installation or update

Question
Tracy has finished installing SharePoint Server 2010 on a computer, and now needs to configure it. What problems might she face while running the Configuration Wizard? Options: 1. 2. 3. 4. The SharePoint services cannot be registered An exception is thrown because of an unrecognized attribute The configuration database cannot be found The FarmAdmin registry key cannot be created

Answer
Option 1: This option is correct. When the registration of SharePoint services fails, KB976462 and KB971831 should be downloaded for Windows Server 2008 R2 and Windows Server 2008, respectively. Option 2: This option is correct. While running the Configuration Wizard, Tracy can get an exception of type Microsoft.Office.Server.UserProfiles.UserProfileException. She can resolve

this issue by downloading KB976462 for Windows Server 2008 R2 and KB971831 for Windows Server 2008. Option 3: This option is incorrect. The configuration database is created during the process of running the Configuration Wizard. This means that the wizard creates this database, and does not search for it. So Tracy will never get this error. Option 4: This option is incorrect. The FarmAdmin registry key is never created during the running of the Configuration Wizard. So Tracy will not get this error. Correct answer(s): 1. The SharePoint services cannot be registered 2. An exception is thrown because of an unrecognized attribute

Question
Scott has set up a SharePoint farm on a server by using the install service account and the farm service account. Now, he runs the Configuration Wizard to add a server to this farm. But when he enters the name of the configuration database, he gets an error stating that the specified name is not a valid configuration database. What should he do to resolve this issue? Options: 1. Delete the FarmAdmin registry key and run the Configuration Wizard again 2. Run the Configuration Wizard using the farm service account 3. Give db_owner rights to the install service account

Answer
Option 1: This option is incorrect. Scott only needs to delete the FarmAdmin registry key when the creation of the configuration database fails. Option 2: This option is incorrect. It is not possible to run the Configuration Wizard using the farm service account, as this can only be done by using the install service account. Option 3: This option is correct. Scott can only add a new server to his farm by giving the install service account db_owner rights or full access to the configuration database. Correct answer(s): 3. Give db_owner rights to the install service account

Summary
After installing SharePoint Server 2010, you can create a farm by using the SharePoint Products Configuration Wizard. Creating a new farm involves installing and configuring the configuration database and content database, and installing the SharePoint Central Administration web site. After creating your farm, you can configure it by using the Farm Configuration Wizard, which provides two options automatic configuration and manual configuration. You can also use the Configuration Wizard to add one or more servers to an existing farm.

Table of Contents
| Print | Contents | Close |

Central Administration and Post-Setup Configuration


Learning Objectives
After completing this topic, you should be able to

recognize how to centrally administer SharePoint 2010 after installation identify the methods used to configure and test outgoing e-mail notifications in SharePoint 2010

1. Administering SharePoint 2010 centrally


After creating your SharePoint farm, you can configure it by using the Farm Configuration Wizard, which is available on the Central Administration web site. This site also provides the Secure Store Service that you can use to centrally administer security information. The site also enables you to configure outgoing e-mail messages that allow you to send notifications to end users about modifications and updates to site items. The Farm Configuration Wizard provides two methods for configuring a farm walkthrough and manual. The first method walks you through the configuration settings and does most of the configuration automatically. The only two tasks that you need to perform are selecting the services that you want to run on your farm and giving the specifications for your site, such as the site title and the template to be used for the site. The second method enables you to configure every setting of your farm yourself. So this method gives you more flexibility.

To configure a farm using the walkthrough method, you first open the Central Administration web site.

Graphic
To do this, you click Start - SharePoint 2010 Central Administration. Next you enter the credentials necessary to gain access to the Central Administration web site.

Graphic
To do this, you enter the account username and password in the Windows Security dialog box and click OK. Here, the username is given as sp_setup. Then you access the configuration wizards available on the Central Administration web site.

Graphic
To do this, you click the Configuration Wizards link in the navigation pane on the SharePoint Central Administration home page. The view pane also contains categories such as Application Management, System Settings, Monitoring, Backup and Restore, Security, Upgrade and Migration, and General Application Settings along with links under each of them. Then you start the Farm Configuration Wizard.

Graphic
To do this, you click the Launch the Farm Configuration Wizard link on the Configuration Wizards page. You specify that you want to use the walkthrough method for configuring your farm.

Graphic
To do this, you select the Yes, walk me through the configuration of my farm using this wizard option on the Configure your SharePoint farm page. The other option on this page is No, I will configure everything myself. The page also explains that the wizard will help with the initial configuration of your SharePoint farm. You can select the services to use in the farm and create your first site. Additionally, you can launch this wizard again from the Configuration Wizards page in the Central Administration site. You select a service account depending on whether you want to use an existing managed account or create a new account.

Graphic
To do this, you select the Use existing managed account option or the Create new managed account option in the Service Account section. If you select the Create new managed account option, you need to enter the User name and Password for it. Here, the Use existing managed account option is selected, and the account is EARTHFARM\sp_farm. The Service Account section explains that services require an account to operate. And for security reasons, it is recommended that you use an account that's different from the farm admin account. Next you select the services that you want to run on your farm. By default, all of the services, except for Lotus Notes Connector, are selected.

Graphic
The services are listed in the Services section. Some of the services are State Service, Usage and Health data collection, User Profile Service Application, Visio Graphics Service, Web Analytics Service Application, and Word Automation Services. The Services section specifies that the services you select will run with default settings on all servers in your farm. You deselect the services that you do not want and click Next. Then you specify the title, an optional description, and the URL path for your site.

Graphic
To do this, you enter the name of your new site in the Title field of the Title and Description section. The title will be displayed on each page in the site. Here, the title is specified as Site1. You can also enter a description of what the site includes in the Description field. Here, this field is left blank. Then, in the Web Site Address section, you need to specify the URL name and URL path to create a new site, or choose to create a site at a specific path. To do this, you open the URL drop-down list and select the site prefix. Here, the prefix/sites/ is selected. If you want to add a new URL path, you need to go to the Define Managed Paths page. Next you select a template for your site.

Graphic
To do this, you click a template in the Template Selection section and then click OK. The Template Selection section informs you that a site template determines what lists and features will be available on your new site. You should select a site template based on the descriptions of each template and how you intend to use the new site. Many aspects of a site can be customized after creation. However, the site template cannot be changed once the site is created. When you select a template, its description appears below the Select a template region. There are different templates available in each of five tabs Collaboration, Meetings, Enterprise, Publishing, and Custom. Here, the Group Work Site template is selected from the Collaboration tabbed page. This template provides a groupware solution that enables teams to

create, organize, and share information quickly and easily. It includes Group Calendar, Circulation, Phone-Call Memo, the Document Library and the other basic lists. Finally you complete the farm configuration.

Graphic
To do this, you click Finish on the completion page after reviewing the farm settings that you specified Site Title, Site URL, and Service Applications running on the farm. The completion page also informs you that clicking Finish takes you to the SharePoint Central Administration page, where you can continue configuring other settings for your farm. Additionally, you can return to the Farm Configuration Wizard, or access additionally installed wizards, by clicking the Configuration Wizards link in the left navigation pane.

Try It
Now you try configuring a farm by using the SharePoint 2010 Farm Configuration Wizard. The Create new managed account radio button has been selected, and the Service Account section of the Configure your SharePoint farm page is open. To complete the task 1. Select the option for using the existing managed account To do this, select the Use existing managed account option. 2. Remove Excel Services Application and PerformancePoint Service Application from the selected services to be run on the farm and proceed To remove the given services, clear the Excel Services Application and PerformancePoint Service Application check boxes, and then click Next. 3. Specify the title of your new site as My Site and select the site prefix for the URL path as /sites/ To do this, enter My Site in the Title field, open the URL drop-down list, and select /sites/. The site name is entered as My Site in the URL path. 4. Select the Document Workspace template for your site and click OK To do this, click Document Workspace and click OK. 5. Complete the farm configuration after reviewing the summary To do this, click Finish. The farm has been configured by using the Farm Configuration Wizard. While configuring a farm, you might encounter some errors. The SharePoint Central Administration web site uses its built-in mechanisms to provide adequate information about these errors. So if the configuration of a service application is unsuccessful, the web site gives an error message. This message gives the name of the service application that failed, important facts about the failure, and a correlation ID. A Next button is also available in this error message.

When you click this button, the web site continues with the configuration of the other pending service applications. If you require more information about an error, you can get it from the Unified Logging Service, also known as ULS, log available in this folder.

Graphic
The folder path is the following: Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\logs\ In addition to configuring a farm and giving information about errors related to it, SharePoint 2010 Central Administration provides the Secure Store Service. This service replaces the Single Sign On feature of Microsoft Office SharePoint Server 2007. Using this service, you can centrally administer security information. The service safely stores user and group credentials such as account names and passwords in its database. It also maps these credentials to the credentials of external systems. For example, consider a situation where you have one account in SharePoint Server 2010 and another account in an external system, such as Microsoft Forefront. The Secure Store Service stores both sets of account credentials in its database. So when you use SharePoint's Business Data Connectivity Service to interact with Forefront and get data from it, the Secure Store Service maps your SharePoint credentials to your Forefront credentials. This enables you to log on to Forefront automatically without actually entering your credentials for it.

Question
You are running the Farm Configuration Wizard to configure your farm, and get an error specifying that the configuration of a service application failed. What information will you get in the error message? Options: 1. 2. 3. 4. The name of the template related to the service application The name of the service application that failed An authentication ID The details of the failure

Answer
Option 1: This option is incorrect. A template is associated with a site and not a service application.

Option 2: This option is correct. The error message provides the name of the service application that failed. The message also includes the Next button, which you can click to configure the remaining service applications. Option 3: This option is incorrect. When a service application fails to configure, the error message displayed by the Central Administration web site gives a correlation ID, not an authentication ID. Option 4: This option is correct. The error message includes basic details about the service application failure. If you require more details, you can get them from the ULS log. Correct answer(s): 2. The name of the service application that failed 4. The details of the failure To initialize an instance of a Secure Store Service application, you need to be a Service Application Administrator for that instance. Then you click the Manage service applications link, which can be found under Application Management, to access the services running on the current farm.

Graphic
The Application Management section is available in the view pane of the Central Administration home page. Some other sections are System Settings, Monitoring, Backup and Restore, Security, Upgrade and Migration and General Application Settings. You can also access these sections by using the links in the navigation pane. In the Service Applications page that opens with a list of the SharePoint services, you click the Secure Store Service link to access the edit commands related to the Secure Store Service.

Graphic
Some other links include Search Administration Web Service for Search Service Application, Search Service Application, Security Token Service Application, and State Service. The status of all these services is displayed as Started. Then in the Edit ribbon of the Secure Store Service, you click Generate New Key in the Key Management group to generate a new encryption key.

Graphic
The other command in the Key Management group is Refresh Key, which is disabled. The other groups on the Edit ribbon are Manage Target Applications, Credentials, and Permissions. The Manage Target Applications group has New, Delete, and Edit commands. Both the Credentials

and the Permissions groups have the Set command. All of the commands except for Generate New Key are disabled. Using the Secure Store Service, you can store a single set of credentials for an external system, which multiple users can then use to access the external system. Additionally, the functionality of the Secure Store Service is improved by SharePoint through a pluggable secure store mechanism. This mechanism permits the use of alternate secure store providers. To start using the Secure Store Service, you first need to initialize one of its instances. To do this, you need to specify a pass phrase that helps in generating a key. The Secure Store Service uses this key to encrypt and decrypt the credentials saved in the service's database. In the Generate New Key window, you enter and confirm the pass phrase. When you give the pass phrase, it's important to remember that it must consist of at least eight characters to ensure optimum security. The characters should be made up of any three or all the four character groups numerals from 0 to 9, English lowercase letters, English uppercase letters, and special characters such as hash and dollar sign.

Graphic
You enter the pass phrase in the Pass Phrase field and re-enter it in the Confirm Pass Phrase field. The Generate New Key window informs you that the credential database is encrypted by using a key, and that the key is generated based on the pass phrase. The window also explains that generating a new key requires encrypting the database by using a new key, which can take several minutes. Additionally, the window gives a warning that it is not encrypted for secure communication, and user names, passwords, and any other information will be sent in clear text. Some more information you get is that the pass phrase you enter will not be stored. So you need to make sure that you record the pass phrase and store it safely. Also, the pass phrase is casesensitive and will be required whenever you want to add new secure store service servers, and for restoring to a backed-up Secure Store database. During the credential store encryption, it will not be possible to set credentials.

Note
You need to keep the pass phrase safe and close at hand, as you will be asked for it while refreshing the encryption key. To complete the initialization process, you click OK. In addition to initializing an instance of a Secure Store Service application, you can use the Secure Store Service to perform four other tasks:

Graphic
The Edit ribbon of the Secure Store Service has four groups - Manage Target Applications, Key Management, Credentials, and Permissions. The Manage Target Applications group has New, Delete, and Edit commands that are disabled. The Key Management group has the Generate New Key and Refresh Key commands that are enabled. Both the Credentials and the Permissions groups have the Set command, which is disabled. There are currently no Secure Store Target Applications in this Secure Store Service Application. You can create a new Target Application from the Manage Target Applications group in the Edit ribbon group. refreshing the encryption key You might need to refresh the encryption key when you get the Unable to get master key error message or when you add an application server to the farm. You also need to refresh the key when you restore a Secure Store Service database that you had backed up earlier and the encryption key has changed since making the backup. To refresh an encryption key, you click Refresh Key in the Key Management group. generating a new encryption key You can generate a new encryption key at any time to enhance security, or when you are performing regular maintenance. But before doing this, it's important to back up the Secure Store Service database. After generating the new key, you have the option to reencrypt the Secure Store Service using the new key. To generate a new encryption key, you click Generate New Key in the Key Management group. creating a target application, and Creating a target application is another task you can perform using the Secure Store Service. A target application maps SharePoint user and group credentials to the credentials of external systems. After creating a target application, you can make it easier to be accessed by an external system by connecting it with an application model or external content type in the Business Data Connectivity Service or another similar service. To create a new target application, you click New in the Manage Target Applications group. setting credentials for a target application Once you've created a target application, you need to set credentials for it. These credentials enable the target application to access an external system through the Business Data Connectivity Service. Additionally, if the target application is for individual users, you can permit each of them to set their own credentials. To set the credentials for a target application, you click Set in the Credentials group.

Question
Sarah is the Service Application Administrator for an instance of a Secure Store Service application. Sequence the steps that she needs to perform for initializing the instance in the correct order.

Options: 1. 2. 3. 4. Generate a new encryption key Access the services running on the current farm Enter and re-enter the pass phrase Access the edit commands related to the Secure Store Service

Answer
Correct answer(s): Access the services running on the current farm is ranked as the first step. As the first step in initializing an instance of a Secure Store Service application, Sarah needs to access the service applications on the Service Applications page. For this, she needs to click the Manage service applications link under Application Management. Access the edit commands related to the Secure Store Service is ranked as the second step. Sarah will be able to open this ribbon only after opening the Service Applications page. Generate a new encryption key is ranked as the third step. Sarah first needs to open the ribbon that has the Key Management group for performing this step. Enter and re-enter the pass phrase is ranked as the fourth step. Sarah can enter the pass phrase only after opening the Generate New Key window.

Question
You have already initialized an instance of a Secure Store Service application. After some time, you restore a Secure Store Service database that you had backed up earlier. Which action will you need to perform as a result of this restore operation? Options: 1. 2. 3. 4. 5. Create a target application Refresh the encryption key Delete the encryption key Set credentials for a target application Select the site template

Answer
Option 1: This option is incorrect. You can use the Secure Store Service to create a target application that is used to map SharePoint users and group credentials to the credentials of external systems. Option 2: This option is correct. You also need to refresh the encryption key when you add a server to a farm or encounter the Unable to get master key error.

Option 3: This option is incorrect. You cannot delete the encryption key, but can generate a new one when you want to enhance security, or are performing regular maintenance. Option 4: This option is incorrect. The credentials of a target application need to be set to enable it to access an external system through the Business Data Connectivity Service. Option 5: This option is incorrect. Selecting the site template is a part of configuring a farm, which you can do by using the Farm Configuration Wizard. Correct answer(s): 2. Refresh the encryption key

2. Configuring and testing outgoing e-mail


After configuring a SharePoint farm, you can configure outgoing e-mail messages. This feature enables you, as a site administrator, to send notifications to end users about modifications and updates to site items such as libraries, lists, and discussions. The outgoing e-mail message feature also enables you to send status messages and receive administrative messages. Examples of administrative messages include a message specifying that a site owner has used more site storage space than the allotted limit and a message indicating that a user wants to access a site. To enable SharePoint Server 2010 to send and receive e-mail notifications, you need to configure outgoing e-mail messages. Before you do this, you need an outbound Simple Mail Transfer Protocol, commonly known as SMTP, service that performs the actual task of sending e-mail notifications. To install and configure this service, you can use the Server Manager. After configuring the SMTP service, you can configure outgoing e-mail messages by using four different methods:

farm-level setting using Central Administration farm-level setting using stsadm web application setting using Central Administration, and web application setting using stsadm

You can configure outgoing e-mail messages at the farm level. This configuration is necessary even if you want to configure outgoing e-mail messages for a web application. To perform the farm-level configuration, you can use the SharePoint Central Administration web site, but you need to be a member of the Farm Administrators group on the computer hosting the Central Administration web site. You click the System Settings link under Central Administration in the

navigation pane. Next you click the Configure outgoing e-mail settings link under E-mail and Text Messages (SMS) in the view pane.

Graphic
The other links under E-mail and Text Messages (SMS) are Configure incoming e-mail settings and Configure mobile account. The other two categories in the view pane are Servers and Farm Management. In the Mail Settings section of the Outgoing E-Mail Settings page, you specify the name of the SMTP server for the outgoing e-mail message in the Outbound SMTP server field. You also enter the e-mail address the way it should appear to e-mail recipients in the From address field. Then you enter the e-mail address that recipients can reply to in the Reply-to address field. You select the character set suitable for your language from the Character set list. The default character set is 65001 (Unicode UTF-8). Finally, you click OK to complete the configuration.

Graphic
The Mail Settings section asks you to specify the SMTP mail server to use for Microsoft SharePoint Foundation e-mail-based notifications for alerts, invitations, and administrator notifications. The section also asks you to personalize the From address and Reply-to address. In this case, the name of the SMTP server is given as mail.earthfarm.com. The From address and Reply-to address are the same, which is sp_setup@earthfarm.com. The Character Set used is the default one. You can also configure outgoing e-mail at the farm level by using the stsadm command-line tool. This method is particularly useful when you need multiple farms with the same outgoing e-mail message settings, because the stsadm command is easy to script with a simple set of instructions. To use the stsadm command, you need to be a member of the Administrators group on the computer that you are working on. Then, as the first step, you access the drive where SharePoint Products and Technologies is installed and navigate to this directory at the command prompt.

Graphic
The directory path is the following: \Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Bin Next you enter the stsadm command with this syntax.

Graphic
The syntax is the following: stsadm -o email

-outsmtpserver <SMTP server name> -fromaddress <valid e-mail address> -replytoaddress <valid e-mail address> -codepage <valid code page> After configuring outgoing e-mail at the farm level, you can configure outgoing e-mail messages for a specific web application. This configuration is useful, for example, if there are many web applications, and each application hosts its individual site collection. You can configure outgoing e-mail for each application with a distinct From and Reply-to address set. This makes it easier to manage e-mail notifications from each application. To configure outgoing e-mail messages for a specific web application, you can use the Central Administration web site. But to do this, you must be a member of the Farm Administrators group on the computer hosting the Central Administration web site. Then you click the Manage web applications link under Application Management.

Graphic
The Central Administration home page is open. On the Web Applications Management page, you select a web application.

Graphic
The SharePoint - 80 web application is selected. The URL of this web application is http://srv046/ and its port is 80. The other web application is SharePoint Central Administration v4 with the URL http://srv46:4210/ and the port number 4210. The Web Applications Management page has the Web Applications ribbon that provides commands for creating, deleting, managing, and securing web applications. It also provides commands for policies related to web applications, such as User, Anonymous, and Permission Policies. Next you select Outgoing E-mail from the drop-down menu that opens by clicking the General Settings button.

Graphic
Other options in the drop-down menu are General Settings, Resource Throttling, Workflow, Mobile Account, and SharePoint Designer. Then you specify the e-mail messages settings in the fields, which are the same as those for the farm-level e-mail configuration, and click OK.

Graphic
The SMTP server is given as mail.earthfarm.com, the From and Reply-to address are sp_80@earthfarm.com, and the character set is 65001 (Unicode UTF-8).

You can also configure outgoing e-mail messages for a specific web application by using the stsadm command-line tool. For this, you need to be a member of the Administrators group on the computer that you are working on. Then you access the drive where SharePoint Products and Technologies is installed and navigate to this directory at the command prompt.

Graphic
The directory path is the following: \Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Bin Next you enter the stsadm command with this syntax.

Graphic
The syntax is the following: stsadm -o email -outsmtpserver <SMTP server name> -fromaddress <valid e-mail address> -replytoaddress <valid e-mail address> -codepage <valid code page> [-url <URL name>]

Question
You are a site administrator and want to send e-mail notifications to users about changes to site items. So you decide to configure outgoing e-mail messages. However, you have many web applications, and each application hosts its own individual site collection. Which method will you use for the configuration? Options: 1. Open the Farm Configuration Wizard and perform the configuration at the farm level 2. Access the Central Administration web site and configure outgoing e-mail messages at the web application level 3. Run the stsadm command to configure outgoing e-mail messages for one web application

Answer
Option 1: This option is incorrect. You would need to configure outgoing e-mail messages at the farm level using the Central Administration web site, and not the Farm Configuration Wizard.

Option 2: This option is correct. After configuring outgoing e-mail messages at the farm level, you can configure these messages for each web application with a distinct From and Reply-to address set. This makes it easier to manage e-mail notifications from each application. Option 3: This option is incorrect. You would need to configure outgoing e-mail messages for every web application and not just a single application. Correct answer(s): 2. Access the Central Administration web site and configure outgoing e-mail messages at the web application level After configuring outgoing e-mail messages, you can test the configuration by creating an alert. For example, you can create an alert for announcements. To do this, you click the Page tab on the Central Administration home page and select Manage My Alerts from the Alert Me dropdown menu. This allows you to access the alerts on your site.

Graphic
The other option in the Alert Me drop-down menu is Set an alert on this page. The other commands on the Page tab are for editing the page, managing its properties and permissions, approving or rejecting changes to it, managing workflows, and performing page actions, such as editing mobile page and making homepage. Then you click the Add Alert link on the My Alerts on this Site page to create a new alert.

Graphic
There are currently no alerts to display. You can use this page to manage the settings of all your alerts for lists, libraries, and files on the current site. You need to note that some alerts, such as system generated task alerts, do not appear on this page. In addition to the Add Alert link, the page also has the Delete Selected Alerts link. On the New Alert page, you select Announcements and click Next.

Graphic
The Announcements option is available in the Choose a List or Document Library section that asks you to select a list or document library that you want to keep track of. You may also display the contents of a list and then track one of the individual items. After creating an alert, you'll receive notification of changes. Next you specify the alert settings. The Alert Title is already specified as Announcements. You need to provide the usernames of the people who should receive the alerts. You also need to select the delivery method - E-mail or SMS.

Graphic
The username is specified as sp_setup in the Users field, and the delivery method is selected as E-mail. The e-mail address is sp_setup@earthfarm.com. Next you select the type of change that you want to receive alerts for in the Change Type section. The default option is All changes. You can also filter alerts based on particular criteria like any change, or change in an announcement, by using the options in the Send Alerts for These Changes section.

Graphic
The All changes option is selected in the Change Type section. The other options are New items are added, Existing items are modified, and Items are deleted. In the Send Alerts for These Changes section, the Anything changes option is selected. The other options are Someone else changes an announcement, Someone else changes an announcement created by me, Someone else changes an announcement last modified by me, and An announcement with an expiration date is added or changed. Finally you specify the frequency of receiving alerts in the When to Send Alerts section. The Send notification immediately option is selected by default. You can also choose to receive a daily or weekly summary of alerts. For the daily summary, you need to specify the time at which you want to receive the summary every day. For the weekly summary, you select the day and time when you want to receive the summary. After specifying the alert settings, you click OK.

Graphic
The Send notification immediately option is selected. The other two options are Send a daily summary and Send a weekly summary. For the weekly summary, you can specify the day and time in the two Time drop-down boxes. Immediately after creating the alert for announcements, it appears in the alert list and you receive an e-mail message stating that the alert has been created successfully. Then, to test the delivery of the actual alert, you can create a test announcement. Soon after you do this, you should get an e-mail message notifying you about the addition of the announcement. This indicates that the configuration of outgoing e-mail messages was successful.

Question
You have configured outgoing e-mail messages in SharePoint. Now, you want to test this configuration by creating an alert. Sequence the steps to perform this test in the correct order. Options:

1. 2. 3. 4. 5.

Access the alerts on your site Specify the alert settings Select the alert Create a test alert Add an alert

Answer
Correct answer(s): Access the alerts on your site is ranked as the first step. The alerts on a site are available in the My Alerts on this Site page. To open this page, you click the Page tab and select Manage My Alerts from the Alert Me group. Add an alert is ranked as the second step. To add an alert, you click the Add Alert link on the My Alerts on this Site page. Select the alert is ranked as the third step. You select an alert, such as announcement, on the New Alert page. Specify the alert settings is ranked as the fourth step. As a part of alert settings, you need to specify the delivery method, usernames, type of change that recipients should be notified about, and the frequency of alerts. Create a test alert is ranked as the fifth step. You need to create a test alert to test whether the alert is delivered to the e-mail address you have provided.

Summary
After creating a farm, you can configure it by using the Farm Configuration Wizard, which provides two options walkthrough and manual. The configuration might be halted because of some errors, and if it is, then the Farm Configuration Wizard on the Central Administration web site provides information about them. The Central Administration web site also provides the Secure Store Service that can be used to centrally administer security information. Using this service, you can initialize an instance of a Secure Store Service application, refresh the encryption key, generate a new encryption key, create a target application, and set credentials for this application. The Central Administration web site also enables you to configure outgoing e-mail messages for sending notifications to users about changes to a site. You can perform this configuration at the farm level or the web application level using either the Central Administration web site or the stsadm command. After performing the configuration, you can test it by creating an alert.

Table of Contents
| Print | Contents | Close |

Installing Microsoft SharePoint 2010


Learning Objectives
After completing this topic, you should be able to

prepare for a SharePoint 2010 installation use the Microsoft SharePoint Products Configuration Wizard administer SharePoint 2010 after installation

Exercise overview
In this exercise, you need to install and configure SharePoint 2010. This involves the following tasks:

preparing for a SharePoint 2010 installation creating a farm by using the Microsoft SharePoint Products Configuration Wizard, and administering SharePoint 2010 after installation

Preparing for a SharePoint installation


Question
You want to install SharePoint Server 2010 on a server, but you know that some prerequisite programs need to be installed before installing SharePoint. To do this, you need to run the Microsoft SharePoint 2010 Products Preparation Tool. Where can you find this tool? Options: 1. 2. 3. 4. In Microsoft Filter Pack 2.0 In the root of the SharePoint 2010 installation disc In the files extracted from OfficeServer.exe In Windows Server Manager

Answer
Option 1: This option is incorrect. Microsoft Filter Pack 2.0 is one of the prerequisite programs required for installing SharePoint Server 2010.

Option 2: This option is correct. If you have the SharePoint 2010 installation disc, you can find the Microsoft SharePoint 2010 Products Preparation Tool in the root of this disc. The file is named PrerequisiteInstaller.exe. Option 3: This option is correct. If you download OfficeServer.exe or SharePoint.exe from the Microsoft site, you need to extract this EXE file to get the Microsoft SharePoint 2010 Products Preparation Tool. Option 4: This option is incorrect. Windows Server Manager does not contain the Microsoft SharePoint 2010 Products Preparation Tool. It is used to deactivate the Windows PowerShell feature. Correct answer(s): 2. In the root of the SharePoint 2010 installation disc 3. In the files extracted from OfficeServer.exe

Question
Abbys company has decided to use SharePoint 2010 to improve its business, and she has been assigned the task of installing it on a server. So Abby runs the Microsoft SharePoint 2010 Products Preparation Tool. Which tasks will the tool perform? Options: 1. 2. 3. 4. Check for the presence of the required prerequisite programs on the server Deactivate IIS on the server Detect the need to reboot the server and prompt you to do so Remove some previously installed programs from the server

Answer
Option 1: This option is correct. Some prerequisite programs, such as Microsoft Filter Pack 2.0 and Microsoft .NET Framework version 3.5 SP1, are required for installing SharePoint Server 2010. The Microsoft SharePoint 2010 Products Preparation Tool checks for the presence of these programs on the server. Option 2: This option is incorrect. The Microsoft SharePoint 2010 Products Preparation Tool does not deactivate IIS, but configures it. Option 3: This option is correct. Depending on the amount of changes made to the server, the Microsoft SharePoint 2010 Products Preparation Tool might prompt you to reboot the server.

Option 4: This option is incorrect. The Microsoft SharePoint 2010 Products Preparation Tool does not remove any programs from the server, but installs any missing prerequisite programs. Correct answer(s): 1. Check for the presence of the required prerequisite programs on the server 3. Detect the need to reboot the server and prompt you to do so

Question
Max is running the Microsoft SharePoint 2010 Products Preparation Tool on a server, but forgets that the server does not have an Internet connection. As a result, the tool fails. What should he do to tackle this issue? Options: 1. 2. 3. 4. Deactivate Windows PowerShell 1.0 Reboot the server Install the Application Server role Download and install the prerequisite programs manually

Answer
Option 1: This option is incorrect. Deactivation of Windows PowerShell 1.0 is required to enable the installation of Windows PowerShell 2.0. Option 2: This option is incorrect. Server reboot is required only after the prerequisite programs have been installed. Option 3: This option is incorrect. The Application Server role is one of the prerequisite programs whose installation requires an Internet connection. Option 4: This option is correct. The Microsoft SharePoint 2010 Products Preparation Tool requires an Internet connection to download the necessary files for the prerequisite programs. If no connection is present on the server, the required programs need to be downloaded manually. Correct answer(s): 4. Download and install the prerequisite programs manually

Question
You are installing SharePoint Server 2010 on a computer, and you want SharePoint to handle all password-related changes for domain accounts.

Which service account will you use? Options: 1. 2. 3. 4. Setup user account Managed account Server farm account SQL Server service account

Answer
Option 1: This option is incorrect. The Setup user account is required for running setup and the SharePoint Products Configuration Wizard. Option 2: This option is correct. When you register a domain account as a managed account, SharePoint maintains and manages all changes to the account, including password changes. Option 3: This option is incorrect. The server farm account helps in configuring and managing the server farm. Option 4: This option is incorrect. The SQL Server service account is required to run two services of SQL Server MSSQLSERVER and SQLSERVERAGENT. Correct answer(s): 2. Managed account

Question
Identify the situations where you should use the Server Farm installation option of SharePoint. Options: 1. 2. 3. 4. You do not want to put much effort in the installation and want it to happen automatically You want to add new servers to the SharePoint farm after a few days You do not plan to modify or upgrade the SharePoint setup in the future You want to configure SharePoint components yourself

Answer
Option 1: This option is incorrect. In this situation, you should use the Standalone installation option. The Standalone install does not require any inputs from you during the installation process, and at the end of the process, you get a complete SharePoint farm.

Option 2: This option is correct. The Server Farm install enables you to reconfigure your server or add more servers to your farm to meet the growing business needs. Option 3: This option is incorrect. If you do not plan to modify or upgrade your setup, then you should use the Standalone installation option. The Standalone install does not allow many changes to the SharePoint 2010 setup, and you might not even be able to upgrade it to later versions. Option 4: This option is correct. The Server Farm install enables you to configure SharePoint components yourself. It gives you more flexibility and control, as you are free to select the features and service accounts that you want. Correct answer(s): 2. You want to add new servers to the SharePoint farm after a few days 4. You want to configure SharePoint components yourself

Using the Configuration Wizard


Question
Neil has installed SharePoint Server 2010, and now wants to configure it by creating a farm. To do this, he will have to use the Configuration Wizard. Which Central Administration settings will he need to specify in the wizard? Options: 1. 2. 3. 4. The name of the computer running SQL Server The farm pass phrase The authentication method The port number

Answer
Option 1: This option is incorrect. Neil would need to specify the name of the computer running SQL Server as a part of the configuration database settings. Option 2: This option is incorrect. The farm pass phrase is a farm security setting and is used to protect all communications on the farm. Option 3: This option is correct. Authentication method is a Central Administration setting, and there are two methods available NTLM and Kerberos. Option 4: This option is correct. One of the Central Administration settings that Neil would need to specify is the port number. Neil should use a port number that is easy to recall.

Correct answer(s): 3. The authentication method 4. The port number

SkillCheck
After installing SharePoint Server 2010, Ruth needs to create a new farm with SharePoint_Config_Farm25 as the configuration database and sp@passph_25 as the farm pass phrase. She wants to use port number 2388 and the default authentication method. Help Ruth to perform the remaining steps. Ruth has already opened the Connect to a server farm page in the Configuration Wizard. Task: 1. 2. 3. 4. 5. Select the option for creating a new server farm and then move ahead. Enter the configuration database name before moving ahead. Enter the pass phrase for the farm, confirm it, and then move ahead. Enter the port number and then move ahead. Apply the configuration settings.

Answer
To complete the task Step 1: Select the Create a new server farm option and click Next Using keyboard: The keyboard alternative for selecting the Create a new server farm option is Alt+R and the alternative for clicking Next is Alt+N. Step 2: Enter SharePoint_Config_Farm25 in the Database name field and click Next The database server and the details of the server farm account are entered. Step 3: Enter sp@passph_25 in the Passphrase field, re-enter sp@passph_25 in the Confirm passphrase field and then click Next Step 4: Select the Specify port number check box, enter 2388, and click Next Using keyboard: The keyboard alternative to select the Specify port number check box is Alt+S. Step 5: Click Next

Question

You have created and configured a SharePoint farm. Now, you need to add a server to this farm. So you open the Configuration Wizard and select the option that allows you to connect to an existing server farm. Sequence the other steps that you need to perform in the correct order. Options: 1. 2. 3. 4. Enter the SQL Server instance name Type the farm pass phrase Select the configuration database Start the services that you want on the server

Answer
Correct answer(s): Enter the SQL Server instance name is ranked as the first step. After selecting the Connect to an existing server farm option, you get the Specify Configuration Database settings page, where you need to enter the SQL Server instance name and click Retrieve Database Names. Select the configuration database is ranked as the second step. You can select the configuration database from the Database name drop-down list on the Specify Configuration Database Settings page. Type the farm pass phrase is ranked as the third step. You need to enter the farm pass phrase on the Specify Farm Security Settings page that opens after specifying the configuration database settings. Start the services that you want on the server is ranked as the fourth step. You can start the services that you want to run on the new server after selecting its name on the Servers in Farm page.

Administering SharePoint 2010


SkillCheck
Don has installed SharePoint Server 2010 and created a farm. Now, he wants to configure the farm by using the existing managed account. He does not want to run the State Service, Visio Graphics Service, and Web Analytics Service Application on his server farm. Additionally, he wants the name of his site to be SP_Site, and he wants to use the Blog template. Help Don perform the other steps for configuring the farm. Don has already opened the Service Account section of the Configure your SharePoint farm page. Task:

1. 2. 3. 4.

Select the option for using an existing managed account. Deselect the services that are not required and move ahead. Enter the title of the new site and select /sites/as the site prefix. Select the given template and move ahead.

Answer
To complete the task Step 1: Select the Use existing managed account option Step 2: Clear the State Service, Visio Graphics Service, and Web Analytics Service Application check boxes, and then click Next Step 3: Enter SP_Site in the Title field, open the URL drop-down list, and select /sites/ After you complete the step, the site name appears as SP_Site in the URL path. Step 4: Click Blog and then click OK The Template Selection section is open.

Question
After creating a SharePoint farm, you want to configure it. So you run the Farm Configuration Wizard and select the service applications that you need on the farm. During the configuration process, the wizard gives an error message indicating a failure to configure a service application. In addition to the name of the failed service application, what information will you get from the error message? Options: 1. 2. 3. 4. Correlation ID Authentication method Name of the associated template Particulars of the failure

Answer
Option 1: This option is correct. In addition to the correlation ID, you get a Next button in the error message that allows you to continue configuring the remaining service applications. Option 2: This option is incorrect. The authentication method is for the Central Administration web application, and not a service application. Option 3: This option is incorrect. A template is related to a site, and not to a service application. So the wizard does not provide any information about it.

Option 4: This option is correct. The wizard gives you some details about the failed service application. For more information, you can access the ULS log, which can be found in the 14\logs folder. Correct answer(s): 1. Correlation ID 4. Particulars of the failure

Question
Irene wants to use SharePoint's Secure Store Service to centrally administer security information. For this, she needs to initialize an instance of this service. What is the first step she should perform for the initialization? Options: 1. 2. 3. 4. Access the edit commands related to the Secure Store Service Generate a new encryption key Open the page that lists service applications Enter and confirm the pass phrase

Answer
Option 1: This option is incorrect. Accessing the edit commands related to the Secure Store Service is the second step in the initialization process. Option 2: This option is incorrect. Irene would need to open the Generate New Key window to generate a new encryption key. This is the third step in the initialization process. Option 3: This option is correct. As the first step in the initialization process, Irene should open the Service Applications page by clicking the Manage service applications link available under Application Management. Option 4: This option is incorrect. Entering and confirming the pass phrase is the last step in the initialization process. Irene can enter the pass phrase on the Generate New Key page. Correct answer(s): 3. Open the page that lists service applications

Question
You have set up a SharePoint farm and initialized an instance of a Secure Store Service application on it. Now, you are adding a new application server to the farm.

Which action will you need to perform as a result of this addition? Options: 1. 2. 3. 4. Create a target application Refresh the encryption key Generate a new encryption key Set credentials for a target application

Answer
Option 1: This option is incorrect. You create a target application to map SharePoint user and group credentials to the credentials of external systems. Option 2: This option is correct. One situation in which you need to refresh the encryption key is when you add a new application server to a farm. Another situation is when you get the Unable to get master key error. Option 3: This option is incorrect. You only need to generate a new encryption key to enhance security, or when you are performing regular maintenance. Option 4: This option is incorrect. The credentials of a target application enable it to access an external system through the Business Data Connectivity Service. Correct answer(s): 2. Refresh the encryption key

Question
Fred is a site administrator. He wants to receive administrative notifications and send notifications to users about changes to the SharePoint site. So he decides to configure outgoing email messages. He wants to use the same e-mail settings for multiple farms. Which is the most appropriate configuration method for Fred to use? Options: 1. 2. 3. 4. Farm-level setting using stsadm Web application setting using Central Administration Farm-level setting using Central Administration Web application setting using stsadm

Answer

Option 1: This option is correct. As Fred wants to use the same e-mail settings for multiple farms, he should configure outgoing e-mail messages at the farm level using the stsadm command. This is because the stsadm command is easy to script with a simple set of instructions. Option 2: This option is incorrect. This method is useful when there are multiple web applications and each application hosts its own individual site collection. Option 3: This option is incorrect. Fred could choose to use Central Administration to configure outgoing e-mail messages for each farm, but this would be time-consuming and tedious. Option 4: This option is incorrect. This method is useful when there are multiple web applications and each application hosts its own individual site collection. Correct answer(s): 1. Farm-level setting using stsadm

Question
Marie has configured outgoing e-mail messages for a SharePoint farm. She now wants to test this configuration by creating an alert. She opens the page for managing alerts. What is the next step that Marie needs to perform? Options: 1. 2. 3. 4. Select the alert Specify the alert settings Add an alert Create a test alert

Answer
Option 1: This option is incorrect. Selecting the alert is the third step, and Marie can carry out this selection on the New Alert page. Option 2: This option is incorrect. Marie needs to specify the alert settings as the fourth step. As part of these settings, she needs to specify the delivery method, usernames, the type of change that users should be notified about, and the frequency of alerts. Option 3: This option is correct. After opening the My Alerts on this Site page, Marie should click the Add Alert link to add an alert. Option 4: This option is incorrect. Creating a test alert is the last step that Marie needs to perform to test the delivery of the actual alert.

Correct answer(s): 3. Add an alert

Table of Contents
| Print | Contents | Close |

Service Application Architecture


Learning Objectives
After completing this topic, you should be able to

identify how service applications connect together create and manage a new instance of Service Application identify the concepts behind multi tenant hosting

1. Service application components


Web applications and service applications are crucial in SharePoint 2010. The interconnectivity between service and web applications ensures that users can access the services they require. This interconnectivity is determined by a structure used by SharePoint, which is known as the connection structure or SharePoint Service Application Architecture. It helps provide a scalable service that can be adjusted to meet increasing requirements. The SSA architecture indicates how web applications communicate with service applications by using different service application components. The SSA architecture of a service application contains five components: service application group The service application group is a collection of service applications in a farm. Other names for service application group are proxy group or application proxy group. Every web application is assigned a service application group. You can use the default service application group for this purpose. You can also customize the service application group to choose service applications for a web application. However, you can't use the same service applications for service application groups of other web applications. service application connection

The service application connection component connects the web application with the service application group. Also known as a proxy or an application proxy, this connection is usually created with service applications. service application A service application is the actual component that provides the service. Web applications need to access these service applications after they get through other components. As indicated in the SharePoint architecture, service applications and web applications share a many-to-many relationship. So many web applications can access many service applications. service application database, and Sometimes, service applications may require extra storage, which is provided by service application databases. These databases store the data that service applications require to provide a service. Depending on the nature of the data, each service application may require one or many databases. For example, a service that allows users to search for resources or other users needs to store search results in cache. This speeds up searching for the same item in the future. service application services A service application service supports a service application in performing its tasks. For example, in a large organization, all administrative and HR tasks are performed by using the management information system service application. This application contains services that enable users to fill in time sheets and submit leave requests. In this case, the management information system is the service application, which is supported by the timesheet-filling service. Besides the five components of the SSA architecture, additional components support the main components. They include

service service instance, and service consumer

The service component of the SSA architecture is present within the service application service component. It consists of binaries installed on the server farm. Some examples of services are BCS, Search Services, Users and Profiles, and Web Analytics Services. A service instance, on the other hand, is an instance of the service application running on the application server. Different instances of the same application service can run on different application servers. For example, to use Search Services in your web application, you can create two instances of Search Services on two application servers. Finally, the third additional component, service consumer, enables users to make a request to the server for a service. After requesting, search results are displayed on the browser accessed by the

user. A service consumer can be a web part, an interface, or a code that sends requests to the server. Of the various components of the SSA architecture, major service application components interact with each other to provide a service. Service application group The service application group interacts with two service application components. First, it is accessed by the web application through the service application connection. Second, it contains service applications that interact with service application databases. These service applications create a service instance on the application server. So the service application group also needs to interact with application servers. Service application connection The service application connection helps you to associate a web application with a service application. Also, when a service is requested by a user, the service application connection indirectly connects this service to a service application group. Service application A service application is a part of the service application group. It interacts with the service application database to obtain information stored on the database. The service application also creates a service instance on an application server when the application server runs the service. Service application database The service application database interacts with the service application group. It stores information required by service applications and provides the information whenever required by the service application. Service application services The service application services component interacts with the service instance created to run the service. To continue the service, the service application service needs to access the service instance. Service applications, better known as SharePoint Service Applications or SSAs have replaced the SharePoint Service Providers, sometimes known as SSPs, that were used in SharePoint 2007. Unlike SSPs, SSAs allow sharing of services between farms. There are also many benefits of the service applications architecture, such as reducing incompatibilities, that make using SharePoint 2010 a better experience.

Supplement
Selecting the link title opens the resource in a new browser window. Job Aid Access the job aid SSA Architecture Variations and Benefits to learn what makes SSA different from and better than SSP.

Question

SharePoint 2010 uses the SSA architecture that contains the components of a service application and a web application. This structure also depicts how these components interact with each other to provide a service. Identify the component that connects a web application to a service application group. The SSA architecture contains all the major and additional components of a service application along with the web application. Options: 1. 2. 3. 4. 5. Service application connection Service application database Service consumer Service instance Service application

Answer
Option 1: This option is correct. The service application connection connects with the service application in the service application group. So this connection helps web applications link to the service application group. Option 2: This option is incorrect. The service application database doesn't connect a web application with the service application group. It interacts with the service application group to access information required by service applications. Option 3: This option is incorrect. The service consumer is the application that uses a service application to make a request to the server. Then, the service consumer displays the result on the user's browser. Option 4: This option is incorrect. The web application and service application groups exist inside the farm. But a service instance is an instance of the service application that runs on the application server. Option 5: This option is incorrect. A service application is a part of the service application group that provides services. It is accessed by the service application connection to connect to the web application. Correct answer(s): 1. Service application connection

Question

SharePoint 2010 uses a connection structure that contains the components of a service application and a web application, which interact with each other to provide a service. Which component is connected to three service application components at any given time? The SSA architecture contains all the major and additional components of a service application along with the web application. Options: 1. 2. 3. 4. 5. Service application group Service instance Service application connection Service application database service application services

Answer
Option 1: This option is correct. The service application group interacts with three service application components. It interacts with the web application for services, with service application databases for accessing service application data, and with a service instance on the application server. Option 2: This option is incorrect. The web application and service application groups exist inside the farm while a service instance runs on the application server. Option 3: This option is incorrect. The service application connection or the service application proxy is a pointer to a service application, and is used for connecting a web application to a service application group. Option 4: This option is incorrect. The service application database interacts with the service application group to access the service application's information. Service applications access the service application database to gain access to this information. Option 5: This option is incorrect. The service application services component interacts with only one component the service instance that is created to run the service. Correct answer(s): 1. Service application group

2. Managing service applications


Service application can be shared across farms and web applications. This is accomplished by sharing the service instance. You first need to add the service application connection between the service application group and the web application.

Suppose that an organization uses SharePoint 2010 to maintain department data. It contains a web application named http://departments, which connects to a default service application group. The service application group contains three service applications named Enterprise Managed Metadata, Enterprise BCS, and Enterprise Excel Services, together with their respective service application connections. Each service application is connected to its respective service, Managed Metadata service, BCS service, and Excel service. The Enterprise Managed Metadata service application is connected to a database. The finance department wants an exclusive web application to protect data sensitivity. So you create a web application called http://finance. Because the service application is not included in the default service application group, a custom service application group is prepared for it. The service application required for it is Finance Managed Metadata, which uses the same service Managed Metadata service, but has its own database. The Enterprise BCS and Enterprise Excel Services service applications and their service application connections are reused. You can create instances of service applications that can be shared in the Central Administration. For example, if the Security Department wants to use the BDC service application, you first create an instance of the BDC service application. From the Central Administration home page, you need to access the Manage Service Applications page that allows you to create services. To do this, you select the Manage service applications link.

Graphic
The Manage web applications link is present in the Web Applications section on the Application Management page. The Manage Service Applications page lists the different services and service applications on your server. Now you can begin to create a new service application on this page.

Graphic
To do this, click New Business Data Connectivity Service on the Service Applications tab. After you begin to create a new service application, you are directed to a dialog box with settings relevant to the service application you chose. In this case, it is the Create New Business Data Connectivity Service Application dialog box. In this dialog box, you need to specify a name You need to specify a name for the service application you're creating. This name is displayed in the list of service applications present on the Manage Service Applications page. In this example, you enter the name MyBDC in the Service Application Name field.

specify a database If your service application has a high storage requirement, you need to specify the database server and name. In this example, you can enter SQL034 in the Database Server box and BDC_Service_DB_07369e84-e4bd-4951 in the Database Name field. select the application pool You also need to select the application pool you want the service application to connect to. You can either choose an existing pool or create a new one. In this example, you select the Use existing application pool radio button and select the SecurityTokenServiceApplicationPool option. decide if the service application's proxy is added to the default proxy list, and In some cases, you need to decide if the service application's proxy needs to be added to the default proxy list of the farm. While creating a BDC service application, you may not need it, but while creating certain service applications, such as Excel Services, you need to select this option. If it's already selected by default, you can leave it as is. If the proxy is not already selected, you can select the Add this service application's proxy to the farm's default proxy list checkbox. complete service application creation After selecting the required settings, you need to leave other settings at their default values and click OK.

Try It
An organization's Finance Department wants to use the Excel Services application to display financial details of all employees stored in an Excel document on a SharePoint web site. The head of the department wants you to create an instance of this service application called MyExcel in the SharePoint site, using an existing application pool. Access the page containing the configuration details for creating this service application. You've already opened the Central Administration home page. To complete the task 1. Access the Manage Service Applications page To do this, click Manage service applications in the Application Management section on the Central Administration home page. 2. Access the Create New Excel Services Application page To do this, click New - Excel Services Application. 3. Specify the service application name and select the appropriate type of application pool To do this, enter MyExcel in the Name field, select the Use existing application pool radio button, and select the SharPoint Web Services Default. 4. Ensure that the service application's proxy is not added to the default proxy list, and then finish creating the service application To do this, clear the Add this service application's proxy to the farm's default proxy list checkbox, and then click OK.

The Excel Services Application service application is created and is present in the list of service applications on the Manage Service Applications page. After you complete site creation, you receive a message indicating that the service application was created successfully. However, such messages don't appear for some service applications such as Excel Services. If you check the Manage Service Applications page, the MyBDC service application is now listed there. This page allows you to perform several changes to your service application with the help of the options on the ribbon, such as Manage and Properties. But these features aren't activated until you select the service application that you want to manage. Also, not all of the options are active for all service applications. You can activate the options on the ribbon only when you click to the right of the required service application.

Graphic
In this example, the MyBDC service application is selected. After you click the required service application, you can use two main features to manage the application:

Graphic
For the MyBDC service application, you can use the Properties and Manage buttons in the Operations group of the Service Applications tab. Properties and Selecting the Properties button for the service application leads you to the same details you filled in while creating the service application. It contains the name of the service application, the database, and the application pool you selected for it. You can use this page to edit the administrative properties of the service application. These details are present in the Edit Business Data Connectivity Service Application dialog box. Manage The Manage feature allows you to set the functionalities you want your service application to have. So the interface that appears after selecting the Manage button depends on the service application you've chosen. For example, for the MyBDC service application, you may select external content types such as an XML file that defines connectivity and data behavior information. After you click MyBDC and then click Manage, the View External Content Types page is displayed. This page contains two tabs, Browse and Edit. The Edit tab contains active options such as the Import button in the BDC Models group, Set Metadata Store Permissions in the Permissions group, and the Configure button in the Profile Pages group.

To use functions provided by the Manage option, you first need to know some of the requirements of your service application. For example, consider that you want to specify a host for the profile pages of external content type for the MyBDC service application. You can use the Configure option for this purpose.

Graphic
To do this, click Configure in the Profile Pages group of the Edit tab. When you choose this option, the Configure External Content Type Profile Page Host dialog box appears. You can specify the URL of the SharePoint site that will host external content profile pages. However, before doing so, you must ensure that profile page creation is enabled.

Graphic
To do this, you select the Enable Profile Page Creation checkbox and enter http://sp035:2186/Mysite in the Host SharePoint site URL field. You can then save the profile page configuration and close the dialog box.

Graphic
To do this, you click OK. After you specify the SharePoint site that hosts external content profile pages, the Create/Upgrade button in the Profile Pages group on the Edit tabbed page is activated. You can use this button to edit existing profile pages. You can also set up a delegated administrator for your service application. To do this, you need to use the Administrators feature on the Manage Service Applications page.

Graphic
For example, you select MyBDC and click the Administrators button in the Operations group on the Service Applications tabbed page. The Administrators for MyBDC dialog box appears. You can use this dialog box to add or remove a user or group according to your requirements.

Graphic
To add or remove an administrator, type the user name in the appropriate text boxes and click Add or Remove.

You can also decide the kind of permission and rights that you want to give to the administrator before closing the dialog box. For example, you can allow the user to perform all tasks of an administrator.

Graphic
You can do this by selecting the Full Control check box in the Permissions for sp_setup section and then clicking OK.

Try It
You're a SharePoint administrator and need to assign sp_setup as the administrator for the MyBDC service application. You want to allow this user to perform all tasks of an administrator including assigning permissions to other users. You've already selected the MyBDC service application on the Manage Service Applications page. Assign sp_setup as the administrator for the MyBDC service application. To complete the task 1. Access the dialog box to assign or remove administrators To do this, click Administrators in the Operations group on the Service Applications tabbed page. 2. Assign the user sp_setup as the administrator To do this, enter sp_setup in the To add an account, or group, type or select it below and click 'Add' field and then click Add. 3. Ensure that the user can make any change as an administrator to the service application To do this, click the Full Control checkbox in the Permissions for sp_setup section. 4. Save the changes To do this, click OK. The user sp_setup has been assigned as the administrator with full control.

3. Multi-tenant hosting
The SSA architecture in SharePoint 2010 allows you to share site collections across web applications and farms. Although this feature reduces redundancy, it may pose other problems. For example, when using this feature, the Finance Department in an organization uses a separate site collection for its official data. But it still shares the Search service application with other departments. In such a case, you don't want critical financial data listed in the search results of other departments. To prevent data access in such situations, you need to isolate this data from the rest of the organization's data. Even then, you might not want to isolate all data there may be some which should be accessible to all employees in the organization, and some that is only accessible by certain management or finance staff.

So it is important to isolate data based on the type of data, type of users accessing data and the level of access rights that users have. You can achieve this isolation with the help of the multitenancy feature offered by SharePoint. With multi-tenancy, you can host multiple sites by using a shared environment at the site collection level, in a single farm or across many farms. Although sites in a site collection use the same settings, services, and features, they can use the same shared environment in an isolated manner. You can achieve this isolation by virtually partitioning the database of service applications for each site collection. Virtual segregation of databases provides every site collection owner or tenant with a customized virtual instance of the same web application. For example, in a company, the site collections of three vendors, site collection1, site collection2, and site collection3, are hosted on the same web application - VendorWebApp1. They use the same service application, VendorBDC, associated with VendorWebApp1. To maintain each vendor's BDC data separately, you want to isolate the result of using VendorBDC for each site collection. In this case, you can use multi-tenancy. You can partition the database used by VendorBDC so that the content of each site collection is in a separate partition. So, users of site collection1 will not be able to access the data of site collections 2 and 3. If a Search service is now added to this web application, it will not display search results for site collections 1 and 2 to users of site collection 3. The multi-tenancy feature has many supporting concepts that help it to virtually segregate databases and achieve data isolation. These concepts are site subscriptions A site subscription is a group of site collections that allows the segmentation of a database. Site collections share the same data, features, and settings. A site subscription, also called as site group, cannot include a site collection from another site group. But it can contain a site collection from a different web application. You can create a site subscription with PowerShell and add sites to it. You must be careful while adding sites because you cannot change a site after you add it to a site group. service applications and hosting All sites hosted on a web application share data belonging to the same service application. However, in the hosting mode, service applications can partition data, depending on whether its site group has partitions. These partitions store user-specific or subscription data. Each database partition is isolated and only the site that it is created for can access it. You can use the hosting mode for service applications if the service application type allows it. Service Applications that can be partitioned are Business Data Connectivity, Managed Metadata, People, Project\Subscription Settings, SharePoint Search, Secure Storage Service, Usage and Health Data Connection, and Web Analytics. Service Applications

that cannot be partitioned are Access Services, Excel Calculates Services, Fast Search, InfoPath, PowerPoint, State Service, Visio Service, Word Service, and Word Viewing. tenant administration site, and A tenant administration site is created to give administrator rights to the tenant or the owner of the hosted service application. These rights give the tenant full control over the site collection and allow it to be managed. You can also allow the tenant to create new site collections after enabling self-service site creation for that web application. features After site subscriptions are created, you can provide them with different features based on their requirements. So if you provide one site subscription with the search filter feature, other site subscriptions that don't have this feature will not be able to access this feature. You can assign different features to site groups by using PowerShell. You can configure multi-tenant hosting for the service applications of a web application through a series of eight steps in PowerShell. You first need to create a site subscription and then assign sites and site collections to it with the help of PowerShell commands. You also need to include all supporting concepts, such as tenant administration site, service applications in hosting mode, and the features you want to include, for the site subscription.

Supplement
Selecting the link title opens the resource in a new browser window. Job Aid Access the job aid Configuring Multi-Tenant Hosting to learn about the steps for configuring multi-tenant hosting of service applications in more detail.

Question
Which concepts of multi-tenant hosting help service applications to partition and isolate data? Options: 1. 2. 3. 4. Service applications and hosting Features Tenant administration site Site subscription

Answer
Option 1: This option is correct. In the hosting mode, service applications can partition data and achieve data isolation, depending on whether the application's site group has partitions. These partitions store user-specific or subscription data. Each partition is isolated and only the site that it is created for can access it.

Option 2: This option is incorrect. Features are assigned to different site groups after they are created. So data isolation is already achieved when features need to be assigned. Option 3: This option is incorrect. A tenant administration site is created to give administrator rights to the tenant or owner of the hosted service application. These rights give the tenant full control over the site collection and allow it to be managed. Option 4: This option is correct. A site subscription is a group of site collections that allows the segmentation of a database to isolate data. A site subscription cannot include a site collection from another site group. But, it can contain a site collection from a different web application. Correct answer(s): 1. Service applications and hosting 4. Site subscription

Summary
In SharePoint 2010, SSAs replace SSPs, which had previously caused service sharing and redundancy problems. SSAs allow services to be shared across web applications and farms. The SSA architecture or connection structure consists of the web application and eight service application components. They are services, service applications, service instances, service application services, service application databases, service application connections, service application groups, and service consumers. These components interact and connect to each other to provide a service. A service application is the main component that hosts services and interacts with web applications. You can create and manage service applications, with certain features in Central Administration. These features, such as New, Manage, and Properties, are present on the Manage Service Applications page. Although the SSA architecture allows service application sharing, it does not prevent data isolation. The multi-tenancy feature in SharePoint 2010 helps to achieve data isolation with its supporting concepts, site subscription, service applications and hosting, tenant administration site, and features. As a result, SharePoint 2010 offers a balance of features that allows service sharing and data isolation at the same time.

Table of Contents

Office Services in SharePoint 2010


Learning Objective
After completing this topic, you should be able to

recognize the features of Office Services in SharePoint 2010

1. Office Services in SharePoint 2010


Today, most businesses use the Microsoft Office suite of applications. As a business collaboration platform, SharePoint 2010 offers deep integration of various Office applications through Office Services.

Drill Down Home Page


SharePoint 2010 offers various Office Services that enable you to perform data analysis, collection, validation, and representation.

Page 1 of 4: Excel Services


In most organizations, Microsoft Excel is one of the most commonly used business applications. This application is used to represent business data, such as sales, profits, and trends, in a format that is easy to understand. This enables executives to interpret and analyze data to make accurate predictions. That is why one of the key SharePoint 2010 service applications is Excel Services. By using Excel Services, you can publish existing Excel workbooks to your SharePoint server. Then you can share these workbooks across your organization. You can also ensure that these shared workbooks can be accessed and managed only by authorized users.

Page 2 of 4: Excel Services


To perform all of these tasks, the Excel Services application contains three service application services that connect the application to the SharePoint server:

Excel Calculation Services or ECS Excel Web Services, also known as EWS, and Excel Web Access or EWA

Page 3 of 4: Excel Services


With Excel Services in SharePoint 2010, there are several improvements to the existing features and addition of some new features. These include service application management, PowerShell support, trusted locations, and error handling. The service application management feature provides features of Excel over the Internet, without the need to set up and manage a separate database. This feature also provides you with administration privileges so that you can restrict access and define computers on which Excel Services can be used. However, this feature only allows each farm to have a single Excel Services application that responds to user requests.

The PowerShell support feature is a command-line scripting interface that allows you to write and execute reusable scripts. These scripts support Microsoft .NET and can be used for setting up and maintaining a service. This feature also allows you to specify how the Excel Services application should be launched.

Page 4 of 4: Excel Services


The Excel Services application in SharePoint 2010 supports a feature called trusted locations. SharePoint only loads Excel workbooks from these locations.

Graphic
This feature is present on the Manage Excel Services Application page. The other options are Global Settings, Trusted Data Providers, Trusted Data Connection Libraries, and User Defined Function Assemblies. By default, this feature loads all Excel workbooks stored within the farm. It also enables you to control how Excel workbooks are used. For example, you can use this feature to ensure that workbooks stored in certain trust locations cannot exceed a certain size.

Graphic
You can do this on the Excel Services Application Add Trusted File Location page. Another improved feature of SharePoint 2010 is error handling. This feature ensures that all error messages arising in the Excel Services application provide adequate detail. These error messages indicate the cause of the error so that you can quickly rectify it. But you can still choose to display generic messages instead of detailed error messages.

Supplement
Selecting the link title opens the resource in a new browser window. Job Aid Access the job aid Creating and Configuring Excel Services for information about setting up and configuring an Excel Services application on SharePoint 2010.

Page 1 of 5: InfoPath Form Services


InfoPath forms Service for SharePoint 2010 enables you to construct forms which display in a web browser and collate data on SharePoint. InfoPath forms from Microsoft Office InfoPath ensure the integrity of the data you collect for SharePoint 2010 business solutions by helping you to standardize, customize, and validate it. You can use InfoPath forms only if you have the InfoPath Forms Services service enabled in SharePoint.

This service helps you fill in InfoPath forms, manage and create views within InfoPath forms, and populate forms with existing SharePoint data. After gathering data in the form, InfoPath Form Services checks it to ensure that the form is submitted only with valid data. InfoPath forms are used in different applications and business solutions in SharePoint. These forms support each application in achieving its purpose by performing different roles.

Page 2 of 5: InfoPath Form Services


These are the roles that InfoPath forms perform in certain applications:

helping SharePoint to access and modify external data in business data applications gathering, processing, and reporting data in form-driven applications providing document metadata in document information panels within MS Office applications customizing data in SharePoint lists for ad-hoc business processes, and collecting data from future phases of a workflow and connecting users with workflow tasks in document workflow applications

Page 3 of 5: InfoPath Form Services


The main objective of InfoPath Forms Services is to allow users to enter data into forms. This process comprises of three functionalities browser-enabled user form templates, authentication and data connection, and user sessions. You need to configure settings for each of these functionalities in SharePoint. But you can only do so if you are part of the Farm Administrator group, and then only through Central Administration or PowerShell. Browser-enabled user form templates allow users to fill in forms by using a web browser. For this functionality to work, you need to ensure that you have enabled two conditions called publishing and rendering. Publishing allows template designers to present information in forms that can be filled in by using a browser, whereas rendering allows users to actually fill in forms by using their browser. Disabling either of these conditions means that this functionality won't work for end users.

Page 4 of 5: InfoPath Form Services


While filling in forms, InfoPath forms fetch data from users or across the SharePoint environment. The authentication and data connection functionality checks and provides the data connection files required during this process. You need to enable access to two settings and specify two limits for this functionality to work. Settings include enabling form templates to access data from external sources and authentication

information from data connection files. Limits include the duration for which data connections exist and the amount of responses that data connections can process.

Graphic
In this case, the The Default data connection timeout is 10000 milliseconds and Maximum data connection timeout is 20000 milliseconds, and Data Connection Response Size is 1500 kilobytes. The authentication setting can be enabled in the Embedded SQL Authentication section by selecting the Allow embedded SQL authentication checkbox, and access to external data sources can be enabled in the Cross-Domain Access for User Form Templates section. You also need to choose the type of authentication process to be used in this functionality. You can either select HTTP authentication or embedded SQL authentication.

Graphic
You can do this by selecting the Require SSL for HTTP authentication to data sources and Allow embedded SQL authentication checkboxes in the HTTP data connections and Embedded SQL Authentication sections.

Syntax
Set-SPInfoPathFormsService -AllowUdcAuthenticationForDataConnections $true AllowUserFormCrossDomainDataConnections $true

Page 5 of 5: InfoPath Form Services


While the data is being filled in, authenticated, and accessed, there may be delays due to network traffic or user issues. In such cases, the server resources are used to keep users connected and save temporary data. To ensure judicious use of these resources, you need to limit the amount of time that users are allowed for filling in forms. This time period is called a user session. You can configure settings for these user sessions in SharePoint. These settings include thresholds for ending user sessions and logging error messages, time-outs for user sessions, and size of a user session.

Graphic
The Thresholds section has Number of postbacks per session and Number of actions per postback text boxes to configure threshold settings. The User Sessions section has Active sessions should be terminated after and Maximum size of user session data text boxes for specifying time outs and user session size, respectively.

Syntax
Set-SPInfoPathFormsService -ActiveSessionTimeout <TimeoutValue>

Page 1 of 4: Access Services


One of the critical aspects of any business is storing data and using it to generate reports. To ensure business continuity, it is imperative that this data is available at all times. That is why SharePoint 2007 presented a web front end for people using Microsoft Access to store data. This front end allows users to share and work on an Access database. They can use SharePoint to add Access objects such as tables, forms, queries, and reports. They can also convert SharePoint lists and libraries into Access objects. However, one of the limitations of SharePoint 2007 was that people needed the original Access database file to complete all of these tasks.

Page 2 of 4: Access Services


But SharePoint 2010 has added a new service application called Access Services, which was introduced in the Enterprise version of SharePoint 2010. Access Services allows you to publish an Access database as a subsite in SharePoint, which isn't dependent on the database.

Note
Before an Access database can be published, it needs to be checked for web compatibility. But the complexity of this check depends on the complexity of the database. After the database is published, tables in the database are converted into SharePoint lists, and business logic in the database is converted into SharePoint workflow. Forms in the database are also converted into web-based forms.

Page 3 of 4: Access Services


If you're an administrator, you can create an Access Services application by accessing the Manage Service Applications page. Then you need to specify details of the Access Services application.

Graphic
To do this, you click New - Access Services. These details include the name of the Access Services application and whether you want to use an existing application pool or a new application pool. You can also indicate whether you want to create an Access Services Application Proxy.

Page 4 of 4: Access Services


As an administrator, you can also configure the Access Services application that you created. To do this, you first select the Access Services application that you want to configure. Then you can configure the lists and queries, application objects, session management, memory utilization, and template-related settings.

However, if you want to delete an Access Services application, you simply need to select it from the Manage Service Applications page and click Delete.

Page 1 of 4: Visio Graphic Services


Many organizations use Microsoft Visio to depict drawings such as flow charts, organizational structure, and work lifecycles. So SharePoint 2010 provides a service application called Visio Graphic Services. This application enables you to publish drawings from Microsoft Visio Professional 2010 to SharePoint Server 2010. These drawings can then be accessed as a web page and can be viewed by users who don't have Visio or Visio Viewer on their computer. Visio Graphic Services enables people to access Visio drawings in a web browser. It also enables users to use the inherent Visio functionality to expand and explore Visio drawings. This application also enables you to refresh and update the drawings and the data used in these drawings.

Page 2 of 4: Visio Graphic Services


Although there are several ways to install and configure Visio Graphic Services, the simplest way is to use farm configuration. This option is available as a wizard on the Configuration Wizards page in Central Administration.

Graphic
To use farm configuration, you can click the Launch the Farm Configuration Wizard link. This wizard will enable you to specify the type of service application you need to install and specify whether you want to use an existing site collection or create a new site collection.

Supplement
Selecting the link title opens the resource in a new browser window. Job Aid Access the job aid Configuring Visio Graphics Services to view the steps for configuring Visio Graphics Services.

Page 3 of 4: Visio Graphic Services


After you have installed and configured Visio Graphic Services, you can configure it. The configuration settings include configuring Visio Graphic Services for external data sources. These sources include SharePoint lists, Excel workbooks hosted in SharePoint, SQL, and other object-oriented databases. Connecting to these data sources enables you to update Visio drawings in line with any changes in data.

To do this, you first need to authenticate these external data resources. This authentication can be accomplished by using integrated Microsoft Windows authentication. You can also use the secure store service or unattended service account for the authentication.

Page 4 of 4: Visio Graphic Services


In addition to connecting to external data sources, you can also define trusted data providers for SharePoint. This ensures that you restrict the data sources that your Visio Graphic Services application can connect to. You can also configure Visio Graphic Services by using Visio Service Settings options. These options allow you to define rules for caching, maximum file sizes, and data refresh intervals.

Question
Identify the features of Office Services in SharePoint 2010. Options: 1. 2. 3. 4. Provide Excel Services for improved data analysis InfoPath forms help standardize, customize, and validate data Access Services allow you to represent lists and libraries as forms Visio Graphic Services help you view web drawings if you have Visio Viewer on your computer

Answer
Option 1: This option is correct. Office Services in SharePoint 2010 provide Excel Services that enable executives to interpret and analyze data to make accurate predictions. Option 2: This option is correct. You can use InfoPath forms to ensure data integrity through standardization, customization, and validation. Option 3: This option is incorrect. Access Services allow you to publish the entire Access database to SharePoint as a subsite. Option 4: This option is incorrect. When you use Visio Graphic Services, you can view Visio drawings in the form of web page. You don't need to install Visio Viewer or Visio to access them. Correct answer(s): 1. Provide Excel Services for improved data analysis 2. InfoPath forms help standardize, customize, and validate data

Summary
SharePoint 2010 allows various Office Services to perform data analysis, collection, validation, and representation. These services include Excel Services, InfoPath Form Services, Access Services, and Visio Graphic Services. Excel Services help you publish Microsoft Excel 2010 workbooks on the SharePoint server and make them accessible for the entire organization. InfoPath Form Services provide InfoPath forms to ensure the integrity of business data by standardizing, customizing, and validating it. Access Services allow you to publish an entire Access database to SharePoint as its own subsite. The data in this database can then be viewed in the form of SharePoint lists, web forms, and workflows. Once the conversion is complete, you no longer need the original database file. Visio Graphic Services help you view web drawings or Visio documents in a web browser without the need to install Visio Viewer or Visio.

Table of Contents

Service Application Architecture Basics


Learning Objectives
After completing this topic, you should be able to

manage SharePoint 2010's Service Application Architecture propose the Office Services solution for a given scenario

Exercise overview
In this exercise, you're required to manage the architecture of SharePoint 2010 service applications and to use Office 2010 Services in a given scenario. This involves the following tasks:

managing service applications and using Office 2010 Services

Managing service applications


Question
Which service application component connects with the web application and contains service applications?

Options: 1. 2. 3. 4. Service application group Service application services Service consumer Service application connection

Answer
Option 1: This option is correct. The service application group is a set of all service applications available for use in a web application. When you create a web application, you need to associate it with one of the service application groups. Option 2: This option is incorrect. Service application services run on the server and are responsible for processing the web application's requests. Option 3: This option is incorrect. A service consumer uses a service application to make a request to the server. Then, it displays the result in the user's browser. Option 4: This option is incorrect. A service application connection is a pointer to a service application, which is used by a web application to connect to a service application group. Correct answer(s): 1. Service application group

Question
Which components in the connection structure can be shared between all web applications in a farm? Options: 1. 2. 3. 4. Service application database Service application Service instance Service application connection

Answer
Option 1: This option is incorrect. The service application database is a component attached to a service application and is used for storing data. If a service application has any storage requirements, it has a unique database. Option 2: This option is correct. A service application helps you use the services you have access to. You can share any service application between all web applications in a farm.

Option 3: This option is incorrect. A service instance is an instance of a service application that runs on the application server. Every time you access a service application service, a new service instance is created. Option 4: This option is correct. A service application connection is created automatically when you create a service application. It connects web applications to service applications. Correct answer(s): 2. Service application 4. Service application connection

Question
Which concepts of multi-tenant hosting help service applications partition data and give administrator rights to site owners? Options: 1. 2. 3. 4. Service applications and hosting Features Tenant administration site Site subscription

Answer
Option 1: This option is correct. In the hosting mode, service applications can partition data and achieve data isolation, depending on whether the service applications' site group has partitions. These partitions store user-specific or subscription data. Each partition is isolated, and only the site that it is created for can access it. Option 2: This option is incorrect. Features are assigned to different site groups after site groups are created. So data isolation is already achieved before features need to be assigned. Option 3: This option is correct. A tenant administration site is created to provide administrator rights to the tenant or the owner of the hosted service application. These rights provide the tenant with full control over the site collection and allow its management. Option 4: This option is incorrect. A site subscription is a group of site collections that achieves data isolation. A site subscription cannot include a site collection from another site group, but it can contain a site collection from a different web application. Correct answer(s): 1. Service applications and hosting 3. Tenant administration site

Question
Which concepts of multi-tenant hosting contain site collections and help add functions to service applications? Options: 1. 2. 3. 4. Service applications and hosting Features Tenant administration site Site subscription

Answer
Option 1: This option is incorrect. In the hosting mode, service applications can partition data and achieve data isolation, depending on whether the site group has partitions. These partitions store user-specific or subscription data. Each partition is isolated and only the site that it is created for can access it. Option 2: This option is correct. After site subscriptions are created, you can provide them with different features based on their requirements. So if you provide one site subscription with the search filter feature, other site subscriptions that don't have this feature won't be able to access this feature. Option 3: This option is incorrect. A tenant administration site is created to provide administrator rights to the tenant or the owner of the hosted service application. These rights provide the tenant with full control over the site collection and allow its management. Option 4: This option is correct. A site subscription is a group of site collections that allows segmentation of a database to achieve data isolation. A site subscription cannot include a site collection from another site group, but it can contain a site collection from a different web application. Correct answer(s): 2. Features 4. Site subscription

SkillCheck
The HR Department in an organization requires employee data to be stored in a database for an HR application. For this, they want to have an isolated instance of the BDC service application. The instance should be named HRBDC and belong to the existing application pool My Pool. You have already accessed the Central Administration for this purpose. Create this service application.

Task: 1. Click the appropriate link to access the Manage Service Applications window. 2. Access the appropriate menu for creating a new service application. 3. Specify the instance name of the service application and select the type of application pool. 4. Save the settings and return to the Manage Service Applications page.

Answer
To complete the task Step 1: Click Manage service applications in the Application Management section Step 2: Select New - Business Data Connectivity Service Step 3: Type HRBDC in the Service Application Name field and select the Use existing application pool radio button Step 4: Click OK

SkillCheck
The HR department now has its isolated instance of the BDC service application, which you have named HRBDC. You now need to assign a location to host the external content profile pages for this service application. You've already accessed the Manage Service Applications page. Configure the URL http://sp035:21876/MyOfficialsite as the host for external content profile pages for this service. Task: 1. 2. 3. 4. Select the service application that you want to manage. Open the page for configuring external content profile pages. Access the page that enables you to configure external content type. Specify the URL of the site where you want to host external content profile pages, and then save the settings.

Answer
To complete the task Step 1: Click HRBDC in the list of web applications Step 2: Click Manage in the Operations group on the Service Applications tabbed page

Step 3: Click Configure in the Profile Pages group of the Edit tabbed page Step 4: Type http://sp035:21876/MyOfficialsite in the Host SharePoint site URL text box and click OK

Using Office 2010 Services


Question
Identify the features and purpose of Excel Services in SharePoint 2010. Options: 1. 2. 3. 4. Publish existing Excel workbooks to an application server Help to analyze, secure, and manage shared workbooks Provide an error handling mechanism to display the source of errors Provide data in a format that is easy for data querying

Answer
Option 1: This option is incorrect. Using the Excel Services application, you can publish existing Excel workbooks to your SharePoint server. Then you can share these workbooks across your organization. You can also ensure that these shared workbooks can only be accessed and managed by authorized users. Option 2: This option is correct. Excel Services comprise three components: ECS, EWS, and EWA. These service application services help analyze, secure, and manage workbooks shared on the SharePoint server. Option 3: This option is correct. Excel Services provide an error handling mechanism that indicates where and why the error has occurred. This mechanism also indicates how you can get the connectivity back. Option 4: This option is incorrect. Excel Services represent business data in an easy manner that makes it easy for executives to interpret and analyze it and to make accurate predictions. Correct answer(s): 2. Help to analyze, secure, and manage shared workbooks 3. Provide an error handling mechanism to display the source of errors

Question
Identify the features and purpose of InfoPath Form Services in SharePoint 2010.

Options: 1. Provide a single view of InfoPath forms to ensure consistency across users 2. Use SharePoint Server State Service to configure authentication settings for InfoPath Forms Services 3. Allow you to configure user form templates to have connections to external data sources 4. Help ensure the integrity of data you collect for SharePoint 2010 business solutions

Answer
Option 1: This option is incorrect. While filling in InfoPath forms, you have the option of selecting one of the several views that help you split the form into multiple pages. You can also hide one or more fields on the form or create separate views of the same form for different users. Option 2: This option is incorrect. InfoPath Form Services use PowerShell to configure authentication settings for InfoPath Forms Services. Option 3: This option is correct. InfoPath Form Services provide user form templates that you can configure to have data connections to data sources outside the current site collection. Option 4: This option is correct. InfoPath Form Services provide InfoPath forms. These forms ensure the integrity of data you collect for SharePoint 2010 business solutions by standardizing, customizing, and validating it. Correct answer(s): 3. Allow you to configure user form templates to have connections to external data sources 4. Help ensure the integrity of data you collect for SharePoint 2010 business solutions

Question
Identify the features and purpose of Access Services in SharePoint 2010. Options: 1. Allow configuration to restrict the types of objects an Access Services application can contain 2. Enable you to represent lists and libraries as tables in the database 3. Eliminate the need to use database files 4. Require you to have Access installed on your computer to view data

Answer
Option 1: This option is incorrect. You can configure an Access Services application for application object, session management, lists and queries, memory utilization, and templaterelated settings. You cannot restrict the kind of objects it can contain.

Option 2: This option is correct. Access Services enable you to use SharePoint to add Access objects such as tables, forms, queries, and reports. They also enable you to convert SharePoint lists and libraries into Access objects. Option 3: This option is correct. Access Services publish an entire Access database to SharePoint as its own subsite. This subsite can be accessed in a web browser and doesn't require the original database file. Option 4: This option is incorrect. Access Services allow you to publish an entire Access database to SharePoint as its own subsite. The subsite can contain SharePoint lists, web-based forms, and workflows in SharePoint. You can view them in a browser without installing Access. Correct answer(s): 2. Enable you to represent lists and libraries as tables in the database 3. Eliminate the need to use database files

Question
Identify the features and purpose of Visio Graphic Services in SharePoint 2010. Options: 1. Refresh web drawings connected to a data source when there are changes to the data source 2. Ignore the data source while authenticating you to view a web drawing connected to it 3. Allow using custom data providers if you don't want to use trusted data providers 4. Allow you to view web drawings without installing Visio Viewer or Visio on your computer

Answer
Option 1: This option is correct. When you create a web drawing, you use graphics and data from a data source. This data source is connected to the SharePoint 2010 server hosting the web drawings. If you update the text and graphics in the data source after hosting your web drawings, Visio Graphic Services refreshes the connection. This updates the web drawing hosted on SharePoint Server according to the updated data source. Option 2: This option is incorrect. You are only able to view a web drawing connected to a SharePoint data source if the data source is authenticated. This authentication can be accomplished using integrated Microsoft Windows authentication. You can also use secure store service or unattended service account for the authentication. Option 3: This option is incorrect. You may create a custom data provider to use additional data sources. However, before Visio Graphic Services can connect to these, you need to add them to the trusted data providers list.

Option 4: This option is correct. Visio Graphic Services are used to view and share web drawings. You can view web drawings or Visio documents in a web browser without installing Visio Viewer or Visio on your computer. Correct answer(s): 1. Refresh web drawings connected to a data source when there are changes to the data source 4. Allow you to view web drawings without installing Visio Viewer or Visio on your computer

Table of Contents
| Print | Contents | Close |

Overview of Central Administration


Learning Objectives
After completing this topic, you should be able to

recognize the new features of the SharePoint 2010 Central Administration interface identify the management feature of SharePoint 2010 Central Administration to employ for a given scenario match the maintenance features of SharePoint 2010 Central Administration with their descriptions

1. New features in Central Administration


Central Administration in SharePoint provides you with a single-point location where you can manage web applications, create site collections, assign permissions, and so on. Performing these tasks in SharePoint 2010 is going to take longer if youve been using SharePoint 2007 for a long time and are going to switch to SharePoint 2010. This is because the Central Administration interface in SharePoint 2010 has undergone many changes. On analyzing the interface of SharePoint 2010, you notice three important changes in Central Administration.
eight main categories The SharePoint tasks and links are now logically grouped into eight categories. These categories are available in both the main pane and the Quick Launch. Logical grouping enables quick access to the commonly used pages in Central Administration. The eight categories listed in the main pane and the Quick Launch are Application Management,

System Settings, Monitoring, Backup and Restore, Security, Upgrade and Migration, General Application Settings, and Configuration Wizards. subsection links Each of the eight categories contains the tasks and pages accessible as subsection links. On the Home page, the subsection links to the most frequently accessed pages are available. To view the entire list of subsection links, you can click each category. resemblance to Control Panel The arrangement of the various Category pages and their accessibility through the Home page is similar to the Control Panel in Windows Vista and Windows 7. This makes it easy to use and access.

After accessing the pages corresponding to the subsection links from the Home page or the Category page you can navigate using the Navigate Up button. It displays a hierarchy of links that can be traced back to the Home page of Central Administration.

Note
SharePoint 2010 has various other user-friendly features, such as the Ribbon interface and the tooltips.

Question
The interface of Central Administration in SharePoint 2010 has been completely revamped compared with earlier versions SharePoint 2007, for example. Which part of the interface enables you to access the most frequently used pages in Central Administration? Options:
1. 2. 3. 4. 5. Subsection links Eight main categories Quick Launch Eight main categories Subsection links

Answer
Option 1: Each of the eight main categories in the Home page of Central Administration contains various subsection links to frequently used pages in Central Administration. Option 2: The eight main categories are logical groupings of the various tasks and links in Central Administration.

Option 3: Quick Launch enables you to quickly access the eight main categories available in Central Administration. Option 4: The eight main categories are logical groupings of the various tasks and links in Central Administration. Option 5: Each of the eight main categories in the Home page of Central Administration contains various subsection links to frequently used pages in Central Administration. Correct answer(s): 1. Subsection links 5. Subsection links

2. Management features
Based on the types of tasks performed, you can broadly group the eight categories in Central Administration of SharePoint 2010 into two high-level categories management and maintenance.

Note
This high-level categorization doesn't include the Configuration Wizards category, as it is the same as the Farm Configuration Wizard.

Drill Down Home Page


There are three categories within the management high-level category.

Page 1 of 5: Application Management


Using the Application Management category, you can centrally manage web and service applications and related items. The Application Management category has several subcategories:

Graphic
The subcategory links are displayed in the Application Management page.

Web Applications Service Applications Site Collections, and

Databases

Page 2 of 5: Application Management


If you want to manage the web applications currently running in the SharePoint farm, you can use the Web Applications subcategory.

Graphic
The other subcategory links available in the Application Management page are Site Collections, Service Applications, and Databases. The Web Applications category displays the subsection links Manage web applications and Configure alternate access mappings. The options available in the Web Applications Management page enable you to extend a web application from one web site to another; specify Alternate Access Mappings, AAMs for short; and remove web applications, IIS web site, and content databases. You can also configure the basic settings of web applications, such as enabling RSS feed for the site collections and specifying the upper limit for upload size of files.

Graphic
The Ribbon interface in the Web Applications Management page displays options categorized into Contribute, Manage, Security, and Policy. In this example, only the New option in the Contribute category is active. The page also displays details of the Web Applications in three columns Name, URL, and Port. In this example, the web applications listed are SharePoint 80 and SharePoint Central Administration v4.

Note
AAMs enable specified content to be available from multiple URLs.

Page 3 of 5: Application Management


The Site Collections subcategory enables you to manage the site collection. Using the appropriate subsection links, you can perform tasks such as creating site collections, deleting them from web applications, specifying quota templates, applying quotas, changing administrators, and enabling self-service. For example, if you want to create a site collection, you click the Create site collections link.

Graphic
The other subsection links available in the Site Collections subcategory are Delete a site collection, Confirm site use and deletion, Specify quota templates, Configure quotas and locks, Change site collection administrators, View all site collections, and Configure self-service site creation.

On the Create Site Collection page, you can specify a name, a description, and the URL; select a template; specify primary and secondary administrators; and select quota template for the site collection.

Graphic
The Create Site Collection page contains sections such as Web Application and Title and Description. The default web application selected is http://srv047:10662/.

Page 4 of 5: Application Management


Using the subsection links available in the Service Applications subcategory, you can manage service applications and specify associations between service applications and web applications. This association ensures that only the required services are running on each web application. To obtain a list of service applications configured for the SharePoint farm, you can click Manage service applications.

Graphic
In the Application Management page, the other links available in the Service Applications category are Configure service application associations and Manage services on server. The Manage Service Applications page that opens displays the details name, type, and status of the service applications running. The options available in the Ribbon interface on this page enable you to create, delete, and manage additional service application instances; associate the site with new service applications from other server farms; specify administrators; and configure general and share properties.

Graphic
The options available in the Ribbon interface on the Manage Service Applications page are grouped into three sections Create, Operations, and Sharing. In this example, the New and Connect buttons in the Create section are the only active options. The options available in the Operations section are the Delete, Manage, Administrators, and Properties buttons. The options in the Sharing section are the Publish and the Permissions buttons. The page displays details of service applications in columns Name, and Type.

Page 5 of 5: Application Management


You can use the Databases subcategory to perform all database-related tasks. Using the appropriate subsection links, you can manage the content databases for the web application, specify a default database server for storing new content databases, or set up the data retrieval service. For example, if you want to modify the properties of a content database, you click the Manage content databases subsection link.

Graphic
The other subsection links available in the Databases subcategory are Specify the default database server and Configure the data retrieval service. On the Manage Content Databases page, you can select the database by clicking it.

Graphic
In this example, only one content database is listed, which is WSS_Content. On the Manage Content Database Settings page that opens, you can set the status of the content database and check whether the database needs to be upgraded so that the database version and the SharePoint version match.

Graphic
The options to perform these tasks are available in the Database Information and Database Versioning and Upgrade sections. The page also displays a warning message stating that the page is not encrypted.

Page 1 of 5: General Application Settings


The General Application Settings category enables you to configure user interaction, client-side application interaction, and web application settings. There are five important subcategories in General Application Settings:

Graphic
The subcategory links are displayed in the General Application Settings page.

External Service Connections Site Directory SharePoint Designer Search, and Content Deployment

Page 2 of 5: General Application Settings


The options in the External Service Connections subcategory enable you to send and convert documents. This is particularly useful if you want to submit project documents to a client for

review. You can configure the settings for sending documents using the options in the Configure Send To Connections page. You open this page by clicking the Configure send to connections link.

Graphic
The other link in this subcategory is Configure document conversions. This page also enables you to specify how to route the document in the site collection. However, for the send document feature to work, the Content Organizer site collection feature should be enabled in the target site.

Graphic
The options that enable you to perform these tasks are organized into sections such as Web Application, Site Subscription Settings, and Send To Connections. By default, the web application selected in this example is http://srv047:10662//. The Allow sites to send to connections outside the site subscription checkbox is selected by default in the Site Subscription Settings section. In this example, New Connections is selected from the Send To Connections list box in the Send To Connections section. For your project, you might need to convert some documents from one format to another, for example XML to HTML. You can configure your web application to allow document conversions using the options available on the Configure Document Conversions page. You click the Configure document conversions link to open this page.

Graphic
The options in the Configure Document Conversions page are grouped into sections such as Web Application, Enable Document Conversions, Load Balancer Server, and Conversion Schedule. The Web Application section contains the web application http://srv047 selected by default. The Enable Document Conversions section contains two radio buttons Yes and No in the Enable document conversions for this site option. In this example, No is selected. The Load Balancer server drop-down box in the Load Balancer Server section shows None selected. The Conversion Schedule section contains the Minutes option, selected by default, and a text box for minutes with the default value of 1.

Page 3 of 5: General Application Settings


You can use the Site Directory subcategory to create a master site directory or to scan the site directory for broken links. You can click the Configure the Site Directory link and specify the settings on the Site Directory Settings page. In this page, you can also configure one of the sites to be the master site directory.

Note

A master site directory is a list of the site collections available in the farm. Because this list is created in a centralized location, you can save time and manage the collections better. Broken links can affect page accessibility and so need to be repaired. To identify broken links, you can click Scan Site Directory Links. On the Site Directory Links Scan page, you can configure the directory views to be scanned and automatically update site directory entries.

Graphic
The options that enable you to perform these tasks in the Site Directory Links Scan page are grouped into two sections Choose views to scan and Update Site Properties. If you want to add controlled support for SharePoint Designer to your web application, you can click the Configure SharePoint Designer settings link in the SharePoint Designer category. Using the options in the SharePoint Designer Settings page that opens, you can enable or disable SharePoint Designer use for the entire web application.

Graphic
The options available in the page are grouped into sections such as Web Application, Allow SharePoint Designer to be used in this Web Application, Allow Site Collection Administrators to Detach Pages from the Site Template, and Allow Site Collection Administrators to Customize Master Pages and Layout Pages.

Page 4 of 5: General Application Settings


Another subcategory in the General Application Settings category is Search. Using this subcategory, you can configure search settings at the farm level and manage crawler impact rules.

Graphic
The subsection links available in the Search subcategory are Farm Search Administration and Crawler Impact Rules. The Crawler Impact Rules page that opens when you click the Crawler Impact Rules link enables you to manage the crawler's effect on search performance. You can configure settings such as the maximum number of concurrent requests.

Graphic
In this example, there are no rules currently available. The page also contains the Add Rule button. Alternatively, if you click the Farm Search Administration link, the Farm Search Administration page opens. On this page, you can check and update the search settings

configured at the farm level, such as proxy server, time-out duration, and ignore SSL warnings. The page also displays the service applications related to Farm Search. You can click any of the service applications for more details about it, or click the Modify Topology link to view and update the search topology for the farm.

Graphic
The options that enable you to configure these settings are grouped into two sections FarmLevel Search Settings and Search Service Applications. The Farm-Level Search Settings section contains details such as Proxy server set as None in this example, Time-out (seconds) set as 60, 60 in this example, and Ignore SSL warnings set as No in this example.

Page 5 of 5: General Application Settings


The Content Deployment subcategory enables you to manage the deployment of site collection's content. This enables authoring in a test environment and publishing the content only when it is ready. To configure content deployment, you first need to click the Configure content deployment link and specify the server, security, temporary file, and reporting settings.

Graphic
The General Application Settings page shows the subsection links of the Content Deployment subcategory. The subsection links are Configure content deployment paths and jobs and Configure content deployment. Next you need to click the Configure content deployment paths and jobs link. On the Manage Content Deployment Paths and Jobs page that opens, you can set up one or more paths and jobs for deployment.

Note
While creating a new path, after specifying a name and description, you can select the web application and site collection that you want to deploy content from, and specify the location of the destination web application. You can also provide authentication and security information. The Check deployment of specific content link in the Content Deployment subcategory enables you to check the deployment status of objects. On the Content Deployment Object Status page that opens when you click the link, you can type the object's URL in the URL text box and click the Check Status button.

Graphic
Other than the URL text box, the Content Deployment Object Status page contains two sections Source Object Details and Destination Object Details both of which are empty in this example.

Page 1 of 5: System Settings

The System Settings category enables you to configure many farm-level settings. There are three subcategories within this category:

Graphic
The subcategory links are displayed in the System Settings page.

Servers E-Mail and Text Messages (SMS), and Farm Management

Page 2 of 5: System Settings


The Server subcategory enables you to manage the servers in the farm. When you click the Manage servers in this farm link, the Servers in a Farm page opens.

Graphic
The other subsection link available in the Servers subcategory is Manage services on server. The page displays the details of the servers in the farm. The details include the SharePoint Products installed on the server, services running on the server, status, and a Remove Server link. You can also click the server name link to manage the services on the server.

Graphic
The page contains a Farm Information section and a section containing the list of servers with their details in columns such as SharePoint Products Installed, Services Running, Status, and Remove Server. In this example, the Configuration database version used is 14.0.4762.1000, the server used is SQL034, and the database name is SharePoint_Config_Farm19. The list displays details of only the servers SQL034 and SRV047. If you need to start or stop any of the services running on each server, you can use the options available on the Services on Server page, which are displayed by clicking the Manage Services on server link. You can select the server and then check or change the status of the services.

Graphic
In this example, the services on the Server SP035 are displayed on the Services on Server page. The details are displayed in three columns Service, Status, and Action. The page also contains two drop-downs Server and View. In this example, the server selected in the Server drop-down is SP035, and the View selected is Configurable.

Page 3 of 5: System Settings


You use the subsection links in the E-Mail and Text Messages (SMS) subcategory when you want to configure alert notifications for the web applications.

Graphic
The subsection links available in the E-Mail and Text Messages (SMS) subcategory are Configure outgoing e-mail settings, Configure incoming e-mail settings, and Configure mobile account. For example, you might want to send alerts to users as e-mail notifications. In that case, you can specify the details of the SMTP server to be used in the Outgoing E-Mail Settings page, which is displayed when you click the Configure outgoing e-mail settings subsection link.

Graphic
The Outgoing E-Mail Settings page contains the Outbound SMTP server, From address, Replyto address text boxes, and the Character set drop-down list box. By default, 65001(Unicode UTF-8) is selected in the Character set drop-down list box. Additionally, if you want to enable sending text SMS, you can click the Configure mobile account link and specify the settings on the Mobile Account Settings page. To use the service, you need to enter the URL of the SMS service provider, user name, and password in the appropriate text boxes.

Graphic
You can enter these details using the URL of Text Message (SMS) Service, User Name, and Password text boxes. The page also contains a disabled Test Service button. This page also displays a warning that the page is not encrypted.

Page 4 of 5: System Settings


You use the Farm Management subcategory to configure settings for the complete farm. If you want to configure AAMs for the web applications, you can click the Configure alternate access mappings subsection link. On the Alternate Access Mappings page, you can configure Alternate Access Mappings, AAMs for short.

Graphic
In the System Settings page, the other subsection links available in the Farm Management subcategory are Manage farm features, Manage farm solutions, Manage user solutions, Configure privacy options, and Configure cross-firewall access zone.

Sometimes, you might want to enable or disable certain SharePoint features for the web application. You can do this in the Manage Farm Features page, which is displayed when you click the Manage Farm Features subsection link. If you have installed solution packages, you can use the Solution Management page that opens on clicking the Manage farm solutions link to deploy or retract solutions. If your web application contains user-created site collection solutions, you can manage them by using the Sandboxed Solution Management page. This page opens when you click the Manage user solutions link.

Graphic
The Sandboxed Solution Management page contains options such as the Blocked Solutions list box, which is currently empty; and the File text box, which is currently disabled.

Page 5 of 5: System Settings


If you want to configure your web farm to send information to Microsoft when an error occurs, you can click the Configure privacy options subsection link in the Farm Management category. On the Privacy Options page, you can sign up for the Microsoft Customer Experience Improvement Program or participate in error reporting. You can also use this page to specify the type of help that should be made available to users online help or help installed on the server.

Graphic
You can specify these settings by using the options grouped into sections such as Customer Experience Improvement Program and Microsoft Error Reporting. You can also manage the cross-firewall access zone in the SharePoint farm. You use the crossfirewall access zone when you want to send externally accessible URLs in alerts. Users can access these URLs from computers outside the farm or from their mobile devices. You can configure these settings in the Cross Firewall Access Zone page when you click the Configure cross-firewall access zone subsection link.

Graphic
To configure these settings, you can use the options in the two relevant sections Web Application and Cross Firewall Access Zone. By default, (none) is selected in the Zone selection for cross firewall access drop-down list box in the Cross Firewall Access Zone section. The page also contains the OK button.

Question Set

Learning which management feature of SharePoint 2010 Central Administration to use for various scenarios takes time. Answer these practice questions to review how you're progressing.

Question 1 of 3
Question

You are setting up access rights to your web site for a new group of vendors. You need to use AAMs for your web site so that the Vendors can access your site from a different URL. To enable this, which management feature should you use? Options:
1. Application Management 2. General Application Settings 3. System Settings Answer

Option 1: This option is correct. The Web application management feature, represented by the Application Management category, enables you to specify AAMs. You can configure many basic settings for web applications by using the subsection links available in this category. Option 2: This option is incorrect. The user interaction configuration feature, represented by the General Application Settings category, enables you to configure user interaction, client-side application interaction, and web application settings. Option 3: This option is incorrect. The farm-level settings configuration feature, represented by the System Settings category, enables you to manage servers in the farm and services on the servers. Correct answer(s): 1. Application Management

Question 2 of 3
Question

Some of your project documents might need to be converted from XML to HTML format. You need to enable this in your web application. Which management feature should you use for this? Options:

1. Application Management 2. General Application Settings 3. System Settings Answer

Option 1: This option is incorrect. The Web application management feature, represented by the Application Management category, only enables you to configure basic settings for web applications. Option 2: This option is correct. The user interaction configuration feature, represented by the General Application Settings category, enables you to allow document conversions in the web application. Option 3: This option is incorrect. The farm-level settings configuration feature, represented by the System Settings category, enables you to manage servers in the farm and services on the servers. Correct answer(s): 2. General Application Settings

Question 3 of 3
Question

You want to ensure that users of your web application can choose to receive notifications when the contents of the application change. Which management feature should you use to accomplish this? Options:
1. Application Management 2. General Application 3. System Settings Answer

Option 1: This option is incorrect. The Web application management feature, represented by the Application Management category, enables you to configure only basic settings for web applications. Option 2: This option is incorrect. The user interaction configuration feature, represented by the General Application Settings category, enables you to configure user interaction, client-side application interaction, and web application settings.

Option 3: This option is correct. The farm-level settings configuration feature, represented by the System Settings category, enables you to configure e-mail and SMS text alert creation. Correct answer(s): 3. System Settings

3. Maintenance features
The other high-level Central Administration category in SharePoint 2010 is maintenance. Using the various subsection links available in this category, you can monitor the farm status, control security settings, perform backups, and upgrade SharePoint.

Drill Down Home Page


There are four categories within the maintenance high-level category.

Page 1 of 5: Security
The Security category enables you to manage the user, policy, and global security settings. There are three subcategories within the Security category:

Graphic
These subcategory links are displayed in the Security page. The subsection links available in the Users subcategory are Manage the farm administrators group, Approve or reject distribution groups, and Specify web application user policy. The subsection links available in the General Security subcategory are Configure managed accounts, Configure service accounts, Configure password change settings, Specify authentication providers, Manage trust, Manage antivirus settings, Define blocked file types, Manage web part security, and Configure self-service site creation. The Information policy subcategory contains two subsection links Configure information rights management and Configure information Management Policy.

Users General Security, and Information policy

Page 2 of 5: Security
The Users subcategory enables you to configure access permissions for farm administrators. When you click the Manage the farm administrators group link, the People and Groups page is displayed. On this page, you can add new administrators, change rights, send e-mail to or call users, or remove administrators from the group.

If you need to manage the distribution groups for incoming e-mail messages, you can use the options available on the Approved Distribution Groups page, which is displayed by clicking the Approve or reject distribution groups subsection link.

Graphic
The Distribution Groups Approved Distribution Groups page is empty in this example, as there are currently no distribution groups. The page contains an Add new item button and the columns Title, Alias, Owner E-Mail, and Description to display the groups' details. Instead of giving permissions to users at the farm level, you can configure them at the web application level by using the options on the Policy for Web Application page. This page opens when you click the Specify web application user policy link. You can add users and groups, manage users, and assign full control, full read, deny write, or deny permissions to users.

Graphic
You can perform these tasks by using the Add Users, Delete Selected Users, and Edit Permissions of Selected Users buttons. The page also displays a list of users with their details in four columns Zone, Display Name, User Name, and Permissions.

Page 3 of 5: Security
The General Security subcategory enables you to configure farm security and accounts. For this, you can use the various subsection links available in this subcategory. To register managed domain accounts, you can use the Configure managed accounts link. If you need to manage the credentials used in the farm and the services available, you can use the Configure service accounts link. You can also configure the password change notification settings for the managed accounts that you registered using the Configure password change settings link. To obtain a list of authentication providers, for the web application, you can use the Specify authentication providers link. Using this link you can also enable or disable anonymous access to the sites on each server.

Page 4 of 5: Security
If you have enabled inter-farm resource accessibility using trusts, you can use the Manage trust link. Using this, you can create or modify trusts. You may need to use the Manage antivirus settings link if you've configured an antivirus scanner to check and clean documents uploaded and downloaded to the farm. You use the Defined blocked file type link if you want to specify that certain file types shouldn't be added to individual web applications in the farm. Sometimes, you might use web parts in your

web application to modify web pages directly from the browser. In such cases, you can use the Manage web part security link to manage the web parts in the site collection. If you want to enable or disable self-service site creation in individual web applications, you can use the Configure self-service site creation link.

Page 5 of 5: Security
Information Rights Management or IRM helps prevent important files and documents from being misused or distributed. You can configure IRM using the Configure information rights management link in the Information Policy subcategory. To configure the IRM policies for the farm, you can use the Configure Information Management Policy link.

Page 1 of 2: Upgrade and Migration


Using the Upgrade and Migration category, you can upgrade SharePoint, add licenses, and enable enterprise features. This category contains one subcategory Upgrade and Patch Management. If you want to convert a trial version of SharePoint to a licensed version, you can use the Convert farm license type link. And if you want to convert the features of the currently installed SharePoint from Standard to Enterprise, you can use the Enable Enterprise Features link. However, the conversion is irreversible.

Page 2 of 2: Upgrade and Migration


You can use the Enable Features on Existing Sites link if you need to convert the features of existing sites. If you want to check the current patch level of the components and products on the server, you can use the Check product and patch installation status link. To obtain a status report on the databases connected to the farm and their type, you can use the Review database status link. And if you want the latest status of any upgrade sessions, you can use the Check upgrade status link.

Page 1 of 5: Monitoring
You use the Monitoring category to obtain status information about your web farm. Using the various subsection links, you can check and report the functioning of the web farm. The Monitoring category includes three subcategories:

Graphic

The subcategories are listed in the Monitoring page. The subsection links in the Health Analyzer subcategory are Review problems and solutions and Review rule definitions. The subsection links in the Timer Jobs subcategory are Review job definitions and Check job status. The Reporting subcategory contains the subsection links View administrative reports, Configure diagnostic logging, Review Information Management Policy Usage Reports, View health reports, Configure usage and health data collection, and View Web Analytics reports.

Health Analyzer Timer Jobs, and Reporting

Page 2 of 5: Monitoring
SharePoint 2010 has a new rule-based tool, called the Health Analyzer feature, which is also known as the Best Practices Analyzer. It checks the SharePoint components and settings against a rule bank and displays a notice on the Home page when issues are found. The color of the notice bar indicates the severity of the issues yellow for medium and red for high. You can check the details of the issues on the Review problems and solutions page, which you open by clicking the View these issues link on the notice bar. The same page can also be accessed by clicking the Review problems and solutions subsection link in the Health Analyzer subcategory. If you want to check or modify the rules that the Health analyzer uses, you can use the Review rule definitions link.

Page 3 of 5: Monitoring
The Timer Jobs subcategory enables you to create and review timer jobs. These tasks are scheduled to run automatically. You can use the Review job definitions link to analyze the tasks defined for the farm. To view all of the tasks scheduled for the farm and their status when they were last run, you can click the Check job status link.

Page 4 of 5: Monitoring
Reports are the most important input for monitoring. You can obtain various reports by using the subsection links in the Reporting subcategory. To open the library of performance reports, you click the View administrative reports link. To customize the way that SharePoint events are logged in your farm, you can use the Configure diagnostic logging link. On the Diagnostic Logging page that opens, you can configure settings for individual categories.

If you want to configure the information management policy usage reports, you can use the Review Information Management Policy Usage Reports link.

Page 5 of 5: Monitoring
If you need to quickly find how the pages of a web farm are performing and who is using the farm, you can use the View health reports link. You can also configure SharePoint to track web usage and log the occurrence of selected events to enable analysis by using the Configure usage and health data collection link. If you just want to check the traffic in the web applications or obtain the search and inventory statistics, you can click the View Web Analytics reports link.

Page 1 of 3: Backup and Restore


With the Backup and Restore category, you can perform granular backup and recovery operations. You can also view history and status details of the operations. The Backup and Restore category contains two subcategories:

Graphic
These categories are displayed on the Backup and Restore page. The subsection links available in the Farm Backup and Restore subcategory are Perform a backup, Restore from a backup, Configure backup settings, View backup and restore history, and Check backup and restore job status. The Granular Backup subcategory contains the subsection links Perform a site collection backup, Export a site or list, Recover data from an unattached content database, and Check granular backup job status.

Farm Backup and Restore and Granular Backup

Page 2 of 3: Backup and Restore


The Farm Backup and Restore subcategory contains two subsection links. Using the subsection links, you can perform high-level backups or restore data by using the backups. Sometimes, for security reasons, you might want to change the default location of the backup log files. The View backup and restore history link enables you to do this. It also enables you to check the history of backup and restore operations. If you want to check the status of recent or previous backup and restore operations, you can use the Check backup and restore job status link.

Page 3 of 3: Backup and Restore

The subsection links in the Granular Backup subcategory enable you to perform a backup and export at the granular level. You can backup the contents of an entire site collection by using the Perform a site collection backup link. If you want to backup the contents of a site or list, complete with full security and a choice of version history information, you can use the Export a site or list link. If you want to specifically choose the site content that is to be restored from an independent content database, you can use the Recover data from an unattached content database link. And to view the status of the granular backup operations content export or site collection backup you can use the Check granular backup job status link.

Question
Match the maintenance features of SharePoint 2010 Central Administration with their descriptions. Options:
1. 2. 3. 4. Security Upgrade and Migration Monitoring Backup and Restore

Targets:
1. 2. 3. 4. Enables you to manage the user, policy, and global security settings Enables you to upgrade SharePoint, add licenses, and enable enterprise features Enables you to check and report the functioning of the web farm Enables you to perform granular backup and recovery operations

Answer
By using the subcategories, you can configure access permissions for farm administrators, configure farm security and accounts, and configure IRM. By using the available subsection links, you can convert license types, enable the enterprise features, and check the current patch level of the components and products. You can use the various subcategories and subsection links to check and report the functioning of the web farm. You can use the various subcategories and subsection links to perform high-level and granular backup and restore operations. You can also view history and status details of the operations. Correct answer(s):

Target 1 = Option A Target 2 = Option B Target 3 = Option C Target 4 = Option D

Summary
The interface of SharePoint 2010 Central Administration has been completely revamped and is very different from Central Administration in SharePoint 2007. Although different, it is easy to use as the links and pages are now logically grouped into eight categories. Each category contains various subcategories and subsection links. In addition, the general look and feel of Central Administration is also very similar to Control Panel in Windows Vista making it easy to navigate and use. The eight categories can be divided into two high-level categories management and maintenance. The management category contains three subcategories Application Management, General Application Settings, and System Settings. The maintenance category contains four subcategories Security, Upgrade and Migration, Monitoring, and Backup and Restore.

Table of Contents

Using the Central Administration Interface


Learning Objective
After completing this topic, you should be able to

determine which Central Administration category to utilize for a given scenario

Exercise overview
In this exercise, you're required to determine which Central Administration category to utilize for a given scenario. This involves identifying the appropriate categories for each scenario.

Identifying the appropriate categories


You are a system administrator. Your organization uses SharePoint for online business collaboration with clients and employees.

Your organization recently upgraded from SharePoint 2007 to SharePoint 2010, and you are responsible for configuring the settings in SharePoint 2010 Central Administration for your organization's web site.

Question
Some of the existing site collections need to be removed from your organization's web application. Instead, you want to add new site collections. You also want to enable self-service in the new site collections. Which SharePoint 2010 category enables you to do these? Options: 1. 2. 3. 4. Application Management General Application Settings System Settings Monitoring

Answer
Option 1: This option is correct. The Application Management category enables you to manage site collections and databases. To create site collections and enable self-service, you can use the various subsection links in the Site Collections subcategory. Option 2: This option is incorrect. The General Application Settings category enables you to configure user interactions, client-side application interactions, and web application settings. Option 3: This option is incorrect. The System Settings category enables you to configure farmlevel system settings. Using the various subcategories and subsection links, you can manage the servers in the farm, manage the services on the server, configure E-Mail and SMS alert notifications, and configure AAMs. Option 4: This option is incorrect. The Monitoring category enables you to obtain status information about your web farm. You can use the various subcategories and subsection links to check and report the functioning of the web farm. Correct answer(s): 1. Application Management

Question
You want to create a master site directory for your web farm to ensure that you can manage the site collections better.

Identify the SharePoint 2010 category that enables you to do this. Options: 1. 2. 3. 4. Application Management General Application Settings System Settings Upgrade and Migration

Answer
Option 1: This option is incorrect. The Application Management category enables you to centrally manage web and service applications. It also enables you to manage site collections and databases. Option 2: This option is correct. The General Application Settings category enables you to configure user interactions, client-side application interactions, and web application settings. By using the various subcategories and subsection links, you can manage the site collections. Option 3: This option is incorrect. The System Settings category enables you to configure farmlevel system settings. Using the various subcategories and subsection links, you can manage the servers in the farm, manage the services on the server, configure E-Mail and SMS alert notifications, and configure AAMs. Option 4: This option is incorrect. The Upgrade and Migration category enables you to upgrade SharePoint, add licenses, and enable enterprise features. Using the available subsection links, you can convert license types, enable the enterprise features, and check the current patch level of the components and products. Correct answer(s): 2. General Application Settings

Question
You use several servers for your web application. You want to check the status of the various services running on the servers. Identify the SharePoint 2010 category that enables you to do this. Options: 1. General Application Settings 2. System Settings 3. Security

4. Monitoring

Answer
Option 1: This option is incorrect. The General Application Settings category enables you to configure user interactions, client-side application interactions, and web application settings. Option 2: This option is correct. The System Settings category enables you to manage the servers in the farm, manage the services on the server, configure E-Mail and SMS alert notifications, and configure AAMs. Option 3: This option is incorrect. The Security category enables you to manage the user, policy, and global security settings. Option 4: This option is incorrect. The Monitoring category enables you to obtain status information about your web farm. You can use the various subcategories and subsection links to check and report the functioning of the web farm. Correct answer(s): 2. System Settings

Question
You want to configure user permissions for your Web application. You need to create groups, add users to groups, and specify access permissions for the users. And you want to perform these tasks at the web application level. Which SharePoint 2010 category enables you to accomplish this? Options: 1. 2. 3. 4. Security Upgrade and Migration Monitoring Backup and Restore

Answer
Option 1: The Security category enables you to manage the user, policy, and global security settings. Option 2: The Upgrade and Migration category enables you to upgrade SharePoint, add licenses, and enable enterprise features. Using the available subsection links, you can convert license types, enable the enterprise features, and check the current patch level of the components and products.

Option 3: The Monitoring category enables you to obtain status information about your web farm. You can use the various subcategories and subsection links to check and report the functioning of the web farm. Option 4: The Backup and Restore category enables you to perform granular backup and recovery operations in the web farm. You can also use this category to view history and status details of the backup and restore operations. Correct answer(s): 1. Security

Question
Your organization decides to convert from the Standard edition of SharePoint 2010 that is currently installed to the Enterprise edition. Which SharePoint 2010 category enables you to perform this conversion? Options: 1. 2. 3. 4. Upgrade and Migration Monitoring Security Backup and Restore

Answer
Option 1: This option is correct. The Upgrade and Migration category enables you to upgrade SharePoint, add licenses, and enable enterprise features. Using the available subsection links, you can convert license types, enable the enterprise features, and check the current patch level of the components and products. Option 2: This option is incorrect. The Monitoring category enables you to obtain status information about your web farm. You can use the various subcategories and subsection links to check and report the functioning of the web farm. Option 3: This option is incorrect. The Security category enables you to manage the user, policy, and global security settings. Option 4: This option is incorrect. The Backup and Restore category enables you to perform granular backup and recovery operations in the web farm. You can also use this category to view history and status details of the backup and restore operations. Correct answer(s):

1. Upgrade and Migration

Question
Your organization recently upgraded from SharePoint 2007 to SharePoint 2010, and you've been asked to monitor whether the web farm is functioning properly after the migration of content. Identify the SharePoint 2010 category that enables you to do this. Options: 1. 2. 3. 4. Monitoring Security Upgrade and Migration Backup and Restore

Answer
Option 1: The Monitoring category enables you to obtain status information about your web farm. You can use the various subcategories and subsection links to check and report the functioning of the web farm. Option 2: The Security category enables you to manage the user, policy, and global security settings. Option 3: The Upgrade and Migration category enables you to upgrade SharePoint, add licenses, and enable enterprise features. You can also check the current patch level of the components and products. Option 4: The Backup and Restore category enables you to perform granular backup and recovery operations in the web farm. You can also use this category to view history and status details of the backup and restore operations. Correct answer(s): 1. Monitoring

Question
Before breaking for lunch, you had started a few backup and restore operations. You now want to check how many of these operations are complete and how many have stopped. You also want to compare this information with previous backup and restore operations. Which SharePoint 2010 category enables you to accomplish these? Options:

1. 2. 3. 4.

Monitoring Backup and Restore General Application Settings Application Management

Answer
Option 1: This option is incorrect. The Monitoring category enables you to obtain status information about your web farm. You can use the various subcategories and subsection links to check and report the functioning of the web farm. Option 2: This option is correct. The Backup and Restore category enables you to perform granular backup and recovery operations in the web farm. You can also use this category to view history and status details of the operations. Option 3: This option is incorrect. The General Application Settings category enables you to configure user interactions, client-side application interactions, and web application settings. Option 4: This option is incorrect. The Application Management category enables you to centrally manage web and service applications. It also enables you to manage site collections and databases. Correct answer(s): 2. Backup and Restore

Table of Contents

Job Aid SSA Architecture Variations and Benefits


Purpose: Use this Job Aid to learn about the differences between the architectures of SSPs and SSAs. SharePoint 2010 has some new elements and components, which help to overcome difficulties such as redundancy and service-sharing that were faced while using SharePoint 2007. Services in SharePoint 2007 were implemented with the help of Shared Service Providers or SSPs. But you cannot use the services of one SSP for another SSP. So each SSP has to have its own set of services and applications, which increases redundant data in the farm. For example, different managers in the same organization use a SharePoint IIS application to maintain official data associated with an SSP. This SSP is associated with different services,

such as Search service, BDC service, and a user profile service. The finance manager in this organization requests an exclusive user profile service to maintain financial data security. To provide this, you first need to create a separate SSP for the finance manager and then a separate service called user profile service - finance. Next, you need to associate the SSP with the service and configure the user profiles service for the manager. However, when you do this, the finance manager will not be able to access the Search service and BDC service. So you need to associate the Search service and the BDC service for this SSP as well. If there are numerous similar requests, then it will lead to data redundancy.

SharePoint 2007 architecture In SharePoint 2010, this redundancy and service-sharing issue is resolved because SSPs are replaced by Shared Service Applications or SSAs. Commonly known as service applications, SSAs allow services to be shared across farms and web applications. Suppose that the organization that uses SharePoint 2007 for maintaining department data were to upgrade to SharePoint 2010. SharePoint 2010 would contain a web application, WebApp1, connected to a User Profile and services such as Search service and BDC service. The finance manager's request for an exclusive user profile service would now be implemented differently. You would create a web application, WebApp2, and provide a user profile service application exclusively for this web application. Then, you would be able to associate the web application with all service applications shared across the web application. So the finance manager would be able to access the other service applications in addition to using the new service application, which eliminates the scaling issues that exist with SSPs.

Services in SharePoint 2010 Besides these differences in their ability to share services, the architectures of SSP and SSA have many other differences, as listed in the Differences between the SSA and SSP architectures table. Differences between the SSA and SSP architectures Feature SSP architecture SSA architecture Services are present in the form of Each SSP has its own set of services and service applications that can be Service applications. You can't share services shared across web applications in a sharing between two SSPs. So you need to farm, and some of them can even be configure new services for every new SSP. shared across farms. Each web application can only be You can associate the same web associated with a single SSP, so the same application with multiple SSAs, Configuration services need to be configured for every which provides flexibility in SSP. This causes redundancy, duplication configuration. of services, and major scaling issues. It is easy to manage an isolated SSPs It is difficult to manage an SSA Environment environment, because each SSP has its own environment because of shared set of services and applications. services. Besides providing service applications, SSAs provide several other benefits. SSAs

reduce incompatibilities that may be faced while administering SharePoint 2007, because service applications are part of all products in SharePoint 2010, including SharePoint Foundation allow services to be shared across farms and reduce redundancy, and

make configuration flexible, because service applications have a many-to-many relationship with web applications

Course: Core Configuration for SharePoint 2010 Topic: Service Application Architecture Copyright 2010 SkillSoft. All rights reserved. SkillSoft and the SkillSoft logo are trademarks or registered trademarks of SkillSoft in the United States and certain other countries.

Configuring Multi-Tenant Hosting


Purpose: Use this Job Aid to learn about the steps to configure multi-tenant hosting. If you have two or more site collections hosted on the same web application, you can set up multi-tenant hosting. If, for example, four site collections exist on a web application, you can follow some steps to configure multi-tenant hosting on this web application: First, you need to create a site subscription such as $stsp on the web application, and assign the required sites that exist on the web application.
$stsp = new-spsitesubscription $stsp

Then, you need to add all site collections you want to include in the site subscription, for example, you may include the site collection, $stcol
get-spsite $stcol = get-spsite | where {$_.url -eq "http://earthfarm"} $ stcol

After that, you need to add the site collection $stcol to the newly created site subscription $stsp, and check if it is added correctly.
set-spsite -identity $stsp -sitesubscription $stcol get-spsitesubscription

With a database ID, you can type this command to get the results of the associated site collection.
get-spdatabase | where-object {$_.id -match "full or partial ID"}

Similarly, you can create another site subscription and associate with it a different site collection that exists in the same web application. To associate the created site subscription to a different site collection you need to first create a SubscriptionSettings Service Application and Proxy in two steps, by starting the WSS

Subscription Settings Service and creating the Service Application and Proxy by using PowerShell.
$appPool = New-SPServiceApplicationPool -Name SettingsServiceApppool -Account domain\username $srvapp = new-spsubscriptionsettingsserviceapplication Name SubscriptionSettingsServiceApplication Databasename SubscriptionSettingsServiceApplicationDB applicationpool appPool $srvapp = new-SPSubscriptionSettingsSericeApplicationProxy ServiceApplication $srvapp

You then need to create the tenant administration site for each site group.
$stsp = get-spsitesubscription identity "http://server" $tasite = new-spsite url "http://earthfarm/sites/tasite1" template "tenantadmin#0" owneralias domain\username sitesubscription $stsp AdministrationSiteType tenantadministration

After creating a tenant administration site, you need to create a service application in hosting mode by using Powershell, but you also need to remember to append the Paritioned parameter to the following cmdlets.
new-spmysearchserviceapplication new-spmysearchserviceapplicationproxy

Finally, you need to configure features that you want for your site subscription with these steps:

create a feature pack specific to a site subscription

$FP = new-spsitesubscriptionfeaturepack

add features that you want the associated site group to have to the feature pack that you have just created

Get-spsitefeature $feature = get-spsitefeature 530b81f9-e008-41f4-b3c3-9246b7eb3577

In this command, $feature is a variable for storing the feature id 530b81f9-e008-41f4-b3c39246b7eb3577.

add the feature as a member of the feature pack you created earlier, and confirm it with $fp command

Add-SPtSpFeaturePackMember -Identity $fp -FeatureDefinition $feature

assign the feature pack to the site subscription "StSp"

Set-SPStSpConfig -identity $stsp1 -featurepack $fp

Course: Core Configuration for SharePoint 2010 Topic: Service Application Architecture Copyright 2010 SkillSoft. All rights reserved. SkillSoft and the SkillSoft logo are trademarks or registered trademarks of SkillSoft in the United States and certain other countries.

Creating and Configuring Excel Services


Purpose: Use this aid to learn about the steps to create and configure an Excel Services service application. Instructions for use: To use this tool, When you create an Excel Services service application, it is added to the default group. After this, all web applications accessing the default group can use Excel Services. Also, the database associated with the service application is automatically generated. You may create one or more Excel Services service applications. However, it is recommended that you use a single Excel Services service application unless it is extremely important to have more. To create an Excel Services service application, you can follow these steps in Central Administration: 1. click Manage Service Applications under the Application Management section 2. select New - Excel Services 3. specify a name for the application in the Name box on the Create New Excel Services Service Application page 4. select an application pool in two ways, select an existing application pool or create a new application pool by creating a managed account and specifying a domain user account for it 5. select the Add the proxy for this Service Application to the farm's default proxy group checkbox to add the service application connection to the default service connection group, and 6. save settings to view the new service application on the Manage Service Applications page After creating an Excel Services service application, you can configure its settings. For this, you 1. Click Excel Services in the list of service applications on the Manage Service Applications page. 2. Click Global Settings on the Manage Excel Services page.

3. Specify a file access method and specify whether encryption for connection between Excel Services and the client computer and cross-domain access of files is enabled in the Security section. 4. Select a scheme for load balancing sessions in the Load Balancing section. 5. Specify the number of Excel Services sessions that a user is allowed for Excel Calculation Services in the Maximum Sessions Per User text box in the Session Management section. 6. In the Memory Utilization section, you need to specify three values. First maximum number of megabytes that an Excel Calculation Services process can use in the Maximum Private Bytes text box. Second number of bytes for inactive objects in the Maximum Cache Threshold text box, which will be released if threshold is reached. Third the time for inactive objects to remain in cache In the Maximum Unused Object Age text box. 7. Finally, in the External Data section, you need to specify the time for which a connection remains active and the application ID from the Secure Store Service in the Application ID text box. Course: Core Configuration for SharePoint 2010 Topic: Office Services in SharePoint 2010 Copyright 2010 SkillS

Configuring Visio Graphics Services


Purpose: Use this job aid to learn about the steps to configure Visio Graphics Service by using Central Administration and PowerShell. Instructions for use: To use this tool, You can configure Visio Graphics Service by using Central Administration. You need to first click Manage Service Applications under the Application Management section and then click Visio Graphics Service in the list of service applications. Then, you need to specify these values on the Visio Graphics Service Settings page: 1. maximum size for web drawings in the Maximum Diagram Size text box; a large size may lead to slow performance and a small size may prevent complex diagrams 2. minimum time in minutes, in the Minimum Cache Age text box, for which a web drawing should stay in cache; smaller values are good for frequent refreshing of data but increase the CPU utilization on the server 3. time, in the Maximum Cache Age text box, after which web drawings are dumped out of cache 4. time, in the Maximum Recalc Duration text box, after which the data connected web drawings are refreshed, and

5. application ID from the Secure Store Service to reference Unattended Service Account credentials in the External Data section After specifying these settings, you need to save them by clicking OK. You can also configure Visio Graphics Service using PowerShell. For that, you first need to access PowerShell by clicking Start - All Programs - Microsoft SharePoint 2010 Products SharePoint 2010 Management Shell. Then, at the command prompt, you need to type commands for two tasks:

manage performance parameters with this code and press Enter

Set-SPVisioPerformance -MaxDiagramCacheAge <Minutes> -MaxDiagramSize <SizeMB>-MaxRecalcDuration<Seconds>-MinDiagramCacheAge<Minutes>VisioServiceApplication<VisioServiceApplication>

manage data configuration parameters with this code and press Enter

Set-SPVisioExternalData -VisioServiceApplication <VisioServiceApplication> UnattendedServiceAccountApplicationID <ApplicationID>

Course: Core Configuration for SharePoint 2010 Topic: Office Services in SharePoint 2010 Copyright 2010 SkillSoft. All rights reserved. SkillSoft and the SkillSoft logo are trademarks or registered trademarks of SkillSoft in the United States and certain other countries. | Print | Contents | Close |

The UNIX systems administrator role


Learning objective
After completing this topic, you should be able to connect the role of the systems administrator with the responsibilities of superuser privileges.

1. Administrative duties and skills


Systems administrators have the task of maximizing users' interaction with the system while managing security, resources, and maintaining standards. Although administrative responsibilities depend on seniority and network size differing widely from site to site and company to company they typically include

maintenance documentation support and troubleshooting vendor liaising customization monitoring backups

maintenance Administrators need to perform hardware and software maintenance for client computers and servers. When adding or replacing hardware, you need to update the system accordingly. When you want to install new software, you need to test it first and then deploy it. documentation For maintaining and troubleshooting a system, you need to document its

policies procedures cabling layout hardware additional software backups

support and troubleshooting You need to provide support for users, as well as troubleshoot any problems that may occur. You also need to regularly perform user account maintenance adding new and disabling obsolete user accounts, updating user details, and resetting passwords that users have forgotten. These duties often require the greatest administration time. vendor liaising Based on the system's performance and requirements, you may need to help determine what hardware or software to buy and the vendor to use. customization You may need to customize the system for user and administrative use. For example, you might customize scripts and services, modify system messages, or develop a custom kernel. monitoring As an administrator, you need to conduct daily checks of system services such as file sharing, Internet, and e-mail. You also need to monitor log files, security settings, resource usage, and user activity to ensure optimal system performance. backups Making and restoring data backups is a crucial administrative task. Although this process may be automated or delegated, it is vital to maintain current backups in case of a system

crash or user error. You should also perform these backups regularly to remove outdated files that can consume resources. Although an administrator is rarely responsible for backing up user data on users' nonnetwork-accessible local disks, you may need to develop and implement procedures for users to do this for themselves. Administrators provide input about hardware and software purchases but generally these decisions are made by business management. Similarly, administrators may advise on an IT policy and help to draft and implement it, but its approval is usually made by management. Certain specialized tasks such as high-level database administration are normally performed by consultants and not systems administrators.

Question
What are the typical responsibilities of a systems administrator? Options: 1. 2. 3. 4. 5. Approving software purchases Backing up users' local disk contents Monitoring system resource usage Resetting users' passwords Troubleshooting malfunctioning devices

Answer
As a systems administrator, you are typically responsible for checking resource usage, resetting user passwords, and maintaining and troubleshooting hardware. Option 1 is incorrect. Although administrators will often provide input on the software and hardware to purchase, management is usually responsible for approving these purchases. Option 2 is incorrect. Backing up data is a common administrative task, but you typically do not perform the backups of data stored on users' local disks. Option 3 is correct. You need to monitor a system's log files, security settings, resource usage, and user activity to maintain system performance. Option 4 is correct. You need to create, delete, disable, and maintain user accounts as well as reset forgotten passwords.

Option 5 is correct. Administrators need to perform hardware and software maintenance as well as set up new installations. Effective system administration requires numerous skills. Most importantly, an administrator needs to have good planning skills and be diligent about repetitive yet crucial maintenance tasks. Systems administrators in general need to have the following skills:

communication document administration technical knowledge knowledge of security principles and practice

communication Dealing with users and business management on a daily basis requires good communication abilities. Administrators often also need to train others in how to use the system software and hardware. document administration Documentation is vital for users to work effectively with the system as well as for administrators to troubleshoot problems that may occur. Administrators need to have skills in writing and formatting documentation making it available in standard formats such as man pages or HTML files. technical knowledge An administrator needs to have good general technical knowledge for installing and troubleshooting hardware and software and providing and maintaining the required services. knowledge of security principles and practice Security is a major concern, especially for networked systems, and you should be able to establish security practices suited to the network's vulnerabilities. You need to monitor the policies you design and ensure their enforcement. UNIX systems administrators particularly need to have command-line expertise. They need familiarity with the UNIX commands and utilities as well as its text editors such as vi and emacs. For example, you should be able to create local man pages for customized documentation. To administer UNIX systems, you should be knowledgeable about shell programming as well as be familiar with programming languages such as Perl, TCL, and C. Having programming initiative can help you to anticipate problems and determine which tasks to automate. If you are administering a heterogenous network consisting of UNIX and Windows computers, you need to also be familiar with Windows networking protocols and services such as NetBEUI, NetBIOS, and Windows domains.

Question

Identify the system aspects you need to know if you are responsible for administering only UNIX computers. Options: 1. 2. 3. 4. NetBEUI Perl Shell programming Text editors

Answer
To manage UNIX computers, you should have some familiarity with programming languages such as Perl, and you should know how to use program shells and work with text editors. Option 1 is incorrect. NetBEUI is a Windows networking protocol, so you need to be familiar with it only if you are managing a network consisting of UNIX and Windows computers. Option 2 is correct. Having knowledge of Perl and C can help you with the automation of tasks. Option 3 is correct. To administer a UNIX system, you need to be comfortable with shell and command-line programming as well as have a good general knowledge of hardware installations and troubleshooting. Option 4 is correct. You need to be able to work with UNIX text editors such as vi and emacs. With these, you can customize documentation for local man pages.

2. Types of UNIX systems administrator


System administration duties can be assigned to many people. The number of users and computers that need managing determines how many administrators are required. So a large site consisting of more than 100 computers and users should have a hierarchy of systems administrators, where some are more senior than others. Administrators are categorized according to their skill levels into the following types:

Novice Junior Intermediate Senior

Novice A novice administrator has a working knowledge of UNIX and is usually responsible for logging the errors that users may encounter.

The novice may perform standard network duties such as monitoring the system under supervision. Junior The junior administrator manages smaller sites or helps senior administrators with larger sites. This level is knowledgeable of most UNIX commands and is familiar with many administrative tools. The junior performs standard security procedures with supervision from more senior system administrators. Intermediate An intermediate administrator or advanced administrator manages a medium sized site or helps more senior administrators with larger sites. Intermediate administrators often supervise novices as well as helping to plan the expansion and configuration of a network. These administrators are the first to troubleshoot system damage and intrusions. Senior No matter how many administrators are involved in a system, a network requires a minimum of one senior administrator. This is the highest administrative level, managing large LANs and WANs. These administrators liaise with business management and recommend the purchasing of network resources. The senior administrator usually helps to develop the policies and protocols for the system. This level also provides technical guidance to less senior administrators and programmers.

Question
Match each type of UNIX systems administrator with their typical responsibility. Options: 1. 2. 3. 4. Intermediate Junior Novice Senior

Targets:

1. 2. 3. 4.

Carries out standard security procedures Logs errors that users encounter Performs initial investigation of system intrusions Recommends IT purchases

Answer
The junior carries out standard security procedures and the intermediate performs the initial investigation of system intrusions. The novice logs errors that users encounter and the senior recommends IT purchases. The intermediate administrator manages a medium sized site, supervising novice administrators, and is the first to handle system intrusions. The junior administrator is knowledgeable of most UNIX commands and performs standard security procedures under supervision. The novice is the lowest administrative level, recording the errors users may encounter and performing system monitoring under supervision. Senior administrators are the highest administrative level, recommending IT resource purchases and helping establish system guidelines.

3. Root account and superuser privileges


Permissions in UNIX determine which files and processes a user can access, and what types of access they are allowed. This ensures a high level of security on a multi-user system or network. The root account "owns" the system files and processes so only this account has the permissions to make system-wide configuration changes to the system. Many administrative commands and tools that you need to use require that you log in with the root account. While logged in as root, an administrator has access to all commands and can perform every administrative task required on the machine. These include

changing the filesystem adding or deleting users installing systemwide programs setting system defaults

The system does not log the operations you perform while using the root account. This can be problematic when attempting to troubleshoot the system configuration.

Similarly, by logging in with the root account, the system cannot provide information about the user's identity. This makes it difficult to track responsibility of the actions performed with the root account or trace unauthorized usage of the account.

Question
Identify the features of the root account. Options: 1. 2. 3. 4. Enables the facility for user account deletion Logs operations you perform Owns the system files and processes Provides access to most system commands

Answer
The root account enables you to delete user accounts and it owns the system files and processes. Option 1 is correct. With root account privileges you can add or delete user accounts as well as configure system defaults. The root account also has access to all system commands. Option 2 is incorrect. The system does not record the commands you use during a root account session, which can cause difficulties when you need to troubleshoot the changes you make to the system. Option 3 is correct. To ensure a high level of security, UNIX uses permissions to determine which users can work with a particular file or process. The root account owns the files and processes that belong to the system. Option 4 is incorrect. The root account gives all privileges to its user, which enables you to perform every administrative task with it. The root account is also known as the superuser. Many processes run with superuser privileges. With this status, you can perform all operations usually prohibited for standard users such as shutting down the system, changing the system clock, or limiting resources available to other users. Because of its powerful and systemwide effects, the superuser privilege needs to be responsibly managed whenever it is used. Without the restrictions of a standard account, users with superuser privileges can easily damage system files and crash the system. To protect the superuser privilege, you should

restrict root account usage keep the root account unique ensure root account password security close inactive superuser sessions prevent files from setting their IDs to the root account

restrict root account usage To become a superuser, you need to be a member of a special UNIX user group. You should try to minimize the use of the root account logging in with it only when necessary. You should also not perform standard user actions with this account. You can disable root logins on any machine. On multi-user systems this is usually done on all terminals except the system console. keep the root account unique You should not create additional root accounts, because this can lead to security risks where it is difficult to track which root account is responsible for a particular system configuration. ensure root account password security You should ensure that the root account's password is suitably strong and that you change it whenever a security breach occurs or an administrator leaves the network. You should, in any case, change the password at least every three months, and you should never publicize the root password. close inactive superuser sessions You should not leave a terminal logged in with superuser privileges unattended. You should either log out completely or lock the computer. prevent files from setting their IDs to the root account You should ensure that files do not set their IDs to the root account unless necessary. Enabling files to change their IDs to a user's ID can be useful when you want to grant certain users access to specific files. However, enabling a change to the root ID creates a serious security risk. There are times when a user with standard privileges may need to perform actions that require superuser privileges. You can grant these users selected superuser privileges with the sudo command. For example, you may want to allow computer operators to shut down the system after they perform data backups. When a user with selected superuser privileges logs in, the system checks that the user is approved and prompts for the password of the user's account. Because the root account password is not required for these users, it is kept secret from them, helping to maintain security.

Question
Which actions can you perform to protect superuser privileges?

Options: 1. 2. 3. 4. 5. Create additional root accounts Ensure files do not change their ID to the root account unless necessary Log in as root only for specific administrative tasks Never permit any user to invoke superuser privileges Perform actions such as shutting down the system using standard user privileges

Answer
To protect superuser privileges, you should log in with the root account only for specific administrative tasks and ensure that files do not set their ID to root. Option 1 is incorrect. You should not create additional root accounts because this makes it difficult to determine account responsibility so creating a security risk. Option 2 is correct. You need to ensure that if files change their ID, that they do not change their ID to the root account because this can lead to major security problems. Option 3 is correct. Because of its systemwide effects and lack of standard safeguards, you should use the root account to gain superuser privileges only when necessary. Option 4 is incorrect. Certain actions may require you to grant superuser privileges to a standard user, such as when you are delegating backup responsibilities. Option 5 is incorrect. While you should not use superuser privileges for performing standard user actions, you need to have these privileges to shut down the system.

Question
Identify the ways in which you can avoid misuse of superuser privileges. Options: 1. 2. 3. 4. Create a backup root account Disable root logins for most users' computers Minimize the need to invoke superuser privileges Use selected superuser privileges for standard users when necessary

Answer
You can avoid misuse of superuser privileges by disabling root logins on all computers except the system terminal, reducing the use of the root account, and approving selected superuser privileges for standard users.

Option 1 is incorrect. You should not create additional root accounts because this increases security risks. Option 2 is correct. You can prevent users from logging in with the root account on particular computers. Usually such logins are disabled on all computers except the system terminal. Option 3 is correct. You should only use the root account and the superuser privileges it grants when necessary. Option 4 is correct. You can delegate selected superuser privileges to specific users. This requires that approved users provide their own password for logging in to the account.

Summary
The responsibilities of a systems administrator depend on seniority and site size. Administrators need to have a variety of skills, including good communication abilities and technical knowledge. A site may require a number of administrators, who are arranged in a hierarchy. There are four types of administrator: novice, junior, intermediate, and senior. The root account - also known as the superuser - has full permissions to configure any aspect of the system. You should never publicize the root password, and you should grant selected superuser privileges to standard users only when necessary.

Table of Contents
| Print | Contents | Close |

Administering UNIX users and groups


Learning objective
After completing this topic, you should be able to determine the method for adding and configuring a user account.

1. Administering user accounts


Managing user accounts is a crucial responsibility for a UNIX systems administrator. With these accounts, you specify which users are permitted access to the system and manage the permissions users have to resources.

When creating a user's account, you assign it a public username also known as a login name which is usually created according to a specific pattern. This name is for convenience, because the system identifies each account with a user identification number (UID). The system can assign a UID by default or you can manually assign these usually using ranges of UIDs to represent a department or project. Because the UID identifies the account in the system, it should be unique for each user. You should set a password for each user account, permitting the user to change it. The system's encryption algorithm determines the maximum password length. You also specify the user's group membership. Groups are identified by a unique group identification number (GID). After you have defined the information a user needs in order to be able to log in, you configure the properties of a user's login session:

home directory login shell initialization files resource usage account controls

home directory When a user successfully logs in, their starting directory is their home directory where they can store their own files. Each user needs to have a home directory, which is usually a unique subdirectory in the /home directory. You need to ensure that the permissions are appropriate so that the user is the owner of their home directory and the initialization files it contains. login shell The system automatically invokes the user's default login shell at login time. This shell is the user's initial command interface and environment. The main login shells are the Bourne (sh), C (csh), or Korn (ksh) shells. Enhanced versions of these include the Bourne Again Shell (bash) and tcsh. If you do not specify a login shell, most UNIX systems usually execute sh by default, although bash is the default Linux shell. You can permit users to switch between various shells and users can usually change their own default login shell with the chsh command. initialization files You can ensure that standard system initialization files execute by default when a user logs in. These include files that configure e-mail, newsgroups, and GUI settings. Initialization files need to be located in the user's home directory. UNIX provides a number of starter files located in a "skeleton" directory such as

/etc/skel which you can copy to the user's home directory for editing. On many systems, account creation commands, such as useradd, do this automatically. resource usage You can configure which resources a user has access to. For example, you can specify a user's access to NFS shares, FTP sites, and the types of software. You can also limit a user's access to system resources such as CPU cycles and processes as well as set disk space quotas. account controls You should determine whether to enforce any controls on a user's login times as well as the complexity and lifetime of a user's password. You should also configure the account's mailing, printing, and security options. Providing technical support to users is an important ongoing aspect of administration. You should document the most frequent processes a user will encounter when working with the system. You should also organize proactive training and establish formal support channels for users who experience problems with the system. You need to determine how the system should authenticate user logins. UNIX provides support for the Lightweight Directory Access Protocol (LDAP). This protocol can quickly access a backend database, which stores account authentication details. Alternatively, you can use the Network Information Service (NIS) for user authentication. However, you should not use this service if you need to secure computers from each other or if you cannot guarantee trust between all network computers. UNIX maintains a list of the user accounts available on the system in the /etc/passwd file. This file presents the details of each account as a single line structured according to this syntax.
# root:*:0:0:Charlie &:/root:/bin/csh root:*:0:0:Bourne-again Superuser:/root: daemon:*1:1:Owner of many system processes:/root:/sbin/nologin operator:*:2:5:System &:/:/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8:News Subsystem:/:/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/sbin /nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/sbin /nologin

bind:*:53:53:Bind Sandbox:/:/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec /uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin ftp:*:14:5:Anonymous FTP Admin:/var/ftp:/nonexistent awilson:*:1001:1001:Andrea Wilson:/home/awilson:/bin/sh ltsuru:*:1002:1002:Lori Tsuru:/home/ltsuru:/bin/sh -

username:{x | ! | *}:UID:GID:[user information]:homedirectory:loginshell When a user logs in, the system uses the specified authentication method to check this file for UID and password validity.

Note
The second field in each entry of the /etc/passwd file shows the user's encrypted password. However, to improve security, many systems store passwords in a separate file and denote this field with a special character such as an asterisk.

Question
Identify the tasks involved in user administration. Options: 1. 2. 3. 4. Assigning multiple UIDs to a user who logs in to different machines Customizing a user's login shell Setting up support facilities Specifying CPU cycle limits

Answer
The tasks involved in administering users include configuring a user's login shell, establishing support facilities, and customizing CPU cycle limits. Option 1 is incorrect. A UID should be unique for each user because it is this number not the username that the system uses to identify the account. Option 2 is correct. You specify a login shell, which enables the user to interact with the system. You can also provide alternative shells, which the user can switch to when necessary. Option 3 is correct. An important consideration of user administration is providing help and support to users who encounter problems with the system.

Option 4 is correct. You can determine whether there are any restrictions for the user's disk and CPU usage.

2. UNIX user groups


In UNIX, a group is a logical collection of users based on a common function. Each user needs to belong to one or more groups. The permissions associated with a group determine which resources the group's members can manipulate. So you group users based on the files and resources they all need to share. You cannot selectively customize the permissions of each member in a group. The user who creates a file or directory is its owner and can configure the permissions for it. A user's primary group membership specifies one group associated with the files or directories the user creates. A user can belong to a number of secondary groups, which determine how the user accesses files created by other users. The read-write-execute combination of permissions represented as r, w, and x in UNIX are associated with all files and directories. These permissions can be different for the owner of the file, the members of the associated group, and all other users. There are two main strategies for organizing users into groups:

general user group user private group (UPG)

general user group A general user group strategy requires the least administration you specify a common primary group for a number of users based on a department or project basis, such as a Marketing group and a Sales group. This makes it easier for group members to access each others' files in any directory, because these files are by default associated with the group. user private group (UPG) With a UPG strategy, the primary group of each user is unique the GID and group name are identical to the UID and username. This ensures that by default, the files a user creates are private because these are associated with the user's group, which no other user belongs to. This strategy is used in Red Hat Linux and is optional in FreeBSD. Although a general user group strategy requires the least administration, it offers weaker security because any member of the group can access any files created by other group members. It also makes it more difficult for users who work on projects for multiple groups requiring users to change their primary group accordingly for the files they want to create.

And the disadvantage of a UPG strategy is that it requires additional administration to enable file sharing between a project's members. You need to create a project group and make this a secondary group for each user who works on the project. The project group owns a set of common directories, which you configure so that the files automatically associate with the directory's owner instead of each user's primary group. Although users can share files only when these are located in the directories that an administrator has configured for the group, it makes it easier for users to share files for multiple groups. Suppose Andrea Wilson works in the Marketing department and has a user account named awilson. This account is the owner of any files Andrea creates. With a general user group strategy, you set Andrea's primary group to the Marketing group. By default, other Marketing group users have access to any files that awilson creates in any directory. With a UPG strategy, Andrea's primary group is awilson. All other users including Marketing group members are unable to access any files she creates with this account. So to enable file sharing, you create a Marketing directory owned by the Marketing group and configure it so that any files Andrea creates in this specific directory are associated with the Marketing group. You protect common directories to permit group access granting members read-write-execute permissions for example. For non-group members, you can limit access to these resources by setting read-only permissions, or granting no permissions to prevent any access at all. Besides the groups you define, UNIX creates groups reserved for various system processes. In BSD UNIX, for example, only members of the wheel group can invoke superuser privileges to gain authority over the whole system. Other versions of UNIX name this the root, system, or sys group. This group always has a GID of 0 irrespective of the group name.

Question
Suppose the Sales department works on a number of projects, which often require users to create multiple informal directories to share files. By default, these files should be inaccessible to other users. Which administrative action should you perform to do this? Options: 1. Configure unspecified group memberships for the users and assign permissions on a peruser basis 2. Create a private group for each user in the department and configure a Sales group as their secondary group

3. Establish a Sales group and assign it as the primary group to all users in the department 4. Make a Staff group and assign all system users to this group as their primary group

Answer
You should create a Sales group and assign it as the primary group to all users in the department. Option 1 is incorrect. Every user needs to belong to at least one group. You use groups to apply permissions to a common set of users. Option 2 is incorrect. A UPG strategy means that the files a user creates are private by default, so an administrator needs to establish common working directories in which users can share files. This is unsuitable when users need to create directories as required. Option 3 is correct. With a general group strategy, users can share files in multiple directories more easily with other group members, without needing administrators to make special configurations. However, this results in poorer security, because all group files are accessible to the group by default. Option 4 is incorrect. By default if you assign the primary group of all users to the same group, then any files that users in the Sales department create are accessible to other system users.

3. Adding and configuring a user account


Maintaining user and group accounts is an ongoing administrative task. When a user joins the company, you need to create and configure a new account. Users who change positions in the company may need their accounts adjusted to grant other permissions and group memberships. You need to reset an account's password if it expires or if a user forgets it. To maintain security, you should disable user accounts that are inactive for an extended period. You may need to delete the account and any associated files when a user leaves the company. Although you can create and modify user accounts by manually editing the appropriate system files, each version of UNIX provides various tools for automating user account management. Solaris, Red Hat Linux, and HP-UX provide the useradd command-line utility for creating new user accounts. useradd username [-c fullname] [-u UID] [-g primarygroup] [-G secondarygroups] [-d homedirectorypath] [-s loginshellpath] Suppose you want to configure a new user account on a FreeBSD UNIX server named NY-FS01. Instead of the useradd command, this version of UNIX provides its own command accessible to superusers.

ny-fs01#

You type adduser and press Enter. FreeBSD's adduser command invokes an interactive account creation utility.
ny-fs01# adduser Username:

You provide the name and identifying information of the new user account. Because the user is working on multiple projects, you decide to use a UPG strategy for this user. So you make the name of the user's primary group the same as the username.
ksmith Full name: Kelly Smith Uid (Leave empty for default): Login group [ksmith]: Login group is ksmith. Invite ksmith into other groups? []:

You accept the default login shell and the location of the home directory. You then configure the password settings.
Login class [default]: Shell {sh csh tcsh zsh ksh bash nologin} [sh]: Home directory [/home/ksmith]: Use password-based authentication? [yes]: Use an empty password? {yes/no} [no]: Use a random password? {yes/no} [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : ksmith Password : ***** Full Name : Kelly Smith Uid : 1003 Class : Groups: : ksmith Home : /home/ksmith Shell : /bin/sh Locked : no OK? {yes/no}:

You confirm the creation of the new account and exit the utility. The adduser command automatically updates the /etc/passwd and /etc/group files with the new account and group details. It creates the user's home directory, sets the appropriate permissions, and copies the necessary initialization files into the directory.
Username: ksmith Full name: Kelly Smith Uid (Leave empty for default): Login group [ksmith]: Login group is ksmith. Invite ksmith into other groups? []:

Login class [default]: Shell {sh csh tcsh zsh ksh bash nologin} [sh]: Home directory [/home/ksmith]: Use password-based authentication? [yes]: Use an empty password? {yes/no} [no]: Use a random password? {yes/no} [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : ksmith Password : ***** Full Name : Kelly Smith Uid : 1003 Class : Groups: : ksmith Home : /home/ksmith Shell : /bin/sh Locked : no OK? {yes/no}: y adduser: INFO: Successfully added {ksmith} to the user database. Add another user? {yes/no}: n Goodbye! ny-fs01#

After you have created the new user account and configured it, you should test it. To do this, you first log out of the current superuser account and then log in using the new account's name and password. Now you want to determine the user's home directory, which is specified by the $HOME environment variable.
$

You type echo $HOME and press Enter. The user's home directory is the directory you specified. You now also want to check the ownership and group associations of the files in this directory.
$ echo $HOME /home/ksmith $

You type ls -la and press Enter. The ls -la command displays all files in the current directory with the permissions, owner, and group associated with each.
$ echo $HOME /home/ksmith $ ls -la

total 24 drwxr-xr-x drwxr-xr-x -rw-r--r--rw-r--r--rw-r--r--rw-------rw-r--r--rw-r--r--rw-------rw-r--r--rwxr-xr-x -rwxr-xr-x $

2 8 1 1 1 1 1 1 1 1 1 1

ksmith ksmith 512 Jun 18 08:31 . root wheel 512 Jun 25 08:59 .. ksmith ksmith 767 Jun 18 08:31 .cshrc ksmith ksmith 248 Jun 18 08:31 .login ksmith ksmith 158 Jun 18 08:31 .login_conf ksmith ksmith 373 Jun 18 08:31 .mail_aliases ksmith ksmith 331 Jun 18 08:31 .mailrc ksmith ksmith 797 Jun 18 08:31 .profile ksmith ksmith 276 Jun 18 08:31 .rhosts ksmith ksmith 975 Jun 18 08:31 .shrc ksmith ksmith 14 Jun 18 08:31 .xinitrc ksmith ksmith 14 Jun 18 08:31 .xsession

These files are correctly associated with the user and private group you specified. Now that you have created the new user account and tested it, you can assign disk quotas to the user as well as configure mailing, printing, and security options. You should also determine whether to enforce any controls for passwords, login times, and resources.

Question
Suppose a new user needs access to a UNIX system connected to a network that contains computers for which you cannot guarantee complete trust. The user works on projects for many groups and needs to share files in common project directories with other group members. Which actions should you take when creating an account for the user? Options: 1. 2. 3. 4. Apply a UPG strategy for this user's group memberships Configure NIS for authenticating the user's login Copy the user's initialization files into a system directory Specify account controls

Answer
When creating the account for this user, you should use a UPG strategy for group memberships and configure account controls. Option 1 is correct. Because the user is a member of a number of groups and needs to share files in common project directories, you should use a UPG strategy. Option 2 is incorrect. Because the network does not consist entirely of computers you can guarantee trust, you should not use NIS. Instead, you can use LDAP for authenticating logins.

Option 3 is incorrect. You need to place initialization files in the user's home directory. The system executes these files automatically when a user logs in. Option 4 is correct. You need to determine whether you should limit the user's account for resource usage and login times.

Summary
User accounts specify which users are permitted access to the network and manage which resource permissions each user has. You customize a number of options for each user account including its name, password, group memberships, home directory, and initialization files. You should establish technical support for users and determine the authentication method to use. You collect users into groups based on the files and resources they all need to share. You can customize a user's primary and secondary group memberships. General user groups and user private groups (UPGs) are two strategies for organizing users into groups. UNIX creates a number of groups reserved for system processes. UNIX provides tools for automating user account management. FreeBSD UNIX, for example, provides the interactive adduser command for creating a new user account.

Table of Contents

Monitoring and controlling UNIX users


Learning objective
After completing this topic, you should be able to recognize the strategies used to track user activity and control access to resources in a given scenario.

1. Tools for tracking user activity


Administrators need to be aware of what users are doing on a system. You should track user activity to help you determine whether there is unauthorized usage of accounts and resources. Tracking such activity also helps you to maintain system hygiene by isolating accounts and processes that are inactive. These accounts and processes consume system resources and also expose the system to security breaches. UNIX provides tools for monitoring

User logins User processes

Log files

User logins To monitor user logins, you can use the who and finger commands. With the who command, you obtain a listing of all the users currently logged in to the system. It displays each active account's login name, terminal line, and login time. You use the command's options to help you monitor properties such as the

time since a user logged in to an account processes that have expired terminal lines waiting for a user to log in

An example of the command's use is


$ who awilson ltsuru $ ttyv0 ttyp1 Jun 24 08:04 Jun 24 09:06

You use the finger command to obtain information about a specific user account. However, providing a finger service over a network can create security problems because unauthorized users may exploit the information they can retrieve using the command. The syntax is finger username An example of the command is
$ finger awilson

Using the finger command without specifying a username displays information similar to the results of the who command. The finger command provides the user's

login name full name home directory location login shell

last login date terminal line e-mail message state

The command also displays the contents of the user's .plan and .project files, which can provide additional information about the user. An example of the command's use is
$ finger awilson Login awilson Name: Andrea Wilson Shell: /bin/sh

Directory: /home/awilson

On since Thu Jun 24 08:04 (EDT) on ttyv0, idle 21:35 (messages off) No Mail. No Plan. $

User processes You use the ps -aux command to obtain a detailed listing of all the processes running on the system. With it, you can determine the owner of each process, the system time it has consumed, as well as the memory and CPU usage. You can use the grep command to filter output from ps. This is useful for monitoring user processes on system terminals and networks. Sample output of this command:
$ ps -aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 11 76.8 0.0 0 12 ?? RL Thu01PM 5362:43.63 (idle: cpu0) awilson 14472 11.3 7.6 23820 19192 ?? S 11:55AM 0:00.48 kdeinit: konsole (kdeinit) root 14389 2.1 7.2 19152 18304 v1 R 11:54AM 0:02.31 /usr/X11R6/bin/XFree86 :0 -noli awilson 14417 1.1 6.9 22156 17460 ?? S 11:54AM 0:01.27 kdeinit: kded (kdeinit) root 16 0.0 0.0 0 12 ?? WL Thu01PM 0:00.01 (irq5: rl0) root 17 0.0 0.0 0 12 ?? WL Thu01PM 0:00.00 (irq6: fdc0) root 18 0.0 0.0 0 12 ?? WL Thu01PM 0:00.00 (irq7: ppc0) root 20 0.0 0.0 0 12 ?? WL Thu01PM 0:00.38 (irq9: uhci0) root 23 0.0 0.0 0 12 ?? WL Thu01PM 0:07.44 (irq12: psm0) root 25 0.0 0.0 0 12 ?? WL Thu01PM 0:02.66 (irq14: ata0) root 26 0.0 0.0 0 12 ?? WL Thu01PM 0:00.00 (irq15: ata1) root 27 0.0 0.0 0 12 ?? WL Thu01PM 0:00.04 (swi1: net) root 28 0.0 0.0 0 12 ?? WL Thu01PM 13:44.41 (swi8: tty:sio clock)

root root root root root root root root root root root root

2 0.0 0.0 0 12 ?? DL Thu01PM 0:33.11 (g_event) 3 0.0 0.0 0 12 ?? DL Thu01PM 0:22.52 (g_up) 4 0.0 0.0 0 12 ?? DL Thu01PM 0:28.94 (g_down) 30 0.0 0.0 0 12 ?? DL Thu01PM 0:30.13 (random) 5 0.0 0.0 0 12 ?? DL Thu01PM 0:00.00 (taskqueue) 33 0.0 0.0 0 12 ?? WL Thu01PM 0:00.00 (swi7: acpitaskq) 35 0.0 0.0 0 12 ?? WL Thu01PM 0:00.06 (swi3: cambio) 36 0.0 0.0 0 12 ?? WL Thu01PM 0:00.00 (swi7: task queue) 6 0.0 0.0 0 12 ?? IL Thu01PM 0:00.00 (acpi_task0) 7 0.0 0.0 0 12 ?? IL Thu01PM 0:00.00 (acpi_task1) 8 0.0 0.0 0 12 ?? IL Thu01PM 0:00.00 (acpi_task2) 37 0.0 0.0 0 12 ?? DL Thu01PM 0:00.04 (usb0)

You can filter the output of the ps command by username with the grep command. Sample output of this command:
$ ps -aux | grep awilson awilson 24260 2.5 5.4 22256 13620 ?? S 1:16PM 0:01.68 kdeinit: kio_thumbnail thumbnai awilson 550 0.0 0.2 956 552 v0 I Wed05PM 0:00.01 -sh (sh) awilson 553 0.0 0.2 912 496 v0 I+ Wed05PM 0:00.01 /bin/sh /usr/X11R6/bin/startx awilson 563 0.0 0.5 2552 1288 v0 I+ Wed05PM 0:00.01 xinit /home/awilson/.xinitrc -awilson 569 0.0 0.2 912 496 v0 I Wed05PM 0:00.01 /bin/sh /usr/local/bin/startkde awilson 583 0.0 4.4 20784 11092 ?? Ss Wed05PM 0:01.55 kdeinit: Running... (kdeinit) awilson 586 0.0 4.4 20444 11048 ?? S Wed05PM 0:02.42 kdeinit: dcopserver --nosid (kd awilson 590 0.0 4.9 22276 12440 ?? S Wed05PM 0:06.15 kdeinit: klauncher (kdeinit) awilson 592 1.0 5.5 23048 14048 ?? S Wed05PM 118:33.94 kdeinit: kded (kdeinit) awilson 602 0.0 2.2 7872 5656 ?? S Wed05PM 5:10.67 /usr/local/bin/artsd -F 10 -S 4 awilson 606 0.0 6.1 25384 15564 ?? S Wed05PM 0:02.65 kdeinit: knotify (kdeinit) awilson 607 0.0 0.3 1316 680 v0 S Wed05PM 0:15.83 kwrapper ksmserver awilson 609 0.0 5.0 21700 12684 ?? S Wed05PM 0:00.83 kdeinit: ksmserver (kdeinit) awilson 610 0.0 5.5 22340 13848 ?? S Wed05PM 0:17.99 kdeinit: kwin session 11c0a801 awilson 612 0.0 6.1 23352 15544 ?? S Wed05PM 6:42.22 kdeinit: kdesktop (kdeinit) awilson 615 0.0 6.4 24600 16244 ?? S Wed05PM 6:36.70 kdeinit: kicker (kdeinit) awilson 618 0.0 5.3 22008 13392 ?? S Wed05PM 6:47.26 kdeinit: klipper (kdeinit) awilson 621 0.0 5.3 21616 13304 ?? S Wed05PM 0:00.78 korgac -session 11c0a801c800010 awilson 624 0.0 5.0 21556 12724 ?? S Wed05PM 0:00.66 kalarmd --login awilson 4257 0.0 5.7 22128 14356 ?? S Thu03PM 0:01.62 kdeinit: kio_uiserver (kdeinit) awilson 23676 0.0 6.1 24240 15472 ?? R 10:12AM 0:08.55 kdeinit: konsole

(kdeinit) awilson 23677 awilson 24173 kio_file file awilson 24258 file /tmp/kso awilson 24262 awilson 24263 $

0.0 0.2 956 556 p0 Ss 10:12AM 0:00.03 /bin/sh 0.0 4.7 21484 11968 ?? S 12:54PM 0:00.18 kdeinit: /tmp/kso 0.0 4.7 21448 11888 ?? S 1:16PM 0:00.05 kdeinit: kio_file 0.0 0.3 1412 824 p0 R+ 1:17PM 0:00.00 ps -aux 0.0 0.2 956 556 p0 R+ 1:17PM 0:00.00 /bin/sh

At runtime, the system automatically starts the getty process, which monitors the system terminals. This process manages logins by displaying the prompt, waiting for the user to provide their username via the terminal, and then invoking the login shell. When the user ends their session, a new getty process starts automatically to monitor the terminal again. You can use the ps -aux | grep getty command to determine which getty processes are currently running. Sample output of this command:
$ ps -aux | grep getty root 14368 0.0 0.3 1276 Pc ttyv0 root 14370 0.0 0.3 1276 Pc ttyv2 root 14371 0.0 0.3 1276 Pc ttyv3 root 14372 0.0 0.3 1276 Pc ttyv4 root 14373 0.0 0.3 1276 Pc ttyv5 root 14374 0.0 0.3 1276 Pc ttyv6 root 14375 0.0 0.3 1276 Pc ttyv7 $ 784 v0 Is+ 11:53AM 0:00.01 /usr/libexec/getty 784 v2 Is+ 11:53AM 0:00.01 /usr/libexec/getty 784 v3 Is+ 11:53AM 0:00.01 /usr/libexec/getty 784 v4 Is+ 11:53AM 0:00.01 /usr/libexec/getty 784 v5 Is+ 11:53AM 0:00.01 /usr/libexec/getty 784 v6 Is+ 11:53AM 0:00.01 /usr/libexec/getty 784 v7 Is+ 11:53AM 0:00.01 /usr/libexec/getty

To monitor user processes on networks, you can use ps and grep to identify remote login sessions such as telnet, rsh, and ssh. For example, you can use the ps -aux | grep telnetd command to list any active telnet sessions. Using a telnet session is a common method for users to log in to a remote host. The telnetd process monitors the status of these sessions in a similar way to how the getty process monitors serial ports. Sample output of this command:
$ ps -aux | grep telnetd root 24541 0.0 1.0 3325 2456 ?? Is 2:18PM 0:00.05 telnetd awilson 24560 0.0 0.3 1448 848 p2 S+ 2:19PM 0:00.00 grep telnetd $

Because telnet sessions are not secure, you should monitor such sessions carefully, or disable telnetd altogether and provide a secure alternative such as ssh. You can use the grep command to display ssh sessions monitored by the sshd process. Sample output of this command:
$ ps -aux | grep sshd root 21023 0.0 0.7 3488 1784 ?? Is 11Aug04 0:01.48 sshd root 64081 0.0 1.0 6208 2432 ?? Is 9:30AM 0:00.05 sshd: ltsuru [priv] (sshd) ltsuru 64087 0.0 1.0 6216 2480 ?? S 9:30AM 0:00.03 sshd: ltsuru@ttyp1 (sshd) ltsuru 64095 0.0 0.2 956 560 p1 R+ 9:30AM 0:00.00 grep sshd (sh) $

Log files UNIX keeps a record of all a system's errors, warnings, and status messages using the syslog facility. You should regularly check the system logs for

disk space warnings multiple similar status messages failed authentication and login attempts

Sample log file contents


Jun 25 16:46:53 ny-fs01 kernel: umass0: Get Max Lun not supported (STALLED) Jun 25 16:46:53 ny-fs01 kernel: GEOM: create disk da0 dp=0xc2d96450 Jun 25 16:46:53 ny-fs01 kernel: da0 at umass-sim0 bus 0 target 0 lun 0 Jun 25 16:46:53 ny-fs01 kernel: da0: <UFD 7.77> Removable Direct Access SCSI-2 device Jun 25 16:46:53 ny-fs01 kernel: da0: 1.000MB/s transfers Jun 25 16:46:53 ny-fs01 kernel: da0: 31MB (64000 512 byte sectors: 64H 32S/T 31C) Jun 25 16:48:16 ny-fs01 kernel: umass0: at uhub0 port 1 (addr 2) disconnected Jun 25 16:48:16 ny-fs01 kernel: (da0:umass-sim0:0:0:0): lost device Jun 25 16:48:16 ny-fs01 kernel: (da0:umass-sim0:0:0:0): removing device entry

Jun 25 16:48:16 ny-fs01 kernel: GEOM: destroy disk da0 dp=0xc2d96450 Jun 25 16:48:16 ny-fs01 kernel: umass0: detached Jun 28 03:22:10 ny-fs01 su: awilson to root on /dev/ttyp0 Jun 28 03:45:13 ny-fs01 su: awilson to root on /dev/ttyp0 Jun 28 03:54:30 ny-fs01 su: awilson to root on /dev/ttyp2 Jun 28 04:45:00 ny-fs01 su: awilson to root on /dev/ttyp2 Jun 28 10:45:05 ny-fs01 syslogd: exiting on signal 15 Jun 28 11:53:52 ny-fs01 syslogd: kernel boot file is /boot/kernel/kernel Jun 28 11:54:22 ny-fs01 login: _secure_path: /home/awilson/.login_conf is world writable Jun 28 11:54:22 ny-fs01 login: _secure_path: /home/awilson/.login_conf is world writable Jun 28 12:02:09 ny-fs01 login: 1 LOGIN FAILURE ON ttyp0 Jun 28 12:02:27 ny-fs01 login: 2 LOGIN FAILURES ON ttyp0

You can use a log postprocessor such as the logcheck command to filter system log files and notify you of particular messages. To do this, the postprocessor compares a log file's contents to a database of common messages to help identify those entries that are most important.

Question
Which UNIX command should you use to list only those processes that monitor the terminal ports for user login sessions? Options: 1. 2. 3. 4. finger ps -aux | grep getty ps -aux | grep telnetd who

Answer
You use the ps -aux | grep getty command to list only those processes that monitor the terminal ports for user logins.

Option 1 is incorrect. The finger command provides detailed information about a specific user such as their full name, last login date, and home directory location. This command does not list all the processes monitoring serial ports. Option 2 is correct. You use the ps -aux | grep getty command to list the active getty processes, which monitor the terminal ports and manage logins. Option 3 is incorrect. You use the ps -aux | grep telnetd command to determine whether there are any active telnet sessions. This command does not list the terminal port monitoring processes. Option 4 is incorrect. The who command provides a detailed listing of all the users and processes currently using the system. It does not list only the terminal port monitoring processes.

2. Configuring access to resources


Besides tracking user activity, an administrator needs to control access to network resources and limit resource usage. This helps to maintain security and also ensures that users do not consume system resources inappropriately. By default, the system authenticates user accounts at login time. UNIX supports a customizable facility for dynamic user authentication known as Pluggable Authentication Modules (PAM). With this facility, programs do not need built-in operations for authenticating users. Instead they can invoke common PAM modules, which perform the required operation and return results to the calling program. These results determine how the program should respond to a user's request for authentication. A PAM service is a UNIX program that requires authentication and is compatible with PAM such as the login, passwd , and su commands.
$ cd /etc/pam.d $ ls README ftpd iamp login passwd ftp gdm kde other pop3 rsh $

rexecd sshd su telnetd

system

xdm

Note
Configuration files for PAM services in Linux and FreeBSD are located in the /etc/pam.d directory. When a PAM service is initiated, its corresponding configuration file is run.
# # auth

auth auth #auth #auth auth

sufficient pam_opie.so no_warn no_fake_prompts requisite pam_opieaccess.so no_warn allow_local sufficient pam_krb5.so no_warn try_first_pass sufficient pam_ssh.so no_warn try_first_pass required pam_unix.so no_warn try_first_pass nullok required pam_krb5.so required pam_login_access.so required pam_unix.so optional pam_ssh.so required pam_lastlog.so

# account #account account account # session #session session

no_fail no_warn try_first_pass no_warn try_first_pass

# password #password sufficient pam_krb5.so password required pam_unix.so

A PAM configuration file lists


procedures modules validation determinants

procedures A PAM configuration file contains information about the procedures applicable to a service. Each procedure in the file authentication, account, session, and password lists entries that specify which PAM modules to execute and in what sequence when the procedure is invoked. modules A PAM module is a shared library file that performs a specific authentication operation. These modules grant or deny access to a user and return these results to PAM, which determines how validation should occur. validation determinants Each entry in a configuration file specifies whether the invoked module's result for user validation is the only determinant or is required with other module results. These specifications are indicated by the requisite, required, optional, and sufficient keywords. Although PAM can help you control users' access to resources, you should also configure limits for usage of resources such as CPU time, disk space, and system memory. A hard limit is the maximum systemwide setting for a particular resource. These values are usually set in the system kernel, preventing administrators from changing them easily. A soft limit is a resource setting currently applied to a user's session. The user or administrator can increase a session's soft limit values but these cannot exceed the hard limit values. The limits you set for a user's resource usage do not affect the system's files.

To limit resource usage, you run a command such as the bash shell's ulimit command. You use this command to display or adjust the allocated shell resources.

Note
The ulimit command is a bash and ksh shell command. Other shells provide alternative resource control commands such as the limit command of the csh and tcsh shells. The configurations you make with the ulimit command apply only to the user's current shell session and process. To ensure that these settings apply automatically when a user logs in, you should include the command and its options in the user's initialization files.

Supplement
Selecting the link title opens the resource in a new browser window. Launch window View the options available with the ulimit command. Suppose you want to restrict the use of system resources in a user's current shell session. To do this, you want to use the bash shell's ulimit command. You first want to determine the systemwide hard limits.
$ MISSING CODE

You type ulimit -Ha and press Enter. The system displays the maximum systemwide settings permitted for resources, such as total CPU time usage and maximum file size.
$ ulimit -Ha cpu time file size data seg size stack size core file size max memory size locked memory max user processes open files virtual mem size sbsize $ (seconds, (512-blocks, (kbytes, (kbytes, (512-blocks, (kbytes, (kbytes, -t) -f) -d) -s) -c) -m) -l) (-u) (-n) (kbytes, -v) (bytes, -b) unlimited unlimited 524288 65536 unlimited unlimited unlimited 1789 3578 unlimited unlimited

Now that you have determined the maximum values that you can set for resources, you want to view the resource limits currently applied to the user's shell session its soft limits.

$ MISSING CODE

You type ulimit -a and press Enter. The soft limits of the current user's session are displayed. You can configure each setting using the appropriate option listed in the second column of this listing.
$ ulimit -a cpu time file size data seg size stack size core file size max memory size locked memory max user processes open files virtual mem size sbsize $ (seconds, -t) (512-blocks, -f) (kbytes, -d) (kbytes, -s) (512-blocks, -c) (kbytes, -m) (kbytes, -l) (-u) (-n) (kbytes, -v) (bytes, -b) unlimited unlimited 524288 65536 unlimited unlimited unlimited 1789 3578 unlimited unlimited

You decide that you want to reduce the user session's memory usage to 32 MB. To do this, you need to use the ulimit command's -m option and specify the kilobyte equivalent of the value 32 768 kilobytes in this case.
$ MISSING CODE

You type ulimit -m 32768 and press Enter. You want to increase the number of files the user may open during the session to 2000. To do this, you use the ulimit command's -n option and specify the number of files.
$ ulimit -m 32768 $ MISSING CODE

You type ulimit -n 2000 and then press Enter. You have configured the resource limits for the user's current shell session.
$ ulimit -m 32768 $ ulimit -n 2000

These changes are now reflected in the soft limits allocated to the user's session.
$ ulimit -a cpu time file size data seg size stack size core file size max memory size (seconds, (512-blocks, (kbytes, (kbytes, (512-blocks, (kbytes, -t) -f) -d) -s) -c) -m) unlimited unlimited 524288 65536 unlimited 32768

locked memory max user processes open files virtual mem size sbsize $

(kbytes, -l) (-u) (-n) (kbytes, -v) (bytes, -b)

unlimited 1789 2000 unlimited unlimited

Question
Why do you need to configure a user's access to resources? Options: 1. 2. 3. 4. Enable users to log in to the system Ensure that resources are consumed responsibly Maintain security Prevent excessive growth of the system's temporary files

Answer
You configure a user's access to resources to ensure the appropriate consumption of resources and for security maintenance. Option 1 is incorrect. By default, the system authenticates a user account at login time you do not need to configure a user's access to resources to do this. You can use PAM to dynamically authenticate users. Option 2 is correct. You need to limit users' access to resources so that resources are appropriately used. You can limit CPU time usage, the number of open files, and virtual memory size. Option 3 is correct. You need to control how users access resources to ensure security of the system. You can use PAM for authenticating users who run PAM services. Option 4 is incorrect. Controlling users' access to resources does not affect the size of the system's files. You can configure soft limits to control a user session's access to resources.

Question
Suppose you want to limit the resource usage of a user's current shell session. You are using a bash shell and have determined the applicable hard and soft limits. Type the command that enables you to change to 50 the number of files a user may have open.
$ MISSING CODE

Answer
To permit a user to open a maximum of 50 files, you use the ulimit -n 50 command.

3. Managing disk usage by users


Disk quotas enable you to tightly control users' utilization of a filesystem's disk space. This helps prevent inappropriate disk space consumption by users. As with other resources, disks have hard and soft limits. A user can exceed their disk quota's soft limit for a specified time, prompting a warning message from the system. Once this time has elapsed, or if the hard limit is exceeded, the system will not allocate more disk space to the user until usage drops below the soft limit. You should apply quotas only to filesystems that require disk management usually filesystems containing the user directories. You should not apply quotas to system directories because this can negatively affect system performance.

Note
Although you do not apply quotas to system directories, you need to monitor system disk usage especially for the /var and /tmp directories to ensure there is sufficient space and that files such as log files or the news spool are not consuming excessive disk space. Once you have determined which filesystems require disk quotas, you need to use a superuser account to

prepare each filesystem for quotas by editing its configuration file configure each user account's hard and soft limits for each filesystem activate quota checking

You can copy a user account's disk quota settings to other user accounts. To track each user's disk usage, the system stores quota files by default in the root directory of each filesystem that has quotas. Suppose you want to implement disk quotas on the /usr filesystem for a number of users. You have logged in to the NY-FS01 server with a superuser account. In the /etc/fstab configuration file, you add the userquota keyword to the Options field of this filesystem's entry.
Device Mountpoint FStype Options /dev/ad0s1b none swap sw 0 0 /dev/ad0s1a / ufs rw 1 1 /dev/ad0s1e /tmp ufs rw 2 2 Dump Pass#

/dev/ad0s1f /usr ufs rw,userquota 2 2 /dev/ad0s1d /var ufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 /dev/fd0 /mnt/floppy msdos rw,noauto 0 0 /dev/da0s1 /mnt/stick msdos rw,-g=0,noauto 0 ~ ~ ~ ~

Now that you have specified that disk quotas apply to the filesystem, you can begin editing the first user's quota limits. To do this, you use the edquota command followed by the name of the user account you want to apply disk quotas to.
ny-fs01# MISSING CODE

You type edquota jbell and then press Enter. The edquota command invokes a text editor listing the specified user's hard and soft limits for the filesystems you configured to use disk quotas. The limits are expressed in number of disk blocks limits set to 0 are disabled. For each filesystem, the number of kilobytes in use is listed as well as the inodes, which store information about each file. You configure the user's limits for the filesystem and save the file.
Quotas for user jbell: /usr: kbytes in use: 0, limits (soft = 10000, hard = 40000) inodes in use: 0, limits (soft = 0, hard = 0) -

Now that you have configured disk quotas for one user, you decide to copy these settings to two other user accounts. To do this you use the edquota command with the -p option, specifying the name of the user account to copy from followed by the user accounts to copy the settings to.
ny-fs01# MISSING CODE ksmith cbrantucci

To complete the command, you type edquota -p jbell to specify the account to copy from. The system applies the disk quota settings of the jbell user account to the ksmith and cbrantucci user accounts.
ny-fs01# edquota -p jbell ksmith cbrantucci ny-fs01#

After configuring users' quota settings, you need to activate disk quota checking. To do this, you use the quotaon command and specify the -a option to apply quota checking to all filesystems.

ny-fs01# MISSING CODE

You type quotaon -a and then press Enter. You have now specified which filesystem to apply disk quotas to, edited the configuration file, configured the required limits for the users, and enabled quota checking.
ny-fs01# quotaon -a quotaon: using /usr/quota.user on ny-fs01#

To ensure that quota files are consistent with disk usage, you can enable quota consistency checking using the quotacheck command, specifying the -a option to check all filesystems.
ny-fs01# quotacheck -a ny-fs01#

T o automatically execute the quotaon -a and quotacheck -a commands at runtime, most UNIX versions include them in boot scripts.

Note
To enable quotas in FreeBSD, you need to add the line enable_quotas="YES" to the /etc/rc.conf file.

Question
Which steps do you need to perform to control a user's disk usage? Options: 1. 2. 3. 4. Assign disk quotas to the entire system Configure the hard and soft limits for a user's disk usage Log in to the system with the user's account to specify quotas Specify quotas in the filesystem's configuration file

Answer
To control a user's disk usage, you need to specify the hard and soft limits and set quotas in the filesystem's configuration file. Option 1 is incorrect. You should assign disk quotas to the filesystems that require them. You should not assign disk quotas to system directories because this can decrease system performance.

Option 2 is correct. You specify the number of disk blocks for the hard and soft limits of a user's disk consumption. A user may exceed their soft limit for a limited time or until they exceed their disk quota's hard limit. Option 3 is incorrect. You need to use a superuser account to configure disk quotas for users. Setting these quotas can help you control how users consume disk space. Option 4 is correct. You need to determine which filesystems you should assign disk quotas to. You then need to specify these quotas in the filesystem's configuration file.

Question
Suppose you want to open an editor for configuring disk space quotas for the user account named ksmith. Type the command to do this.
# MISSING CODE

Answer
You use the edquota command and specify the username ksmith, to open an editor for this account's disk quota settings.

Question
Suppose you are a UNIX systems administrator and you want to monitor users' access to resources as well as their resource consumption. What steps can you perform to do this? Options: 1. 2. 3. 4. Configure a system's hard limits with the PAM facility Ensure users are authenticated for resource usage Specify a user's disk quota limits using the edquota command Use the finger command to determine which directories a user has accessed

Answer
To monitor a user's access and consumption of resources, you need to ensure the user is authenticated to use the resource, and you can run the edquota command to set disk quota limits. Option 1 is incorrect. The hard limits for resources are usually specified in the system kernel. You use the PAM facility to dynamically authenticate users.

Option 2 is correct. You can use PAM to ensure users are authenticated for resource usage. UNIX programs invoke PAM modules, which perform authentication operations and return results to the calling program. Option 3 is correct. You control a user's disk usage by specifying quotas. Using the edquota command and specifying the username, invokes a text editor for configuring the hard and soft limits. Option 4 is incorrect. You use the finger command to obtain information about user accounts such as the home directory location and e-mail settings. You cannot use the command to determine which directories a user has accessed.

Question
Suppose you are using a bash shell and you want to set a memory usage soft limit of 16 MB or 16,384 kilobytes. Type the command to do this.
$ MISSING CODE

Answer
To configure a soft limit for memory usage, you use the ulimit command with the -m option and specify the kilobyte value of 16384.

Summary
You should track user activity on a system to help determine whether there is unauthorized account and resource usage as well as to ensure system hygiene. UNIX provides various tools for monitoring user logins and processes as well as log files. To maintain security and ensure that users consume resources appropriately, you should configure access to resources. Pluggable Authentication Modules (PAM) enable programs to dynamically authenticate users. With the ulimit command, you can set the hard and soft limits for a user's resource consumption. You can set disk quotas to control disk space consumption. You can copy a disk quota from one user account and apply it to other accounts.

Table of Contents
| Print | Contents | Close |

Working with UNIX user accounts


Learning objective
After completing this topic, you should be able to create and configure a user account in a given scenario.

Exercise overview
In this exercise, you're required to add a new user account and configure its resource usage. This involves the following tasks:

creating a user account verifying a user account setting access limits

Suppose a new user Gary Kline has joined the company and needs access to the system and its resources. The system uses FreeBSD UNIX.

Task 1: Creating a user account


You need to create an account for the new user. You log in to the NY-FS01 server using an administrative account with superuser privileges.
ny-fs01#

Step 1 of 1
Type the command to invoke the interactive utility in FreeBSD UNIX that you use to create a new user account.
ny-fs01# MISSING CODE

Result
You use the adduser command to start the FreeBSD utility for creating a new user account. You complete the configuration of the new user account's details using the adduser utility.
ny-fs01# adduser Username: gkline Full name: Gary Kline Uid (Leave empty for default):

Login group [gkline]: Login group is gkline. Invite gkline into other groups? []: Login class [default]: Shell (sh csh tcsh zsh ksh bash nologin) [sh]: Home directory [/home/gkline]: Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : gkline Password : ***** Full Name : Gary Kline Uid : 1004 Class : Groups : gkline Home : /home/gkline Shell : /bin/sh Locked : no OK? (yes/no):

Task 2: Verifying a user account


You have created the new user account and now you want to test its configuration. You log out of the system and log back in using the new user account's name and password.
$

Step 1 of 2
You want to determine the value of the user account's home directory environment variable so that you can verify it is the home directory path you specified for gkline. Type the command to do this.
$ MISSING CODE

Result
You use the echo $HOME command to check the path of the user account's home directory. The account's home directory environment variable is the directory you specified for the new user.
$ echo $HOME /home/gkline $

Step 2 of 2
While in the new user's home directory, you want to obtain a detailed directory listing so that you can check the permissions, owner, and group associated with each file. Type the command to do this.
$ echo $HOME /home/gkline $ MISSING CODE

Result
You use the ls -la command to obtain a complete directory listing of all files, with their associated permissions, owner, and group. You examine the command output to verify the owner and group associated with each file in the new account's home directory.
$ echo $HOME /home/gkline $ ls -la total 24 drwxr-xr-x 2 gkline gkline 512 Jun 24 03:05 . drwxr-xr-x 8 root wheel 512 Jun 25 08:59 .. -rw-r--r-- 1 gkline gkline 767 Jun 24 03:05 -rw-r--r-- 1 gkline gkline 248 Jun 24 03:05 -rw-r--r-- 1 gkline gkline 158 Jun 24 03:05 -rw------- 1 gkline gkline 373 Jun 24 03:05 -rw-r--r-- 1 gkline gkline 331 Jun 24 03:05 -rw-r--r-- 1 gkline gkline 797 Jun 24 03:05 -rw------- 1 gkline gkline 276 Jun 24 03:05 -rw-r--r-- 1 gkline gkline 975 Jun 24 03:05 -rwxr-xr-x 1 gkline gkline 14 Jun 24 03:05 -rwxr-xr-x 1 gkline gkline 14 Jun 24 03:05 $

.cshrc .login .login_conf .mail_aliases .mailrc .profile .rhosts .shrc .xinitrc .xsession

Task 3: Setting access limits


Now that you have created the new user account and tested it, you need to specify the limits the user has to system resources. You log in to the user account.
$

Step 1 of 3
The account you are using uses the bash shell by default.

Type the command to display the current systemwide hard limits.


$ MISSING CODE

Result
You use the ulimit -Ha command to determine the systemwide hard limits. You verify the systemwide hard limits.
$ ulimit -Ha cpu time (seconds, -t) unlimited file size (512-blocks, -f) unlimited data seg size (kbytes, -d) 524288 stack size (kbytes, -s) 65536 core file size (512-blocks, -c) unlimited max memory size (kbytes, -m) unlimited locked memory (kbytes, -l) unlimited max user processes (-u) 1789 open files (-n) 3578 virtual mem size (kbytes, -v) unlimited sbsize (bytes, -b) unlimited $

Step 2 of 3
In the bash shell, you want to limit the user's maximum amount of physical memory to 64 MB, which is 65,536 KB. Type the command to do this.
$ MISSING CODE

Result
In the bash shell, you use the ulimit command and specify the -m option to limit memory size to a maximum kilobyte value of 65,536. You want to set a disk quota for the new user account named gkline. You log out and then log in using an administrative account with superuser privileges.
ny-fs01#

Step 3 of 3
You have already established disk quotas for many other user accounts, such as awilson.

Type the command that applies disk quota settings to gkline based on the settings applied to awilson.
ny-fs01# MISSING CODE

Result
You use the edquota command to edit disk quotas, copying settings with the -p option, and specifying the account to copy from, followed by the account to copy to. You have completed the configuration of the new user account and applied standard disk quota settings to it.
ny-fs01# edquota -p awilson gkline ny-fs01#

Table of Contents
| Print | Contents | Close |

Administering UNIX filesystems


Learning objective
After completing this topic, you should be able to configure a filesystem.

1. Organization of the UNIX filesystem


Users rely on a well-managed filesystem to ensure that their data remains consistent and is protected from unauthorized access. You need to be familiar with the UNIX filesystem hierarchy to properly manage the files and directories your users access.

Supplement
Selecting the link title opens the resource in a new browser window. Launch window View a table that compares UNIX version filesystem types. Interoperability between different UNIX systems is facilitated by the Filesystem Hierarchy Standard (FHS) - a set of guidelines on how directories and files should be configured in UNIX systems.

The root filesystem - denoted by a forward slash ( / ) - contains information needed to boot, restore, recover, and perform any repairs to the system. There are several subdirectories within the root filesystem:

/boot /dev /etc /bin /sbin /tmp /home

/boot The /boot directory stores static files required for booting the system. The kernel file can reside in the /boot or /boot/kernel directory or in the / directory. /dev The /dev directory stores device files for hardware devices such as the CD-ROM and floppy drive. /etc The /etc directory stores critical static system configuration files specific to the local machine. /bin The /bin directory stores the necessary command binaries used by the system administrator and users. /sbin The /sbin directory stores the necessary system binaries and utilties required for system administration. /tmp The /tmp directory stores temporary files used by programs. /home The /home directory contains users' home directories. The /usr directory is part of the root directory and contains shared data that is read-only. The /usr directory should contain these directories:

/bin - which stores user commands /include - which stores header files of the C programming language /lib - which stores library files /local - which stores the locally installed software hierarchy /sbin - which stores the system binary files /share - which stores data dependent on the architecture being used

The /var directory is part of the root directory and is necessary to allow the /usr directory to be mounted read-only. It contains directories that store variable data files such as spooling directories and files, temporary files, and system log files.

Both the /usr and /var subdirectories should usually be placed on their own filesystems. This is because the /var directory requires a large amount of storage to maintain the growing log files. And placing the /usr directory on its own filesystem makes administration of this directory easier.

Question
Which directory stores the system log files? Options: 1. 2. 3. 4. /dev /boot /usr /var

Answer
The /var directory stores the system log files. Option 1 is incorrect. The /dev directory is a subdirectory of the root directory. Hardware devices such as the floppy drive are represented by the device files stored in the /dev directory. Option 2 is incorrect. The /boot directory stores the files needed to boot the system, and it may store the kernel file in the /boot/kernel directory. Option 3 is incorrect. The /usr directory stores executable files, installed software programs, and online manuals and should be kept on its own filesystem. Option 4 is correct. The /var subdirectory of the root directory contains spooling directories for printers and stores accounting records and the system log files.

2. Partitioning in the UNIX filesystem


In FreeBSD the hard disk is split into physical sections known as slices. A slice can then be split into smaller sections known as partitions. Partitions are the primary unit of storage on which you create and store filesystems. There are different approaches you can take to partitioning filesystems. Regardless of the approach, you need to create a swap space partition. Swap space functions as virtual memory, from where pieces of data are swapped into physical RAM as they are needed and then swapped out to disk again when they are no longer required. You need to give careful consideration to the partitioning strategy you want to use because once it's implemented it's difficult to change.

The first approach you can take to partitioning is to use separate physical partitions for filesystems, such as /usr, /var, /tmp, and /home. This enhances system reliability by helping to prevent a corrupt filesystem from damaging the other filesystems. And this approach limits the maximum size of variable data directories, such as /var and /tmp - thereby preventing these directories from crashing the entire system in the event of a data overflow. In addition, this approach can make upgrading your hard drives easier because the root directory is on a separate partition to these directories. The disadvantage to this approach is that you need to allocate a set amount of space for each partition. This can be inefficient and cause problems later on if you set the partition sizes incorrectly. The second approach you can take to partitioning is to create a single partition that contains everything but the swap space - which always resides in its own partition. Having a single partition is risky because as directories and files expand they take up more and more disk space, until eventually there is no space left for the operating system. The third approach to partitioning is to have only a few partitions - for example, one for the root filesystem, one for swap space, one for /var, with several remaining partitions available for use as you need them. FreeBSD uses this approach, and can have a maximum of eight partitions - conventionally named after letters. Thus a FreeBSD implementation can have partitions from a up to and including h. A FreeBSD partitioning strategy can have the a partition located at the beginning of the slice containing the root filesystem, the b partition following the a partition and used for swap space, and the c partition referring to the whole slice. Different UNIX operating systems have different ways of dividing a disk into partitions. Linux uses the fdsk utility to do this, enabling you to specify the partition type - either primary or extended - and the size. Solaris uses the format utility to create partitions - also known as slices. The format utility uses the partition command to specify where the partition starts and the size of the partition.

Question
Why must you partition a hard disk? Options: 1. To create and store filesystems 2. To enhance system reliability

3. To create and use swap space 4. To manage files and directories

Answer
You need to partition a hard disk to create and store filesystems, make use of swap space, and enhance system reliability. Option 1 is correct. Partitions form part of a slice - which is a physical section of a hard disk. These partitions are the primary unit of storage and are used to create and store filesystems. Option 2 is correct. When you partition a hard drive you can place all your important filesystems into separate partitions, thus limiting the extent of the damage should one of the filesystems become corrupted. This makes for a more fault-tolerant system. Option 3 is correct. When you create partitions you need to create a swap space partition. Swap space uses virtual memory to swap data into and out of memory. Option 4 is incorrect. You cannot manage files and directories with partitions - you do so using filesystems. Filesystems have a hierarchy, with the root directory being the topmost directory.

3. Mounting and unmounting filesystems


Mounting a filesystem integrates its files and directories into the root directory tree. The purpose of mounting a filesystem is to connect it to the rest of the UNIX system so that users and processes can access its contents. You can dismount a filesystem to disconnect it from the rest of the system. The only filesystem that can't be dismounted is the root filesystem. This is because the root filesystem contains the files and programs needed to start the system at boot up. When the system boots up the root filesystem becomes permanently mounted to the root directory. Directories can serve as mount points to which the filesystems you want to mount become attached. UNIX uses special device files - located on disk partitions in the /dev subdirectory - to access the filesystems to be mounted. The format of these device files tells UNIX on which slice and partition the filesystem that's being mounted can be found, and which device is being referred to. UNIX names device files using combinations of letters and numbers to indicate the device type and order. These naming systems are different in different versions of UNIX. FreeBSD uses these codes to determine the type of drive a file represents:

da ad cd fd sd

da The code da tells UNIX that the device is a USB storage device or a SCSI hard drive. ad The ad code tells UNIX that the device is an IDE hard drive. cd The cd code tells UNIX that the device is a SCSI CDROM drive. An IDE CDROM device has the code acd to distinguish it from the SCSI CDROM drive. fd The fd code tells UNIX that the device is a floppy drive. sd The sd code tells UNIX that the device is a small computer system interface (SCSI) hard drive. Suppose you have the special file ad0s1e. The format of this file tells you that the filesystem is on the first IDE hard drive - ad0. And it can be found on the fifth partition - e, on the first slice s1. Suppose you have the partitions a, b, c, and d. The root filesystem is located on the partition ad0s1a and contains the empty mountpoint directories /var, /home, and /marketing. When the /var subdirectory is mounted with the special file /dev/da0s1c, its contents are stored on the third partition on the first slice. When the special device file /dev/da0s1b is mounted at /home, its contents can be found on the second partition on the first slice. The /marketing filesystem contains two subdirectories - /projects and /contacts. These subdirectories are mounted with the special file /dev/da0s1d and can be found on the fourth partition - d. To automatically mount a filesystem every time the system boots up, you need to configure the filesystem configuration file - fstab. This avoids having to manually specify the details for the filesystem type, the special file, and the mount point to mount a filesystem. special-file mount-dir fs-type options dump-freq fsck-pass In the options section you can indicate whether or not the filesystem should be automatically mounted when the system boots up. The fstab file accepts auto as the default option to mount the filesystem automatically. But if you only want to be able to manually mount the filesystem, you specify the noauto keyword instead.

You can use the mount command to manually mount a filesystem. You need to specify the special device file that represents the filesystem you want to mount, and the mount point - where the file is to be attached within the UNIX filesystem. If the filesystem type hasn't been declared in the /etc/fstab file then you need to specify it in the command as well. # mount [-o options] -t fs-type block-special-file mount-point Suppose you want to mount a filesystem using the special file dev/da0s1d. The mount point is /home/mgregor/accounting and the filesystem type is Network File Service (NFS). You can use this code to achieve this.
mount -t nfs /dev/da0s1d /home/mgregor/accounting

You can unmount a filesystem with the umount command. You can indicate the filesystem you want to unmount by specifying the mount point directory name. Or you can specify the name of the particular block file used to mount the filesystem. # umount name Suppose you are logged on to the NY-FS02 server as a superuser. You want to integrate the filesystem for a floppy disk into the root directory tree using the device file /dev/fd0 and the mount point /mnt/floppy. The filesystem on the floppy disk is of type msdos.
ny-fs02# MISSING CODE /mnt/floppy

You type mount -t msdos /dev/fd0 and then you press Enter. You have mounted the filesystem for the floppy drive.
ny-fs02# mount -t msdos /dev/fd0 /mnt/floppy ny-fs02#

Now you're finished working with the floppy drive and you want to dismount it using the device file /dev/fd0 so that you can remove the disk from the drive.
ny-fs02# MISSING CODE

You type umount /dev/fd0 and you press Enter. You have unmounted the filesystem for the floppy drive.
ny-fs02# mount /mnt/floppy ny-fs02# umount /dev/fd0 ny-fs02#

Question
Suppose you want to install a program from a CD. You are logged on to the NY-FS02 server as a super user. Before you can use the CD-ROM its filesystem needs to be integrated with the root directory tree in the /cdrom directory. The CD-ROM has a filesystem type called cd9660 and uses the device file /dev/acd0. Complete the command to achieve this.
ny-fs01# MISSING CODE /dev/acd0 /cdrom

Answer
To mount the CDROM filesystem, you type mount -t cd9660.

4. Using fsck to correct problems


The fsck utility is used to check and repair filesystems. In FreeBSD, fsck runs automatically when the system starts up to check the filesystems for any errors. On other UNIX systems, fsck automatically checks only filesystems that were not cleanly unmounted. Sometimes a system experiences operator and hardware failures that can corrupt its filesystems. In this case, you should manually check the filesystem with the fsck command. When you run the fsck command it checks the consistency of the filesystem and displays a report if it finds any problems. It then gives you the option to repair the damage. The fsck utility checks errors on both mounted and unmounted filesystems - however it can only fix the errors it finds on unmounted filesystems. To run fsck repairs manually on filesystems in use by the system, you need to be in single user mode and unmount the filesystem. The syntax for the fsck command has several options that allow you to specify filesystems to check and how it should check them. fsck [options] device The options for the fsck command include
-n -p -y -f -a

-n

-t

The -n option assumes a no response to all questions when fsck encounters repairs.
-p

The -p option is used to do safe repairs when the system starts up.
-y

The -y option assumes a yes response to all questions when fsck encounters repairs. This allows fsck to repair the filesystem automatically without waiting for user response.
-f

The -f option performs a fast check and doesn't check filesystems that were successfully unmounted.
-a

The -a option is used to check all disks listed in the /etc/fstab file.
-t

The -t option is used to define the filesystem type. In FreeBSD there is a variation of the fsck command that you can use to check and repair a FAT - or MS-DOS - filesystem. You use the fsck_msdosfs command to do this, passing it the same options as the fsck command. fsck_msdosfs [options] device Suppose you want to check and repair the filesystem of a floppy disk that uses a FAT filesystem that you've unmounted incorrectly. You're logged on as a superuser on the server NY-FS02. The floppy disk has the device name /dev/fd0.
ny-fs02 # MISSING CODE

You type fsck_msdosfs /dev/fd0 and you press Enter. The fsck_msdosfs command finds a directory error and prompts you to remove the error.
ny-fs02 # fsck_msdosfs /dev/fd0 ** /dev/fd0 ** Phase 1 - Read and Compare FATS ** Phase 2 - Check Cluster Chains ** Phase 3 - Checking Directories Invalid long filename entry at end of directory Remove? [yn]

You enter y to confirm the removal and the system continues checking directories, looking for lost files, and lost cluster chains - prompting you to correct any errors it encounters.
** Phase 4 - Checking for Lost Files Lost cluster chain at cluster 374 2 Cluster(s) lost Reconnect? [yn] y No LOST.DIR Directory Clear? [yn] y

Lost cluster chain at cluster 377 2 Cluster(s) lost Reconnect? [yn] y No LOST.DIR Directory Clear? [yn] y Update FATs? [yn] y

The fsck utility completes the check and makes any necessary changes - concluding the process with a message confirming that the filesystem has been modified.
ny-fs02 # fsck_msdosfs /dev/fd0 ** /dev/fd0 ** Phase 1 - Read and Compare FATS ** Phase 2 - Check Cluster Chains ** Phase 3 - Checking Directories Invalid long filename entry at end of directory Remove? [yn] y ** Phase 4 - Checking for Lost Files Lost cluster chain at cluster 374 2 Cluster(s) lost Reconnect? [yn] y No LOST.DIR Directory Clear? [yn] y Lost cluster chain at cluster 377 2 Cluster(s) lost Reconnect? [yn] y No LOST.DIR Directory Clear? [yn] y Update FATs? [yn] y 139 files, 1132 free (2265 clusters) ***** FILE SYSTEM WAS MODIFIED ***** ny-fs02 #

Question
Suppose you have a removable USB drive that you suspect contains errors because it wasn't unmounted properly. You want to check it for errors and repair any damage caused automatically. You are logged on as a superuser on the NY-FS02 server and the USB drive has the device name /dev/da0s1. Type the code to achieve this.
ny-fs02 # MISSING CODE

Answer
To check and repair the device you type fsck_msdosfs -y /dev/da0s1.

5. Setting filesystem permissions

Directories and files in UNIX have a set of permissions that determines who can access them. File permissions maintain system security and privacy of users by preventing unauthorized persons from accessing sensitive files and directories or executing potentially dangerous commands. The three permissions you can set are:

Read Write Execute

Read The read permission enables you to view or copy the file or directory contents and is denoted with the character r. Write The write permission enables you to edit or delete a file or directory and is denoted with the character w. Execute The execute permission enables you to execute a program file and is denoted with the character x. Permissions are stored as three Octets - a group of eight bits - and each Octet is split into three parts. The first Octet gives the permissions for the owner of the file, the second permissions for the group the file belongs to, and the third Octet the permissions for others. The Octal values that represent each octet are

0 1 2 3 4 5 6 7

0 The Octal value 0 represents the permission no read, no write, no execute and is listed in the directory as three dashes (---). 1 The Octal value 1 represents the permission no read, no write, execute and is listed in the directory as --x. 2 The Octal value 2 represents the permission no read, write, no execute and is listed in the directory as -w-. 3

The Octal value 3 represents the permission no read, write, execute and is listed in the directory as -wx. 4 The Octal value 4 represents the permission read, no write, no execute and is listed in the directory as r--. 5 The Octal value 5 represents the permission read, no write, execute and is listed in the directory as r-x. 6 The Octal value 6 represents the permission read, write, no execute and is listed in the directory as rw-. 7 The Octal value 7 represents the permission read, write, execute and is listed in the directory as rwx. You can use the ls -l command for a directory listing that shows the permissions that are set for a file's owner, the file's group, and other users. The first character in the listing for a file specifies whether it's a regular file, directory, device, or socket. The remaining nine characters represent the three permission's octets. In addition to the permissions that can be set for a file, special access modes can be set. These include

setuid setgid the sticky bit

setuid The Set User ID (setuid) access mode is a permission assigned to a program file that allows the program to assume the user identification of the file's owner when the program file is executed. The setuid permission is denoted with an s in the directory listing if it's turned on for the file. setgid The Set Group User ID (setgid) access mode is a permission assigned to a program file that allows the program to assume the group identification of the file's group when the program file is executed. The setgid permission is denoted with an s in the directory listing if it's turned on for the file. the sticky bit The sticky bit provides protection for the files in a directory by ensuring that only the owner of files can delete the files or the directory. The sticky bit is denoted with a t in the directory listing if it's turned on for the file. If you are the owner of a file or you are a Superuser you can change the permissions set for a file. You do this using the chmod command.

The mode parameter specifies the permission to be assigned - which can be absolute or symbolic -and file indicates the name of the file you want to change permissions on. chmod mode file The absolute mode of the chmod command accepts octal values from 0 to 7 and has this syntax. chmod nnn file The symbolic mode of the chmod command accepts certain characters as parameters. The who parameter specifies the person the permission is to be changed for - either u for user, g for group, or o for other. The operator parameter specifies whether you want to add +, subtract -, or assign = the permission. The permission(s) parameter specifies the permissions r,w, x or combinations of these. chmod [ who ] operator [ permission(s) file Suppose you have the text file called "accounting" and you want to change its group permission to 6. The owner permission is set to 7 and other to 0. You can change the permission using the absolute mode of the chmod command using this command. You can use the symbolic mode of the chmod command to change the permission using this command. You can change a file's ownership by using the chown command, but you need to be the owner of the file or a superuser to do this. chown [options] nwowner[.nwgroup] files... The nwowner parameter refers to the user that is to be made the new owner of the file and is specified with a username or userid. The nwgroup parameter refers to the group that is to made the new owner of the file and is specified with a group name or group id. And files refers to the files you want to change ownership of. To set the default permissions mode for the files you create you can use the umask command. With umask you first need to determine the permissions you want to grant to owner, group, and other and then subtract each value from 7 to determine the argument to specify with the umask command. So, for example, you want the owner of the files to have full permissions (7), the group to have read and write permissions (6), and other to have no permissions (0). To determine the argument

for the umask command, you subtract 7 from 7, 6 from 7, and 0 from 7. So the command to set the default permissions is umask 017. Suppose you want to change the permissions for the file called /home/mgregor/marketing to have full permissions for the owner (7), no write permissions for the group (5), and no permissions for others (0). Then you want to view the permission changes.
ny-fs02 # MISSING CODE marketing

You type chmod 750 and you press Enter. You have changed the permissions for the file.
ny-fs02 # chmod 750 marketing ny-fs02 #

You can check that the file permission has changed by doing a directory listing.
ls -l /home/mgregor/marketing ny-fs02 # -rwxr-x--- 1 mgregor mgregor 8 Jun 30 13:08 /home /mgregor/marketing

Suppose you want to set the default permissions for files you create with the owner having full permissions (7), group having full permissions (7), and others having read permissions only (4). Then you want to view the permission changes.
ny-fs02 # MISSING CODE

You type umask 003 and you press Enter. The default permissions are set for the files you create.
ny-fs02 # umask 003 ny-fs02 #

You can check that the permission has changed by executing the umask -S command.
ny-fs02 # umask 003ny-fs02 # umask -S u=rwx,g=rwx,o=r ny-fs02#

Question
Suppose you want to change the permissions for the file myfile. You want the owner to have full permissions, the group to have read and execute permissions, and other to have read permissions only. Complete the command to achieve this.

ny-fs02 # MISSING CODE /home/mgregor/myfile

Answer
To change the permissions on the file you type chmod 754.

Question
You need to disconnect the /cdrom filesystem from the root directory. You are logged in as a superuser on the server NY-FS02. Type the code to achieve this.
ny-fs02 # MISSING CODE

Answer
To unmount the /cdrom filesystem you type umount /cdrom.

Question
Suppose you want to check the /var filesystem for errors. It uses the /dev/ad0s1d device. You are logged in as a superuser on the NY-FS02 server. Type the code to achieve this.

Answer
To check the /var filesystem for errors you type fsck /dev/ad0s1d.

Summary
UNIX has a filesystem hierarchy that begins with the root directory with all other directories appearing logically beneath the root directory. The physical disks in UNIX are split into logical sections known as partitions. Partitions are used to store filesystems, and only one filesystem may reside in a partition. Before you can use a filesytem it needs to be connected to the root directory. You use the mount command to do this, and when you are finished using the filesystem it can be unmounted with the umount command. Filesystems can become corrupted and can be checked for inconsistencies with the fsck command. The fsck command checks the filesystem and prompts you if any repairs need to be

done. For security you can set filesystem permissions. You can set the default file permissions for all files you create using the umask command. And you can change file permissions with the chmod command.

Table of Contents
| Top of page | | Learning objective |

UNIX data protection strategies


Abstract
This article points out the importance of data security, outlining the threats a system's data faces and detailing the measures you can implement to counter these threats and secure data.

The importance of data security


A company's data is extremely valuable and any loss of data can be very damaging. By recognizing the threats that can cause data loss you can implement appropriate measures to secure the data. Data is exposed to both external and internal threats. External threats include things such as natural disasters and malicious intruders. Internal threats include hardware and software failure, and human error.

External threats
Natural disasters

Natural disasters are events beyond your control that pose potential threats to your data. They include forces such as fires, power failures, storms, and floods. You can reduce the impact these forces may have on your data by recognizing what they can do to your computer equipment and data should they occur. For example, computers are susceptible to power surges and drops in electrical voltage. By implementing uninterruptible power supply protection you can help to safeguard computer equipment and prevent data loss.
Malicious intruders

Malicious intruders such as crackers are people who gain unauthorized access to a system to corrupt files, steal data, crash the system, and target other systems. They can use trapdoors embedded code segments to bypass system security and can insert malicious programs such as

worms, viruses, and Trojan horses to corrupt data and crash the system. By understanding the methods used by malicious intruders you can put appropriate safeguards in place such as firewalls and antivirus software to protect your data against this type of threat.

Internal threats
Hardware and software failure

A computer's hardware and software components can potentially fail at any time. Hardware failures such as crashed hard drives, CPU failure, faulty or snapped cabling, and failed file and database servers can make data inaccessible or cause data loss. Software failure can occur through bugs in the operating system or software programs that can corrupt and potentially destroy a system's data.
Human error

The integrity, reliability, and availability of data are often compromised because of user or operator errors. Due to a lack of user awareness and training, users can mistakenly delete, copy, or rename files, download viruses when opening e-mail attachments, or disclose sensitive company information, including system passwords.

Data protection strategies


You need to assess which of these threats have the potential to cause damage to your data and then decide on the appropriate countermeasure to prevent or recover from these threats.

Physical security
You can secure the physical access to workstations and servers to prevent them from being stolen by locking them to tables or desks. By monitoring and restricting access to terminals, workstations, or other hardware, you can control who uses the equipment. Access to the console and CPU unit should be limited to prevent unauthorized users from rebooting the computer into single-user mode. You should limit access to backup tapes to prevent them from being stolen or damaged because they may contain sensitive information, such as password and security key files, as well as company data.

Network security
Firewalls can be used to reduce the probability of unauthorized access to and from a private network. You can place a firewall between the Internet and your company's network to help prevent external threats. Or the firewall can be placed between sites within your company to isolate some systems from others to protect against internal threats. Firewalls can use a mechanism known as packet filtering to filter packets as they enter and exit the network. Packet filtering checks every packet that enters and exits the network and either accepts or rejects them based on the IP addresses of the source and destination.

Local security
Servers shouldn't be located in public areas and should be located in a locked room with controlled access allowing only authorized users access to them. A BIOS/RAM/EEPROM password should be set on servers to prevent unauthorized users from changing the BIOS settings. Controlling environmental factors that affect the functioning of computer equipment is essential. You need to ensure that the area where you keep servers and computers is relatively dust and humidity free, as dust and water can collect on components in the chassis causing the components to malfunction. Servers and computers should be in rooms where temperatures are controlled and not high. No liquids or foodstuffs should be allowed around computers and servers as these can damage the functioning of hardware items such as the keyboard and mouse. In UNIX you need to secure the local filesystem. You need to look for file and directory permissions that are inappropriately granted and correct them. These include Group and world writeable system executables and directories and the setgid and setuid commands. You should decide how you're going to mount filesystems as some systems allow the /usr directory to be mounted as a separate filesystem. Sensitive data on the system such as the passwd file should be encrypted to prevent unauthorized users from accessing the data. Any sensitive data being sent across the Internet or other public network should be encrypted. Usernames with strong passwords should be implemented on user workstations and servers to prevent unauthorized users from accessing data on them. By setting appropriate file permissions, you can limit users' access to only the data they need. And you should keep track of which users have access to which data. All computers in your company servers, user workstations, and portables should have appropriate antivirus software installed to regularly scan for viruses. Users should be aware of the importance of scanning any e-mail attachments to check for viruses before downloading or opening the attachments. And they should scan any files they download from the Internet before opening them.

Redundancy
You should implement redundancy for all computers running critical services that need to be constantly available such as a database server used for online transactions. Redundancy uses secondary levels of hardware that can take over in the event of the failure of a primary system. In this way, redundancy keeps a service running even when the computer it's running on experiences problems. Depending on the problem, a monitoring computer will act accordingly to keep the service running. Clustering is another method by which multiple computers are configured to perform the same tasks. As well as improved performance, clustering can also offer protection against hardware failure.

For hard disk redundancy you can implement Redundant Array of Inexpensive Disks (RAID). RAID is used to provide data integrity and availability by combining multiple disks into a single logical device. So in the event of a hard disk failure no data will be lost.

Backups
Backups are crucial for the prevention of data loss or corruption and are the system administrator's primary defense against all threats to a system. You should back up your company's data often, and recreate and check the backups to ensure that they are not corrupt as well. There are several backup strategies you can implement. The full backup is the simplest and most thorough backup strategy in which all files on a system are copied to tape or other backup media. Full backups are time consuming and are only reasonable to do when many new files need to be saved. Only one set of backup media is required to restore the filesystem. In UNIX a full backup is referred to as level 0. The incremental backup strategy is used more frequently and only copies the files that have changed since the last back up. This saves time, although it requires two sets of backup media both the full and incremental sets to restore the filesystem. In UNIX an incremental backup is referred to as level 1. A level 2 backup saves all files that have been changed since the level 1 backup, and so the levels increase with each consecutive backup that you perform. A typical backup strategy is to perform a level 0 backup on the first day of the week and then the rest of the week you perform a level 1 backup. To restore the filesystem from this backup strategy, you'll require two sets of backup media.

Summary
Data is exposed to both external and internal threats the former including natural disasters and malicious intruders, and the latter including hardware and software failure, and human error. To secure data against these threats you need to have measures in place to protect access to both the physical aspects of the network the computers and hardware and the network itself. Critical services should be secured using a redundancy strategy on the computers running the services. And a backup strategy needs to be implemented to ensure that secure copies of data are maintained.

Table of Contents
| Top of page | | Abstract | | The importance of data security |

| Data protection strategies | | Summary | Copyright 2004 SkillSoft PLC. All rights reserved. SkillSoft and the SkillSoft logo are trademarks or registered trademarks of SkillSoft PLC in the United States and certain other countries.

Implementing RAID for UNIX


Learning objective
After completing this topic, you should be able to choose the RAID system to implement in a given scenario.

1. Characteristics and benefits of RAID


RAID Redundant Array of Inexpensive Disks - is a data-storage system that can increase performance and provide fault tolerance through redundancy. Fault tolerance is the ability of software or hardware to withstand failure so that no data is corrupted and work in progress is not lost. Redundancy allows a system to continue functioning even when one of its components fails. To achieve redundancy and withstand hard drive failure, RAID stores duplicate data on several drives. RAID is beneficial because it

is reliable increases I/O speed increases capacity

is reliable Mission-critical applications and services require reliability in the form of data protection and redundancy. RAID uses methods known as mirroring and striping with parity to spread data across hard drives, thereby preventing data loss as a result of drive failure. increases I/O speed CPU speeds have increased exponentially. But the advances in the access speeds of hard disks have been much slower. The fast CPU and slow hard disk speeds result in bottlenecks for disk data access. RAID can provide greater transfer rates to relieve this system bottleneck. increases capacity

Today's networks require high-capacity disk systems that offer scalability. With RAID systems you can combine a number of hard disks to create a larger virtual drive called a logical drive. Although RAID offers benefits that a single disk system can't it does have limitations and is not foolproof. You still need to maintain backups so that you can perform data recovery in the event that the entire array of disks fails.

Question
What are the benefits of implementing RAID? Options: 1. 2. 3. 4. Elimination of backups Increased capacity Increased transfer rates Prevention of data loss

Answer
RAID is beneficial because it increases capacity and transfer rates, and it helps prevent data loss. Option 1 is incorrect. Although RAID provides fault tolerance and redundancy it isn't a guarantee that the entire system won't fail. You still need to perform backups because the entire array of disks could fail. Option 2 is correct. If you have a system that requires high-capacity you should implement RAID. It combines several hard disks to create a logical drive thereby increasing the data storage capacity. Option 3 is correct. In some systems, fast CPU and slow hard disk speeds cause bottlenecks for disk data access. By providing greater transfer rates, RAID can relieve these bottlenecks in the system. Option 4 is correct. RAID helps prevent data loss due to disk failure through methods known as mirroring and striping with parity.

2. RAID levels
RAID implementations use combinations of the following methods to provide varying levels of data accessibility and redundancy:

striping mirroring parity

striping Striping dices a file into several small chunks and stores the chunks across the drives in a RAID array. Instead of reading the entire file from one hard disk which takes a long time small chunks of the file are read from each disk simultaneously. mirroring Mirroring is a redundancy method in which all data in the system is written to two disks simultaneously one disk is a mirrored copy of the other. This provides 100 percent data redundancy and thus full protection of data should one of the hard disks fail. parity Parity is a redundancy method that involves the addition of an information bit to a group of data bits. The parity bit is used to check for errors in the group of bits. RAID uses parity and the data on the remaining drives to recreate data on a lost drive. The redundancy and accessibility methods are combined in various ways to produce different RAID levels. There are six levels, but only three are in common use.

RAID 0 RAID 1 RAID 5

RAID 0 RAID 0 uses striping to store data. Striping requires a minimum of 2 and can use a maximum of 32 disks. The data is written across all disks in parallel, thus improving read/write performance. If any disk in the striped volume fails, all the data in the volume is lost. RAID 0 doesn't protect against failure because it doesn't provide fault tolerance through redundancy. RAID 1 RAID 1 uses mirroring to store data. Mirroring requires a minimum of two equally sized drives. By using RAID 1, you can protect against controller failure by implementing disk duplexing. In duplexing, the disks in the mirrored sets are attached to separate controllers. RAID level 1 is expensive to implement. It doubles storage costs, as the total logical volume is half of the total physical disk space. RAID 5 RAID 5 uses striping with parity to store data. It requires a minimum of three and can use a maximum of 32 drives. RAID 5 stores parity data across all the drives in the array. Performance is slightly reduced when the failed drive is being replaced. RAID 5 is the most widely used RAID level, as it provides a good combination of read/write performance and fault tolerance. Some RAID levels are combined to create more complex systems known as hybrid RAID levels. RAID 0/5 - also known as RAID 50 - is a combination of both RAID 0 and RAID 5. It combines multiple RAID 5 sets with data striping. In RAID 0/5, if a single hard drive fails in any of the RAID 5 sets, the array will not experience any data loss. RAID 0/5 requires a minimum of five disks to function.

There is an increase in write performance with RAID 0/5. But once a hard drive fails and is reconstructed performance decreases, data access becomes slower, and transfer speeds on the array are affected. RAID 0/1 also known as RAID 10 is a commonly used hybrid RAID level. It is a combination of both RAID 0 and RAID 1, combining both drive mirroring and data striping without parity. RAID 0/1 combines multiple sets of mirrored drives with data striping. RAID 0/1 requires a minimum of four disks to function. If a drive fails in RAID 0/1, data can be regenerated from its mirror rather than from parity information. RAID 0/1 offers high levels of performance and redundancy because the system is fully maintained even if more than one drive fails.

Question
Which RAID level uses a combination of striping and mirroring? Options: 1. 2. 3. 4. RAID 0 RAID 1 RAID 5 RAID 10

Answer
RAID 10 uses a combination of striping and mirroring. Option 1 is incorrect. RAID 0 does use striping, but it doesn't combine this with mirroring. Should a disk in the volume fail, all data will be lost. Option 2 is incorrect. RAID 1 uses mirroring to provide redundancy. It doesn't make use of striping at all. Option 3 is incorrect. RAID 5 provides redundancy through striping with parity. It doesn't use mirroring at all. Option 4 is correct. RAID 10 - or 0/1 - is a hybrid level that uses a combination of striping from RAID 0 and mirroring from RAID 1. Because of this combination, RAID 10 offers high performance and redundancy. Each RAID level is optimized for a different use. So you can implement a specific RAID level to fulfill the needs of your organization. RAID 0 should never be used in mission-critical environments, but is suitable for applications that use large amounts of temporary storage and don't require fault tolerance. Applications such

as Photoshop that use image editing and any application requiring high bandwidth is suited for RAID 0. For applications that need redundancy and fast random writes, or in systems where only two drives are available, you can implement RAID 1. If a drive in RAID 1 fails, I/O requests are redirected to the remaining drives. The data can be accessed immediately with only a slight reduction in performance. Small file servers that only use two disks are suited for RAID 1. RAID 5 is less expensive than RAID 1. It can be implemented for applications that require high performance for random read/write operations. RAID 5 provides a good balance between performance and fault tolerance. But it is not suitable if you require both high performance and high fault tolerance. RAID 5 is suited for applications such as database servers. When you require the highest performance and data protection you should implement RAID 0/1 (RAID 10). But RAID 10 implementations are quite costly as they require a greater minimum number of hard drives than other RAID levels. Any financial transaction processing applications are suited for RAID 10. If you have a mission-critical system that requires increased reliability and performance, you should implement RAID 0/5 (RAID 50). It is very expensive to implement as it requires a minimum of five drives to function. File and web servers and online transaction processing applications are suited for RAID 50.

3. Implementing RAID
The RAID system you choose to implement depends on the cost, type of equipment, data redundancy, and the system performance you need from your system. RAID can be implemented at either of these levels:

Hardware RAID Software RAID

Hardware RAID RAID can be implemented at the hardware level using RAID controllers. Hardware RAID solutions range from a simple RAID controller to standalone subsystems. Hardware RAID does not depend on the operating system or CPU. An advantage of hardware RAID is increased flexibility. Hardware RAID supports most RAID levels including the hybrid RAID levels 0/1 and 0/5. And it offers dedicated caching of both reads and writes. You can reconfigure arrays on the fly. And you can use hot-swap and hot-spare drives. A hot-swap disk system allows failed hard disks to be replaced without powering down the system or rebooting the server.

A hot-spare RAID configuration uses an additional preconfigured disk to automatically replace a failed disk. The system must be shut down before the failed disk can be removed, but full fault tolerance is maintained. A disadvantage of hardware RAID is that the manufacturer's equipment options may limit the hardware you can use. It is also much more expensive than a software implementation. If you are running a mission-critical system, you should use a hardware RAID solution, because it offers high fault tolerance, better performance and greater reliability than a software RAID solution. Software RAID RAID can be implemented at the software level by the operating system. Software RAID volumes use individual disk partitions grouped to create a single RAID partition. Software RAID limits its support to RAID 0, 1, and 5. However, software RAID 5 lacks in performance and fault tolerance when compared with hardware RAID 5. Software RAID is a core component of the operating system that can be used to manage a RAID array attached to the system. Software RAID runs on top of the operating system and simulates a RAID controller. Implementing software RAID has its limitations because it is: It is time-consuming to implement software RAID because the operating system creates the RAID system. For example in mirroring, the operating system writes to the hard disk drives twice. Software RAID will write the data to each disk one after the other, whereas hardware RAID writes the data to each disk at the same time. Software RAID is less reliable than hardware RAID. Performing fault tolerance is more reliable at the disk level hardware RAID - than at the partition level software RAID. This is because an entire disk fails more often than a portion of a disk fails. Software RAID is vulnerable. If the operating system is corrupted and unusable it can corrupt the software RAID configuration and all data could be lost. Hardware RAID cannot be corrupted by a faulty operating system. An advantage of software RAID is that it is simple to set up and you can experiment with RAID at no additional cost. Software RAID is inexpensive to set up because you don't need as much hardware as hardware RAID. But because software RAID places more strain on the CPU, it degrades system performance. Suppose you need to implement RAID for a banking company that uses a database server. Accounts data is read and written in small segments to the server - and it's crucial that this data is available at all times. The company has placed a generous budget at your disposal.

The best RAID solution to implement is hardware RAID 0/5. Although it is expensive to implement there is no limitation on cost in this instance. The company's requirement for a system that can cope with small data segments being read and written to the database will be adequately catered for by RAID 0/5's high data transfer rate and I/O performance. And its high fault tolerance will ensure that data is always available.

Question
A home user has a video editing application that uses large amounts of temporary storage. The user wants to implement RAID on the workstation, which uses two disks. Cost is a limiting factor. Which RAID solution would you recommend? Options: 1. 2. 3. 4. Hardware RAID 1 Hardware RAID 5 Software RAID 0 Software RAID 10

Answer
Software RAID 0 is the best solution for this user. Option 1 is incorrect. The user is on a tight budget - so hardware RAID, which is relatively expensive, is not a good option. Also, RAID 1 is best suited for applications that require redundancy - and in this case the application uses temporary storage, which doesn't need redundancy. Option 2 is incorrect. Implementing hardware RAID 5 requires a minimum of three disks and the home user only has two. Also, hardware RAID is relatively costly, and this user has limited funds. Option 3 is correct. The cost to implement software RAID is minimal when compared with hardware RAID. Implementing RAID 0 is sufficient for the home user's needs because RAID 0 doesn't provide redundancy. And the user's application doesn't require any redundancy because it uses temporary storage. Option 4 is incorrect. There are only a few RAID levels that software RAID can support - RAID 0,1, and 5. Software RAID cannot support any hybrid RAID levels such as RAID 10.

Summary

RAID can increase system performance and provide fault tolerance. RAID implementations focus on I/O speed, reliability, and capacity. Mirroring and parity are used to provide redundancy in a RAID system. The most commonly used RAID levels are RAID 0, RAID 1, RAID 5, and the hybrid RAID level 0/1. RAID implementation considerations include software RAID and hardware RAID. Your choice of RAID implementations will depend upon cost, system performance, and redundancy requirements.

Table of Contents
| Print | Contents | Close |

Designing a RAID implementation for UNIX


Learning objective
After completing this topic, you should be able to design a RAID implementation for a given scenario.

Exercise overview
In this exercise, you're required to choose an appropriate RAID implementation and decide on a backup method. This involves the following tasks:

choosing a RAID implementation selecting a backup strategy

A retail company has a large database server on a UNIX operating system with online transaction processing for Internet customers. The company has recently lost substantial sales due to a hard disk failure and it wants to prevent this from happening in the future.

Task 1: Choosing a RAID implementation


Your first task is to design a RAID implementation for the company.

Step 1 of 2

The sales assistants need fast access to customer account and product information. You need to ensure that the data they access is always reliable and available with high I/O data transfer rates. What kind of performance and redundancy does this system require? Options: 1. High performance with high redundancy 2. High performance with no redundancy 3. Low performance with high redundancy

Result
The system requires high performance with high redundancy. Option 1 is correct. To ensure high I/O data transfer rates the system needs to be high performance. By providing high redundancy the sales assistants can rely on the data to be correct and available. Option 2 is incorrect. The system requires high redundancy because if a disk in the system fails, the data will be unreliable and the sales assistants will be providing customers with the incorrect information. Option 3 is incorrect. Sales assistants need fast access to data on the database server. A low performance system has lower I/O data transfer rates than a high performance system.

Step 2 of 2
The company requires highly reliable and accessible data and cost is not a limiting factor. Which RAID level should you implement? Options: 1. 2. 3. 4. Hardware RAID 0 Hardware RAID 0/1 Hardware RAID 1 Hardware RAID 5

Result
You should implement hardware RAID 0/1. Option 1 is incorrect. RAID 0 stripes data across all drives in the system, which provides fast access to the data - however it doesn't provide redundancy. As high reliability is one of the company's requirements, it cannot consider hardware RAID 0 as a solution.

Option 2 is correct. By implementing hardware RAID you can perform a hot swap to remove a hard drive should it fail without powering down the system. RAID 0/1 uses mirroring with striping to store data. Striping data allows for fast I/O data transfer rates and mirroring provides redundancy to ensure the data is reliable and available at all times. It requires several hard disks to implement hardware RAID 0/1 and is therefore expensive - but the company isn't limited by cost. Option 3 is incorrect. Although RAID 1 provides high redundancy through mirroring, its I/O data transfer rate is not suitable for the high I/O rates required by the company. This is because RAID 1 doesn't stripe data across drives, which increases I/O speeds. Option 4 is incorrect. With RAID 5, redundancy is achieved through parity. Parity offers lower redundancy when compared with mirroring because if a drive fails, the lost data first has to be rebuilt with the parity information. This is not ideal for this company as it requires data to be correct and available all the time.

Task 2: Selecting a backup strategy


Now you need to select an appropriate backup strategy to implement.

Step 1 of 1
The company requires a full backup of every day's transactions, and these backups must not involve powering down the system. Data needs to be restored from a single backup should the system fail. Backup media sets more than one day old should be securely stored off-site for additional protection against natural disaster. Which backup strategy should you implement? Options: 1. A level 0 backup daily 2. A level 0 backup on the first day and level 1 backup for the rest of the week 3. A level 0 backup on the first day, level 1 backup weekly, and level 2 backup the rest of the week

Result
You should implement a level 0 backup strategy daily. Option 1 is correct. A level 0 backup every day performs a full backup of the data in your system. When you do a full backup you only need one set of backup media to restore a filesystem.

Option 2 is incorrect. A level 1 backup performs an incremental backup, so this strategy performs a full backup on the first day of the week and then incremental backups the rest of the week. The company only requires a daily full backup. Option 3 is incorrect. Implementing this strategy performs a full backup on the first day, an incremental backup weekly, and a daily incremental backup for the rest of the week.

Table of Contents
of :csharprandomtest Click here Start Another Test Click here to Save Your Test Result

Discriptions

Status

Your Award

Total attempted question is : 20 Total Correct Answer is : 13 Total wrong Answer is : 7 Total Number of Question is 20 : Total Number of 0 Unattempted Question is : Percentage of right question 65.0% is : Percentage of wrong 35.0% question is : Result is : Pass

Perfomance :

Average

Ques [1] - A variable which is declared inside a method is called a________variable (A) Local (B) Private (C) Static (D) Serial Answer : Local Discription :

Ques [2] - Which of the following are not types of access modifiers in C#? (A) external protect (B) internal protect (C) protect (D) internal Answer : external protect Discription :

Ques [3] - How to kill a user session explicitly? (A) Session.Discard() (B) Session.Close() (C) Session.Abandon() (D) Session.kill() Answer : Session.Abandon() Discription :

Ques [4] - Which of the following characters ends every C# statement? (A) Period (.) (B) Colon (:) (C) Semicolon (;) (D) Comma (,) Answer : Semicolon (;) Discription :

Ques [5] - Which of the following statements is correct about constructors? (A) Static constructors can use optional arguments. (B) Overloaded constructors cannot use optional arguments. If we provide a one-argument constructor then the compiler still provides a zero(C) argument constructor. If we do not provide a constructor, then the compiler provides a zero-argument (D) constructor. Answer : Discription : If we do not provide a constructor, then the compiler provides a zero-argument constructor.

Ques [6] - Which of the following benefits do we get on running managed code under CLR? 1. Type safety of the code running under CLR is assured. 2. It is ensured that an application would not access the memory that it is not authorized to access. 3. It launches separate process for every application running under it. 4. The resources are Garbage collected. (A) Only 1, 2 and 4 (B) Only 2, 3 and 4 (C) Only 1 and 2 (D) All of the above Answer : All of the above Discription :

Ques [7] - What compiler switch creates an xml file from the xml comments in the files in an assembly? (A) /text (B) /xml

(C) /doc (D) /help Answer : /doc Discription :

Ques [8] - If a class is using an interface, it must (A) contain the same methods as the interface (B) inherit the properties of the interface (C) create an interface object (D) all of the above Answer : all of the above Discription :

Ques [9] - Which property will you use to process different server paths in a page? (A) Request (B) Response (C) Server (D) Application Answer : Server Discription :

Ques [10] Which of these string definitions will prevent escaping on backslashes in C#? (A) string s = #.n Test string.;

(B) string s = @.n Test string.; (C) string s = ..n Test string.; (D) string s = .n Test string.; Answer : string s = @.n Test string.; Discription :

Ques [11] int keyword targets to which .Net type? (A) System.Int8 (B) System.Int16 (C) System.Int32 (D) System.Int64 Answer : System.Int32 Discription :

Ques [12] Which of the following class cannot be inherited? (A) Abstract (B) Sealed (C) Both (D) None Answer : Sealed Discription :

Ques [13] ___________________ allow to encapsulate discrete units of functionality and provide a graphical representation of that functionality to the user

(A) object (B) controls (C) class (D) graphics Answer : controls Discription :

Ques [14] The uniqueId that gets generated at the start of the Session is stored in (A) Client computer as a cookie (B) Server machine (C) Passed to and fro on each and every request and response (D) Both a and b are correct Answer : Server machine Discription :

Ques [15] Two methods with the same name but with different parameters. (A) Overloading (B) Multiplexing (C) Duplexing (D) Loading Answer : Overloading Discription :

Ques [16] Which is true about Interface and abstract methods? (A) We can write only one abstract method inside interface. (B) No method is abstract inside interface (C) All the methods inside Interface in an abstract method. (D) None of the above Answer : All the methods inside Interface in an abstract method. Discription :

Ques [17] Which of the following constitutes the .NET Framework? 1. ASP.NET Applications 2. CLR 3. Framework Class Library 4. WinForm Applications 5. Windows Services (A) 2, 5 (B) 2, 1 (C) 2, 3 (D) 3, 4 Answer : 2, 3 Discription :

Ques [18] What is ENUM? (A) It is used to initialize variables (B) It is used to define constants (C) It is used to define variables

(D) None Answer : It is used to define constants Discription :

Ques [19] Which of following is correct enum Day{Sunday= 01,Monday= 02,Tuesday= 03,Wednesday=04,Thursday= 05,Friday= 06,Saturday=07} Day{Sunday= 01,Monday= 02,Tuesday= 03,Wednesday=04,Thursday= 05,Friday= (B) 06,Saturday=07} enumeration Day{Sunday= 01,Monday= 02,Tuesday= 03,Wednesday=04,Thursday= (C) 05,Friday= 06,Saturday=07} Day enum{Sunday= 01,Monday= 02,Tuesday= 03,Wednesday=04,Thursday= (D) 05,Friday= 06,Saturday=07} (A) Answer : Discription : enum Day{Sunday= 01,Monday= 02,Tuesday= 03,Wednesday=04,Thursday= 05,Friday= 06,Saturday=07}

Ques [20] Is there any errors in this -> EmployeeMgmt constructor: Public int EmployeeMgmt { emp_id = 100; } (A) Return type (B) Formal parameters (C) No errors (D) Name Answer : Return type Discription :

Your Test Result of : csharptest1

Click here Start Click here to Save Another Test Your Test Result

Discriptions

Status

Your Award

Total attempted question is 19 : Total Correct Answer is : 12 Total Wrong Answer is : 7 Total Number of Question 20 is : Total Number of 1 Unattempted Question is : Percentage of right question 60.0% is : Percentage of wrong 40.0% question is : Result is : Perfomance Pass :

Average

Ques [1] - Which of the following statements are TRUE about the .NET CLR? 1. It provides a language-neutral development & execution environment. 2.It ensures that an application would not be able to access memory that it is not authorized to access. 3.It provides services to run "managed" applications. 4.The resources are garbage collected. 5.It provides services to run "unmanaged" applications. (A) Only 1 and 2 (B) Only 1, 2 and 4 (C) 1, 2, 3, 4 (D) Only 4 and 5 Answer : 1, 2, 3, 4 Discription : Ques [2] - In data reader, what can be used before read method?

(A) Getvalue (B) Getstring (C) GetNumber (D) None Answer : None Discription : Ques [3] - What is ENUM? (A) It is used to initialize variables (B) It is used to define constants (C) It is used to define variables (D) None Answer : It is used to define constants Discription : Ques [4] - A variable which is declared inside a method is called a________variable (A) Local (B) Private (C) Static (D) Serial Answer : Local Discription : Ques [5] - Can an Interface be instantiated directly? (A) Yes

(B) No Answer : No Discription : Ques [6] - Which of the following are valid .NET CLR JIT performance counters? 1. Total memory used for JIT compilation 2.Average memory used for JIT compilation 3.Number of methods that failed to compile with the standard JIT 4.Percentage of processor time spent performing JIT compilation 5.Percentage of memory currently dedicated for JIT compilation (A) 1, 2 (B) 1, 5 (C) 3, 4 (D) 4, 5 Answer : 3, 4 Discription : Ques [7] - Automatic paging is possible in (A) datareader (B) dataset (C) datatabel (D) all Answer : datatabel Discription : Ques [8] - What does Dispose method do with connection object?

(A) Close the connection (B) Temporary dispose the connection (C) Deletes it from the memory (D) All of the above Answer : Deletes it from the memory Discription : Ques [9] - Feature of a local variable (A) It must be declared within a method (B) It represent a class object (C) It can be used anywhere in the program (D) It must accept a class Answer : It must be declared within a method Discription : Ques [10] What is the Difference between Convert.ToInt32 and Int.Parse? (A) Both are Same Convert.ToInt32 Can't Handle Null Values ,it will throws rgumentNullException (B) error. (C) Int.Parse Can't Handle Null values , It will throws ArgumentNullException Error. (D) Both can Handle Null Values Answer : Int.Parse Can't Handle Null values , It will throws ArgumentNullException Error. Discription : Ques [11] Which of the following statements is correct about Managed Code? -

(A) Managed code is the code that runs on top of Windows. (B) Managed code is the code that is written to target the services of the CLR. (C) Managed code is the code where resources are Garbage Collected. (D) Managed code is the code that is compiled by the JIT compilers. Answer : Managed code is the code that is written to target the services of the CLR. Discription : Ques [12] What object can help you maintain data across users? (A) Session object (B) Server Object (C) Response Object (D) Application Object Answer : Application Object Discription : Ques [13] Is it possible to change the value of a variable while debugging a C# application? Answer : Yes Discription : Ques [14] Two methods with the same name but with different parameters. (A) Overloading (B) Multiplexing (C) Duplexing (D) Loading

Answer : Overloading Discription : Ques [15] C# doesnot support: (A) abstraction (B) polymorphism (C) multiple inheritance (D) inheritance Answer : multiple inheritance Discription : Ques [16] Which of the following utilities can be used to compile managed assemblies into processor-specific native code? (A) gacutil (B) ngen (C) sn (D) ildasm Answer : ngen Discription : Ques [17] Which property will you use to process different server paths in a page? (A) Request (B) Response (C) Server

(D) Application Answer : Server Discription : Ques [18] Are private class-level variables can inherited? (A) Yes, and we can access them (B) No, and we can not access them (C) Yes, but we can not access them (D) All of the above are wrong Answer : Yes, and we can access them Discription : Ques [19] Is there any errors in this -> EmployeeMgmt constructor: Public int EmployeeMgmt { emp_id = 100; } (A) Return type (B) Formal parameters (C) No errors (D) Name Answer : Return type Discription : Ques [20] Which is true about Interface and abstract methods? (A) We can write only one abstract method inside interface. (B) No method is abstract inside interface

(C) All the methods inside Interface in an abstract method. (D) None of the above Answer : All the methods inside Interface in an abstract method. Discription :